From 9c0e2d1d9530c2527f10e6b3fd91872bd6f3b5e7 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Tue, 25 May 2021 18:56:16 -0700 Subject: [PATCH 1/7] buildkit secrets support - Secrets are never exposed in plaintext in the Cue tree. `dagger query` won't dump secrets anymore, Cue errors won't contain them either. - BuildKit-native secrets support through a new `mount` type. This ensures secrets will never be part of containerd layers, buildkit cache and generally speaking will never be saved to disk in plaintext. - Updated netlify as an example - Added tests - Changed the Cue definition of a secret to: ``` @dagger(secret) id: string } ``` This is to ensure both that setting the wrong input type on a secret (e.g. `dagger input text`) will fail, and attempting to misuse the secret (e.g. interpolating, passing as an env variable, etc) will also fail properly. Signed-off-by: Andrea Luzzardi --- client/client.go | 32 ++++--------- environment/environment.go | 6 +-- environment/pipeline.go | 19 ++++++++ solver/secretsprovider.go | 47 +++++++++++++++++++ solver/solver.go | 30 +++++++++++- state/input.go | 40 +++++++++------- stdlib/dagger/dagger.cue | 5 +- stdlib/dagger/op/op.cue | 2 +- stdlib/netlify/netlify.cue | 6 +-- stdlib/netlify/netlify.sh.cue | 2 + stdlib/os/container.cue | 11 +++-- tests/compute.bats | 27 +++++++++++ tests/compute/secrets/invalid/env/env.cue | 21 +++++++++ .../compute/secrets/invalid/string/string.cue | 21 +++++++++ tests/compute/secrets/simple/simple.cue | 34 ++++++++++++++ 15 files changed, 244 insertions(+), 59 deletions(-) create mode 100644 solver/secretsprovider.go create mode 100644 tests/compute/secrets/invalid/env/env.cue create mode 100644 tests/compute/secrets/invalid/string/string.cue create mode 100644 tests/compute/secrets/simple/simple.cue diff --git a/client/client.go b/client/client.go index 15506007..81d348ca 100644 --- a/client/client.go +++ b/client/client.go @@ -2,7 +2,6 @@ package client import ( "context" - "errors" "fmt" "os" "path/filepath" @@ -87,13 +86,13 @@ func (c *Client) Do(ctx context.Context, state *state.State, fn DoFunc) (*enviro // Spawn build function eg.Go(func() error { - return c.buildfn(gctx, environment, fn, events) + return c.buildfn(gctx, state, environment, fn, events) }) return environment, eg.Wait() } -func (c *Client) buildfn(ctx context.Context, env *environment.Environment, fn DoFunc, ch chan *bk.SolveStatus) error { +func (c *Client) buildfn(ctx context.Context, st *state.State, env *environment.Environment, fn DoFunc, ch chan *bk.SolveStatus) error { lg := log.Ctx(ctx) // Scan local dirs to grant access @@ -109,10 +108,13 @@ func (c *Client) buildfn(ctx context.Context, env *environment.Environment, fn D // buildkit auth provider (registry) auth := solver.NewRegistryAuthProvider() + // secrets + secrets := solver.NewSecretsProvider(st) + // Setup solve options opts := bk.SolveOpt{ LocalDirs: localdirs, - Session: []session.Attachable{auth}, + Session: []session.Attachable{auth, secrets}, } // Call buildkit solver @@ -127,6 +129,7 @@ func (c *Client) buildfn(ctx context.Context, env *environment.Environment, fn D Gateway: gw, Events: ch, Auth: auth, + Secrets: secrets, NoCache: c.noCache, }) @@ -165,7 +168,7 @@ func (c *Client) buildfn(ctx context.Context, env *environment.Environment, fn D return res, nil }, ch) if err != nil { - return fmt.Errorf("buildkit solve: %w", bkCleanError(err)) + return solver.CleanError(err) } for k, v := range resp.ExporterResponse { // FIXME consume exporter response @@ -243,22 +246,3 @@ func (c *Client) logSolveStatus(ctx context.Context, ch chan *bk.SolveStatus) er }, ) } - -// A helper to remove noise from buildkit error messages. -// FIXME: Obviously a cleaner solution would be nice. -func bkCleanError(err error) error { - noise := []string{ - "executor failed running ", - "buildkit-runc did not terminate successfully", - "rpc error: code = Unknown desc = ", - "failed to solve: ", - } - - msg := err.Error() - - for _, s := range noise { - msg = strings.ReplaceAll(msg, s, "") - } - - return errors.New(msg) -} diff --git a/environment/environment.go b/environment/environment.go index cc732f4c..7cb0a45a 100644 --- a/environment/environment.go +++ b/environment/environment.go @@ -44,7 +44,7 @@ func New(st *state.State) (*Environment, error) { // Prepare inputs for key, input := range st.Inputs { - v, err := input.Compile(st) + v, err := input.Compile(key, st) if err != nil { return nil, err } @@ -86,7 +86,7 @@ func (e *Environment) LoadPlan(ctx context.Context, s solver.Solver) error { span, ctx := opentracing.StartSpanFromContext(ctx, "environment.LoadPlan") defer span.Finish() - planSource, err := e.state.PlanSource().Compile(e.state) + planSource, err := e.state.PlanSource().Compile("", e.state) if err != nil { return err } @@ -157,7 +157,7 @@ func (e *Environment) LocalDirs() map[string]string { } // 2. Scan the plan - plan, err := e.state.PlanSource().Compile(e.state) + plan, err := e.state.PlanSource().Compile("", e.state) if err != nil { panic(err) } diff --git a/environment/pipeline.go b/environment/pipeline.go index 226e0830..687371b6 100644 --- a/environment/pipeline.go +++ b/environment/pipeline.go @@ -490,6 +490,25 @@ func (p *Pipeline) mount(ctx context.Context, dest string, mnt *compiler.Value) return nil, fmt.Errorf("invalid mount source: %q", s) } } + // eg. mount: "/foo": secret: mysecret + if secret := mnt.Lookup("secret"); secret.Exists() { + if !secret.HasAttr("secret") { + return nil, fmt.Errorf("invalid secret %q: not a secret", secret.Path().String()) + } + idValue := secret.Lookup("id") + if !idValue.Exists() { + return nil, fmt.Errorf("invalid secret %q: no id field", secret.Path().String()) + } + id, err := idValue.String() + if err != nil { + return nil, fmt.Errorf("invalid secret id: %w", err) + } + return llb.AddSecret(dest, + llb.SecretID(id), + llb.SecretFileOpt(0, 0, 0400), // uid, gid, mask) + ), nil + } + // eg. mount: "/foo": { from: www.source } from := NewPipeline(mnt.Lookup("from"), p.s) if err := from.Run(ctx); err != nil { diff --git a/solver/secretsprovider.go b/solver/secretsprovider.go new file mode 100644 index 00000000..67f8436e --- /dev/null +++ b/solver/secretsprovider.go @@ -0,0 +1,47 @@ +package solver + +import ( + "context" + "strings" + + "github.com/moby/buildkit/session" + "github.com/moby/buildkit/session/secrets" + "github.com/moby/buildkit/session/secrets/secretsprovider" + "github.com/rs/zerolog/log" + "go.dagger.io/dagger/state" +) + +func NewSecretsProvider(st *state.State) session.Attachable { + return secretsprovider.NewSecretProvider(&inputStore{st}) +} + +type inputStore struct { + st *state.State +} + +func (s *inputStore) GetSecret(ctx context.Context, id string) ([]byte, error) { + lg := log.Ctx(ctx) + + const secretPrefix = "secret=" + + if !strings.HasPrefix(id, secretPrefix) { + return nil, secrets.ErrNotFound + } + + id = strings.TrimPrefix(id, secretPrefix) + + input, ok := s.st.Inputs[id] + if !ok { + return nil, secrets.ErrNotFound + } + if input.Secret == nil { + return nil, secrets.ErrNotFound + } + + lg. + Debug(). + Str("id", id). + Msg("injecting secret") + + return []byte(input.Secret.PlainText()), nil +} diff --git a/solver/solver.go b/solver/solver.go index 4a33ac62..7ec67cf8 100644 --- a/solver/solver.go +++ b/solver/solver.go @@ -3,7 +3,9 @@ package solver import ( "context" "encoding/json" + "errors" "fmt" + "strings" bk "github.com/moby/buildkit/client" "github.com/moby/buildkit/client/llb" @@ -25,6 +27,7 @@ type Opts struct { Gateway bkgw.Client Events chan *bk.SolveStatus Auth *RegistryAuthProvider + Secrets session.Attachable NoCache bool } @@ -100,7 +103,11 @@ func (s Solver) ResolveImageConfig(ctx context.Context, ref string, opts llb.Res // Solve will block until the state is solved and returns a Reference. func (s Solver) SolveRequest(ctx context.Context, req bkgw.SolveRequest) (*bkgw.Result, error) { - return s.opts.Gateway.Solve(ctx, req) + res, err := s.opts.Gateway.Solve(ctx, req) + if err != nil { + return nil, CleanError(err) + } + return res, nil } // Solve will block until the state is solved and returns a Reference. @@ -150,7 +157,7 @@ func (s Solver) Export(ctx context.Context, st llb.State, img *dockerfile2llb.Im opts := bk.SolveOpt{ Exports: []bk.ExportEntry{output}, - Session: []session.Attachable{s.opts.Auth}, + Session: []session.Attachable{s.opts.Auth, s.opts.Secrets}, } ch := make(chan *bk.SolveStatus) @@ -204,3 +211,22 @@ func dumpLLB(def *bkpb.Definition) ([]byte, error) { } return json.Marshal(ops) } + +// A helper to remove noise from buildkit error messages. +// FIXME: Obviously a cleaner solution would be nice. +func CleanError(err error) error { + noise := []string{ + "executor failed running ", + "buildkit-runc did not terminate successfully", + "rpc error: code = Unknown desc = ", + "failed to solve: ", + } + + msg := err.Error() + + for _, s := range noise { + msg = strings.ReplaceAll(msg, s, "") + } + + return errors.New(msg) +} diff --git a/state/input.go b/state/input.go index c29e5e0d..cdf74e45 100644 --- a/state/input.go +++ b/state/input.go @@ -37,24 +37,24 @@ type Input struct { File *fileInput `yaml:"file,omitempty"` } -func (i Input) Compile(state *State) (*compiler.Value, error) { +func (i Input) Compile(key string, state *State) (*compiler.Value, error) { switch { case i.Dir != nil: - return i.Dir.Compile(state) + return i.Dir.Compile(key, state) case i.Git != nil: - return i.Git.Compile(state) + return i.Git.Compile(key, state) case i.Docker != nil: - return i.Docker.Compile(state) + return i.Docker.Compile(key, state) case i.Text != nil: - return i.Text.Compile(state) + return i.Text.Compile(key, state) case i.Secret != nil: - return i.Secret.Compile(state) + return i.Secret.Compile(key, state) case i.JSON != nil: - return i.JSON.Compile(state) + return i.JSON.Compile(key, state) case i.YAML != nil: - return i.YAML.Compile(state) + return i.YAML.Compile(key, state) case i.File != nil: - return i.File.Compile(state) + return i.File.Compile(key, state) default: return nil, fmt.Errorf("input has not been set") } @@ -75,7 +75,7 @@ type dirInput struct { Include []string `json:"include,omitempty"` } -func (dir dirInput) Compile(state *State) (*compiler.Value, error) { +func (dir dirInput) Compile(_ string, state *State) (*compiler.Value, error) { // FIXME: serialize an intermediate struct, instead of generating cue source // json.Marshal([]string{}) returns []byte("null"), which wreaks havoc @@ -122,7 +122,7 @@ func GitInput(remote, ref, dir string) Input { } } -func (git gitInput) Compile(_ *State) (*compiler.Value, error) { +func (git gitInput) Compile(_ string, _ *State) (*compiler.Value, error) { ref := "HEAD" if git.Ref != "" { ref = git.Ref @@ -148,7 +148,7 @@ type dockerInput struct { Ref string `json:"ref,omitempty"` } -func (i dockerInput) Compile(_ *State) (*compiler.Value, error) { +func (i dockerInput) Compile(_ string, _ *State) (*compiler.Value, error) { panic("NOT IMPLEMENTED") } @@ -162,7 +162,7 @@ func TextInput(data string) Input { type textInput string -func (i textInput) Compile(_ *State) (*compiler.Value, error) { +func (i textInput) Compile(_ string, _ *State) (*compiler.Value, error) { return compiler.Compile("", fmt.Sprintf("%q", i)) } @@ -176,8 +176,12 @@ func SecretInput(data string) Input { type secretInput string -func (i secretInput) Compile(_ *State) (*compiler.Value, error) { - return compiler.Compile("", fmt.Sprintf("%q", i)) +func (i secretInput) Compile(key string, _ *State) (*compiler.Value, error) { + return compiler.Compile("", fmt.Sprintf(`{id:%q}`, "secret="+key)) +} + +func (i secretInput) PlainText() string { + return string(i) } // An input value encoded as JSON @@ -190,7 +194,7 @@ func JSONInput(data string) Input { type jsonInput string -func (i jsonInput) Compile(_ *State) (*compiler.Value, error) { +func (i jsonInput) Compile(_ string, _ *State) (*compiler.Value, error) { return compiler.DecodeJSON("", []byte(i)) } @@ -204,7 +208,7 @@ func YAMLInput(data string) Input { type yamlInput string -func (i yamlInput) Compile(_ *State) (*compiler.Value, error) { +func (i yamlInput) Compile(_ string, _ *State) (*compiler.Value, error) { return compiler.DecodeYAML("", []byte(i)) } @@ -220,7 +224,7 @@ type fileInput struct { Path string `json:"data,omitempty"` } -func (i fileInput) Compile(_ *State) (*compiler.Value, error) { +func (i fileInput) Compile(_ string, _ *State) (*compiler.Value, error) { data, err := ioutil.ReadFile(i.Path) if err != nil { return nil, err diff --git a/stdlib/dagger/dagger.cue b/stdlib/dagger/dagger.cue index 3f9bcdd2..e7afc6d5 100644 --- a/stdlib/dagger/dagger.cue +++ b/stdlib/dagger/dagger.cue @@ -15,9 +15,8 @@ import ( } // Secret value -// FIXME: currently aliased as a string to mark secrets -// this requires proper support. #Secret: { @dagger(secret) - string | bytes + + id: string } diff --git a/stdlib/dagger/op/op.cue b/stdlib/dagger/op/op.cue index 18f1e3ee..af8acd5b 100644 --- a/stdlib/dagger/op/op.cue +++ b/stdlib/dagger/op/op.cue @@ -57,7 +57,7 @@ package op // `true` means also ignoring the mount cache volumes always?: true | *false dir: string | *"/" - mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"} + mount: [string]: "tmpfs" | "cache" | {from: _, path: string | *"/"} | {secret: _} // Map of hostnames to ip hosts?: [string]: string // User to exec with (if left empty, will default to the set user in the image) diff --git a/stdlib/netlify/netlify.cue b/stdlib/netlify/netlify.cue index 61e23f06..79fabdcc 100644 --- a/stdlib/netlify/netlify.cue +++ b/stdlib/netlify/netlify.cue @@ -80,10 +80,10 @@ import ( if customDomain != _|_ { NETLIFY_DOMAIN: customDomain } - NETLIFY_ACCOUNT: account.name - NETLIFY_AUTH_TOKEN: account.token + NETLIFY_ACCOUNT: account.name } dir: "/src" - mount: "/src": from: contents + mount: "/src": from: contents + mount: "/token": secret: account.token } } diff --git a/stdlib/netlify/netlify.sh.cue b/stdlib/netlify/netlify.sh.cue index 2130de71..27667a9e 100644 --- a/stdlib/netlify/netlify.sh.cue +++ b/stdlib/netlify/netlify.sh.cue @@ -1,6 +1,8 @@ package netlify #Site: ctr: command: #""" + export NETLIFY_AUTH_TOKEN="$(cat /token)" + create_site() { url="https://api.netlify.com/api/v1/${NETLIFY_ACCOUNT:-}/sites" diff --git a/stdlib/os/container.cue b/stdlib/os/container.cue index f13185f8..035de1c3 100644 --- a/stdlib/os/container.cue +++ b/stdlib/os/container.cue @@ -52,6 +52,8 @@ import ( mount: [string]: { from: dagger.#Artifact // FIXME: support source path + } | { + secret: dagger.#Secret } // Mount persistent cache directories @@ -94,10 +96,9 @@ import ( // Execute setup commands, without volumes for cmd in setup { op.#Exec & { - args: [shell.path] + shell.args + [cmd] - "env": env - "dir": dir - "always": always + args: [shell.path] + shell.args + [cmd] + "env": env + "dir": dir } }, // Execute main command with volumes @@ -109,7 +110,7 @@ import ( "always": always "mount": { for dest, o in mount { - "\(dest)": from: o.from + "\(dest)": o // FIXME: support source path } for dest in cache { diff --git a/tests/compute.bats b/tests/compute.bats index 7f0363dc..97676dd4 100644 --- a/tests/compute.bats +++ b/tests/compute.bats @@ -67,6 +67,33 @@ setup() { assert_line '{"in":"foobar","test":"received: foobar"}' } +@test "compute: secrets" { + # secrets used as environment variables must fail + run "$DAGGER" compute "$TESTDIR"/compute/secrets/invalid/env + assert_failure + assert_line --partial "conflicting values" + + # strings passed as secrets must fail + run "$DAGGER" compute "$TESTDIR"/compute/secrets/invalid/string + assert_failure + + # Setting a text input for a secret value should fail + run "$DAGGER" compute --input-string 'mySecret=SecretValue' "$TESTDIR"/compute/secrets/simple + assert_failure + + # Now test with an actual secret and make sure it works + "$DAGGER" init + dagger_new_with_plan secrets "$TESTDIR"/compute/secrets/simple + "$DAGGER" input secret mySecret SecretValue + run "$DAGGER" up + assert_success + + # Make sure the secret doesn't show in dagger query + run "$DAGGER" query mySecret.id -f text + assert_success + assert_output "secret=mySecret" +} + @test ".daggerignore" { "$DAGGER" compute --input-dir TestData="$TESTDIR"/compute/ignore/testdata "$TESTDIR"/compute/ignore } diff --git a/tests/compute/secrets/invalid/env/env.cue b/tests/compute/secrets/invalid/env/env.cue new file mode 100644 index 00000000..bfded599 --- /dev/null +++ b/tests/compute/secrets/invalid/env/env.cue @@ -0,0 +1,21 @@ +package testing + +import ( + "dagger.io/dagger" + "dagger.io/dagger/op" + "dagger.io/alpine" +) + +mySecret: dagger.#Secret + +TestSecrets: #up: [ + op.#Load & { + from: alpine.#Image & { + package: bash: "=~5.1" + } + }, + + op.#Exec & { + env: foo: mySecret + }, +] diff --git a/tests/compute/secrets/invalid/string/string.cue b/tests/compute/secrets/invalid/string/string.cue new file mode 100644 index 00000000..2015a1d7 --- /dev/null +++ b/tests/compute/secrets/invalid/string/string.cue @@ -0,0 +1,21 @@ +package testing + +import ( + "dagger.io/dagger/op" + "dagger.io/alpine" +) + +mySecret: dagger.#Secret + +TestString: #up: [ + op.#Load & { + from: alpine.#Image & { + package: bash: "=~5.1" + } + }, + + op.#Exec & { + mount: "/secret": secret: mySecret + args: ["true"] + }, +] diff --git a/tests/compute/secrets/simple/simple.cue b/tests/compute/secrets/simple/simple.cue new file mode 100644 index 00000000..4d1f5ca6 --- /dev/null +++ b/tests/compute/secrets/simple/simple.cue @@ -0,0 +1,34 @@ +package testing + +import ( + "dagger.io/dagger" + "dagger.io/dagger/op" + "dagger.io/alpine" +) + +mySecret: dagger.#Secret + +TestSecrets: #up: [ + op.#Load & { + from: alpine.#Image & { + package: bash: "=~5.1" + } + }, + + op.