From e540bd27161785da8eb21d394e09d4ea57e2d000 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Fri, 11 Jun 2021 09:50:27 +0200 Subject: [PATCH 1/3] Replace docker.#Client with docker.#Command definition It's a simple wrapper that will expose an interface to run any docker or docker-compose commands You can configure : - ssh - environments - mount volumes - command to execute - package to install Signed-off-by: Tom Chauveau --- stdlib/docker/client.cue | 16 ---- stdlib/docker/command.cue | 178 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+), 16 deletions(-) delete mode 100644 stdlib/docker/client.cue create mode 100644 stdlib/docker/command.cue diff --git a/stdlib/docker/client.cue b/stdlib/docker/client.cue deleted file mode 100644 index 1810efd4..00000000 --- a/stdlib/docker/client.cue +++ /dev/null @@ -1,16 +0,0 @@ -package docker - -import ( - "dagger.io/alpine" -) - -// A container image to run the Docker client -#Client: alpine.#Image & { - package: { - bash: true - jq: true - curl: true - "openssh-client": true - "docker-cli": true - } -} diff --git a/stdlib/docker/command.cue b/stdlib/docker/command.cue new file mode 100644 index 00000000..00e6e11d --- /dev/null +++ b/stdlib/docker/command.cue @@ -0,0 +1,178 @@ +package docker + +import ( + "strconv" + + "dagger.io/alpine" + "dagger.io/dagger" + "dagger.io/dagger/op" +) + +// A container image that can run any docker command +#Command: { + ssh?: { + // ssh host + host: string @dagger(input) + + // ssh user + user: string @dagger(input) + + // ssh port + port: *22 | int @dagger(input) + + // private key + key: dagger.#Secret @dagger(input) + + // fingerprint + fingerprint?: string @dagger(input) + + // ssh key passphrase + keyPassphrase?: dagger.#Secret @dagger(input) + } + + // Command to execute + command: string @dagger(input) + + // Environment variables shared by all commands + env: { + [string]: string @dagger(input) + } + + // Mount content from other artifacts + mount: { + [string]: { + from: dagger.#Artifact + } | { + secret: dagger.#Secret + } @dagger(input) + } + + // Mount persistent cache directories + cache: [string]: true @dagger(input) + + // Mount temporary directories + tmpfs: [string]: true @dagger(input) + + // Additional packages to install + package: [string]: true | false | string @dagger(input) + + // Setup docker client and then execute the user command + #code: #""" + # Setup ssh + if [ -n "$DOCKER_HOSTNAME" ]; then + export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:$DOCKER_PORT" + + # Start ssh-agent + eval $(ssh-agent) > /dev/null + + # Add key + if [ -f "/key" ]; then + message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || { + >&2 echo "$message" + exit 1 + } + + # Save key + ssh-add /key > /dev/null + if [ "$?" != 0 ]; then + exit 1 + fi + fi + + if [[ ! -z $FINGERPRINT ]]; then + mkdir -p "$HOME"/.ssh + + # Add user's fingerprint to known hosts + echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts + else + # Add host to known hosts + ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1 + fi + fi + + # Execute entrypoint + /bin/bash /entrypoint.sh + """# + + #up: [ + op.#Load & { + from: alpine.#Image & { + package: { + bash: true + "openssh-client": true + "docker-cli": true + } + } + }, + + if ssh.keyPassphrase != _|_ { + op.#WriteFile & { + content: #""" + #!/bin/bash + cat /keyPassphrase + """# + dest: "/get_keyPassphrase" + mode: 0o500 + } + }, + + // Write wrapper + op.#WriteFile & { + content: #code + dest: "/setup.sh" + }, + + // Write entrypoint + op.#WriteFile & { + content: command + dest: "/entrypoint.sh" + }, + + op.