Merge pull request #1307 from aluzzardi/engine-loadsecret

engine.#NewSecret support
This commit is contained in:
Andrea Luzzardi 2022-01-10 12:09:21 -08:00 committed by GitHub
commit c5126412b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 127 additions and 1 deletions

View File

@ -213,8 +213,10 @@ func (c *Client) logSolveStatus(ctx context.Context, pctx *plancontext.Context,
}
// Just like sprintf, but redacts secrets automatically
secrets := pctx.Secrets.List()
secureSprintf := func(format string, a ...interface{}) string {
// Load a fresh copy of secrets (since they can be dynamically added).
secrets := pctx.Secrets.List()
s := fmt.Sprintf(format, a...)
for _, secret := range secrets {
s = strings.ReplaceAll(s, secret.PlainText(), "***")

View File

@ -174,6 +174,18 @@ _No input._
_No output._
## engine.#NewSecret
Create a new a secret from a filesystem tree
### engine.#NewSecret Inputs
_No input._
### engine.#NewSecret Outputs
_No output._
## engine.#Plan
A deployment plan executed by `dagger up`

54
plan/task/newsecret.go Normal file
View File

@ -0,0 +1,54 @@
package task
import (
"context"
"fmt"
"io/fs"
"strings"
"go.dagger.io/dagger/compiler"
"go.dagger.io/dagger/plancontext"
"go.dagger.io/dagger/solver"
)
func init() {
Register("NewSecret", func() Task { return &newSecretTask{} })
}
type newSecretTask struct {
}
func (t *newSecretTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
path, err := v.Lookup("path").String()
if err != nil {
return nil, err
}
input, err := pctx.FS.FromValue(v.Lookup("input"))
if err != nil {
return nil, err
}
inputFS := solver.NewBuildkitFS(input.Result())
// FIXME: we should create an intermediate image containing only `path`.
// That way, on cache misses, we'll only download the layer with the file contents rather than the entire FS.
contents, err := fs.ReadFile(inputFS, path)
if err != nil {
return nil, fmt.Errorf("ReadFile %s: %w", path, err)
}
plaintext := string(contents)
trimSpace, err := v.Lookup("trimSpace").Bool()
if err != nil {
return nil, err
}
if trimSpace {
plaintext = strings.TrimSpace(plaintext)
}
secret := pctx.Secrets.New(plaintext)
return compiler.NewValue().FillFields(map[string]interface{}{
"output": secret.MarshalCUE(),
})
}

View File

@ -0,0 +1,15 @@
package engine
// Create a new a secret from a filesystem tree
#NewSecret: {
$dagger: task: _name: "NewSecret"
// Filesystem tree holding the secret
input: #FS
// Path of the secret to read
path: string
// Whether to trim leading and trailing space characters from secret value
trimSpace: *true | false
// Contents of the secret
output: #Secret
}

View File

@ -127,3 +127,9 @@ setup() {
run "$DAGGER" --europa up ./tasks/httpfetch/not_exist.cue
assert_failure
}
@test "task: #NewSecret" {
cd "$TESTDIR"/tasks/newsecret
"$DAGGER" --europa up ./newsecret.cue
}

View File

@ -0,0 +1,37 @@
package main
import (
"alpha.dagger.io/europa/dagger/engine"
)
engine.#Plan & {
actions: {
image: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
}
generate: engine.#Exec & {
input: image.output
args: ["sh", "-c", "echo test > /secret"]
}
load: engine.#NewSecret & {
input: generate.output
path: "/secret"
}
verify: engine.#Exec & {
input: image.output
mounts: secret: {
dest: "/run/secrets/test"
contents: load.output
}
args: [
"sh", "-c",
#"""
test "$(cat /run/secrets/test)" = "test"
"""#,
]
}
}
}