#Exec & { + mount: "/secret": secret: mySecret + env: PLAIN: mySecret.id + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + test "$(cat /secret)" = "SecretValue" + test "$PLAIN" != "SecretValue" + """#, + ] + }, +] From 40d4c95bffaf85dce12658f46b5e6f3358796a1d Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Wed, 26 May 2021 18:03:48 -0700 Subject: [PATCH 2/7] aws: use secrets Signed-off-by: Andrea Luzzardi --- stdlib/aws/aws.cue | 105 ++++-------------- stdlib/aws/ecr/ecr.cue | 40 +++++-- stdlib/aws/s3/s3.cue | 94 ++++++++++------ stdlib/netlify/netlify.cue | 2 +- stdlib/netlify/netlify.sh.cue | 2 +- tests/stdlib.bats | 8 +- .../aws/ecr/.dagger/env/default/.gitignore | 2 + .../{ => .dagger/env/default/plan}/ecr.cue | 0 .../{ => .dagger/env/default/plan}/random.cue | 0 .../aws/ecr/.dagger/env/default/values.yaml | 26 +++++ .../aws/s3/.dagger/env/default/.gitignore | 2 + .../s3/{ => .dagger/env/default/plan}/s3.cue | 6 + .../{ => .dagger/env/default/plan}/verify.cue | 56 ++++++---- .../aws/s3/.dagger/env/default/values.yaml | 30 +++++ 14 files changed, 219 insertions(+), 154 deletions(-) create mode 100644 tests/stdlib/aws/ecr/.dagger/env/default/.gitignore rename tests/stdlib/aws/ecr/{ => .dagger/env/default/plan}/ecr.cue (100%) rename tests/stdlib/aws/ecr/{ => .dagger/env/default/plan}/random.cue (100%) create mode 100644 tests/stdlib/aws/ecr/.dagger/env/default/values.yaml create mode 100644 tests/stdlib/aws/s3/.dagger/env/default/.gitignore rename tests/stdlib/aws/s3/{ => .dagger/env/default/plan}/s3.cue (79%) rename tests/stdlib/aws/s3/{ => .dagger/env/default/plan}/verify.cue (51%) create mode 100644 tests/stdlib/aws/s3/.dagger/env/default/values.yaml diff --git a/stdlib/aws/aws.cue b/stdlib/aws/aws.cue index c8e8d0f4..23ef9040 100644 --- a/stdlib/aws/aws.cue +++ b/stdlib/aws/aws.cue @@ -18,6 +18,7 @@ import ( // Re-usable aws-cli component #CLI: { + config: #Config package: [string]: string | bool #up: [ @@ -30,86 +31,26 @@ import ( "package": "aws-cli": "=~1.18" } }, + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + aws configure set aws_access_key_id "$(cat /run/secrets/access_key)" + aws configure set aws_secret_access_key "$(cat /run/secrets/secret_key)" + + aws configure set default.region "$AWS_DEFAULT_REGION" + aws configure set default.cli_pager "" + aws configure set default.output "json" + """# + ] + mount: "/run/secrets/access_key": secret: config.accessKey + mount: "/run/secrets/secret_key": secret: config.secretKey + env: AWS_DEFAULT_REGION: config.region + }, ] -} - -// Helper for writing scripts based on AWS CLI -#Script: { - // AWS code - config: #Config - - // Script code (bash) - code: string - - // Extra pkgs to install - package: [string]: string | bool - - // Files to mount - files: [string]: string - - // Env variables - env: [string]: string - - // Export file - export: string - - // Always execute the script? - always?: bool - - // Directory - dir?: dagger.#Artifact - - out: { - string - - #up: [ - op.#Load & { - from: #CLI & { - "package": package - } - }, - op.#Mkdir & { - path: "/inputs" - }, - for k, v in files { - op.#WriteFile & { - dest: k - content: v - } - }, - op.#WriteFile & { - dest: "/entrypoint.sh" - content: code - }, - op.#Exec & { - if always != _|_ { - "always": always - } - args: [ - "/bin/bash", - "--noprofile", - "--norc", - "-eo", - "pipefail", - "/entrypoint.sh", - ] - "env": env - "env": { - AWS_ACCESS_KEY_ID: config.accessKey - AWS_SECRET_ACCESS_KEY: config.secretKey - AWS_DEFAULT_REGION: config.region - AWS_REGION: config.region - AWS_DEFAULT_OUTPUT: "json" - AWS_PAGER: "" - } - if dir != _|_ { - mount: "/inputs/source": from: dir - } - }, - op.#Export & { - source: export - format: "string" - }, - ] - } -} +} \ No newline at end of file diff --git a/stdlib/aws/ecr/ecr.cue b/stdlib/aws/ecr/ecr.cue index 8ffdf038..6a7018d8 100644 --- a/stdlib/aws/ecr/ecr.cue +++ b/stdlib/aws/ecr/ecr.cue @@ -2,6 +2,7 @@ package ecr import ( "dagger.io/dagger" + "dagger.io/dagger/op" "dagger.io/aws" ) @@ -15,14 +16,37 @@ import ( // ECR credentials username: "AWS" - secret: out @dagger(output) + secret: { + @dagger(output) + string - aws.#Script & { - always: true - "config": config - export: "/out" - code: """ - aws ecr get-login-password > /out - """ + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, + + op.#Exec & { + always: true + + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + aws ecr get-login-password > /out + """# + ] + }, + + op.#Export & { + source: "/out" + format: "string" + } + ] } } diff --git a/stdlib/aws/s3/s3.cue b/stdlib/aws/s3/s3.cue index 3c380979..1d33c752 100644 --- a/stdlib/aws/s3/s3.cue +++ b/stdlib/aws/s3/s3.cue @@ -2,6 +2,7 @@ package s3 import ( "dagger.io/dagger" + "dagger.io/dagger/op" "dagger.io/aws" ) @@ -23,46 +24,69 @@ import ( // Object content type contentType: string | *"" @dagger(input) - // URL of the uploaded S3 object - url: out @dagger(output) - // Always write the object to S3 always?: bool @dagger(input) - out: string - aws.#Script & { - if always != _|_ { - "always": always - } - files: { + // URL of the uploaded S3 object + url: { + @dagger(output) + string + + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, + if sourceInline != _|_ { - "/inputs/source": sourceInline + op.#WriteFile & { + dest: "/source" + content: sourceInline + } } - "/inputs/target": target - if contentType != "" { - "/inputs/content_type": contentType + + op.#Exec & { + if always != _|_ { + "always": always + } + env: { + TARGET: target + CONTENT_TYPE: contentType + } + + if sourceInline == _|_ { + mount: "/source": from: source + } + + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + opts="" + op=cp + if [ -d /source ]; then + op=sync + fi + if [ -n "$CONTENT_TYPE" ]; then + opts="--content-type $CONTENT_TYPE" + fi + aws s3 $op $opts /source "$TARGET" + echo "$TARGET" \ + | sed -E 's=^s3://([^/]*)/=https://\1.s3.amazonaws.com/=' \ + > /url + """# + ] + }, + + op.