diff --git a/cmd/drone-server/inject_runner.go b/cmd/drone-server/inject_runner.go index a1e7f56a..f9ac6594 100644 --- a/cmd/drone-server/inject_runner.go +++ b/cmd/drone-server/inject_runner.go @@ -38,8 +38,8 @@ func provideRunner( registry core.RegistryService, config config.Config, ) *runner.Runner { - // the local runner is only created when the nomad or - // kubernetes scheduler are disabled + // the local runner is only created when the nomad scheduler, + // kubernetes scheduler, and remote agents are disabled if config.Nomad.Enabled || config.Kube.Enabled || config.Agent.Enabled { return nil } diff --git a/cmd/drone-server/inject_scheduler.go b/cmd/drone-server/inject_scheduler.go index 38361b66..8cc9641d 100644 --- a/cmd/drone-server/inject_scheduler.go +++ b/cmd/drone-server/inject_scheduler.go @@ -57,7 +57,7 @@ func provideDockerScheduler(config config.Config) core.Scheduler { // provideKubernetesScheduler is a Wire provider function that // returns a nomad kubernetes from the environment configuration. func provideKubernetesScheduler(config config.Config) core.Scheduler { - logrus.Info("main: kubernetes runtime enabled") + logrus.Info("main: kubernetes scheduler enabled") sched, err := kube.FromConfig(kube.Config{ Namespace: config.Kube.Namespace, ServiceAccount: config.Kube.ServiceAccountName, @@ -95,7 +95,7 @@ func provideKubernetesScheduler(config config.Config) core.Scheduler { // provideNomadScheduler is a Wire provider function that returns // a nomad scheduler from the environment configuration. func provideNomadScheduler(config config.Config) core.Scheduler { - logrus.Info("main: nomad runtime enabled") + logrus.Info("main: nomad scheduler enabled") sched, err := nomad.FromConfig(nomad.Config{ Datacenter: config.Nomad.Datacenters, Namespace: config.Nomad.Namespace, @@ -134,6 +134,6 @@ func provideNomadScheduler(config config.Config) core.Scheduler { // returns an in-memory scheduler for use by the built-in // docker runner, and by remote agents. func provideQueueScheduler(store core.StageStore, config config.Config) core.Scheduler { - logrus.Info("main: nomad runtime enabled") + logrus.Info("main: internal scheduler enabled") return queue.New(store) } diff --git a/core/registry.go b/core/registry.go index f627c658..b8cc3f08 100644 --- a/core/registry.go +++ b/core/registry.go @@ -45,9 +45,10 @@ type ( // RegistryArgs provides arguments for requesting // registry credentials from the remote service. RegistryArgs struct { - Repo *Repository `json:"repo,omitempty"` - Build *Build `json:"build,omitempty"` - Conf *yaml.Manifest `json:"-"` + Repo *Repository `json:"repo,omitempty"` + Build *Build `json:"build,omitempty"` + Conf *yaml.Manifest `json:"-"` + Pipeline *yaml.Pipeline `json:"-"` } // RegistryService provides registry credentials from an diff --git a/go.mod b/go.mod index 86a23b33..ba785db6 100644 --- a/go.mod +++ b/go.mod @@ -12,13 +12,13 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866 github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 - github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff + github.com/docker/distribution v2.7.1+incompatible github.com/docker/go-connections v0.3.0 github.com/docker/go-units v0.3.3 github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59 - github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15 + github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f - github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a + github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963 github.com/drone/envsubst v1.0.1 github.com/drone/go-license v1.0.2 github.com/drone/go-login v1.0.3 diff --git a/go.sum b/go.sum index 346321f3..c22d2945 100644 --- a/go.sum +++ b/go.sum @@ -3,6 +3,10 @@ docker.io/go-docker v1.0.0/go.mod h1:7tiAn5a0LFmjbPDbyTPOaTTOuG1ZRNXdPA6RvKY+fpY github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e h1:rl2Aq4ZODqTDkeSqQBy+fzpZPamacO1Srp8zq7jf2Sc= github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e/go.mod