implemented #DecodeSecret as engine task

Signed-off-by: Richard Jones <richard@dagger.io>
2022-02-03 12:08:11 -07:00
parent 5dfdf5149f
commit a087161fbb
4 changed files with 130 additions and 41 deletions
--- a/pkg/dagger.io/dagger/engine/secret.cue
+++ b/pkg/dagger.io/dagger/engine/secret.cue
@@ -15,18 +15,31 @@ package engine
 }

 // Securely apply a CUE transformation on the contents of a secret
-#TransformSecret: {
-	$dagger: task: _name: "TransformSecret"
-	// The original secret
+// FIXME: disabled due to data race associated with filling #function.input
+// #TransformSecret: {
+//  $dagger: task: _name: "TransformSecret"
+//  // The original secret
+//  input: #Secret
+//  // A new secret or (map of secrets) with the transformation applied
+//  output: #Secret | {[string]: output}
+//  // Transformation function
+//  #function: {
+//   // Full contents of the input secret (only available to the function)
+//   input:           string
+//   _functionOutput: string | {[string]: _functionOutput}
+//   // New contents of the output secret (must provided by the caller)
+//   output: _functionOutput
+//  }
+// }
+
+#DecodeSecret: {
+	$dagger: task: _name: "DecodeSecret"
+
+	// A #Secret whose plain text is a JSON or YAML string
 	input: #Secret
-	// A new secret or (map of secrets) with the transformation applied
+
+	format: "json" | "yaml"
+
+	// A new secret or (map of secrets) derived from unmarshaling the input secret's plain text
 	output: #Secret | {[string]: output}
-	// Transformation function
-	#function: {
-		// Full contents of the input secret (only available to the function)
-		input:           string
-		_functionOutput: string | {[string]: _functionOutput}
-		// New contents of the output secret (must provided by the caller)
-		output: _functionOutput
-	}
 }
--- a/pkg/dagger.io/dagger/utils.cue
+++ b/pkg/dagger.io/dagger/utils.cue
@@ -1,8 +1,8 @@
 package dagger

 import (
-	"encoding/yaml"
-	"encoding/json"
+	// "encoding/json"
+	// "encoding/yaml"
 	"dagger.io/dagger/engine"
 )

@@ -38,23 +38,24 @@ import (
 }

 // DecodeSecret is a convenience wrapper around #TransformSecret. The plain text contents of input is expected to match the format
-#DecodeSecret: {
-	{
-		format: "json"
-		engine.#TransformSecret & {
-			#function: {
-				input:  _
-				output: json.Unmarshal(input)
-			}
-		}
-	} | {
-		format: "yaml"
-		engine.#TransformSecret & {
-			#function: {
-				input:  _
-				output: yaml.Unmarshal(input)
-			}
-		}
-	}
+// #DecodeSecret: {
+//  {
+//   format: "json"
+//   engine.#TransformSecret & {
+//    #function: {
+//     input:  _
+//     output: json.Unmarshal(input)
+//    }
+//   }
+//  } | {
+//   format: "yaml"
+//   engine.#TransformSecret & {
+//    #function: {
+//     input:  _
+//     output: yaml.Unmarshal(input)
+//    }
+//   }
+//  }
+// }

-}
+#DecodeSecret: engine.#DecodeSecret
--- a/pkg/universe.dagger.io/netlify/test/netlify-test.cue
+++ b/pkg/universe.dagger.io/netlify/test/netlify-test.cue
@@ -1,8 +1,6 @@
 package yarn

 import (
-	"encoding/yaml"
-
 	"dagger.io/dagger"
 	"dagger.io/dagger/engine"

@@ -18,12 +16,9 @@ dagger.#Plan & {
 	}

 	actions: {
-		testSecrets: engine.#TransformSecret & {
-			input: inputs.secrets.test.contents
-			#function: {
-				input:  _
-				output: yaml.Unmarshal(input)
-			}
+		testSecrets: dagger.#DecodeSecret & {
+			input:  inputs.secrets.test.contents
+			format: "yaml"
 		}

 		marker: "hello world"