darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

promote secret interpolation

Browse source
This commit is contained in:
Brad Rydzewski 2017-01-20 11:12:30 +07:00
parent 67fbc8f14d
commit 1f0261a72a
3 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
agent/agent.go
View file

@ -4,7 +4,6 @@ import (
"fmt" "fmt"
"net" "net"
"net/url" "net/url"
"os"
"path/filepath" "path/filepath"
"regexp" "regexp"
"strings" "strings"
@ -95,11 +94,11 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
envs := toEnv(w) envs := toEnv(w)
envSecrets := map[string]string{} envSecrets := map[string]string{}
if os.Getenv("DRONE_INTERPOLATE_SECRETS") != "" {
for _, secret := range w.Secrets { // list of secrets to interpolate in the yaml
if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) { for _, secret := range w.Secrets {
envSecrets[secret.Name] = secret.Value if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
} envSecrets[secret.Name] = secret.Value
} }
} }
@ -107,7 +106,7 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string { w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string {
env, ok := envSecrets[s] env, ok := envSecrets[s]
if !ok { if !ok {
env, ok = envs[s] env, _ = envs[s]
} }
if strings.Contains(env, "\n") { if strings.Contains(env, "\n") {
env = fmt.Sprintf("%q", env) env = fmt.Sprintf("%q", env)

6
drone/secret.go
View file

@ -1,7 +1,6 @@
package main package main
import ( import (
"fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"strings" "strings"
@ -79,10 +78,6 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
secret.SkipVerify = c.Bool("skip-verify") secret.SkipVerify = c.Bool("skip-verify")
secret.Conceal = c.Bool("conceal") secret.Conceal = c.Bool("conceal")
if len(secret.Images) == 0 {
return nil, fmt.Errorf("Please specify the --image parameter")
}
// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret // TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
// value should be loaded from a file (inspired by curl). I'd prefer to use // value should be loaded from a file (inspired by curl). I'd prefer to use
// a --input flag to explicitly specify a filepath instead. // a --input flag to explicitly specify a filepath instead.
@ -124,7 +119,6 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {
// template for secret list items // template for secret list items
var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + ` var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
Images: {{ list .Images }}
Events: {{ list .Events }} Events: {{ list .Events }}
SkipVerify: {{ .SkipVerify }} SkipVerify: {{ .SkipVerify }}
Conceal: {{ .Conceal }} Conceal: {{ .Conceal }}

5
model/secret_test.go
View file

@ -48,6 +48,11 @@ func TestSecret(t *testing.T) {
// image is only authorized for golang, not golang:1.4.2 // image is only authorized for golang, not golang:1.4.2
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse() g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
}) })
g.It("should not match empty image", func() {
secret := Secret{}
secret.Images = []string{}
g.Assert(secret.MatchImage("node")).IsFalse()
})
g.It("should not match event", func() { g.It("should not match event", func() {
secret := Secret{} secret := Secret{}
secret.Events = []string{"pull_request"} secret.Events = []string{"pull_request"}