h1:Xa6lInWHNQnuWoF0YPSsx+INFA9qk7/7pTjwb3PInkY= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f h1:y2hSFdXeA1y5z5f0vfNO0Dg5qVY036qzlz3Pds0B92o= github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.15.57 h1:inht07/mRNnvV4uAjjVgTVD7/rF+j0mXllYcNQxDgGA= @@ -21,6 +25,8 @@ github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfD github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff h1:FKH02LHYqSmeWd3GBh0KIkM8JBpw3RrShgtcWShdWJg= github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= +github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF+n1M6o= github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.3.3 h1:Xk8S3Xj5sLGlG5g67hJmYMmUgXv5N4PhkjJHHqrwnTk= @@ -29,10 +35,16 @@ github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59 h1:tH7rJBME3tKWunUm github.com/drone/drone-go v0.0.0-20190217024616-3e8b71333e59/go.mod h1:qVb1k1w9X5jgoGyLtbnfWNnd4XZfAwokxBmiutbpGqw= github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15 h1:uwgJGp/Rsu1I2UdP+ozDJrW33EbMjfO5ILAd4ePoSAw= github.com/drone/drone-runtime v0.0.0-20190123233515-16c002539b15/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44= +github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e h1:Eq0QI9lKe6T5pziU/Kes1xX6QKAA6ZfnYvaZZeyY5TU= +github.com/drone/drone-runtime v0.0.0-20190210191445-ad403a0ca24e/go.mod h1:I+wJO4yvngCUAro6wKjkMbuPPDI/jRynqU0LTW+8J44= github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f h1:iNutUxLvlEY9rVB+v/KEefXnYGxz70LcN4PFCYig2F0= github.com/drone/drone-ui v0.0.0-20190212070020-c372640c766f/go.mod h1:NBtVWW7NNJpD9+huMD/5TAE1db2nrEh0i35/9Rf1MPI= github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a h1:lkYg2gkLiuTtVgIUgBj5EX2EMj6sERIYfyM0RN1YzuY= github.com/drone/drone-yaml v0.0.0-20190122234417-98eb77b4c58a/go.mod h1:JclcdvMwnrxyy25H3YQRxVrsj2u4GdI6L6NgJpEIp00= +github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8 h1:Fig8cPBvJu/0jgrnYrG5ciHnlPzAu4Moc+LymIpTa4U= +github.com/drone/drone-yaml v1.0.1-0.20190222011027-9e589be71ad8/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI= +github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963 h1:c/xcHqxU4sSjehiWoN91nNDN0QmB0UyHOVINvJJ1GUg= +github.com/drone/drone-yaml v1.0.1-0.20190222030833-0e9ca9cdb963/go.mod h1:eM365p3g9M5sroFBTR/najiGrZnd/GiIpWHC2UW8PoI= github.com/drone/envsubst v1.0.1 h1:NOOStingM2sbBwsIUeQkKUz8ShwCUzmqMxWrpXItfPE= github.com/drone/envsubst v1.0.1/go.mod h1:bkZbnc/2vh1M12Ecn7EYScpI4YGYU0etwLJICOWi8Z0= github.com/drone/go-license v1.0.2 h1:7OwndfYk+Lp/cGHkxe4HUn/Ysrrw3WYH2pnd99yrkok= @@ -89,6 +101,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6 h1:qCv4319q2q7XKn0MQbi8p37hsJ+9Xo8e6yojA73JVxk= github.com/hashicorp/go-retryablehttp v0.0.0-20180718195005-e651d75abec6/go.mod h1:fXcdFsQoipQa7mwORhKad5jmDCeSy/RCGzWA08PO0lM= +github.com/hashicorp/go-rootcerts v1.0.0 h1:ueI78wUjYExhCvMLow4icJnayNNFRgy0d9EGs/a1T44= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/golang-lru v0.5.0 h1:CL2msUPvZTLb5O648aiLNJw3hnBxN2+1Jq8rCOH9wdo= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/nomad v0.0.0-20190125003214-134391155854 h1:L7WhLZt2ory/kQWxqkMwOiBpIoa4BWoadN7yx8LHEtk= @@ -146,6 +160,7 @@ github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967 h1:x7xEyJDP7Hv3LVgvWhz github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= github.com/segmentio/ksuid v1.0.2 h1:9yBfKyw4ECGTdALaF09Snw3sLJmYIX6AbPJrAy6MrDc= github.com/segmentio/ksuid v1.0.2/go.mod h1:BXuJDr2byAiHuQaQtSKoXh1J0YmUDurywOXgB2w+OSU= +github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b h1:dnSVC38LseSWVhj3WWqD3worKZY+EqoWwi+MMAKgPbs= github.com/sirupsen/logrus v0.0.0-20181103062819-44067abb194b/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= @@ -174,6 +189,8 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c h1:fqgJT0MGcGpPgpWU7VRdRjuA golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20181017214349-06f26fdaaa28/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= diff --git a/handler/api/repos/enable.go b/handler/api/repos/enable.go