#Export & { + source: "/url" + format: "string" } - } - - export: "/url" - - code: #""" - opts="" - op=cp - if [ -d /inputs/source ]; then - op=sync - fi - if [ -f /inputs/content_type ]; then - opts="--content-type $(cat /inputs/content_type)" - fi - aws s3 $op $opts /inputs/source "$(cat /inputs/target)" - cat /inputs/target \ - | sed -E 's=^s3://([^/]*)/=https://\1.s3.amazonaws.com/=' \ - > /url - """# - - if sourceInline == _|_ { - dir: source - } + ] } } diff --git a/stdlib/netlify/netlify.cue b/stdlib/netlify/netlify.cue index 79fabdcc..44b44778 100644 --- a/stdlib/netlify/netlify.cue +++ b/stdlib/netlify/netlify.cue @@ -84,6 +84,6 @@ import ( } dir: "/src" mount: "/src": from: contents - mount: "/token": secret: account.token + mount: "/run/secrets/token": secret: account.token } } diff --git a/stdlib/netlify/netlify.sh.cue b/stdlib/netlify/netlify.sh.cue index 27667a9e..6feb87ab 100644 --- a/stdlib/netlify/netlify.sh.cue +++ b/stdlib/netlify/netlify.sh.cue @@ -1,7 +1,7 @@ package netlify #Site: ctr: command: #""" - export NETLIFY_AUTH_TOKEN="$(cat /token)" + export NETLIFY_AUTH_TOKEN="$(cat /run/secrets/token)" create_site() { url="https://api.netlify.com/api/v1/${NETLIFY_ACCOUNT:-}/sites" diff --git a/tests/stdlib.bats b/tests/stdlib.bats index 409169f1..cf4325f7 100644 --- a/tests/stdlib.bats +++ b/tests/stdlib.bats @@ -43,9 +43,7 @@ setup() { } @test "stdlib: aws: s3" { - skip_unless_secrets_available "$TESTDIR"/stdlib/aws/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/aws/s3 --input-dir TestDirectory="$TESTDIR"/stdlib/aws/s3/testdata --input-yaml "$TESTDIR"/stdlib/aws/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/aws/s3 } @test "stdlib: aws: eks" { @@ -55,9 +53,7 @@ setup() { } @test "stdlib: aws: ecr" { - skip_unless_secrets_available "$TESTDIR"/stdlib/aws/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/aws/ecr --input-yaml "$TESTDIR"/stdlib/aws/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/aws/ecr } @test "stdlib: gcp: gke" { diff --git a/tests/stdlib/aws/ecr/.dagger/env/default/.gitignore b/tests/stdlib/aws/ecr/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/aws/ecr/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/aws/ecr/ecr.cue b/tests/stdlib/aws/ecr/.dagger/env/default/plan/ecr.cue similarity index 100% rename from tests/stdlib/aws/ecr/ecr.cue rename to tests/stdlib/aws/ecr/.dagger/env/default/plan/ecr.cue diff --git a/tests/stdlib/aws/ecr/random.cue b/tests/stdlib/aws/ecr/.dagger/env/default/plan/random.cue similarity index 100% rename from tests/stdlib/aws/ecr/random.cue rename to tests/stdlib/aws/ecr/.dagger/env/default/plan/random.cue diff --git a/tests/stdlib/aws/ecr/.dagger/env/default/values.yaml b/tests/stdlib/aws/ecr/.dagger/env/default/values.yaml new file mode 100644 index 00000000..b8dcf96d --- /dev/null +++ b/tests/stdlib/aws/ecr/.dagger/env/default/values.yaml @@ -0,0 +1,26 @@ +name: default +inputs: + TestConfig.awsConfig.accessKey: + secret: ENC[AES256_GCM,data:iu6LfQNgGZUVnHVeMRYPrcBtlZk=,iv:U5PLxDKXwJnUDdk1ayFGvvJfWdVqh1PK5ujb20YYPP0=,tag:QyqIJRiR6nE16ZDV0CP7Pw==,type:str] + TestConfig.awsConfig.secretKey: + secret: ENC[AES256_GCM,data:Q/W+KH3NEouGt6C5S+KiC43837soYi2Mjb/z5K8rD9gtaNaBjjkJHg==,iv:8nGEzLXd91rF5YBZ/EdQoMN27yrpc0sgm26DEvIuSHM=,tag:/oyKl/vj5MJAm+jZMOOAuQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeEk5MS9nVmFoOVNNOHdE + WnZCTXBWbW9LL1NJYndCYjhIM2JsNXNEUmxJCkUya0dlZjZ0dGRIM1pVdzg5eWFH + MVpiaE9PclNudGdUZm5FcytuVDZGTDAKLS0tIEQxWDdteHgzS3JkdmtNTVpxMUh1 + aXlvVWJVSGNTSkVyYmpZbi9nUVJZdmMK6csXZ2RMxFw5DB+Hb2TyhyoZT8c2/z7Y + Lc9Pe8gb8aUq5Ha+wCybYvY6JWEM5A9XYJKbE7f4borTfGKS72d6pw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-27T00:53:54Z" + mac: ENC[AES256_GCM,data:ho/e/xUzRdwwe3VRCz9p8UNHgxdhAxkNtWUJLS5fEXBGnw28hjwNBbPYN78bX0k9SQ/5bgvXT2O/Z+zmOSWfrCYD2eojh9mDR4aCV5m/liVh5Dxha65u6zPl9VVcSunYg3wqe9Zl+pMG8BJXvczQS7S5QEGEaWojfaA/o7HM1BE=,iv:o/cVw6GBCCdgIqIZGDzqSCiBHUmrhAoIRcyGS9P83j0=,tag:WSQO0C0lPH2vOzl07rmRGg==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/tests/stdlib/aws/s3/.dagger/env/default/.gitignore b/tests/stdlib/aws/s3/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/aws/s3/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/aws/s3/s3.cue b/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue similarity index 79% rename from tests/stdlib/aws/s3/s3.cue rename to tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue index 1949c1db..fab14d50 100644 --- a/tests/stdlib/aws/s3/s3.cue +++ b/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue @@ -22,6 +22,8 @@ TestS3UploadFile: { } verify: #VerifyS3 & { + config: TestConfig.awsConfig + target: deploy.target file: "test.txt" } } @@ -36,10 +38,14 @@ TestS3UploadDir: { } verifyFile: #VerifyS3 & { + config: TestConfig.awsConfig + target: deploy.target file: "dirFile.txt" } verifyDir: #VerifyS3 & { + config: TestConfig.awsConfig + target: deploy.target file: "foo.txt" } } diff --git a/tests/stdlib/aws/s3/verify.cue b/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue similarity index 51% rename from tests/stdlib/aws/s3/verify.cue rename to tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue index b84380d3..92724885 100644 --- a/tests/stdlib/aws/s3/verify.cue +++ b/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue @@ -13,30 +13,48 @@ import ( // Target S3 URL (e.g. s3:////) target?: string - // Export folder - export: "/contents" + contents: { + string - // Script - aws.#Script & { - code: """ - aws s3 ls --recursive \(target) >> /contents - """ + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, + + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + aws s3 ls --recursive \#(target) > /contents + """# + ] + }, + + op.#Export & { + source: "/contents" + format: "string" + } + ] } } #VerifyS3: { file: string + config: aws.#Config + target: string lists: #List & { - config: TestConfig.awsConfig - target: "s3://\(bucket)" + "config": config + "target": target } - #CheckFiles: - """ - grep -q \(file) /test - """ - test: #up: [ op.#Load & { from: alpine.