support registry auth

HACK: the way buildkit works, we can only supply an Auth Provider for the entirety of the build session (`dagger up`). Therefore, we start by scanning all auth in the entire Cue tree and supply an auth provider for all of them. Drawbacks: - As soon as you add `auth` in a Pipeline for a registry, all other Pipelines have access to the same registry - You can't use different credentials for the same registry Fixes #301 Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-04-19 18:04:18 -07:00
parent 5e90c1a11e
commit 692bd72095
9 changed files with 204 additions and 18 deletions
--- a/tests/ops.bats
+++ b/tests/ops.bats
@@ -78,6 +78,11 @@ setup() {
@test "op.#PushContainer" {
    skip_unless_secrets_available "$TESTDIR"/ops/push-container/inputs.yaml

+    # ensure the tests fail without credentials
+    run "$DAGGER" compute "$TESTDIR"/ops/push-container/valid
+    assert_failure
+
+    # check that they succeed with the credentials
    "$DAGGER" compute --input-yaml "$TESTDIR"/ops/push-container/inputs.yaml "$TESTDIR"/ops/push-container
 }

--- a/tests/ops/push-container/inputs.yaml
+++ b/tests/ops/push-container/inputs.yaml
@@ -1,13 +1,14 @@
-registry:
-    username: ENC[AES256_GCM,data:8AH6p9WHidanCA==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:mzR7xTKeQNDvkyd2Dm3AKw==,type:str]
-    token: ENC[AES256_GCM,data:68d31b3EfnQJofIt6j+iBCtDyLOBWjFqvVmejyDjIOh8oBXP,iv:PMghC2nd7jqAzrQzm/PW1YdbE0VAbEBkK0/Ri1WwduI=,tag:0JH4WbcJHvgzF4VIK4deBg==,type:str]
+TestAuth:
+    https://index.docker.io/v1/:
+        username: ENC[AES256_GCM,data:cyrR2uKcJBPz9Q==,iv:c6gdvv+OQo/CoFcURoFE5KVdcbsRWFgTC6lOBYqgSKI=,tag:4mXf7SdDzzLOXcuCjNKM3A==,type:str]
+        secret: ENC[AES256_GCM,data:ITq2j0iskLGl3kzLNuqZwjFeY6qhFiZki8+6nfvcCdoQyjwA,iv:wxBQHO2i3usQY6P/Xl7IUNd7FCt92SI4Xzpr0iJf/+Y=,tag:sdT4Vc2bU1WpYBmRx69+NQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
-    lastmodified: '2021-03-18T22:59:59Z'
-    mac: ENC[AES256_GCM,data:3++nHOAJaYFCEuUXim4/gOsG1ZVWt8Ab88qaqHM6jpCA2gLSyADWpB5iQfU9bM7Sq3PgCcWd5+mDHxl5Q8r9fiozrS025OLtsn7qQQQ84WaiFz9Y4Trsbe4EJXNpxYDXjLZEkEtkKs4/Dl+y2Ey3nVyIWKZEX9cPogJ64zfFS9Q=,iv:jvSwxJ8Of2Nfp1ijKItOraDO8aS6aGHQKFY61kF8JS8=,tag:I+AWPIZsPeXU30zxbgq2eQ==,type:str]
+    lastmodified: '2021-04-20T00:38:24Z'
+    mac: ENC[AES256_GCM,data:N7LDE81LW39k9x5Q4JSgcTXiHbXQY9pkJ14g6mIyXd/rtAk8g9nCp2dRSFo75cJDQigh6u4m0AbkvtJ0r1s1Cc87gT+ZXujdb7crEfZLLY23DIEoO1nSgKbh1Snv/uXMDGXG8oCk4pMmUJIc+XtsH0Z/jxuRMVqfyQG7HRm3lVk=,iv:hicEQ0iBDm8hafw6fKCHty5deF0dLr3e2v70LTeYQ1I=,tag:dW3AX5udWxsC3lC2/720RQ==,type:str]
    pgp:
    -   created_at: '2021-03-18T22:59:59Z'
        enc: |
--- a/tests/ops/push-container/main.cue
+++ b/tests/ops/push-container/main.cue
@@ -5,6 +5,8 @@ import (
 	"dagger.io/alpine"
 )

+TestAuth: op.#RegistryAuth
+
 TestPushContainer: {
 	// Generate a random number
 	random: {
@@ -13,6 +15,7 @@ TestPushContainer: {
 			op.#Load & {from: alpine.#Image},
 			op.#Exec & {
 				args: ["sh", "-c", "echo -n $RANDOM > /rand"]
+				always: true
 			},
 			op.#Export & {
 				source: "/rand"
@@ -30,6 +33,7 @@ TestPushContainer: {
 			},
 			op.#PushContainer & {
 				"ref": ref
+				auth:  TestAuth
 			},
 		]
 	}
@@ -64,6 +68,7 @@ TestPushContainerMetadata: {
 			op.#Load & {from: alpine.#Image},
 			op.#Exec & {
 				args: ["sh", "-c", "echo -n $RANDOM > /rand"]
+				always: true
 			},
 			op.#Export & {
 				source: "/rand"
@@ -83,6 +88,7 @@ TestPushContainerMetadata: {
 			},
 			op.#PushContainer & {
 				"ref": ref
+				auth:  TestAuth
 			},
 		]
 	}
@@ -113,6 +119,7 @@ TestPushContainerMetadata: {
 			},
 			op.#PushContainer & {
 				"ref": ref
+				auth:  TestAuth
 			},
 		]
 	}