index 5991a6c6..32429620 100644 --- a/handler/api/repos/enable.go +++ b/handler/api/repos/enable.go @@ -53,7 +53,7 @@ func HandleEnable( repo.UserID = user.ID if repo.Config == "" { - repo.Config = ".core.yml" + repo.Config = ".drone.yml" } if repo.Signer == "" { repo.Signer = uniuri.NewLen(32) diff --git a/operator/runner/runner.go b/operator/runner/runner.go index 955f145b..c67ca13b 100644 --- a/operator/runner/runner.go +++ b/operator/runner/runner.go @@ -261,9 +261,10 @@ func (r *Runner) Run(ctx context.Context, id int64) error { transform.WithAuthsFunc( func() []*engine.DockerAuth { in := &core.RegistryArgs{ - Build: m.Build, - Repo: m.Repo, - Conf: manifest, + Build: m.Build, + Repo: m.Repo, + Conf: manifest, + Pipeline: pipeline, } out, err := registryService.List(ctx, in) if err != nil { diff --git a/plugin/registry/endpoint.go b/plugin/registry/endpoint.go index c47e0843..45150131 100644 --- a/plugin/registry/endpoint.go +++ b/plugin/registry/endpoint.go @@ -9,6 +9,7 @@ import ( "github.com/drone/drone-go/plugin/registry" "github.com/drone/drone/core" + "github.com/drone/drone/logger" ) // EndpointSource returns a registry credential provider @@ -31,6 +32,9 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi if c.endpoint == "" { return nil, nil } + logger := logger.FromContext(ctx) + logger.Trace("registry: plugin: get credentials") + req := ®istry.Request{ Repo: toRepo(in.Repo), Build: toBuild(in.Build), @@ -38,6 +42,7 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi client := registry.Client(c.endpoint, c.secret, c.skipVerify) res, err := client.List(ctx, req) if err != nil { + logger.WithError(err).Warn("registry: plugin: cannot get credentials") return nil, err } @@ -48,6 +53,8 @@ func (c *service) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Regi Username: registry.Username, Password: registry.Password, }) + logger.WithField("address", registry.Address). + Trace("registry: plugin: found credentials") } return registries, nil } diff --git a/plugin/registry/external.go b/plugin/registry/external.go index 81636626..94265cce 100644 --- a/plugin/registry/external.go +++ b/plugin/registry/external.go @@ -6,7 +6,6 @@ package registry import ( "context" - "strings" "time" "github.com/drone/drone-go/plugin/secret" @@ -29,73 +28,75 @@ type externalController struct { } func (c *externalController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) { - // lookup the named secret in the manifest. If the - // secret does not exist, return a nil variable, - // allowing the next secret controller in the chain - // to be invoked. - path, name, ok := getExternal(in.Conf) - if !ok { - return nil, nil + var results []*core.Registry + + for _, name := range in.Pipeline.PullSecrets { + // lookup the named secret in the manifest. If the + // secret does not exist, return a nil variable, + // allowing the next secret controller in the chain + // to be invoked. + path, name, ok := getExternal(in.Conf, name) + if !ok { + return nil, nil + } + + // include a timeout to prevent an API call from + // hanging the build process indefinitely. The + // external service must return a request within + // one minute. + ctx, cancel := context.WithTimeout(ctx, time.Minute) + defer cancel() + + req := &secret.Request{ + Name: name, + Path: path, + Repo: toRepo(in.Repo), + Build: toBuild(in.Build), + } + client := secret.Client(c.endpoint, c.secret, c.skipVerify) + res, err := client.Find(ctx, req) + if err != nil { + return nil, err + } + + // if no error is returned and the secret is empty, + // this indicates the client returned No Content, + // and we should exit with no secret, but no error. + if res.Data == "" { + return nil, nil + } + + // The secret can be restricted to non-pull request + // events. If the secret is restricted, return + // empty results. + if (res.Pull == false && res.PullRequest == false) && + in.Build.Event == core.EventPullRequest { + return nil, nil + } + + parsed, err := auths.ParseString(res.Data) + if err != nil { + return nil, err + } + results = append(results, parsed...) } - // include a timeout to prevent an API call from - // hanging the build process indefinitely. The - // external service must return a request within - // one minute. - ctx, cancel := context.WithTimeout(ctx, time.Minute) - defer cancel() - - req := &secret.Request{ - Name: name, - Path: path, - Repo: toRepo(in.Repo), - Build: toBuild(in.Build), - } - client := secret.Client(c.endpoint, c.secret, c.skipVerify) - res, err := client.Find(ctx, req) - if err != nil { - return nil, err - } - - // if no error is returned and the secret is empty, - // this indicates the client returned No Content, - // and we should exit with no secret, but no error. - if res.Data == "" { - return nil, nil - } - - // The secret can be restricted to non-pull request - // events. If the secret is restricted, return - // empty results. - if (res.Pull == false && res.PullRequest == false) && - in.Build.Event == core.EventPullRequest { - return nil, nil - } - - return auths.ParseString(res.Data) + return results, nil } -func getExternal(manifest *yaml.Manifest) (path, name string, ok bool) { +func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) { for _, resource := range manifest.Resources { secret, ok := resource.(*yaml.Secret) if !ok { continue } - if !strings.EqualFold(secret.Type, "docker") { + if secret.Name != match { continue } - value, ok := secret.External["docker_auth_config"] - if ok { - return value.Path, value.Name, ok - } - value, ok = secret.External[".dockerconfig"] - if ok { - return value.Path, value.Name, ok - } - value, ok = secret.External[".dockerconfigjson"] - if ok { - return value.Path, value.Name, ok + if secret.Get.Name == "" && secret.Get.Path == "" { + continue } + return secret.Get.Path, secret.Get.Name, true } return } diff --git a/plugin/registry/static.go b/plugin/registry/static.go index 03538545..6f1545ad 100644 --- a/plugin/registry/static.go +++ b/plugin/registry/static.go @@ -6,9 +6,9 @@ package registry import ( "context" - "strings" "github.com/drone/drone/core" + "github.com/drone/drone/logger" "github.com/drone/drone/plugin/registry/auths" ) @@ -22,25 +22,39 @@ type staticController struct { } func (c *staticController) List(ctx context.Context, in *core.RegistryArgs) ([]*core.Registry, error) { + static := map[string]*core.Secret{} for _, secret := range c.secrets { - if !isRegistrySecret(secret.Name) { + static[secret.Name] = secret + } + + var results []*core.Registry + for _, name := range in.Pipeline.PullSecrets { + logger := logger.FromContext(ctx).WithField("name", name) + logger.Trace("registry: image_pull_secret: find secret") + + secret, ok := static[name] + if !ok { + logger.Warn("registry: image_pull_secret: cannot find secret") continue } + // The secret can be restricted to non-pull request // events. If the secret is restricted, return // empty results. if secret.PullRequest == false && in.Build.Event == core.EventPullRequest { + logger.Trace("registry: image_pull_secret: pull_request access denied") continue } - return auths.ParseString(secret.Data) - } - return nil, nil -} -func isRegistrySecret(name string) bool { - return strings.EqualFold(name, "docker_auth_config") || - strings.EqualFold(name, ".dockerconfig") || - strings.EqualFold(name, ".dockerconfigjson") || - strings.EqualFold(name, "_docker") + logger.Trace("registry: image_pull_secret: secret found") + parsed, err := auths.ParseString(secret.Data) + if err != nil { + logger.WithError(err).Error("registry: image_pull_secret: parsing error") + return nil, err + } + + results = append(results, parsed...) + } + return results, nil } diff --git a/plugin/registry/static_test.go b/plugin/registry/static_test.go new file mode 100644 index 00000000..2eb8b2cd --- /dev/null +++ b/plugin/registry/static_test.go @@ -0,0 +1,121 @@ +// Copyright 2019 Drone.IO Inc. All rights reserved. +// Use of this source code is governed by the Drone Non-Commercial License +// that can be found in the LICENSE