#Exec & { + always: true + args: [ + "/bin/sh", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "/setup.sh", + ] + "env": { + env + + if ssh != _|_ { + DOCKER_HOSTNAME: ssh.host + DOCKER_USERNAME: ssh.user + DOCKER_PORT: strconv.FormatInt(ssh.port, 10) + if ssh.keyPassphrase != _|_ { + SSH_ASKPASS: "/get_keyPassphrase" + DISPLAY: "1" + } + if ssh.fingerprint != _|_ { + FINGERPRINT: ssh.fingerprint + } + } + } + "mount": { + if ssh != _|_ { + if ssh.key != _|_ { + "/key": secret: ssh.key + } + if ssh.keyPassphrase != _|_ { + "/keyPassphrase": secret: ssh.keyPassphrase + } + } + for dest, o in mount { + "\(dest)": o + } + for dest, _ in cache { + "\(dest)": "cache" + } + for dest, _ in tmpfs { + "\(dest)": "tmpfs" + } + } + }, + ] +} \ No newline at end of file From 8a2fc9aa7211f417915c5781de254048cc01ee4e Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Fri, 11 Jun 2021 09:53:14 +0200 Subject: [PATCH 2/3] Add docker.#Command tests Tests : - docker version with ssh - docker version with ssh and key passphrase - docker version with ass and wrong key passphrase Signed-off-by: Tom Chauveau --- .../.gitignore | 0 .../plan/command.cue | 26 ++++++++++++++++ .../values.yaml | 30 +++++++++++++++++++ .../.gitignore | 0 .../plan/command.cue | 26 ++++++++++++++++ .../values.yaml | 30 +++++++++++++++++++ .../.dagger/env/docker-command-ssh/.gitignore | 2 ++ .../env/docker-command-ssh/plan/command.cue | 24 +++++++++++++++ .../env/docker-command-ssh/values.yaml | 28 +++++++++++++++++ stdlib/docker/command.cue | 16 ++++++---- stdlib/universe.bats | 13 ++++++++ 11 files changed, 190 insertions(+), 5 deletions(-) rename stdlib/.dagger/env/{docker-run-ssh-passphrase => docker-command-ssh-key-passphrase}/.gitignore (100%) create mode 100644 stdlib/.dagger/env/docker-command-ssh-key-passphrase/plan/command.cue create mode 100644 stdlib/.dagger/env/docker-command-ssh-key-passphrase/values.yaml rename stdlib/.dagger/env/{docker-run-ssh-wrong-passphrase => docker-command-ssh-wrong-key-passphrase}/.gitignore (100%) create mode 100644 stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue create mode 100644 stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml create mode 100644 stdlib/.dagger/env/docker-command-ssh/.gitignore create mode 100644 stdlib/.dagger/env/docker-command-ssh/plan/command.cue create mode 100644 stdlib/.dagger/env/docker-command-ssh/values.yaml diff --git a/stdlib/.dagger/env/docker-run-ssh-passphrase/.gitignore b/stdlib/.dagger/env/docker-command-ssh-key-passphrase/.gitignore similarity index 100% rename from stdlib/.dagger/env/docker-run-ssh-passphrase/.gitignore rename to stdlib/.dagger/env/docker-command-ssh-key-passphrase/.gitignore diff --git a/stdlib/.dagger/env/docker-command-ssh-key-passphrase/plan/command.cue b/stdlib/.dagger/env/docker-command-ssh-key-passphrase/plan/command.cue new file mode 100644 index 00000000..a4532607 --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh-key-passphrase/plan/command.cue @@ -0,0 +1,26 @@ +package docker + +import ( + "dagger.io/dagger" + "dagger.io/docker" +) + +TestConfig: { + host: string @dagger(input) + user: string @dagger(input) + key: dagger.#Secret @dagger(input) + keyPassphrase: dagger.#Secret @dagger(input) +} + +TestSSH: client: docker.#Command & { + command: #""" + docker $CMD + """# + ssh: { + host: TestConfig.host + user: TestConfig.user + key: TestConfig.key + keyPassphrase: TestConfig.keyPassphrase + } + env: CMD: "version" +} diff --git a/stdlib/.dagger/env/docker-command-ssh-key-passphrase/values.yaml b/stdlib/.dagger/env/docker-command-ssh-key-passphrase/values.yaml new file mode 100644 index 00000000..0fd2285d --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh-key-passphrase/values.yaml @@ -0,0 +1,30 @@ +name: docker-command-ssh-key-passphrase +inputs: + TestConfig.host: + text: 143.198.64.230 + TestConfig.key: + secret: