This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/tests/tasks/exec/mount_secret.cue
Andrea Luzzardi 82cbea8324 engine: exec: support uid/gid/mask for secret mounts
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-12-17 16:51:46 +01:00

50 lines
1019 B
CUE

package main
import (
"alpha.dagger.io/europa/dagger/engine"
)
engine.#Plan & {
context: secrets: testSecret: envvar: "TESTSECRET"
actions: {
image: engine.#Pull & {
source: "alpine:3.15.0@sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3"
}
verify: engine.#Exec & {
input: image.output
mounts: secret: {
dest: "/run/secrets/test"
contents: context.secrets.testSecret.contents
}
args: [
"sh", "-c",
#"""
test "$(cat /run/secrets/test)" = "hello world"
ls -l /run/secrets/test | grep -- "-r--------"
"""#,
]
}
verifyPerm: engine.#Exec & {
input: image.output
mounts: secret: {
dest: "/run/secrets/test"
contents: context.secrets.testSecret.contents
uid: 42
gid: 24
mask: 0o666
}
args: [
"sh", "-c",
#"""
ls -l /run/secrets/test | grep -- "-rw-rw-rw-"
ls -l /run/secrets/test | grep -- "42"
ls -l /run/secrets/test | grep -- "24"
"""#,
]
}
}
}