Add test to universe

Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>

stdlib/.dagger/env/aws-eks/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/aws-eks/plan/eks.cue

@@ -0,0 +1,53 @@
+package eks
+
+import (
+	"dagger.io/aws"
+	"dagger.io/aws/eks"
+	"dagger.io/kubernetes"
+	"dagger.io/dagger/op"
+)
+
+TestConfig: awsConfig: aws.#Config & {
+	region: "us-east-2"
+}
+
+TestCluster: eks.#KubeConfig & {
+	config:      TestConfig.awsConfig
+	clusterName: *"dagger-example-eks-cluster" | string
+}
+
+TestEks: {
+	#GetPods:
+		"""
+			kubectl get pods -A
+			"""
+
+	#up: [
+		op.#Load & {
+			from: kubernetes.#Kubectl
+		},
+
+		op.#WriteFile & {
+			dest:    "/kubeconfig"
+			content: TestCluster.kubeconfig
+		},
+
+		op.#WriteFile & {
+			dest:    "/getPods.sh"
+			content: #GetPods
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/getPods.sh",
+			]
+			env: KUBECONFIG: "/kubeconfig"
+		},
+	]
+}

stdlib/.dagger/env/aws-eks/values.yaml

@@ -0,0 +1,28 @@
+plan:
+    module: .dagger/env/aws-eks/plan
+name: aws-eks
+inputs:
+    TestConfig.awsConfig.accessKey:
+        secret: ENC[AES256_GCM,data:ZiNdgkTZlOyWht2CDpmYKN+ViTE=,iv:wdRiBw65BgSia9z//tUDirkkhw9O29ZoerX6eZnYx9k=,tag:S/0i/fRtQJg4Qp7tmUK4ag==,type:str]
+    TestConfig.awsConfig.secretKey:
+        secret: ENC[AES256_GCM,data:ywvQiDE4gmM6KasYWOvX1FY/Lerg5TghgoYTq1AlXDRHNGzZtY3ClQ==,iv:HCXweaSKHLwEA8Mq4up/TUaV7YDtsRpBpwYD19Jh4iw=,tag:l2hmI9BsGiRyulh4yDn/hw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdWE4VlRMWGJ3WDExWkNl
+            S1dqU21uVXFjaXU5eWdKRmRCUXFCd2ZaTjNrCjlkNXI3WUdnRGVibmZkbXJYaEV4
+            SXIveGNDNnZ6dDM4SjdrMmZIZVhyVzAKLS0tIGkzK0tMTTdHU2lacmtvakUwbGFE
+            M3U4UFV5REQzYko3QjlXVE02Z0J4WUkK8uHC67Mutls4drXbCi8AwuFqbRXeb69P
+            ZnOFZEB4NoayoOojr1mY9ssDTywHF4KwR4E9ZmJ3V3hlEAgMkqfvSA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-17T18:46:34Z"
+    mac: ENC[AES256_GCM,data:B+WtEMOKXy8AT/YTUaKZ9aA8fQRt2pJp3IaABpj0oYI1vCG953MnDCIxj0j2bTQN5gyaFPF8UQ1o/pRJzCKhm26wbCByUrVdHxHTwoJ7arDqQGwcNKYAuQjLtMG7gsl0BqjCg0oKO5YEa24BqHVf1dEo9AcXd6LBwqvxVjmd98g=,iv:aWxj1Oq6wmUYuWnGOc2zIpzOYJVyXV9qSzBgF+iGsHI=,tag:Bx1A8UxghYq97wEdUxbmdg==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/.dagger/env/docker-build/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/docker-build/plan/dockerfile.cue

@@ -0,0 +1,57 @@
+package docker
+
+import (
+	"dagger.io/dagger"
+	"dagger.io/dagger/op"
+	"dagger.io/docker"
+)
+
+TestSourceBuild: dagger.#Artifact @dagger(input)
+
+TestBuild: {
+	image: docker.#Build & {
+		source: TestSourceBuild
+	}
+
+	verify: #up: [
+		op.#Load & {
+			from: image
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+						grep -q "test" /test.txt
+					""",
+			]
+		},
+	]
+}
+
+TestSourceImageFromDockerfile: dagger.#Artifact @dagger(input)
+
+TestImageFromDockerfile: {
+	image: docker.#ImageFromDockerfile & {
+		dockerfile: """
+				FROM alpine
+				COPY test.txt /test.txt
+			"""
+		context: TestSourceImageFromDockerfile
+	}
+
+	verify: #up: [
+		op.#Load & {
+			from: image
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", """
+						grep -q "test" /test.txt
+					""",
+			]
+		},
+	]
+}