ENC[AES256_GCM,data:pXfs6sc+ObCWZC5wHTcOX3PJYh1KLIPeq+CggNIg2LZhUDQdFgUbzn/8Jo6mX2XMhcB3fkg4hzZ1WihnThL+2x6P23gnta6YYqBVhvnC1enmh28XfqGEmDnYjD7eM6ZK41a1Q6VxQ/SfJPL/01KmE0mlB+CAGxJ4BL314p2g05l3Sxnf4cfPU3s4MC+ZJNgumj5LcogMSh6pqP1EJBDgXcL7Eh7lVq5ua38oXXXJc5aq0O9HlN65ZRuwVjmkCLbP34Z2+91XDaKBUBkmzRjuaI20MZfJn+d0gx3cAiYoDxdhjsAa83T2q50CXw9j/HEiSSPRRfNxTcJajLvTnUWJ1Hm2j3D1ptmRikjntwqeDK8BObunvQOebxx3Iqc+iAi32oKF+nSLyBu/CbGagg/TylvZxW2Y1+ZzCz9oSUkTsyHWXV9QCvjV9oiawxiteTEu/ODXmiCNU1tOlyIYT/6dAGFV2M+oaKWwEQ0gDdOO3y7Yf5Om3y6fLbTI2QKy3c0ZZdr/LRIEdMyt4OWn7ivvP4axXiZUkQjDUq+umgXV+lfdOKn+/sQ4wpkeZNe/udSHMs3rV+zEwN33zaLh7bfoUGnBxpXEs8aAU7/8zX/Jz3s=,iv:HkRMWpV/KlEdVdS7rhZXHuF40mks6KPYW4VzB7CvWuw=,tag:K58zcFb+4TgOKUn+4q/8CA==,type:str] + TestConfig.keyPassphrase: + secret: ENC[AES256_GCM,data:sD67l42Fqx8=,iv:PADCLxwy/eIwDLC0k2NUJYOTTrgFvra0EIKr0HvZpZg=,tag:ei88VxuqVBvz9ZLNhighQg==,type:str] + TestConfig.user: + text: daggerci +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnYUJSamRXak9ob2p4OGll + NW9FczZBeVZRR25tQkUxWExrSVFTOUgrN25rCi9PWVY1dk4rSUN2Y3FIMmVkM01Q + cWdhQWxDY2JwOGUyOWpFYzR3aWM5NUUKLS0tIE0wUmt0b3hSQkVGM1RDOUxxUDJF + cW1kbGZveVlkQkJDL2xYbmFRNjZEK0UKrSrOB/RL5lki54j4GUCE2G3CCO/8jpMU + jfYkl7Yowb7kK3kKSNWORhB4ne3MEeGRZpJC8cvH7zjGvt/YYeU14A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-06-10T10:28:49Z" + mac: ENC[AES256_GCM,data:EWeThEa/5eP0GQNJF7RC1mniejmnn0XNyoipkuiGdEaWcauuVUnHWzV58J/F82NQeiYr8JsFkDrz1rju4yynV51gAAf2kupE6DJDOjmh9O1O9SCMjP7iEvDwW2Tznjq6oXO8r3qVEf86vmIDnhnCINbrOKCPI/j83BtfwC0w1mw=,iv:KX0yZFUSJgZGkZ7jFBueySt2c6T4/r9/5PIK0Dyw2LU=,tag:ZCt1ZbL0mDREQZ9mQ2PR6Q==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/.gitignore b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/.gitignore similarity index 100% rename from stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/.gitignore rename to stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/.gitignore diff --git a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue new file mode 100644 index 00000000..a4532607 --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue @@ -0,0 +1,26 @@ +package docker + +import ( + "dagger.io/dagger" + "dagger.io/docker" +) + +TestConfig: { + host: string @dagger(input) + user: string @dagger(input) + key: dagger.#Secret @dagger(input) + keyPassphrase: dagger.#Secret @dagger(input) +} + +TestSSH: client: docker.#Command & { + command: #""" + docker $CMD + """# + ssh: { + host: TestConfig.host + user: TestConfig.user + key: TestConfig.key + keyPassphrase: TestConfig.keyPassphrase + } + env: CMD: "version" +} diff --git a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml new file mode 100644 index 00000000..12c38e6d --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml @@ -0,0 +1,30 @@ +name: docker-command-ssh-wrong-key-passphrase +inputs: + TestConfig.host: + text: 143.198.64.230 + TestConfig.key: + secret: ENC[AES256_GCM,data:dbIEUHadOTOdPrmMAgyLGMdIY+FuyWZvv4mRyjr+BbLZavl7/fH6abiQFpPY0x3960iqPB+wEM6wG+VPDivHTj1QRVMGPIV8ZGrfeR/mfeDuaKXDttkWgRN8vyHOZ+oKnI22913tvK59gNbJX8fR0wPfqOCEWbzy+bRBh/bVH//CMwCoSU+v2rZwAqOnGyXCyeGbp+wo5xMufv+Dosgb4uhFk1CPQJfKfBJVMf1EJS0e9/P8GS5UUjevR9eeRnCJ7kdHu26b3lwAHhPWv72O/yuOIKItrgMkSuHz2H2BFdgt5xq/h/SfrONMwymg8+oEiuS3n1C8ZBv8I4RE5XF6GX/xWb9dZJLctbi6oBELtvKXhswnB0PWSK1OXMgrJ5yYFeBPpaBptRBxl0AJhOG92K6xM9O0cRxAT+vtz0zvJ7gIQDZtngcTTS+IMN6Kgmx4daW5x14FbRJRGKKqU+PHeUW2XpN70IwkWXZfLs445O9w8teayPUu3KePZJo8eLkVpWJIyVUnrk/5VIREV8EYZzRFUwTtwYSTefGycPfjz2L01xQR0fn55DxJpcLpCLqjGRhWHQE6Wn4j6aXyzbOXHMIYgw+Rx1egjszdKzgCWaA=,iv:CZyN1UCE0nI2/ch5O7kerfYBbCgoJX+dPvh5dRO3cxc=,tag:hwBmnOdC8Na0dwyUCU3QDw==,type:str] + TestConfig.keyPassphrase: + secret: ENC[AES256_GCM,data:LM8qBQ1uZHVA,iv:z4MOKWy9owo69oy8Z4Gmd7fT7uXMR/Sp2qgM38wjWM4=,tag:WwZt3WtlROY3+j2LG8M39w==,type:str] + TestConfig.user: + text: daggerci +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2U0w2S2luTlJNbGhnd3FY + dmp4K2t6ZWR1Q1dYNCsvRWhZRkl4UWFoVEhRCmZHUHNBVW5LZEl1ckpGQmJlZEVP + LzEweFZrbWZoMDhBbGQ3eXdrbGtoNzAKLS0tIEhoWXZidi9yejFjaTlCOGo4Q1Bl + R2tNU2JJWHFQTmhnUDd6eE13UUhQazgK+OQ50Q3+S5Fn2Y132ZeDrgUKWPcAk+et + q8ppfZiPOtH4p6MwboSuh/vaTAAsxks7ctnqnU1pY+EHfnp8bHYHgQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-06-10T15:09:45Z" + mac: ENC[AES256_GCM,data:axraLjtO6zs1Zo2UVcrxJqLHlQea1pBcGCwCxIp43vw+L07haNtuqf0lJ5SL9XfB/yGjYtykP+Ld1evbgnUT4nqxRuHkN2NgHshmrytdptnOKCuTqE4sYWRt5Nny2linXmsqAYS9HAw8htw0DOjFUDruIAITjVLb8/sSgvS7wb4=,iv:Ahqguwy+9gmIzUMxDLzf9JuNybst+cMabfDciL5ZeJ4=,tag:EggVqFtbqLjMyHhrmqY1Ug==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/stdlib/.dagger/env/docker-command-ssh/.gitignore b/stdlib/.dagger/env/docker-command-ssh/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/stdlib/.dagger/env/docker-command-ssh/plan/command.cue b/stdlib/.dagger/env/docker-command-ssh/plan/command.cue new file mode 100644 index 00000000..1767faac --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh/plan/command.cue @@ -0,0 +1,24 @@ +package docker + +import ( + "dagger.io/dagger" + "dagger.io/docker" +) + +TestConfig: { + host: string @dagger(input) + user: string @dagger(input) + key: dagger.#Secret @dagger(input) +} + +TestSSH: client: docker.#Command & { + command: #""" + docker $CMD + """# + ssh: { + host: TestConfig.host + user: TestConfig.user + key: TestConfig.key + } + env: CMD: "version" +} diff --git a/stdlib/.dagger/env/docker-command-ssh/values.yaml b/stdlib/.dagger/env/docker-command-ssh/values.yaml new file mode 100644 index 00000000..9f4c8d1e --- /dev/null +++ b/stdlib/.dagger/env/docker-command-ssh/values.yaml @@ -0,0 +1,28 @@ +name: docker-command-ssh +inputs: + TestConfig.host: + text: 143.198.64.230 + TestConfig.key: + secret: ENC[AES256_GCM,data:gb2yFGdX3oqjPpQmqn3gr0hqLAHMFBhzLEHI5Bi+VN5Op/SCSjfA5yEC0Olb/Brzssjp0i6PIPBPPwW+Pj/gDuSR6CqzGlAkF1Pz/Ks6R0zqWkcR0gFImXrfRzeflgpGagPBgPsRBtPcoY7WqJQ1Lue46cJe7OTNPRT+X9oDek7mk9ZiIpJCUQQVN0+alWStOPYuTjRlqcSfao+B6hnC2fMtcCWpVxz9Sj8UpSwX4EHLU5GsHr8ioD+BP7BCPlhP/aSKu1iwMaiMo6zRn6V+GtSGX4JrwN53CYSjGxi1g9RiFMCFxcWsDVA+hCnzAdzO3pMEmTL5xHZ9MoMLbOwEhN3Rnh+HX61uTq2DRfqGhKGtjXjcewOxb0NezGCj93Y0ov2TtBBo7wjYEi0AmI3ljCwoq9EDRYKg1a/w79FpGVpqoomd4XrJYbqP0SnHO0ZrsSLqKmqdIoDYbfxR7zprQQsN0ENOdDVf9WdTnHSJMSC5MTmyqAOogKZN1nNzW5LJQ2i0JUt1jl322RzdQ+brBLWiohVfenCy/23l,iv:gceSEfG6Eu2Pc9+JZpH0CLITNVnYFyN21drPneu15wk=,tag:zmYtioa5LTPZrSeFNmaBvg==,type:str] + TestConfig.user: + text: daggerci +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSU5uMDBNdDEzQXFsb2ZS + VDRDai9yOHFPSnI4dXhDY0FUcXVkRXdMMXdBCnhSTER5bEJRRDNZbStVTTk5d2FN + MUxkM1JpQ3NHa3B4MHlnZ1dDU1RoS2cKLS0tIE9Xa1ovQkRSZlBZMjZlZi9OUGhG + UEpoZy9HZUlHOVV3M05OSkZQS1l6aXcK3NfBITvd6la6nkcIzqH69xfv9RR0Jm7x + vU5FvGROK3Z0ZR8NNXAtNH6VQQ21TDD2MOXWOVvjnIAAOVNEyc1amA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-06-10T10:32:51Z" + mac: ENC[AES256_GCM,data:4npSJpiOpaYIFig5AB4mhVheKhS7VtP65PCPamsg9qLKmTefdFvby6mcMrtghlbmYb/78I2UlA09UMDtO2y7N9vtD1p+xdu3Tz/iD1zJpRpARIyOCEuI7L1jDBeC/jnA0C9JcEQ6hTH6YTXtqxTjE49Uu8KCj4nsUPRIKYVdaYM=,iv:+3mNHpXYjFCbuYKnDnmqGishNhchH9OpeLclPqrZ3Wg=,tag:+xC34ClE6a1/vx35m3vp1g==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/stdlib/docker/command.cue b/stdlib/docker/command.cue index 00e6e11d..d9352e6b 100644 --- a/stdlib/docker/command.cue +++ b/stdlib/docker/command.cue @@ -41,20 +41,26 @@ import ( // Mount content from other artifacts mount: { [string]: { - from: dagger.#Artifact + from: dagger.#Artifact } | { secret: dagger.