From 4f2c6e55e4cc18569846085e114c86c00d938802 Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Tue, 25 Jan 2022 16:07:30 -0700 Subject: [PATCH] added DecodeSecret as a wrapper to TransformSecret; supports yaml and json secrets Signed-off-by: Richard Jones --- pkg/dagger.io/dagger/utils.cue | 28 +++++++++++++++++-- tests/tasks/dockerfile/build_auth.cue | 15 +++++------ tests/tasks/gitpull/private_repo.cue | 13 ++++----- tests/tasks/pull/pull_auth.cue | 39 ++++++++++++++++----------- tests/tasks/push/push.cue | 13 ++++++--- 5 files changed, 71 insertions(+), 37 deletions(-) diff --git a/pkg/dagger.io/dagger/utils.cue b/pkg/dagger.io/dagger/utils.cue index b623476c..2888b4ff 100644 --- a/pkg/dagger.io/dagger/utils.cue +++ b/pkg/dagger.io/dagger/utils.cue @@ -1,6 +1,8 @@ package dagger import ( + "encoding/yaml" + "encoding/json" "dagger.io/dagger/engine" ) @@ -17,7 +19,7 @@ import ( // Select a subdirectory from a filesystem tree #Subdir: { // Input tree - input: #FS + input: engine.#FS // Path of the subdirectory // Example: "/build" @@ -32,5 +34,27 @@ import ( } // Subdirectory tree - output: #FS & _copy.output + output: engine.#FS & _copy.output +} + +// DecodeSecret is a convenience wrapper around #TransformSecret. The plain text contents of input is expected to match the format +#DecodeSecret: { + { + format: "json" + engine.#TransformSecret & { + #function: { + input: _ + output: json.Unmarshal(input) + } + } + } | { + format: "yaml" + engine.#TransformSecret & { + #function: { + input: _ + output: yaml.Unmarshal(input) + } + } + } + } diff --git a/tests/tasks/dockerfile/build_auth.cue b/tests/tasks/dockerfile/build_auth.cue index 8b34138a..6f150143 100644 --- a/tests/tasks/dockerfile/build_auth.cue +++ b/tests/tasks/dockerfile/build_auth.cue @@ -1,8 +1,8 @@ package testing import ( + "dagger.io/dagger" "dagger.io/dagger/engine" - "encoding/yaml" ) engine.#Plan & { @@ -15,21 +15,18 @@ engine.#Plan & { } actions: { - dockerHubToken: engine.#TransformSecret & { - input: inputs.secrets.sops.contents - #function: { - input: _ - output: yaml.Unmarshal(input) - } + sopsSecrets: dagger.#DecodeSecret & { + format: "yaml" + input: inputs.secrets.sops.contents } - build: engine.#Build & { + build: engine.#Dockerfile & { source: inputs.directories.testdata.contents auth: [{ target: "daggerio/ci-test:private-pull" username: "daggertest" - secret: dockerHubToken.output.DOCKERHUB_TOKEN.contents + secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents }] dockerfile: contents: """ FROM daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060 diff --git a/tests/tasks/gitpull/private_repo.cue b/tests/tasks/gitpull/private_repo.cue index 1bedb4c5..d2581a42 100644 --- a/tests/tasks/gitpull/private_repo.cue +++ b/tests/tasks/gitpull/private_repo.cue @@ -1,7 +1,7 @@ package main import ( - "encoding/yaml" + "dagger.io/dagger" "dagger.io/dagger/engine" ) @@ -17,12 +17,9 @@ engine.#Plan & { source: "alpine:3.15.0" } - repoPassword: engine.#TransformSecret & { - input: inputs.secrets.sops.contents - #function: { - input: _ - output: yaml.Unmarshal(input) - } + sopsSecrets: dagger.#DecodeSecret & { + format: "yaml" + input: inputs.secrets.sops.contents } testRepo: engine.#GitPull & { @@ -30,7 +27,7 @@ engine.#Plan & { ref: "main" auth: { username: "dagger-test" - password: repoPassword.output.TestPAT.contents + password: sopsSecrets.output.TestPAT.contents } } diff --git a/tests/tasks/pull/pull_auth.cue b/tests/tasks/pull/pull_auth.cue index 0d851f77..f6f3670b 100644 --- a/tests/tasks/pull/pull_auth.cue +++ b/tests/tasks/pull/pull_auth.cue @@ -1,27 +1,36 @@ package main import ( + "dagger.io/dagger" "dagger.io/dagger/engine" ) engine.#Plan & { - inputs: secrets: dockerHubToken: command: { + inputs: secrets: sops: command: { name: "sops" - args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"] + args: ["-d", "../../secrets_sops.yaml"] } - actions: pull: engine.#Pull & { - source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" - auth: [{ - target: "daggerio/ci-test:private-pull" - username: "daggertest" - secret: inputs.secrets.dockerHubToken.contents - }] - } & { - // assert result - digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" - config: { - env: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - cmd: ["/bin/sh"] + + actions: { + sopsSecrets: dagger.#DecodeSecret & { + format: "yaml" + input: inputs.secrets.sops.contents + } + + pull: engine.#Pull & { + source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" + auth: [{ + target: "daggerio/ci-test:private-pull" + username: "daggertest" + secret: sopsSecrets.output.DOCKERHUB_TOKEN.contents + }] + } & { + // assert result + digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060" + config: { + env: PATH: "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + cmd: ["/bin/sh"] + } } } } diff --git a/tests/tasks/push/push.cue b/tests/tasks/push/push.cue index e910d840..f7d2efd1 100644 --- a/tests/tasks/push/push.cue +++ b/tests/tasks/push/push.cue @@ -2,22 +2,29 @@ package main import ( "strings" + "dagger.io/dagger" "dagger.io/dagger/engine" ) engine.#Plan & { - inputs: secrets: dockerHubToken: command: { + inputs: secrets: sops: command: { name: "sops" - args: ["exec-env", "../../secrets_sops.yaml", "echo $DOCKERHUB_TOKEN"] + args: ["-d", "../../secrets_sops.yaml"] } #auth: [{ target: "daggerio/ci-test:private-pull" username: "daggertest" - secret: inputs.secrets.dockerHubToken.contents + secret: actions.sopsSecrets.output.DOCKERHUB_TOKEN.contents }] actions: { + + sopsSecrets: dagger.#DecodeSecret & { + format: "yaml" + input: inputs.secrets.sops.contents + } + randomString: { baseImage: engine.#Pull & { source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"