Merge pull request #1235 from samalba/engine-pull-auth

auth support for engine.#Pull
This commit is contained in:
Sam Alba 2021-12-17 11:19:38 -08:00 committed by GitHub
commit 580c2b6e42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 101 additions and 4 deletions

View File

@ -101,7 +101,8 @@ jobs:
uses: crazy-max/ghaction-github-runtime@v1
- name: Integration test
# env:
env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
# DAGGER_CACHE_TO: "type=gha,mode=max,scope=test-integration"
# DAGGER_CACHE_FROM: "type=gha,mode=max,scope=test-integration"
run: |

54
plan/task/auth.go Normal file
View File

@ -0,0 +1,54 @@
package task
import (
"go.dagger.io/dagger/compiler"
"go.dagger.io/dagger/plancontext"
)
type authValue struct {
Target string
Username string
Secret *plancontext.Secret
}
// Decodes an auth field value
//
// Cue format:
// auth: [...{
// target: string
// username: string
// secret: string | #Secret
// }]
func decodeAuthValue(pctx *plancontext.Context, v *compiler.Value) ([]*authValue, error) {
vals, err := v.List()
if err != nil {
return nil, err
}
authVals := []*authValue{}
for _, val := range vals {
authVal := authValue{}
target, err := val.Lookup("target").String()
if err != nil {
return nil, err
}
authVal.Target = target
username, err := val.Lookup("username").String()
if err != nil {
return nil, err
}
authVal.Username = username
secret, err := pctx.Secrets.FromValue(val.Lookup("secret"))
if err != nil {
return nil, err
}
authVal.Secret = secret
authVals = append(authVals, &authVal)
}
return authVals, nil
}

View File

@ -7,6 +7,7 @@ import (
"github.com/docker/distribution/reference"
"github.com/moby/buildkit/client/llb"
"github.com/rs/zerolog/log"
"go.dagger.io/dagger/compiler"
"go.dagger.io/dagger/plancontext"
"go.dagger.io/dagger/solver"
@ -20,12 +21,23 @@ type pullTask struct {
}
func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
// FIXME: handle auth
lg := log.Ctx(ctx)
rawRef, err := v.Lookup("source").String()
if err != nil {
return nil, err
}
// Read auth info
auth, err := decodeAuthValue(pctx, v.Lookup("auth"))
if err != nil {
return nil, err
}
for _, a := range auth {
s.AddCredentials(a.Target, a.Username, a.Secret.PlainText())
lg.Debug().Str("target", a.Target).Msg("add target credentials")
}
ref, err := reference.ParseNormalizedNamed(rawRef)
if err != nil {
return nil, fmt.Errorf("failed to parse ref %s: %w", rawRef, err)
@ -47,6 +59,7 @@ func (c *pullTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.
if err != nil {
return nil, err
}
imageJSON, err := json.Marshal(image)
if err != nil {
return nil, err

View File

@ -6,7 +6,12 @@ setup() {
@test "task: #Pull" {
cd "$TESTDIR"/tasks/pull
"$DAGGER" --europa up
"$DAGGER" --europa up ./pull.cue
}
@test "task: #Pull with auth" {
cd "$TESTDIR"/tasks/pull
"$DAGGER" --europa up ./pull_auth.cue
}
@test "task: #ReadFile" {
@ -39,4 +44,4 @@ setup() {
"$DAGGER" --europa up ./user.cue
"$DAGGER" --europa up ./workdir.cue
}
}

View File

@ -0,0 +1,24 @@
package main
import (
"alpha.dagger.io/europa/dagger/engine"
)
engine.#Plan & {
context: secrets: dockerHubToken: envvar: "DOCKERHUB_TOKEN"
actions: pull: engine.#Pull & {
source: "daggerio/ci-test:private-pull@sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
auth: [{
target: "daggerio/ci-test:private-pull"
username: "daggertest"
secret: context.secrets.dockerHubToken.contents
}]
} & {
// assert result
digest: "sha256:c74f1b1166784193ea6c8f9440263b9be6cae07dfe35e32a5df7a31358ac2060"
config: {
Env: ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"]
Cmd: ["/bin/sh"]
}
}
}