#Secret } @dagger(input) } // Mount persistent cache directories - cache: [string]: true @dagger(input) + cache: { + [string]: true @dagger(input) + } // Mount temporary directories - tmpfs: [string]: true @dagger(input) + tmpfs: { + [string]: true @dagger(input) + } // Additional packages to install - package: [string]: true | false | string @dagger(input) + package: { + [string]: true | false | string @dagger(input) + } // Setup docker client and then execute the user command #code: #""" @@ -175,4 +181,4 @@ import ( } }, ] -} \ No newline at end of file +} diff --git a/stdlib/universe.bats b/stdlib/universe.bats index cb041f53..0b408338 100644 --- a/stdlib/universe.bats +++ b/stdlib/universe.bats @@ -28,6 +28,19 @@ setup() { dagger -e docker-run-local up } +@test "docker command: ssh" { + dagger -e docker-command-ssh up +} + +@test "docker command: ssh with key passphrase" { + dagger -e docker-command-ssh-key-passphrase up +} + +@test "docker command: ssh with wrong key passphrase" { + run dagger -e docker-command-ssh-wrong-key-passphrase up + assert_failure +} + @test "docker run: ssh" { dagger -e docker-run-ssh up } From b8a97fb6e73d7a80737789b07a03dfe5d0ec8a96 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Fri, 11 Jun 2021 19:01:33 +0200 Subject: [PATCH 3/3] Update docker.#Run definition and tests Signed-off-by: Tom Chauveau --- docs/reference/universe/docker.md | 32 ++++-- .../plan/command.cue | 3 +- .../values.yaml | 6 +- .../plan/passphrase.cue | 32 ------ .../env/docker-run-ssh-passphrase/values.yaml | 30 ----- .../plan/wrong-passphrase.cue | 32 ------ .../values.yaml | 30 ----- stdlib/docker/docker.cue | 104 ++---------------- stdlib/universe.bats | 17 +-- 9 files changed, 38 insertions(+), 248 deletions(-) delete mode 100644 stdlib/.dagger/env/docker-run-ssh-passphrase/plan/passphrase.cue delete mode 100644 stdlib/.dagger/env/docker-run-ssh-passphrase/values.yaml delete mode 100644 stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/plan/wrong-passphrase.cue delete mode 100644 stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/values.yaml diff --git a/docs/reference/universe/docker.md b/docs/reference/universe/docker.md index 5516e911..2b1cd51b 100644 --- a/docs/reference/universe/docker.md +++ b/docs/reference/universe/docker.md @@ -18,15 +18,17 @@ Build a Docker image from source, using included Dockerfile _No output._ -## #Client +## #Command -A container image to run the Docker client +A container image that can run any docker command -### #Client Inputs +### #Command Inputs -_No input._ +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*command* | `string` |Command to execute | -### #Client Outputs +### #Command Outputs _No output._ @@ -78,13 +80,19 @@ _No output._ ### #Run Inputs -| Name | Type | Description | -| ------------- |:-------------: |:-------------: | -|*ssh.host* | `string` |ssh host | -|*ssh.user* | `string` |ssh user | -|*ssh.port* | `*22 \| int` |ssh port | -|*ssh.key* | `dagger.#Secret` |private key | -|*ref* | `string` |Image reference (e.g: nginx:alpine) | +| Name | Type | Description | +| ------------- |:-------------: |:-------------: | +|*ssh.host* | `string` |ssh host | +|*ssh.user* | `string` |ssh user | +|*ssh.port* | `*22 \| int` |ssh port | +|*ssh.key* | `dagger.#Secret` |private key | +|*ref* | `string` |Image reference (e.g: nginx:alpine) | +|*run.ssh.host* | `string` |ssh host | +|*run.ssh.user* | `string` |ssh user | +|*run.ssh.port* | `*22 \| int` |ssh port | +|*run.ssh.key* | `dagger.#Secret` |private key | +|*run.command* | `"""\n # Run detach container\n OPTS=""\n \n if [ ! -z "$CONTAINER_NAME" ]; then\n \tOPTS="$OPTS --name $CONTAINER_NAME"\n fi\n \n docker container run -d $OPTS "$IMAGE_REF"\n """` |Command to execute | +|*run.env.IMAGE_REF* | `string` |- | ### #Run Outputs diff --git a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue index a4532607..91f82ea4 100644 --- a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue +++ b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/plan/command.cue @@ -14,7 +14,7 @@ TestConfig: { TestSSH: client: docker.#Command & { command: #""" - docker $CMD + docker version """# ssh: { host: TestConfig.host @@ -22,5 +22,4 @@ TestSSH: client: docker.