stdlib/.dagger/env/docker-build/values.yaml

@@ -0,0 +1,30 @@
+plan:
+    module: .dagger/env/docker-build/plan
+name: docker-build
+inputs:
+    TestSourceBuild:
+        dir:
+            path: ./docker/testdata/build
+    TestSourceImageFromDockerfile:
+        dir:
+            path: ./docker/testdata/dockerfile
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TXlFYWNvUldMdlRtWkEz
+            SlBEYUY1Q0thbFdSZGpaT00xQ2Jkc1J2WkdJClBXUGVTamdmZU1KNUdjam9HN0Zl
+            RjRQbVRHVjR6S3RCWlJLaElaM2ZWVG8KLS0tIDJJejFkQkxYeDdHcWdPS0p0QmJ0
+            Mm5vT1dHbFViK2ZIakNnVkZTd2lhUHMK63jJsJVLJMbQE2NkAB8qv8JnPHpvcNes
+            z17EJgl0lCLqeNHtfrTfSiIP4wq8gNLK4avCKK+WGDOIMsXPzK6RNw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-17T20:14:11Z"
+    mac: ENC[AES256_GCM,data:hlc0Bnfeoor/WKMbQRgTalkxngL0YXTwHAys/moXZ4ZMGd2lt+j4l4EkKSjb3QrJfPllCeqroohLKtN+lP4K9fSCMcfYzic2DTEP68rPwufmrgxys1snOHHgIEfqogL8p55fJdXn91x+WHhPNkbWaaH0WcboYsy0zemUIkjb+xc=,iv:8oUeR1dfT4lrVWyJpGPPFa/jlPgWA/ld3UM9Cw2znxk=,tag:59RyiXwzJ5j+c5faxs9U3w==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/.dagger/env/git/values.yaml

@@ -1,3 +1,5 @@
+plan:
+    module: .dagger/env/git/plan
 name: git
 sops:
     kms: []
@@ -14,8 +16,8 @@ sops:
             TmhJNisyamw3d244aGVJSEVFVUVLZGsKvd+nowA0CLXQbdvyI4J0lBjs9vdISWlo
             gGvR49uul3Z8raVWXFUzsyQ8xTvYNg0ovynFG2KdagSKr1DlhKMBEQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2021-06-15T14:34:51Z"
+    lastmodified: "2021-06-18T16:23:23Z"
-    mac: ENC[AES256_GCM,data:phQpRQlHv9c3VRcqZ7OkSfW4a9oPnTD2ucsB8TJatgzLrbP1+erj9x2jrPex0T2MExIFFzNynSAiWwueLYqCzUvuG2DfIokvM9erNfdpbIBTtJeWO9+hVIkzoQ6xeKg1wLb0q3U7Cbbe6GBFA3oabPN2kyzGbgS2LO2Ou77NMLk=,iv:sS0MRNEGBWos6XNAQEYK2UmaK9g0rd+Nx1xBNeh6w+M=,tag:DIcqzBvChde/C7T/yAhn+w==,type:str]
+    mac: ENC[AES256_GCM,data:AdTUEx0RIrJU6aZZNn9iIrl0eM2eParknCVIQL7k1arLRfYH4WyMf9lUa03+Qy83r4miNh4a9kFpNWyodbOR/j7OiLgAxWGXc08XAnIU51F2H7b55cSW9yNJj5kfos2e1pS356MoSaswg4fH8EYVUNgWC6mdBcXzC1m7uiqTS0E=,iv:mK9sjOCd7ePWR4xe5qNwmPuIyNR1nE3Ql65cF15SovI=,tag:DPUTnGTF+Ve+A7ShACNrnQ==,type:str]
     pgp: []
     encrypted_suffix: secret
     version: 3.7.1

stdlib/.dagger/env/kubernetes-deployment/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/kubernetes-deployment/plan/kubernetes.cue