#Image & { @@ -46,12 +64,7 @@ import ( op.#WriteFile & { dest: "/test" - content: lists.out - }, - - op.#WriteFile & { - dest: "/checkFiles.sh" - content: #CheckFiles + content: lists.contents }, op.#Exec & { @@ -62,7 +75,8 @@ import ( "--norc", "-eo", "pipefail", - "/checkFiles.sh", + "-c", + "grep -q \(file) /test" ] }, ] diff --git a/tests/stdlib/aws/s3/.dagger/env/default/values.yaml b/tests/stdlib/aws/s3/.dagger/env/default/values.yaml new file mode 100644 index 00000000..dbf764c7 --- /dev/null +++ b/tests/stdlib/aws/s3/.dagger/env/default/values.yaml @@ -0,0 +1,30 @@ +name: default +inputs: + TestConfig.awsConfig.accessKey: + secret: ENC[AES256_GCM,data:iu6LfQNgGZUVnHVeMRYPrcBtlZk=,iv:U5PLxDKXwJnUDdk1ayFGvvJfWdVqh1PK5ujb20YYPP0=,tag:QyqIJRiR6nE16ZDV0CP7Pw==,type:str] + TestConfig.awsConfig.secretKey: + secret: ENC[AES256_GCM,data:Q/W+KH3NEouGt6C5S+KiC43837soYi2Mjb/z5K8rD9gtaNaBjjkJHg==,iv:8nGEzLXd91rF5YBZ/EdQoMN27yrpc0sgm26DEvIuSHM=,tag:/oyKl/vj5MJAm+jZMOOAuQ==,type:str] + TestDirectory: + dir: + path: ./testdata + include: [] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeEk5MS9nVmFoOVNNOHdE + WnZCTXBWbW9LL1NJYndCYjhIM2JsNXNEUmxJCkUya0dlZjZ0dGRIM1pVdzg5eWFH + MVpiaE9PclNudGdUZm5FcytuVDZGTDAKLS0tIEQxWDdteHgzS3JkdmtNTVpxMUh1 + aXlvVWJVSGNTSkVyYmpZbi9nUVJZdmMK6csXZ2RMxFw5DB+Hb2TyhyoZT8c2/z7Y + Lc9Pe8gb8aUq5Ha+wCybYvY6JWEM5A9XYJKbE7f4borTfGKS72d6pw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-27T00:13:13Z" + mac: ENC[AES256_GCM,data:uqGhc0e6mQp5kdKvJTFz+yjcc5WUtLBcsqkzh0NeJhP9nztpX1TJfqBeyGfd7pwltL6b9YXLdJx/myCMxvJ6O8bS726AxE4ogcRgUGP6d5Q5aXw9i7VkLgVKY+gJZCbT+r80RiMqm23x3CPAPNjEsPh5nfgdNsN5ltJmq7IUGj0=,iv:Mw56hEghRGw6tLP6rhe78yD/blqgX2roeQRDiJ6+kAI=,tag:qE2LtSZPxDhITtdnsvrYfA==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 From 5fb7ded2d50bb3f6a91c22a9a46b0218360efa72 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Thu, 27 May 2021 18:22:41 +0200 Subject: [PATCH 3/7] update stdlib tests that use secrets Signed-off-by: Tom Chauveau --- stdlib/aws/aws.cue | 16 +- stdlib/aws/ecr/ecr.cue | 6 +- stdlib/aws/eks/eks.cue | 19 +- stdlib/aws/elb/elb.cue | 99 +++--- stdlib/aws/rds/rds.cue | 286 ++++++++++-------- stdlib/aws/s3/s3.cue | 34 +-- stdlib/netlify/netlify.cue | 2 +- tests/stdlib.bats | 8 +- .../aws/eks/.dagger/env/default/.gitignore | 2 + .../aws/eks/.dagger/env/default/plan/eks.cue | 53 ++++ .../aws/eks/.dagger/env/default/values.yaml | 26 ++ .../aws/s3/.dagger/env/default/plan/s3.cue | 6 +- .../s3/.dagger/env/default/plan/verify.cue | 8 +- tests/stdlib/docker/push-pull/push-pull.cue | 2 +- .../stdlib/netlify/.dagger/env/net/.gitignore | 2 + .../netlify/.dagger/env/net/plan/netlify.cue | 46 +++ .../netlify/.dagger/env/net/plan/random.cue | 20 ++ .../netlify/.dagger/env/net/values.yaml | 26 ++ 18 files changed, 442 insertions(+), 219 deletions(-) create mode 100644 tests/stdlib/aws/eks/.dagger/env/default/.gitignore create mode 100644 tests/stdlib/aws/eks/.dagger/env/default/plan/eks.cue create mode 100644 tests/stdlib/aws/eks/.dagger/env/default/values.yaml create mode 100644 tests/stdlib/netlify/.dagger/env/net/.gitignore create mode 100644 tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue create mode 100644 tests/stdlib/netlify/.dagger/env/net/plan/random.cue create mode 100644 tests/stdlib/netlify/.dagger/env/net/values.yaml diff --git a/stdlib/aws/aws.cue b/stdlib/aws/aws.cue index 23ef9040..d48e1d7d 100644 --- a/stdlib/aws/aws.cue +++ b/stdlib/aws/aws.cue @@ -40,17 +40,17 @@ import ( "pipefail", "-c", #""" - aws configure set aws_access_key_id "$(cat /run/secrets/access_key)" - aws configure set aws_secret_access_key "$(cat /run/secrets/secret_key)" + aws configure set aws_access_key_id "$(cat /run/secrets/access_key)" + aws configure set aws_secret_access_key "$(cat /run/secrets/secret_key)" - aws configure set default.region "$AWS_DEFAULT_REGION" - aws configure set default.cli_pager "" - aws configure set default.output "json" - """# + aws configure set default.region "$AWS_DEFAULT_REGION" + aws configure set default.cli_pager "" + aws configure set default.output "json" + """#, ] mount: "/run/secrets/access_key": secret: config.accessKey mount: "/run/secrets/secret_key": secret: config.secretKey - env: AWS_DEFAULT_REGION: config.region + env: AWS_DEFAULT_REGION: config.region }, ] -} \ No newline at end of file +} diff --git a/stdlib/aws/ecr/ecr.cue b/stdlib/aws/ecr/ecr.cue index 6a7018d8..7a240018 100644 --- a/stdlib/aws/ecr/ecr.cue +++ b/stdlib/aws/ecr/ecr.cue @@ -38,15 +38,15 @@ import ( "pipefail", "-c", #""" - aws ecr get-login-password > /out - """# + aws ecr get-login-password > /out + """#, ] }, op.#Export & { source: "/out" format: "string" - } + }, ] } } diff --git a/stdlib/aws/eks/eks.cue b/stdlib/aws/eks/eks.cue index 64dfa53a..150fe5f8 100644 --- a/stdlib/aws/eks/eks.cue +++ b/stdlib/aws/eks/eks.cue @@ -18,12 +18,14 @@ import ( // kubeconfig is the generated kube configuration file kubeconfig: { - // FIXME There is a problem with dagger.#Secret type + @dagger(output) string #up: [ op.#Load & { - from: aws.#CLI + from: aws.#CLI & { + "config": config + } }, op.#WriteFile & { @@ -42,15 +44,8 @@ import ( "/entrypoint.sh", ] env: { - AWS_CONFIG_FILE: "/cache/aws/config" - AWS_ACCESS_KEY_ID: config.accessKey - AWS_SECRET_ACCESS_KEY: config.secretKey - AWS_DEFAULT_REGION: config.region - AWS_REGION: config.region - AWS_DEFAULT_OUTPUT: "json" - AWS_PAGER: "" - EKS_CLUSTER: clusterName - KUBECTL_VERSION: version + EKS_CLUSTER: clusterName + KUBECTL_VERSION: version } mount: { "/cache/aws": "cache" @@ -62,5 +57,5 @@ import ( format: "string" }, ] - } @dagger(output) + } } diff --git a/stdlib/aws/elb/elb.cue b/stdlib/aws/elb/elb.cue index 5a3757c7..b1bda016 100644 --- a/stdlib/aws/elb/elb.cue +++ b/stdlib/aws/elb/elb.cue @@ -18,54 +18,65 @@ import ( // exported priority priority: out @dagger(output) - out: string + out: { + string - aws.