file. + +package registry + +import ( + "testing" + + "github.com/drone/drone-yaml/yaml" + "github.com/drone/drone/core" + "github.com/google/go-cmp/cmp" +) + +var mockDockerAuthConfig = `{ + "auths": { + "https://index.docker.io/v1/": { + "auth": "b2N0b2NhdDpjb3JyZWN0LWhvcnNlLWJhdHRlcnktc3RhcGxl" + } + } +}` + +func TestStatic(t *testing.T) { + secrets := []*core.Secret{ + { + Name: "dockerhub", + Data: mockDockerAuthConfig, + }, + } + + manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]") + if err != nil { + t.Error(err) + return + } + + args := &core.RegistryArgs{ + Build: &core.Build{Event: core.EventPush}, + Conf: manifest, + Pipeline: manifest.Resources[0].(*yaml.Pipeline), + } + service := Static(secrets) + got, err := service.List(noContext, args) + if err != nil { + t.Error(err) + return + } + + want := []*core.Registry{ + { + Address: "https://index.docker.io/v1/", + Username: "octocat", + Password: "correct-horse-battery-staple", + }, + } + if diff := cmp.Diff(got, want); diff != "" { + t.Errorf(diff) + return + } +} + +func TestStatic_NoMatch(t *testing.T) { + secrets := []*core.Secret{ + { + Name: "dockerhub", + Data: mockDockerAuthConfig, + }, + } + + manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ unknown ]") + if err != nil { + t.Error(err) + return + } + + args := &core.RegistryArgs{ + Build: &core.Build{Event: core.EventPush}, + Conf: manifest, + Pipeline: manifest.Resources[0].(*yaml.Pipeline), + } + service := Static(secrets) + got, err := service.List(noContext, args) + if err != nil { + t.Error(err) + return + } + if len(got) != 0 { + t.Errorf("Expect no results") + } +} + +func TestStatic_DisablePullRequest(t *testing.T) { + secrets := []*core.Secret{ + { + Name: "dockerhub", + Data: mockDockerAuthConfig, + PullRequest: false, + }, + } + + manifest, err := yaml.ParseString("kind: pipeline\nimage_pull_secrets: [ dockerhub ]") + if err != nil { + t.Error(err) + return + } + + args := &core.RegistryArgs{ + Build: &core.Build{Event: core.EventPullRequest}, + Conf: manifest, + Pipeline: manifest.Resources[0].(*yaml.Pipeline), + } + service := Static(secrets) + got, err := service.List(noContext, args) + if err != nil { + t.Error(err) + return + } + if len(got) != 0 { + t.Errorf("Expect no results") + } +} diff --git a/plugin/secret/external.go b/plugin/secret/external.go index d35d4ac3..b9354027 100644 --- a/plugin/secret/external.go +++ b/plugin/secret/external.go @@ -6,7 +6,6 @@ package secret import ( "context" - "strings" "time" "github.com/drone/drone-yaml/yaml" @@ -86,20 +85,19 @@ func (c *externalController) Find(ctx context.Context, in *core.SecretArgs) (*co }, nil } -func getExternal(manifest *yaml.Manifest, named string) (path, name string, ok bool) { +func getExternal(manifest *yaml.Manifest, match string) (path, name string, ok bool) { for _, resource := range manifest.Resources { secret, ok := resource.(*yaml.Secret) if !ok { continue } - if secret.Type != "" && - !strings.EqualFold(secret.Type, "general") { + if secret.Name != match { continue } - value, ok := secret.External[named] - if ok { - return value.Path, value.Name, ok + if secret.Get.Name == "" && secret.Get.Path == "" { + continue } + return secret.Get.Path, secret.Get.Name, true } return } diff --git a/service/content/cache/contents_test.go b/service/content/cache/contents_test.go index 941b1f48..c6326f67 100644 --- a/service/content/cache/contents_test.go +++ b/service/content/cache/contents_test.go @@ -30,7 +30,7 @@ func TestFind(t *testing.T) { } mockContents := mock.NewMockFileService(controller) - mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(mockFile, nil) + mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(mockFile, nil) service := Contents(mockContents).(*service) @@ -39,7 +39,7 @@ func TestFind(t *testing.T) { Hash: []byte(""), } - got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err != nil { t.Error(err) } @@ -59,11 +59,11 @@ func TestFindError(t *testing.T) { mockUser := &core.User{} mockContents := mock.NewMockFileService(controller) - mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml").Return(nil, scm.ErrNotFound) + mockContents.EXPECT().Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml").Return(nil, scm.ErrNotFound) service := Contents(mockContents).(*service) - _, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + _, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err != scm.ErrNotFound { t.Errorf("Expect not found error") } @@ -79,7 +79,7 @@ func TestFindCache(t *testing.T) { Hash: []byte(""), } - key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".core.yml") + key := fmt.Sprintf(contentKey, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", ".drone.yml") service := Contents(nil).(*service) service.cache.Add(key, mockFile) @@ -88,7 +88,7 @@ func TestFindCache(t *testing.T) { Hash: []byte(""), } - got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err != nil { t.Error(err) } diff --git a/service/content/content_test.go b/service/content/content_test.go index bbf6b803..157d319f 100644 --- a/service/content/content_test.go +++ b/service/content/content_test.go @@ -25,12 +25,12 @@ func TestFind(t *testing.T) { mockUser := &core.User{} mockFile := &scm.Content{ - Path: ".core.yml", + Path: ".drone.yml", Data: []byte("hello world"), } mockContents := mockscm.NewMockContentService(controller) - mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil) + mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(mockFile, nil, nil) mockRenewer := mock.NewMockRenewer(controller) mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false) @@ -44,7 +44,7 @@ func TestFind(t *testing.T) { } service := New(client, mockRenewer) - got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + got, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err != nil { t.Error(err) } @@ -60,7 +60,7 @@ func TestFind_Error(t *testing.T) { mockUser := &core.User{} mockContents := mockscm.NewMockContentService(controller) - mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".core.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound) + mockContents.EXPECT().Find(gomock.Any(), "octocat/hello-world", ".drone.yml", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa").Return(nil, nil, scm.ErrNotFound) mockRenewer := mock.NewMockRenewer(controller) mockRenewer.EXPECT().Renew(gomock.Any(), mockUser, false) @@ -71,7 +71,7 @@ func TestFind_Error(t *testing.T) { s := New(client, mockRenewer) s.(*service).attempts = 1 s.(*service).wait = 0 - _, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + _, err := s.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err != scm.ErrNotFound { t.Errorf("Expect not found error, got %s", err) } @@ -89,7 +89,7 @@ func TestFind_RenewalError(t *testing.T) { client := new(scm.Client) service := New(client, mockRenewer) - _, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".core.yml") + _, err := service.Find(noContext, mockUser, "octocat/hello-world", "a6586b3db244fb6b1198f2b25c213ded5b44f9fa", "master", ".drone.yml") if err == nil { t.Errorf("Expect error refreshing token") } diff --git a/trigger/trigger.go b/trigger/trigger.go index cbda960e..7f5b0298 100644 --- a/trigger/trigger.go +++ b/trigger/trigger.go @@ -121,7 +121,7 @@ func (t *triggerer) Trigger(ctx context.Context, repo *core.Repository, base *co } // // some tag hooks provide the tag but do not provide the sha. - // // this may be important if we want to fetch the .core.yml + // // this may be important if we want to fetch the .drone.yml // if base.After == "" && base.Event == core.EventTag { // tag, _, err := t.client.Git.FindTag(ctx, repo.Slug, base.Ref) // if err != nil { diff --git a/trigger/trigger_test.go b/trigger/trigger_test.go index 85624ac7..06930a52 100644 --- a/trigger/trigger_test.go +++ b/trigger/trigger_test.go @@ -445,7 +445,7 @@ var ( Counter: 42, Secret: "g9dMChy22QutQM5lrpbe0yCR3f15t1gv", Signer: "g9dMChy22QutQM5lrpbe0yCR3f15t1gv", - Config: ".core.yml", + Config: ".drone.yml", } dummyStage = &core.Stage{