@@ -0,0 +1,44 @@
+package main
+
+import (
+	"encoding/yaml"
+	"dagger.io/kubernetes"
+	"dagger.io/random"
+)
+
+// We assume that a kinD cluster is running locally
+// To deploy a local KinD cluster, follow this link : https://kind.sigs.k8s.io/docs/user/quick-start/
+TestKubeconfig: string @dagger(input)
+
+TestKubeApply: {
+	suffix: random.#String & {
+		seed: ""
+	}
+
+	// Pod spec
+	kubeSrc: {
+		apiVersion: "v1"
+		kind:       "Pod"
+		metadata: name: "kube-test-\(suffix.out)"
+		spec: {
+			restartPolicy: "Never"
+			containers: [{
+				name:  "test"
+				image: "hello-world"
+			}]
+		}
+	}
+
+	// Apply deployment
+	apply: kubernetes.#Resources & {
+		kubeconfig: TestKubeconfig
+		namespace:  "dagger-test"
+		manifest:   yaml.Marshal(kubeSrc)
+	}
+
+	// Verify deployment
+	verify: #VerifyApply & {
+		podname:   kubeSrc.metadata.name
+		namespace: apply.namespace
+	}
+}

stdlib/.dagger/env/kubernetes-deployment/plan/verify.cue

@@ -0,0 +1,79 @@
+package main
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/kubernetes"
+)
+
+#VerifyApply: {
+	podname: string
+
+	namespace: string
+
+	// Verify that pod exist
+	#GetPods:
+		"""
+        kubectl get pods --namespace "$KUBE_NAMESPACE" \( podname )
+    """
+
+	// Clear that pod for future test
+	#DeletePods:
+		"""
+        kubectl delete pods --namespace "$KUBE_NAMESPACE" \( podname )
+    """
+
+	#up: [
+		op.#Load & {
+			from: kubernetes.#Kubectl
+		},
+
+		op.#WriteFile & {
+			dest:    "/kubeconfig"
+			content: TestKubeconfig
+			mode:    0o600
+		},
+
+		op.#WriteFile & {
+			dest:    "/getPods.sh"
+			content: #GetPods
+		},
+
+		// Check pods
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/getPods.sh",
+			]
+			env: {
+				KUBECONFIG:     "/kubeconfig"
+				KUBE_NAMESPACE: namespace
+			}
+		},
+
+		op.#WriteFile & {
+			dest:    "/deletePods.sh"
+			content: #DeletePods
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/deletePods.sh",
+			]
+			env: {
+				KUBECONFIG:     "/kubeconfig"
+				KUBE_NAMESPACE: namespace
+			}
+		},
+	]
+}

stdlib/.dagger/env/kubernetes-deployment/values.yaml

@@ -0,0 +1,23 @@
+plan:
+    module: .dagger/env/kubernetes-deployment/plan
+name: kubernetes-deployment
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQ2hZZ3ZRVzRseXZyVW1h
+            L01WYkNrTzdHSEN5WTlyQzVDTm9FbzRENzFFCjdrcVhKa1ZwaGNyYmo3ditDR1hC
+            cStzcmVjUXY3V3FUZElRNUIzQlQzL0UKLS0tIHlmWTlUdFVOczM0TTF5RHFTUXps
+            SVVkOUtuWTJneE45em5iQ3JvbnIwWlkKgdJC5IzvVDxbWSfU41Xg/UGPxuVBSOGY
+            eqenr07uWppNaHuLuo9A+znQa2RQ0L2clcB2d+ka+6z5tQyHOfx1nA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-18T15:41:02Z"
+    mac: ENC[AES256_GCM,data:R3DuHLEyfehKe1nCWHdKB9jyOs5TXI+r2BmQDMiwI8v0xfZdOZWfwGw3NAFGDZHbaLNTajQkzviDsMhaXg5bxvmK7P8PiJOOmnm/LnDRfnJirGRGpWA7bmsHH/QZL1lb75+cwUrwRZflkKoPy2bQyoC5Rze6/oNhPIUTCwQWaMo=,iv:73ZjXAcazCND3JhC94TjUOlcMbwfTz8YDFP1BPo8yUw=,tag:wUVcfyjtf4KzpU0jDrxleQ==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/.dagger/env/kubernetes-helm/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/kubernetes-helm/plan/helm.cue

