kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

engine: exec: support uid/gid/mask for secret mounts

Browse Source 
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This commit is contained in:
Andrea Luzzardi
2021-12-17 15:52:56 +01:00
parent 85114025e6
commit 82cbea8324
3 changed files with 35 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/tasks/exec/mount_secret.cue
View File

@@ -21,8 +21,29 @@ engine.#Plan & {
"sh", "-c",
#"""
test "$(cat /run/secrets/test)" = "hello world"
ls -l /run/secrets/test | grep -- "-r--------"
"""#,
]
}
verifyPerm: engine.#Exec & {
input: image.output
mounts: secret: {
dest: "/run/secrets/test"
contents: context.secrets.testSecret.contents
uid: 42
gid: 24
mask: 0o666
}
args: [
"sh", "-c",
#"""
ls -l /run/secrets/test | grep -- "-rw-rw-rw-"
ls -l /run/secrets/test | grep -- "42"
ls -l /run/secrets/test | grep -- "24"
"""#,
]
}
}
}