dagger/plan/task/inputsecretexec.go

package task

import (
	"context"
	"errors"
	"fmt"
	"os"
	"os/exec"
	"strings"

	"github.com/rs/zerolog/log"
	"go.dagger.io/dagger/compiler"
	"go.dagger.io/dagger/plancontext"
	"go.dagger.io/dagger/solver"
)

func init() {
	Register("InputSecretExec", func() Task { return &inputSecretExecTask{} })
}

type inputSecretExecTask struct {
}

func (c *inputSecretExecTask) Run(ctx context.Context, pctx *plancontext.Context, _ solver.Solver, v *compiler.Value) (*compiler.Value, error) {
	var secretExec struct {
		Command struct {
			Name string
			Args []string
		}
		TrimSpace bool
	}

	if err := v.Decode(&secretExec); err != nil {
		return nil, err
	}

	lg := log.Ctx(ctx)
	lg.Debug().Str("name", secretExec.Command.Name).Str("args", strings.Join(secretExec.Command.Args, " ")).Str("trimSpace", fmt.Sprintf("%t", secretExec.TrimSpace)).Msg("loading secret")

	var err error

	//#nosec G204: sec audited by @aluzzardi and @mrjones
	cmd := exec.CommandContext(ctx, secretExec.Command.Name, secretExec.Command.Args...)
	cmd.Env = os.Environ()
	cmd.Dir, err = v.Lookup("command.name").Dirname()
	if err != nil {
		return nil, err
	}

	// sec audited by @aluzzardi and @mrjones
	out, err := cmd.Output()
	if err != nil {
		var exitErr *exec.ExitError
		if errors.As(err, &exitErr) {
			return nil, errors.New(string(exitErr.Stderr))
		}
		return nil, err
	}

	plaintext := string(out)

	if secretExec.TrimSpace {
		plaintext = strings.TrimSpace(plaintext)
	}

	secret := pctx.Secrets.New(plaintext)
	return compiler.NewValue().FillFields(map[string]interface{}{
		"contents": secret.MarshalCUE(),
	})
}
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`package task`

			`import (`
			`"context"`
returning stderr Signed-off-by: Richard Jones <richard@dagger.io> 2022-01-11 22:39:18 +01:00			`"errors"`
added trimSpace to inputs secrets Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-23 17:22:50 +01:00			`"fmt"`
engine: Make paths relative to the CUE file they're defined in Fixes #1309 Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-23 19:09:26 +01:00			`"os"`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`"os/exec"`
			`"strings"`

			`"github.com/rs/zerolog/log"`
			`"go.dagger.io/dagger/compiler"`
			`"go.dagger.io/dagger/plancontext"`
			`"go.dagger.io/dagger/solver"`
			`)`

			`func init() {`
engine: task naming consistency Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-22 16:19:40 +01:00			`Register("InputSecretExec", func() Task { return &inputSecretExecTask{} })`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`}`

engine: task naming consistency Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-22 16:19:40 +01:00			`type inputSecretExecTask struct {`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`}`

engine: task naming consistency Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-22 16:19:40 +01:00			`func (c inputSecretExecTask) Run(ctx context.Context, pctx plancontext.Context, _ solver.Solver, v compiler.Value) (compiler.Value, error) {`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`var secretExec struct {`
			`Command struct {`
			`Name string`
			`Args []string`
			`}`
added trimSpace to inputs secrets Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-23 17:22:50 +01:00			`TrimSpace bool`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`}`

			`if err := v.Decode(&secretExec); err != nil {`
			`return nil, err`
			`}`

added trimSpace to inputs secrets Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-23 17:22:50 +01:00			`lg := log.Ctx(ctx)`
			`lg.Debug().Str("name", secretExec.Command.Name).Str("args", strings.Join(secretExec.Command.Args, " ")).Str("trimSpace", fmt.Sprintf("%t", secretExec.TrimSpace)).Msg("loading secret")`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00
engine: Make paths relative to the CUE file they're defined in Fixes #1309 Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-23 19:09:26 +01:00			`var err error`

			`//#nosec G204: sec audited by @aluzzardi and @mrjones`
			`cmd := exec.CommandContext(ctx, secretExec.Command.Name, secretExec.Command.Args...)`
			`cmd.Env = os.Environ()`
			`cmd.Dir, err = v.Lookup("command.name").Dirname()`
			`if err != nil {`
			`return nil, err`
			`}`

fixed gosec issue Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-20 17:58:26 +01:00			`// sec audited by @aluzzardi and @mrjones`
engine: Make paths relative to the CUE file they're defined in Fixes #1309 Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com> 2021-12-23 19:09:26 +01:00			`out, err := cmd.Output()`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`if err != nil {`
returning stderr Signed-off-by: Richard Jones <richard@dagger.io> 2022-01-11 22:39:18 +01:00			`var exitErr *exec.ExitError`
			`if errors.As(err, &exitErr) {`
			`return nil, errors.New(string(exitErr.Stderr))`
			`}`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`return nil, err`
			`}`
added trimSpace to inputs secrets Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-23 17:22:50 +01:00
			`plaintext := string(out)`

			`if secretExec.TrimSpace {`
			`plaintext = strings.TrimSpace(plaintext)`
			`}`

			`secret := pctx.Secrets.New(plaintext)`
secret exec Signed-off-by: Richard Jones <richard@dagger.io> 2021-12-17 22:41:09 +01:00			`return compiler.NewValue().FillFields(map[string]interface{}{`
			`"contents": secret.MarshalCUE(),`
			`})`
			`}`