@@ -0,0 +1,56 @@
+package main
+
+import (
+	"dagger.io/kubernetes/helm"
+	"dagger.io/random"
+	"dagger.io/dagger"
+)
+
+// We assume that a kinD cluster is running locally
+// To deploy a local KinD cluster, follow this link : https://kind.sigs.k8s.io/docs/user/quick-start/
+TestKubeconfig: string @dagger(input)
+
+TestChartSource: dagger.#Artifact @dagger(input)
+
+// Deploy user local chart
+TestHelmSimpleChart: {
+	suffix: random.#String & {
+		seed: "simple"
+	}
+
+	// Deploy chart
+	deploy: helm.#Chart & {
+		name:        "dagger-test-inline-chart-\(suffix.out)"
+		namespace:   "dagger-test"
+		kubeconfig:  TestKubeconfig
+		chartSource: TestChartSource
+	}
+
+	// Verify deployment
+	verify: #VerifyHelm & {
+		chartName: deploy.name
+		namespace: deploy.namespace
+	}
+}
+
+// Deploy remote chart
+TestHelmRepoChart: {
+	suffix: random.#String & {
+		seed: "repo"
+	}
+
+	// Deploy chart
+	deploy: helm.#Chart & {
+		name:       "dagger-test-repository-\(suffix.out)"
+		namespace:  "dagger-test"
+		kubeconfig: TestKubeconfig
+		repository: "https://charts.bitnami.com/bitnami"
+		chart:      "redis"
+	}
+
+	// Verify deployment
+	verify: #VerifyHelm & {
+		chartName: deploy.name
+		namespace: deploy.namespace
+	}
+}

stdlib/.dagger/env/kubernetes-helm/plan/verify.cue

@@ -0,0 +1,51 @@
+package main
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/kubernetes"
+)
+
+#VerifyHelm: {
+	chartName: string
+
+	namespace: string
+
+	// Verify that pod exist
+	#getHelmPods:
+		"""
+        kubectl get pods --namespace "$KUBE_NAMESPACE" | grep "\(chartName)"
+    """
+
+	#up: [
+		op.#Load & {
+			from: kubernetes.#Kubectl
+		},
+
+		op.#WriteFile & {
+			dest:    "/getHelmPods.sh"
+			content: #getHelmPods
+		},
+
+		op.#WriteFile & {
+			dest:    "/kubeconfig"
+			content: TestKubeconfig
+			mode:    0o600
+		},
+
+		op.#Exec & {
+			always: true
+			args: [
+				"/bin/bash",
+				"--noprofile",
+				"--norc",
+				"-eo",
+				"pipefail",
+				"/getHelmPods.sh",
+			]
+			env: {
+				KUBECONFIG:     "/kubeconfig"
+				KUBE_NAMESPACE: namespace
+			}
+		},
+	]
+}

stdlib/.dagger/env/kubernetes-helm/values.yaml

@@ -0,0 +1,27 @@
+plan:
+    module: .dagger/env/kubernetes-helm/plan
+name: kubernetes-helm
+inputs:
+    TestChartSource:
+        dir:
+            path: ./kubernetes/helm/testdata/mychart
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBud1hMc0dTZTlIQ3lZVEQ5
+            WjA2UlAvTm15ZEgycXlKKzhjTmU0Ui9xZHcwCkRxclFUTUE0aXRvaElkc3diV2Ix
+            N2VZZVIzS2t3cVl3UmtXOC9PY1VObzAKLS0tIG9ydkFzak1SaUo2NGxET3ZiNklZ
+            VHlGUExaMzcwM0pOM2VDY280UWZXSzQKAm7ZV1agxbla3Yrc7vrwJosSjQtWhdac
+            ZFyQ6Gi+9H7qHZM89yVjAaIg1lwr68HcjYgDzpvvhJO9YPfzwoLyHw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-18T15:42:52Z"
+    mac: ENC[AES256_GCM,data:SzHFZpgiv+h1vRjq0GP+4nzj9az6pAwQwstxYz10yBGPQXnZv/VtJm071oouiK7pgD4i7cTvTKgIOaX9K74PiWSiTjWI5F9sGHvt9ZoGyU08OHM6zwGMDiYygBN2+5dd5jBvT4Xy6efa0IOMxSqhp69+VoJRWesAFsN6IfDcIEY=,iv:Af2WeB2eVk5hnWFWaQij7hz2wjXgNWDJTWDm13iKNvA=,tag:uvR1ruMc69ZhDJRtYCFQBw==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/.dagger/env/kubernetes-kustomize/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/kubernetes-kustomize/plan/kustomize.cue