#Script & { - always: true + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, - files: { - "/inputs/listenerArn": listenerArn - if vhost != _|_ { - "/inputs/vhost": vhost - } - } + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + #""" + if [ -s "$VHOST" ]; then + # We passed a vhost as input, try to recycle priority from previously allocated vhost + priority=$(aws elbv2 describe-rules \ + --listener-arn "$LISTENER_ARN" | \ + jq -r --arg vhost "$VHOST" '.Rules[] | select(.Conditions[].HostHeaderConfig.Values[] == $VHOST) | .Priority') - export: "/priority" + if [ -n "${priority}" ]; then + echo -n "${priority}" > /priority + exit 0 + fi + fi - //FIXME: The code below can end up not finding an available prio - // Better to exclude the existing allocated priorities from the random sequence - code: #""" - if [ -s /inputs/vhost ]; then - # We passed a vhost as input, try to recycle priority from previously allocated vhost - vhost="$(cat /inputs/vhost)" + # Grab a priority random from 1-50k and check if available, retry 10 times if none available + priority=0 + for i in {1..10} + do + p=$(shuf -i 1-50000 -n 1) + # Find the next priority available that we can allocate + aws elbv2 describe-rules \ + --listener-arn "$LISTENER_ARN" \ + | jq -e "select(.Rules[].Priority == \"${p}\") | true" && continue + priority="${p}" + break + done + if [ "${priority}" -lt 1 ]; then + echo "Error: cannot determine a Rule priority" + exit 1 + fi + echo -n "${priority}" > /priority + """#, + ] + env: { + LISTENER_ARN: listenerArn + VHOST: vhost + } + }, - priority=$(aws elbv2 describe-rules \ - --listener-arn "$(cat /inputs/listenerArn)" | \ - jq -r --arg vhost "$vhost" '.Rules[] | select(.Conditions[].HostHeaderConfig.Values[] == $vhost) | .Priority') - - if [ -n "${priority}" ]; then - echo -n "${priority}" > /priority - exit 0 - fi - fi - - # Grab a priority random from 1-50k and check if available, retry 10 times if none available - priority=0 - for i in {1..10} - do - p=$(shuf -i 1-50000 -n 1) - # Find the next priority available that we can allocate - aws elbv2 describe-rules \ - --listener-arn "$(cat /inputs/listenerArn)" \ - | jq -e "select(.Rules[].Priority == \"${p}\") | true" && continue - priority="${p}" - break - done - if [ "${priority}" -lt 1 ]; then - echo "Error: cannot determine a Rule priority" - exit 1 - fi - echo -n "${priority}" > /priority - """# + op.#Export & { + source: "/db_created" + format: "string" + }, + ] } } diff --git a/stdlib/aws/rds/rds.cue b/stdlib/aws/rds/rds.cue index 920f08e8..089d214e 100644 --- a/stdlib/aws/rds/rds.cue +++ b/stdlib/aws/rds/rds.cue @@ -22,45 +22,60 @@ import ( dbType: "mysql" | "postgres" @dagger(input) // Name of the DB created - out: string @dagger(output) + out: { + @dagger(output) + string - aws.#Script & { - "config": config + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, - files: { - "/inputs/name": name - "/inputs/db_arn": dbArn - "/inputs/secret_arn": secretArn - "/inputs/db_type": dbType - } + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + #""" + echo "dbType: $DB_TYPE" - export: "/db_created" + sql="CREATE DATABASE \`"$NAME" \`" + if [ "$DB_TYPE" = postgres ]; then + sql="CREATE DATABASE \""$NAME"\"" + fi - code: #""" - set +o pipefail + echo "$NAME" >> /db_created - dbType="$(cat /inputs/db_type)" - echo "dbType: $dbType" + aws rds-data execute-statement \ + --resource-arn "$DB_ARN" \ + --secret-arn "$SECRET_ARN" \ + --sql "$sql" \ + --database "$DB_TYPE" \ + --no-include-result-metadata \ + |& tee /tmp/out + exit_code=${PIPESTATUS[0]} + if [ $exit_code -ne 0 ]; then + grep -q "database exists\|already exists" /tmp/out || exit $exit_code + fi + """#, + ] + env: { + NAME: name + DB_ARN: dbArn + SECRET_ARN: secretArn + DB_TYPE: dbType + } + }, - sql="CREATE DATABASE \`$(cat /inputs/name)\`" - if [ "$dbType" = postgres ]; then - sql="CREATE DATABASE \"$(cat /inputs/name)\"" - fi - - cp /inputs/name /db_created - - aws rds-data execute-statement \ - --resource-arn "$(cat /inputs/db_arn)" \ - --secret-arn "$(cat /inputs/secret_arn)" \ - --sql "$sql" \ - --database "$dbType" \ - --no-include-result-metadata \ - |& tee /tmp/out - exit_code=${PIPESTATUS[0]} - if [ $exit_code -ne 0 ]; then - grep -q "database exists\|already exists" /tmp/out || exit $exit_code - fi - """# + op.#Export & { + source: "/db_created" + format: "string" + }, + ] } } @@ -69,89 +84,104 @@ import ( config: aws.#Config // Username - username: dagger.#Secret + username: dagger.#Secret @dagger(input) // Password - password: dagger.#Secret + password: dagger.#Secret @dagger(input) // ARN of the database instance - dbArn: string + dbArn: string @dagger(input) // ARN of the database secret (for connecting via rds api) - secretArn: string + secretArn: string @dagger(input) - grantDatabase: string | *"" + grantDatabase: string | *"" @dagger(input) - dbType: "mysql" | "postgres" + dbType: "mysql" | "postgres" @dagger(input) // Outputed username - out: string + out: { + @dagger(output) + string - aws.#Script & { - "config": config + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, - files: { - "/inputs/username": username - "/inputs/password": password - "/inputs/db_arn": dbArn - "/inputs/secret_arn": secretArn - "/inputs/grant_database": grantDatabase - "/inputs/db_type": dbType - } + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + #""" + echo "dbType: $DB_TYPE" + + sql="CREATE USER '"$USERNAME"'@'%' IDENTIFIED BY '"$PASSWORD"'" + if [ "$DB_TYPE" = postgres ]; then + sql="CREATE USER \""$USERNAME"\" WITH PASSWORD '"$PASSWORD"'" + fi + + echo "$USERNAME" >> /username + + aws rds-data execute-statement \ + --resource-arn "$DB_ARN" \ + --secret-arn "$SECRET_ARN" \ + --sql "$sql" \ + --database "$DB_TYPE" \ + --no-include-result-metadata \ + |& tee tmp/out + exit_code=${PIPESTATUS[0]} + if [ $exit_code -ne 0 ]; then + grep -q "Operation CREATE USER failed for\|ERROR" tmp/out || exit $exit_code + fi + + sql="SET PASSWORD FOR '"$USERNAME"'@'%' = PASSWORD('"$PASSWORD"')" + if [ "$DB_TYPE" = postgres ]; then + sql="ALTER ROLE \""$USERNAME"\" WITH PASSWORD '"$PASSWORD"'" + fi + + aws rds-data execute-statement \ + --resource-arn "$DB_ARN" \ + --secret-arn "$SECRET_ARN" \ + --sql "$sql" \ + --database "$DB_TYPE" \ + --no-include-result-metadata + + sql="GRANT ALL ON \`"$GRAND_DATABASE"\`.