Merge pull request #1307 from aluzzardi/engine-loadsecret
engine.#NewSecret support
This commit is contained in:
commit
c5126412b0
@ -213,8 +213,10 @@ func (c *Client) logSolveStatus(ctx context.Context, pctx *plancontext.Context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Just like sprintf, but redacts secrets automatically
|
// Just like sprintf, but redacts secrets automatically
|
||||||
secrets := pctx.Secrets.List()
|
|
||||||
secureSprintf := func(format string, a ...interface{}) string {
|
secureSprintf := func(format string, a ...interface{}) string {
|
||||||
|
// Load a fresh copy of secrets (since they can be dynamically added).
|
||||||
|
secrets := pctx.Secrets.List()
|
||||||
|
|
||||||
s := fmt.Sprintf(format, a...)
|
s := fmt.Sprintf(format, a...)
|
||||||
for _, secret := range secrets {
|
for _, secret := range secrets {
|
||||||
s = strings.ReplaceAll(s, secret.PlainText(), "***")
|
s = strings.ReplaceAll(s, secret.PlainText(), "***")
|
||||||
|
@ -174,6 +174,18 @@ _No input._
|
|||||||
|
|
||||||
_No output._
|
_No output._
|
||||||
|
|
||||||
|
## engine.#NewSecret
|
||||||
|
|
||||||
|
Create a new a secret from a filesystem tree
|
||||||
|
|
||||||
|
### engine.#NewSecret Inputs
|
||||||
|
|
||||||
|
_No input._
|
||||||
|
|
||||||
|
### engine.#NewSecret Outputs
|
||||||
|
|
||||||
|
_No output._
|
||||||
|
|
||||||
## engine.#Plan
|
## engine.#Plan
|
||||||
|
|
||||||
A deployment plan executed by `dagger up`
|
A deployment plan executed by `dagger up`
|
||||||
|
54
plan/task/newsecret.go
Normal file
54
plan/task/newsecret.go
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
package task
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"io/fs"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"go.dagger.io/dagger/compiler"
|
||||||
|
"go.dagger.io/dagger/plancontext"
|
||||||
|
"go.dagger.io/dagger/solver"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
Register("NewSecret", func() Task { return &newSecretTask{} })
|
||||||
|
}
|
||||||
|
|
||||||
|
type newSecretTask struct {
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t *newSecretTask) Run(ctx context.Context, pctx *plancontext.Context, s solver.Solver, v *compiler.Value) (*compiler.Value, error) {
|
||||||
|
path, err := v.Lookup("path").String()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
input, err := pctx.FS.FromValue(v.Lookup("input"))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
inputFS := solver.NewBuildkitFS(input.Result())
|
||||||
|
|
||||||
|
// FIXME: we should create an intermediate image containing only `path`.
|
||||||
|
// That way, on cache misses, we'll only download the layer with the file contents rather than the entire FS.
|
||||||
|
contents, err := fs.ReadFile(inputFS, path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("ReadFile %s: %w", path, err)
|
||||||
|
}
|
||||||
|
plaintext := string(contents)
|
||||||
|
|
||||||
|
trimSpace, err := v.Lookup("trimSpace").Bool()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if trimSpace {
|
||||||
|
plaintext = strings.TrimSpace(plaintext)
|
||||||
|
}
|
||||||
|
|
||||||
|
secret := pctx.Secrets.New(plaintext)
|
||||||
|
|
||||||
|
return compiler.NewValue().FillFields(map[string]interface{}{
|
||||||
|
"output": secret.MarshalCUE(),
|
||||||
|
})
|
||||||
|
}
|
15
stdlib/europa/dagger/engine/secret.cue
Normal file
15
stdlib/europa/dagger/engine/secret.cue
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
package engine
|
||||||
|
|
||||||
|
// Create a new a secret from a filesystem tree
|
||||||
|
#NewSecret: {
|
||||||
|
$dagger: task: _name: "NewSecret"
|
||||||
|
|
||||||
|
// Filesystem tree holding the secret
|
||||||
|
input: #FS
|
||||||
|
// Path of the secret to read
|
||||||
|
path: string
|
||||||
|
// Whether to trim leading and trailing space characters from secret value
|
||||||
|
trimSpace: *true | false
|
||||||
|
// Contents of the secret
|
||||||
|
output: #Secret
|
||||||
|
}
|
@ -127,3 +127,9 @@ setup() {
|
|||||||
run "$DAGGER" --europa up ./tasks/httpfetch/not_exist.cue
|
run "$DAGGER" --europa up ./tasks/httpfetch/not_exist.cue
|
||||||
assert_failure
|
assert_failure
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "task: #NewSecret" {
|
||||||
|
cd "$TESTDIR"/tasks/newsecret
|
||||||
|
|
||||||
|
"$DAGGER" --europa up ./newsecret.cue
|
||||||
|
}
|
||||||
|
37
tests/tasks/newsecret/newsecret.cue
Normal file
37
tests/tasks/newsecret/newsecret.cue
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/europa/dagger/engine"
|
||||||
|
)
|
||||||
|
|
||||||
|
engine.#Plan & {
|
||||||
|
actions: {
|
||||||
|
image: engine.#Pull & {
|
||||||
|
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
|
||||||
|
}
|
||||||
|
|
||||||
|
generate: engine.#Exec & {
|
||||||
|
input: image.output
|
||||||
|
args: ["sh", "-c", "echo test > /secret"]
|
||||||
|
}
|
||||||
|
|
||||||
|
load: engine.#NewSecret & {
|
||||||
|
input: generate.output
|
||||||
|
path: "/secret"
|
||||||
|
}
|
||||||
|
|
||||||
|
verify: engine.#Exec & {
|
||||||
|
input: image.output
|
||||||
|
mounts: secret: {
|
||||||
|
dest: "/run/secrets/test"
|
||||||
|
contents: load.output
|
||||||
|
}
|
||||||
|
args: [
|
||||||
|
"sh", "-c",
|
||||||
|
#"""
|
||||||
|
test "$(cat /run/secrets/test)" = "test"
|
||||||
|
"""#,
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Reference in New Issue
Block a user