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"encoding/yaml"
+	"dagger.io/dagger"
+	"dagger.io/kubernetes/kustomize"
+)
+
+TestKustomize: {
+	testdata: dagger.#Artifact
+
+	// Run Kustomize
+	kustom: kustomize.#Kustomize & {
+		source:        testdata
+		kustomization: yaml.Marshal({
+			resources: ["deployment.yaml", "pod.yaml"]
+			images: [{
+				name:   "nginx"
+				newTag: "v1"
+			}]
+			replicas: [{
+				name:  "nginx-deployment"
+				count: 2
+			}]
+		})
+	}
+
+	// Verify kustomization generation
+	verify: #VerifyKustomize & {
+		source: kustom
+	}
+}

stdlib/.dagger/env/kubernetes-kustomize/plan/verify.cue

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"dagger.io/dagger/op"
+	"dagger.io/dagger"
+	"dagger.io/alpine"
+)
+
+#VerifyKustomize: {
+	source: dagger.#Artifact
+
+	#up: [
+		op.#Load & {
+			from: alpine.#Image & {
+				package: bash: "=~5.1"
+			}
+		},
+
+		// Check files
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", "test $(ls /source | wc -l) = 1",
+			]
+			mount: "/source": from: source
+		},
+
+		// Check image tag kustomization
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", #"""
+						grep -q "\- image: nginx:v1" /source/result.yaml
+					"""#,
+			]
+			mount: "/source": from: source
+		},
+
+		// Check replicas kustomization
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", #"""
+						grep -q "replicas: 2" /source/result.yaml
+					"""#,
+			]
+			mount: "/source": from: source
+		},
+
+		// Check pod merge by kustomization
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", #"""
+						grep -q "kind: Pod" /source/result.yaml
+					"""#,
+			]
+			mount: "/source": from: source
+		},
+
+		// Check pod name
+		op.#Exec & {
+			always: true
+			args: [
+				"sh", "-c", #"""
+						grep -q "name: test-pod" /source/result.yaml
+					"""#,
+			]
+			mount: "/source": from: source
+		},
+	]
+}

stdlib/.dagger/env/kubernetes-kustomize/values.yaml

@@ -0,0 +1,27 @@
+plan:
+    module: .dagger/env/kubernetes-kustomize/plan
+name: kubernetes-kustomize
+inputs:
+    TestKustomize.testdata:
+        dir:
+            path: ./kubernetes/kustomize/testdata
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTL2Jyczk3QXZiUVkyd3cw
+            TlYzQ2NyR2ZGZnhSRmowSGRmbFBodFRPc2dnCnJpYjdCdUpEUE10d3I4clh1eDVV
+            MmVqbmxiNmRvSUNqZEY3clZnci9pRkkKLS0tIGVLSVFwTy9TSElFUkdjOVlWb3Yy
+            OFllMEh3cVJZZnFxbW4xS1RtcFQzcFUKo/1WcYp4nPBXba8wQBe3DMt6pYQJGoSu
+            ja5BiCffN5wOoW9WT0j8Clx21w7BXcl46+T5GYpXDQDcqf6nCv1kYQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-17T20:48:00Z"
+    mac: ENC[AES256_GCM,data:SCWiSiDccPkZApOcc8RsYP7WPZUqUyYVB0UgivLhIsNSY5q3kCdenPLTUp2zLOcwaWzTPGmj++QtZjoNobcIhdVt1aJ9uXLLKRUXaRGIO3Jmhg3wj7kSPNjbDLZEB6uyA9h3edQGVVivNlNGpo91tg35QcFPPSG7UiowFnsD0zM=,iv:44hkujM/ZWjtYHau8BFMdOIeBj5jF/WnW4OOK7oSw1Y=,tag:mtJdUR+sA0tjIyAWDpXQlA==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/.dagger/env/terraform/.gitignore

