promote secret interpolation

This commit is contained in:
Brad Rydzewski 2017-01-20 11:12:30 +07:00
parent 67fbc8f14d
commit 1f0261a72a
3 changed files with 11 additions and 13 deletions

View file

@ -4,7 +4,6 @@ import (
"fmt"
"net"
"net/url"
"os"
"path/filepath"
"regexp"
"strings"
@ -95,19 +94,19 @@ func (a *Agent) prep(w *model.Work) (*yaml.Config, error) {
envs := toEnv(w)
envSecrets := map[string]string{}
if os.Getenv("DRONE_INTERPOLATE_SECRETS") != "" {
// list of secrets to interpolate in the yaml
for _, secret := range w.Secrets {
if (w.Verified || secret.SkipVerify) && secret.MatchEvent(w.Build.Event) {
envSecrets[secret.Name] = secret.Value
}
}
}
var err error
w.Yaml, err = envsubst.Eval(w.Yaml, func(s string) string {
env, ok := envSecrets[s]
if !ok {
env, ok = envs[s]
env, _ = envs[s]
}
if strings.Contains(env, "\n") {
env = fmt.Sprintf("%q", env)

View file

@ -1,7 +1,6 @@
package main
import (
"fmt"
"io/ioutil"
"os"
"strings"
@ -79,10 +78,6 @@ func secretParseCmd(name string, value string, c *cli.Context) (*model.Secret, e
secret.SkipVerify = c.Bool("skip-verify")
secret.Conceal = c.Bool("conceal")
if len(secret.Images) == 0 {
return nil, fmt.Errorf("Please specify the --image parameter")
}
// TODO(bradrydzewski) below we use an @ sybmol to denote that the secret
// value should be loaded from a file (inspired by curl). I'd prefer to use
// a --input flag to explicitly specify a filepath instead.
@ -124,7 +119,6 @@ func secretDisplayList(secrets []*model.Secret, c *cli.Context) error {
// template for secret list items
var tmplSecretList = "\x1b[33m{{ .Name }} \x1b[0m" + `
Images: {{ list .Images }}
Events: {{ list .Events }}
SkipVerify: {{ .SkipVerify }}
Conceal: {{ .Conceal }}

View file

@ -48,6 +48,11 @@ func TestSecret(t *testing.T) {
// image is only authorized for golang, not golang:1.4.2
g.Assert(secret.MatchImage("golang:1.4.2")).IsFalse()
})
g.It("should not match empty image", func() {
secret := Secret{}
secret.Images = []string{}
g.Assert(secret.MatchImage("node")).IsFalse()
})
g.It("should not match event", func() {
secret := Secret{}
secret.Events = []string{"pull_request"}