Merge pull request #1538 from talentedmrjones/europa-engine-decode-secret

Fix data race with TransformSecret
This commit is contained in:
Andrea Luzzardi 2022-01-31 18:33:40 -08:00 committed by GitHub
commit 7425c0e60f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -48,32 +48,29 @@ func (c *transformSecretTask) Run(ctx context.Context, pctx *plancontext.Context
return nil, errors.New(errStr) return nil, errors.New(errStr)
} }
type pathSecret struct { pathToSecrets := make(map[string]string)
path cue.Path
secret *plancontext.Secret
}
var pathsSecrets []pathSecret
// users could yaml.Unmarshal(input) and return a map // users could yaml.Unmarshal(input) and return a map
// or yaml.Unmarshal(input).someKey and return a string // or yaml.Unmarshal(input).someKey and return a string
// walk will ensure we convert every leaf // walk will ensure we convert every leaf
functionPathSelectors := function.Path().Selectors() functionPathSelectors := function.Path().Selectors()
function.Lookup("output").Walk(nil, func(v *compiler.Value) { function.Lookup("output").Walk(nil, func(v *compiler.Value) {
if v.Kind() == cue.StringKind { if v.Kind() == cue.StringKind {
plaintext, _ := v.String() plaintext, _ := v.String()
secret := pctx.Secrets.New(plaintext)
newLeafSelectors := v.Path().Selectors()[len(functionPathSelectors):] newLeafSelectors := v.Path().Selectors()[len(functionPathSelectors):]
newLeafSelectors = append(newLeafSelectors, cue.Str("contents")) newLeafSelectors = append(newLeafSelectors, cue.Str("contents"))
newLeafPath := cue.MakePath(newLeafSelectors...) newLeafPath := cue.MakePath(newLeafSelectors...)
pathsSecrets = append(pathsSecrets, pathSecret{newLeafPath, secret}) p := newLeafPath.String()
pathToSecrets[p] = plaintext
} }
}) })
output := compiler.NewValue() output := compiler.NewValue()
for _, ps := range pathsSecrets { for p, s := range pathToSecrets {
output.FillPath(ps.path, ps.secret.MarshalCUE()) secret := pctx.Secrets.New(s)
output.FillPath(cue.ParsePath(p), secret.MarshalCUE())
} }
return output, nil return output, nil