@@ -0,0 +1,2 @@
+# dagger state
+state/**

stdlib/.dagger/env/terraform/plan/terraform.cue

@@ -0,0 +1,74 @@
+package terraform
+
+import (
+	"dagger.io/dagger"
+	"dagger.io/dagger/op"
+	"dagger.io/alpine"
+	"dagger.io/terraform"
+)
+
+TestData: dagger.#Artifact @dagger(input)
+
+TestConfig: awsConfig: {
+	accessKey: dagger.#Secret @dagger(input)
+	secretKey: dagger.#Secret @dagger(input)
+	region:    "us-east-2"
+}
+
+#TestGetConfig: {
+	accessKey: dagger.#Secret
+
+	secretKey: dagger.#Secret
+
+	visibleAccessKey: string
+
+	visibleSecretKey: string
+
+	#up: [
+		op.#Load & {from: alpine.#Image & {
+			package: {
+				bash: true
+				jq:   true
+			}
+		}},
+
+		op.#Exec & {
+			always: true
+			args: ["/bin/bash", "-c", #"""
+					export ACCESS_KEY=$(cat /accessKey)
+					export SECRET_KEY=$(cat /secretKey)
+
+					jq --arg key0 'visibleAccessKey' --arg value0 "$ACCESS_KEY" \
+						 --arg key1 'visibleSecretKey' --arg value1 "$SECRET_KEY" \
+						 '. | .[$key0]=$value0 | .[$key1]=$value1' <<< '{}' > /out
+				"""#,
+			]
+			mount: {
+				"/accessKey": secret: accessKey
+				"/secretKey": secret: secretKey
+			}
+		},
+
+		op.#Export & {
+			source: "/out"
+			format: "json"
+		},
+	]
+}
+
+TestTerraform: {
+	config: #TestGetConfig & {
+		accessKey: TestConfig.awsConfig.accessKey
+		secretKey: TestConfig.awsConfig.secretKey
+	}
+
+	apply: terraform.#Configuration & {
+		source: TestData
+		env: {
+			AWS_ACCESS_KEY_ID:     config.visibleAccessKey
+			AWS_SECRET_ACCESS_KEY: config.visibleSecretKey
+			AWS_DEFAULT_REGION:    TestConfig.awsConfig.region
+			AWS_REGION:            TestConfig.awsConfig.region
+		}
+	}
+}

stdlib/.dagger/env/terraform/values.yaml

@@ -0,0 +1,31 @@
+plan:
+    module: .dagger/env/terraform/plan
+name: terraform
+inputs:
+    TestConfig.awsConfig.accessKey:
+        secret: ENC[AES256_GCM,data:V/p84nLbgjrytefnsfItiY71ikQ=,iv:i1x3UYP+sctwY9LrRp/rfeJ8/JPWOfiiJSG0NWUiXW0=,tag:IynKh1fQEhExmmR3qGx/zQ==,type:str]
+    TestConfig.awsConfig.secretKey:
+        secret: ENC[AES256_GCM,data:cBYaVhbeV9D6acJWNU7uL8AsEtpnY0wHM8td9ZAJ9ebGB+BY4iBZLQ==,iv:SDkRKQQKBSz/cRQlW65sIjF0PhHhhKkGUEgZe9CV7Ek=,tag:OCUQmgjP2p57YoLts9Dh4w==,type:str]
+    TestData:
+        dir:
+            path: ./terraform/testdata
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOTJpQWJWY3dnM2hDdXZG
+            bVJEN0dNUzQ0VGhneWtHVG1hUHA5ZjdhdHdvClR0ZVpKb1RYRnc3dy9wSjVuSHBn
+            c2RMbzE0Y2EzN2FVak9CMk9CK0hOTFkKLS0tIG9Fdi9xWWc0TU5WY1ZsVUdZM2lw
+            cC9LSiswbFRKaTNXUGNIWVZVbGJqV1UK3/wsgPwR5P2fzs80wcz1dM/8sbBWMR+B
+            dmhP99OQisIgcwGATy0nh726pYKtosDpSLIJkLZDAUq9qRKm9bch1w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-06-18T16:01:11Z"
+    mac: ENC[AES256_GCM,data:XznDGqfZkC6vsv696qWVxbBCUgsyU/zPZg0NCULCXAfO08Hsteb0c93Y8DA3CV8flQW3cgn5XLugNnQADJ6luTXHbqIVMVMUSe1q41Kxl7exr/dn0robqaRm5MnloG823s9X3sAOcPzyTSxy1YVZfYaYbG23w9IeNmVTyaUttkU=,iv:kEQs7+bx+7j2v5b6Bx0r+ZVtp7rj/8mgX4oRUP7cruc=,tag:oQEfCPO/0V11rmkc0yaz3Q==,type:str]
+    pgp: []
+    encrypted_suffix: secret
+    version: 3.7.1