#Command & { key: TestConfig.key keyPassphrase: TestConfig.keyPassphrase } - env: CMD: "version" } diff --git a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml index 12c38e6d..c9d72a06 100644 --- a/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml +++ b/stdlib/.dagger/env/docker-command-ssh-wrong-key-passphrase/values.yaml @@ -5,7 +5,7 @@ inputs: TestConfig.key: secret: ENC[AES256_GCM,data:dbIEUHadOTOdPrmMAgyLGMdIY+FuyWZvv4mRyjr+BbLZavl7/fH6abiQFpPY0x3960iqPB+wEM6wG+VPDivHTj1QRVMGPIV8ZGrfeR/mfeDuaKXDttkWgRN8vyHOZ+oKnI22913tvK59gNbJX8fR0wPfqOCEWbzy+bRBh/bVH//CMwCoSU+v2rZwAqOnGyXCyeGbp+wo5xMufv+Dosgb4uhFk1CPQJfKfBJVMf1EJS0e9/P8GS5UUjevR9eeRnCJ7kdHu26b3lwAHhPWv72O/yuOIKItrgMkSuHz2H2BFdgt5xq/h/SfrONMwymg8+oEiuS3n1C8ZBv8I4RE5XF6GX/xWb9dZJLctbi6oBELtvKXhswnB0PWSK1OXMgrJ5yYFeBPpaBptRBxl0AJhOG92K6xM9O0cRxAT+vtz0zvJ7gIQDZtngcTTS+IMN6Kgmx4daW5x14FbRJRGKKqU+PHeUW2XpN70IwkWXZfLs445O9w8teayPUu3KePZJo8eLkVpWJIyVUnrk/5VIREV8EYZzRFUwTtwYSTefGycPfjz2L01xQR0fn55DxJpcLpCLqjGRhWHQE6Wn4j6aXyzbOXHMIYgw+Rx1egjszdKzgCWaA=,iv:CZyN1UCE0nI2/ch5O7kerfYBbCgoJX+dPvh5dRO3cxc=,tag:hwBmnOdC8Na0dwyUCU3QDw==,type:str] TestConfig.keyPassphrase: - secret: ENC[AES256_GCM,data:LM8qBQ1uZHVA,iv:z4MOKWy9owo69oy8Z4Gmd7fT7uXMR/Sp2qgM38wjWM4=,tag:WwZt3WtlROY3+j2LG8M39w==,type:str] + secret: ENC[AES256_GCM,data:RZK8tx7PZaYtmg==,iv:yFXA8CROxAbrhz/i3PQHeqCFh4rMo+GHITpVxfAOkdo=,tag:Ep1J0nazTcc8EjHP6GbwAQ==,type:str] TestConfig.user: text: daggerci sops: @@ -23,8 +23,8 @@ sops: R2tNU2JJWHFQTmhnUDd6eE13UUhQazgK+OQ50Q3+S5Fn2Y132ZeDrgUKWPcAk+et q8ppfZiPOtH4p6MwboSuh/vaTAAsxks7ctnqnU1pY+EHfnp8bHYHgQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-06-10T15:09:45Z" - mac: ENC[AES256_GCM,data:axraLjtO6zs1Zo2UVcrxJqLHlQea1pBcGCwCxIp43vw+L07haNtuqf0lJ5SL9XfB/yGjYtykP+Ld1evbgnUT4nqxRuHkN2NgHshmrytdptnOKCuTqE4sYWRt5Nny2linXmsqAYS9HAw8htw0DOjFUDruIAITjVLb8/sSgvS7wb4=,iv:Ahqguwy+9gmIzUMxDLzf9JuNybst+cMabfDciL5ZeJ4=,tag:EggVqFtbqLjMyHhrmqY1Ug==,type:str] + lastmodified: "2021-06-11T16:09:47Z" + mac: ENC[AES256_GCM,data:RTbDkgxWqVa4kgJPXny9u9hfwF1NG3g9L/6P2P44KE97yNdoxuAkuU1hs6DiATl4hgeck7p56gWLeUTeGAi+llMDqOodmSQEtD/XZvvdmyh4J+09+jg9QRwSL54xNR4Q83YBWy5PZm+hyYQdVl9H3omMCrdO78ydYXPSdDnRk3I=,iv:crEuUK+jQ6QBrf/Dxouu9+I3VXdZazKnHJ1g5JZLD0E=,tag:ymExWezKBTowuH4pugiQ/g==,type:str] pgp: [] encrypted_suffix: secret version: 3.7.1 diff --git a/stdlib/.dagger/env/docker-run-ssh-passphrase/plan/passphrase.cue b/stdlib/.dagger/env/docker-run-ssh-passphrase/plan/passphrase.cue deleted file mode 100644 index 750d5c5d..00000000 --- a/stdlib/.dagger/env/docker-run-ssh-passphrase/plan/passphrase.cue +++ /dev/null @@ -1,32 +0,0 @@ -package main - -import ( - "dagger.io/docker" - "dagger.io/dagger" - "dagger.io/random" -) - -TestConfig: { - host: string @dagger(input) - user: string @dagger(input) - key: dagger.#Secret @dagger(input) - passphrase: dagger.#Secret @dagger(input) -} - -TestRun: { - suffix: random.#String & { - seed: "" - } - - run: docker.#Run & { - ref: "hello-world" - name: "daggerci-test-ssh-passphrase-\(suffix.out)" - - ssh: { - host: TestConfig.host - user: TestConfig.user - key: TestConfig.key - keyPassphrase: TestConfig.passphrase - } - } -} diff --git a/stdlib/.dagger/env/docker-run-ssh-passphrase/values.yaml b/stdlib/.dagger/env/docker-run-ssh-passphrase/values.yaml deleted file mode 100644 index e379697c..00000000 --- a/stdlib/.dagger/env/docker-run-ssh-passphrase/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: docker-run-ssh-passphrase -inputs: - TestConfig.host: - text: 143.198.64.230 - TestConfig.key: - secret: ENC[AES256_GCM,data:iSpHfMuEYSmLagYZieJSMPvVhNBYjirZRennHJUOgVv4tkQa7wDyXUgSKqEhNxaL8w5ETPJwQ3vQRpXX4B/bZrtogwkGkFIhHLqsQvaRaTzIUtGarIB1ePgfgAhfXPxQwvxdmspsltdJTb3m3sg6aHOf17U2Czxhm4TfYOl+La2z1MCTFCq/d6QVOVJDtxwqyNQma/gDYG6wrbQC8KAu6+8VomuaIg9K6q8GU87oKT6eXoTMMj1DAkjKI9psihP6+GRefepZCHv2uOZHIHCrosnFzbJA7Ui9plFH9SCj29svjD4Dt7lZdoWUNPVKfnKZvXE6DfQQU42PB55EKF1ygRQTuGu89KZK5bPZKXMwVD8bV2rcvQAElmigEzuZQEdWdimOtAHBWsDmybIqHZmoq31Y1PHvrGlV5/413lkh53XJT98dLcMeBHZvxZY9HoWcYOvec+oxrwpbABrGXDEpPC7U5Z/LQ18vPj5BWkKuvhmWdGh+SeAKp19kDHlYJLRuBQvDDzpniMAfhcKr1C5VE6vqusoQ9BtXGfOy0ypGJKXq6NSywXxeeD/D0AwvMJIVvpdsQCzLLd9eiwHcY8VbUHub4AIjYLz51in9wJWtM3g=,iv:FnbOqwiJLLrgyOdOJnt5ap+MSleQtb+h4kzZYH5FCnE=,tag:g1Y0O9zUxeHin8gjGcyO+g==,type:str] - TestConfig.passphrase: - secret: ENC[AES256_GCM,data:C56QpBGR1zc=,iv:TE+Emj96cxno141uaAhQ4xp71ecBA8DmHR6WUZn+Q0Q=,tag:ZarNOVhA2agB0UbToFbtfw==,type:str] - TestConfig.user: - text: daggerci -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXV3E3c3h4R0xKcnB5YUo5 - eUdkeTZUbjZ4SU9VOTdEVzVPL296ZzRQMVNZCkMxblZKTXE0TDdhdy9PVk1sQ015 - VWxxNjlLc2RMdUxFV3FrbVJMYk9KRzQKLS0tIHNGeXIvY3M5MTNHM05XTmNESkpZ - ZXAwa1h2aEhGRGpwVTJzKy9EZGhQb0kKSYnRAiRh7b2LViajHk46ct94PVLHDajC - oaUPwzy4bIMI9UXGobkstC5ObmY3ba+jcPRy6c9moniL+iigZ8YglA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-06-09T20:14:54Z" - mac: ENC[AES256_GCM,data:ujrtYlsNtf58NNFjixESyUaqG4sM0Li6LjCCc16xhRMtepo7pdc85f8zqAU2II97EXW/DG0Cf9SKOejbRw7u+ZwtlssjFN//1BmbZzKTYE78KUNDfZjRAr1KQHjabug8iGpjmBpRs3UZ3gozQPoHPjRw7CZDzr+tV3mQ3N0qhUA=,iv:lJHb4UYnEc2T9jR24dRnCJ9/nmT5OY8jhrsc9LkhyNg=,tag:7F65O5IovHEaaFfomcS/6g==,type:str] - pgp: [] - encrypted_suffix: secret - version: 3.7.1 diff --git a/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/plan/wrong-passphrase.cue b/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/plan/wrong-passphrase.cue deleted file mode 100644 index 05c40688..00000000 --- a/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/plan/wrong-passphrase.cue +++ /dev/null @@ -1,32 +0,0 @@ -package main - -import ( - "dagger.io/docker" - "dagger.io/dagger" - "dagger.io/random" -) - -TestConfig: { - host: string @dagger(input) - user: string @dagger(input) - key: dagger.#Secret @dagger(input) - passphrase: dagger.#Secret @dagger(input) -} - -TestRun: { - suffix: random.#String & { - seed: "" - } - - run: docker.#Run & { - name: "daggerci-test-ssh-wrong-passphrase-\(suffix.out)" - ref: "hello-world" - - ssh: { - host: TestConfig.host - user: TestConfig.user - key: TestConfig.key - keyPassphrase: TestConfig.passphrase - } - } -} diff --git a/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/values.yaml b/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/values.yaml deleted file mode 100644 index 9cc3678b..00000000 --- a/stdlib/.dagger/env/docker-run-ssh-wrong-passphrase/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: docker-run-ssh-wrong-passphrase -inputs: - TestConfig,passphrase: - secret: ENC[AES256_GCM,data:HdlbbaOogb6G,iv:Q0D3w/bEtijvaEK2ac9zmj817x7xZM2OspTmPDVBJDg=,tag:i0iGhuqMng2spumFWve18Q==,type:str] - TestConfig.host: - text: 143.198.64.230 - TestConfig.key: - secret: ENC[AES256_GCM,data:83GxfuWdylQiJJF9sjOOkr9hBvSxgKEdATWeTej/xGgfPxbXm6gkPSPbZSG/Kl2IRHqsR8vbkPfMEL6FH/Y0yqEtPdf+Jl7a0E6L3coM0LW/xFY0WxBjp6D5HOI8p23rTvGGu+CKg5F38Bay2Oi6OdHGT4rsXZbT3uCCVYpbjNn00euXhCJ1w08WtDHhFUYgCbN5d84Pa7fIVR79wUmoi95/ekPsq89O6fXyI78cWzDcDll4fheqKIif8n/CAiEA96Bmb+ENaYuhPkfvQYJCPSmxixc51lr62JFZbM5iyFHW58qgsEQRPhqPg8DTqLVHP3QEUdrHptn8HfFHxlfi8zm9F3bzXGtHlVNMpYXrEVG/8TjdnpxXXm80U8oSryBkP3DglT/bmuDpO4wX0rjSwM+iwp3nqMMWp/ewLxV10rlWBiJkQaPB38If/zjRuoyuzWM46+4tzOTP0uYdzgbGbzcnnKJKvvFv0Rj8aG93vpL+RPnajnp+H3mPN9PsVPgLIpDroWxsozdQjwFUQZE5V2PeosNwW8QmXtnN8QtLwsahLu5BPQ8UAED7HLJwCKmwTXUkPaWB9FsMyg9QL75ih5vTpNjbZiRskWQbfe8Az30=,iv:SPwVKo+7tbSqnEwxysPd8MCkmZwZq3gf8FfbnDjvieo=,tag:zyYfz/3uGPZ4Iuc1OEQk+A==,type:str] - TestConfig.user: - text: daggerci -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWjNjVWhSUnNuS2xaWFR2 - Tm12UFg3elE0MUhILzJ0TkppQzR1VzZiUUMwClBwbncrR2VYVmxlZ09OUk1qV2tE - dURUZG1QVGZLdWM5WFlIQkF2UFB1YkUKLS0tIGFkN1VCajdkcHJRUk1YODBaWDFF - cm02K1NEenRnL25zc3RtaXd6SlA0UXcKFq38uYqZWvSlTOaisnhnQ+Mhbcv+ZifE - Mdxhq5w+Cdj+XhwbZ8UnnRInckD3UKovxAHV3kTSdXf54/QKn5TLVw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-06-09T20:15:05Z" - mac: ENC[AES256_GCM,data:+TLvTAkn2gMOxpcKhH0lvTBau/0xdgg/H9++2x0faYOA4CTLB6SzvUUvTGhrN0Z7Vut7suYPdOR4xHypfggJ6aiCmZ9PeXTwoO6F8ycAQ7TPFdBafHO61OV1fRb87X79hRU8SaKPIWrDF786lcHDGcMYkcoqyWsXDYloAEpL2t0=,iv:KYNpHruxv+l5LUqeYjXhF6cmblj70WSHlCZzlIRn7lo=,tag:ASxWqdkYtU9AyQ4aGyzL2w==,type:str] - pgp: [] - encrypted_suffix: secret - version: 3.7.1 diff --git a/stdlib/docker/docker.cue b/stdlib/docker/docker.cue index b2730cd8..9d7bbdb2 100644 --- a/stdlib/docker/docker.cue +++ b/stdlib/docker/docker.cue @@ -1,8 +1,6 @@ package docker import ( - "strconv" - "dagger.io/dagger" "dagger.io/dagger/op" ) @@ -78,38 +76,7 @@ import ( secret: dagger.#Secret } @dagger(input) - #code: #""" - if [ -n "$DOCKER_HOSTNAME" ]; then - export DOCKER_HOST="ssh://$DOCKER_USERNAME@$DOCKER_HOSTNAME:$DOCKER_PORT" - - # Start ssh-agent - eval $(ssh-agent) > /dev/null - - # Add key - if [ -f "/key" ]; then - message="$(ssh-keygen -y -f /key < /dev/null 2>&1)" || { - >&2 echo "$message" - exit 1 - } - - ssh-add /key > /dev/null - if [ "$?" != 0 ]; then - exit 1 - fi - fi - - if [[ ! -z $FINGERPRINT ]]; then - mkdir -p "$HOME"/.ssh - - # Add user's fingerprint to known hosts - echo "$FINGERPRINT" >> "$HOME"/.ssh/known_hosts - else - # Add host to known hosts - ssh -i /key -o "UserKnownHostsFile "$HOME"/.ssh/known_hosts" -o "StrictHostKeyChecking accept-new" -p "$DOCKER_PORT" "$DOCKER_USERNAME"@"$DOCKER_HOSTNAME" /bin/true > /dev/null 2>&1 - fi - fi - - + #command: #""" # Run detach container OPTS="" @@ -120,67 +87,16 @@ import ( docker container run -d $OPTS "$IMAGE_REF" """# - #up: [ - op.#Load & {from: #Client}, - - if registry != _|_ { - op.#DockerLogin & {registry} - }, - - if ssh.keyPassphrase != _|_ { - op.#WriteFile & { - content: #""" - #!/bin/bash - cat /passphrase - """# - dest: "/get_passphrase" - mode: 0o500 + run: #Command & { + "ssh": ssh + command: #command + env: { + IMAGE_REF: ref + if name != _|_ { + CONTAINER_NAME: name } - }, - - op.#WriteFile & { - content: #code - dest: "/entrypoint.sh" - }, - - op.#Exec & { - always: true - args: [ - "/bin/sh", - "--noprofile", - "--norc", - "-eo", - "pipefail", - "/entrypoint.sh", - ] - env: { - IMAGE_REF: ref - if ssh != _|_ { - DOCKER_HOSTNAME: ssh.host - DOCKER_USERNAME: ssh.user - DOCKER_PORT: strconv.FormatInt(ssh.port, 10) - if ssh.keyPassphrase != _|_ { - SSH_ASKPASS: "/get_passphrase" - DISPLAY: "1" - } - if ssh.fingerprint != _|_ { - FINGERPRINT: ssh.fingerprint - } - } - if name != _|_ { - CONTAINER_NAME: name - } - } - mount: { - if ssh.key != _|_ { - "/key": secret: ssh.key - } - if ssh.keyPassphrase != _|_ { - "/passphrase": secret: ssh.keyPassphrase - } - } - }, - ] + } + } } // Build a Docker image from the provided Dockerfile contents diff --git a/stdlib/universe.bats b/stdlib/universe.bats index 0b408338..b9ecc22f 100644 --- a/stdlib/universe.bats +++ b/stdlib/universe.bats @@ -29,31 +29,22 @@ setup() { } @test "docker command: ssh" { - dagger -e docker-command-ssh up + dagger -e docker-command-ssh up } @test "docker command: ssh with key passphrase" { - dagger -e docker-command-ssh-key-passphrase up + dagger -e docker-command-ssh-key-passphrase up } @test "docker command: ssh with wrong key passphrase" { - run dagger -e docker-command-ssh-wrong-key-passphrase up - assert_failure + run dagger -e docker-command-ssh-wrong-key-passphrase up + assert_failure } @test "docker run: ssh" { dagger -e docker-run-ssh up } -@test "docker run: ssh with passphrase" { - dagger -e docker-run-ssh-passphrase up -} - -@test "docker run: ssh with wrong passphrase" { - run dagger -e docker-run-ssh-wrong-passphrase up - assert_failure -} - @test "google cloud: gcr" { dagger -e google-gcr up }