stdlib/docker/testdata/build/Dockerfile

@@ -0,0 +1,2 @@
+FROM alpine
+RUN echo test >> /test.txt

stdlib/docker/testdata/dockerfile/test.txt

@@ -0,0 +1 @@
+test

stdlib/helpers.bash

@@ -46,3 +46,14 @@ copy_to_sandbox() {
 
     cp -a "$source" "$target"
 }
+
+# Check if there is a local kubernetes cluster.
+#
+# This is need to do kubernetes test in the CI.
+skip_unless_local_kube() {
+    if [ -f ~/.kube/config ] && grep -q "user: kind-kind" ~/.kube/config &> /dev/null && grep -q "127.0.0.1" ~/.kube/config &> /dev/null; then
+        echo "Kubernetes available"
+    else
+        skip "local kubernetes cluster not available"
+    fi
+}

stdlib/kubernetes/helm/testdata/mychart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

stdlib/kubernetes/helm/testdata/mychart/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: mychart
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: 1.16.0

stdlib/kubernetes/helm/testdata/mychart/templates/NOTES.txt

@@ -0,0 +1,21 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mychart.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mychart.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mychart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mychart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80
+{{- end }}

stdlib/kubernetes/helm/testdata/mychart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mychart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mychart.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mychart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "mychart.labels" -}}
+helm.sh/chart: {{ include "mychart.chart" . }}
+{{ include "mychart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mychart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mychart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mychart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "mychart.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

stdlib/kubernetes/helm/testdata/mychart/templates/deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "mychart.fullname" . }}
+  labels:
+    {{- include "mychart.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "mychart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "mychart.selectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "mychart.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}

stdlib/kubernetes/helm/testdata/mychart/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "mychart.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "mychart.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+        {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+        {{- end }}
+  {{- end }}
+{{- end }}

stdlib/kubernetes/helm/testdata/mychart/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "mychart.fullname" . }}
+  labels:
+    {{- include "mychart.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "mychart.selectorLabels" . | nindent 4 }}

stdlib/kubernetes/helm/testdata/mychart/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "mychart.serviceAccountName" . }}
+  labels:
+    {{- include "mychart.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}

stdlib/kubernetes/helm/testdata/mychart/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "mychart.fullname" . }}-test-connection"
+  labels:
+    {{- include "mychart.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "mychart.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

stdlib/kubernetes/helm/testdata/mychart/values.yaml

@@ -0,0 +1,68 @@
+# Default values for mychart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

stdlib/kubernetes/kustomize/testdata/deployment.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  labels:
+    app: nginx-deployment
+spec:
+  replicas: 1
+  template:
+    metadata:
+      name: nginx-deployment
+      labels:
+        app: nginx-deployment
+    spec:
+      containers:
+        - name: nginx-deployment
+          image: nginx
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+  selector:
+    matchLabels:
+      app: nginx-deployment

stdlib/kubernetes/kustomize/testdata/pod.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: test-pod
+  labels:
+    app: test-pod
+spec:
+  containers:
+    - name: test-pod
+      image: nginx
+      imagePullPolicy: IfNotPresent
+  restartPolicy: Always

stdlib/terraform/testdata/test.tf

@@ -0,0 +1,34 @@
+terraform {
+  required_providers {
+    random = {
+      source = "hashicorp/random"
+      version = "3.1.0"
+    }
+  }
+
+  backend "s3" {
+    bucket = "dagger-ci"
+    key    = "terraform/tfstate"
+    region = "us-east-2"
+  }
+}
+
+provider "random" {
+}
+
+variable "input" {
+  type = string
+}
+
+resource "random_integer" "test" {
+  min = 1
+  max = 50
+}
+
+output "random" {
+  value = random_integer.test.result
+}
+
+output "input" {
+    value = var.input
+}

stdlib/universe.bats

@@ -32,10 +32,18 @@ setup() {
     dagger -e aws-s3 up
 }
 
+@test "aws: eks" {
+    dagger -e aws-eks up
+}
+
 @test "docker run: local" {
     dagger -e docker-run-local up
 }
 
+@test "docker build" {
+    dagger -e docker-build up
+}
+
 @test "docker command: ssh" {
     dagger -e docker-command-ssh up
 }
@@ -53,6 +61,34 @@ setup() {
     dagger -e docker-run-ssh up
 }
 
+@test "kubernetes: deployment" {
+    skip_unless_local_kube
+
+    # Set kubeconfig
+    dagger -e kubernetes-deployment input text TestKubeconfig -f "$HOME"/.kube/config
+
+    dagger -e kubernetes-deployment up
+
+    # Unset kubeconfig
+    dagger -e kubernetes-deployment input unset TestKubeconfig
+}
+
+@test "kubernetes: kustomize" {
+    dagger -e kubernetes-kustomize up
+}
+
+@test "kubernetes: helm" {
+    skip_unless_local_kube
+
+    # Set kubeconfig
+    dagger -e kubernetes-helm input text TestKubeconfig -f "$HOME"/.kube/config
+
+    dagger -e kubernetes-helm up
+
+    # Unset kubeconfig
+    dagger -e kubernetes-helm input unset TestKubeconfig
+}
+
 @test "google cloud: gcr" {
     dagger -e google-gcr up
 }
@@ -60,3 +96,29 @@ setup() {
 @test "google cloud: gke" {
     dagger -e google-gke up
 }
+
+@test "terraform" {
+    # it must fail because of a missing var
+    run dagger -e terraform up
+    assert_failure
+
+    # Add the var and try again
+    run dagger -e terraform input text TestTerraform.apply.tfvars.input "42"
+    run dagger -e terraform up
+    assert_success
+
+     # ensure the tfvar was passed correctly
+    run dagger query -e terraform TestTerraform.apply.output.input.value  -f text
+    assert_success
+    assert_output "42"
+
+    # ensure the random value is always the same
+    # this proves we're effectively using the s3 backend
+    run dagger query -e terraform TestTerraform.apply.output.random.value  -f json
+    assert_success
+    assert_output "36"
+
+    # Unset input
+    run dagger -e terraform input unset TestTerraform.apply.tfvars.input
+    assert_success
+}

tests/stdlib/terraform/s3/inputs.yaml

@@ -0,0 +1,24 @@
+TestConfig:
+    awsConfig:
+        accessKey: ENC[AES256_GCM,data:cZLf9D1ymnU4A44oGiQ4fFKdEB0=,iv:rNv9rnXSvIpKeUYRqseS9aKjEG4Wim7OW0EKEbBgp+M=,tag:cOzI4KsDgCgi/w7ByFKJJw==,type:str]
+        secretKey: ENC[AES256_GCM,data:ZFIHfnQYYu7ZhoXogVIHbd2wakBTw9D0TiHeadSKaYAQemCun/egNg==,iv:zISyY5zGZHfe5HZJHdfIUpX6siFIgLMrwAbZRyLH9FU=,tag:uD+1eLHY/AKR9vnpyBh+GQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdU5ENVpScm0yd2RXWjRJ
+            aSsxWTNvSHBBeU94Z2ZKNjhXdzJHZGNybXkwCk9FVW5EM21LSTRHMkE5VG1SRFpL
+            ZGUyOHl3MEU3M3ZXTzBqSlExTU1uVTgKLS0tIDZRVDJOaEVZVnVSalRKMUVTTytV
+            ZWRONHhmOEJVd1lqM1NkMFdSNHU2THMKSjtxHeq/ZSgpXrevLH4AVYyRh4jO6qjT
+            J301rFx0Cu5qeSIhRiG54Pse83GD+fObDhfH0nPf5HZttDZxrISUdg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2021-05-28T20:45:06Z"
+    mac: ENC[AES256_GCM,data:7b6X10McAD1qvsS3ZFWeteP7zLC6IAo6NdFjvaX1iyrjoZ+fT8hNkIPVKyfPFTqZzNIZ7qEYJO2PKrTjbhf6a1LEsL9gtfoX4JwINDk66TgIsJsvdp4TRIlEKoRSKK08zc+A5YFAtD1Pj+a3+NnF32ZUsoH+jqSixH2hK51RI0U=,iv:JKeSA0bp+QBE8H/kS/eIL47k1Bsg4L0q/YU4OlJmIKU=,tag:f3gzp/Nv4p4DajNfoAicAg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1