* to '"$USERNAME"'@'%'" + if [ "$DB_TYPE" = postgres ]; then + sql="GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \""$USERNAME"\"; GRANT ALL PRIVILEGES ON DATABASE \""$GRAND_DATABASE"\" to \""$USERNAME"\"; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \""$USERNAME"\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO \""$USERNAME"\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO \""$USERNAME"\"; GRANT USAGE ON SCHEMA public TO \""$USERNAME"\";" + fi + + if [ -s "$GRAND_DATABASE ]; then + aws rds-data execute-statement \ + --resource-arn "$DB_ARN" \ + --secret-arn "$SECRET_ARN" \ + --sql "$sql" \ + --database "$DB_TYPE" \ + --no-include-result-metadata + fi + """#, + ] + env: { + USERNAME: unsername + PASSWORD: password + DB_ARN: dbArn + SECRET_ARN: secretArn + GRAND_DATABASE: grandDatabase + DB_TYPE: dbType + } + }, - export: "/username" - - code: #""" - set +o pipefail - - dbType="$(cat /inputs/db_type)" - echo "dbType: $dbType" - - sql="CREATE USER '$(cat /inputs/username)'@'%' IDENTIFIED BY '$(cat /inputs/password)'" - if [ "$dbType" = postgres ]; then - sql="CREATE USER \"$(cat /inputs/username)\" WITH PASSWORD '$(cat /inputs/password)'" - fi - - cp /inputs/username /username - - aws rds-data execute-statement \ - --resource-arn "$(cat /inputs/db_arn)" \ - --secret-arn "$(cat /inputs/secret_arn)" \ - --sql "$sql" \ - --database "$dbType" \ - --no-include-result-metadata \ - |& tee tmp/out - exit_code=${PIPESTATUS[0]} - if [ $exit_code -ne 0 ]; then - grep -q "Operation CREATE USER failed for\|ERROR" tmp/out || exit $exit_code - fi - - sql="SET PASSWORD FOR '$(cat /inputs/username)'@'%' = PASSWORD('$(cat /inputs/password)')" - if [ "$dbType" = postgres ]; then - sql="ALTER ROLE \"$(cat /inputs/username)\" WITH PASSWORD '$(cat /inputs/password)'" - fi - - aws rds-data execute-statement \ - --resource-arn "$(cat /inputs/db_arn)" \ - --secret-arn "$(cat /inputs/secret_arn)" \ - --sql "$sql" \ - --database "$dbType" \ - --no-include-result-metadata - - sql="GRANT ALL ON \`$(cat /inputs/grant_database)\`.* to '$(cat /inputs/username)'@'%'" - if [ "$dbType" = postgres ]; then - sql="GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"$(cat /inputs/username)\"; GRANT ALL PRIVILEGES ON DATABASE \"$(cat /inputs/grant_database)\" to \"$(cat /inputs/username)\"; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \"$(cat /inputs/username)\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO \"$(cat /inputs/username)\"; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO \"$(cat /inputs/username)\"; GRANT USAGE ON SCHEMA public TO \"$(cat /inputs/username)\";" - fi - - if [ -s /inputs/grant_database ]; then - aws rds-data execute-statement \ - --resource-arn "$(cat /inputs/db_arn)" \ - --secret-arn "$(cat /inputs/secret_arn)" \ - --sql "$sql" \ - --database "$dbType" \ - --no-include-result-metadata - fi - """# + op.#Export & { + source: "/username" + format: "string" + }, + ] } } @@ -160,35 +190,51 @@ import ( config: aws.#Config // ARN of the database instance - dbArn: string + dbArn: string @dagger(input) // DB hostname - hostname: info.hostname + hostname: info.hostname @dagger(output) // DB port - port: info.port + port: info.port @dagger(output) info: { hostname: string port: int } - info: json.Unmarshal(out) - out: string + info: json.Unmarshal(out) @dagger(output) + out: { + string - aws.#Script & { - "config": config + #up: [ + op.#Load & { + from: aws.#CLI & { + "config": config + } + }, - files: "/inputs/db_arn": dbArn + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + #""" + data=$(aws rds describe-db-clusters --filters "Name=db-cluster-id,Values=$DB_URN" ) + echo "$data" | jq -r '.DBClusters[].Endpoint' > /tmp/out + echo "$data" | jq -r '.DBClusters[].Port' >> /tmp/out + cat /tmp/out | jq -sR 'split("\n") | {hostname: .[0], port: (.[1] | tonumber)}' > /out + """#, + ] + env: DB_ARN: dbArn + }, - export: "/out" - - code: #""" - db_arn="$(cat /inputs/db_arn)" - data=$(aws rds describe-db-clusters --filters "Name=db-cluster-id,Values=$db_arn" ) - echo "$data" | jq -r '.DBClusters[].Endpoint' > /tmp/out - echo "$data" | jq -r '.DBClusters[].Port' >> /tmp/out - cat /tmp/out | jq -sR 'split("\n") | {hostname: .[0], port: (.[1] | tonumber)}' > /out - """# + op.#Export & { + source: "/out" + format: "json" + }, + ] } } diff --git a/stdlib/aws/s3/s3.cue b/stdlib/aws/s3/s3.cue index 1d33c752..9555f419 100644 --- a/stdlib/aws/s3/s3.cue +++ b/stdlib/aws/s3/s3.cue @@ -41,17 +41,17 @@ import ( if sourceInline != _|_ { op.#WriteFile & { - dest: "/source" + dest: "/source" content: sourceInline } - } + }, op.#Exec & { if always != _|_ { "always": always } env: { - TARGET: target + TARGET: target CONTENT_TYPE: contentType } @@ -67,26 +67,26 @@ import ( "pipefail", "-c", #""" - opts="" - op=cp - if [ -d /source ]; then - op=sync - fi - if [ -n "$CONTENT_TYPE" ]; then - opts="--content-type $CONTENT_TYPE" - fi - aws s3 $op $opts /source "$TARGET" - echo "$TARGET" \ - | sed -E 's=^s3://([^/]*)/=https://\1.s3.amazonaws.com/=' \ - > /url - """# + opts="" + op=cp + if [ -d /source ]; then + op=sync + fi + if [ -n "$CONTENT_TYPE" ]; then + opts="--content-type $CONTENT_TYPE" + fi + aws s3 $op $opts /source "$TARGET" + echo "$TARGET" \ + | sed -E 's=^s3://([^/]*)/=https://\1.s3.amazonaws.com/=' \ + > /url + """#, ] }, op.#Export & { source: "/url" format: "string" - } + }, ] } } diff --git a/stdlib/netlify/netlify.cue b/stdlib/netlify/netlify.cue index 44b44778..b209b34e 100644 --- a/stdlib/netlify/netlify.cue +++ b/stdlib/netlify/netlify.cue @@ -83,7 +83,7 @@ import ( NETLIFY_ACCOUNT: account.name } dir: "/src" - mount: "/src": from: contents + mount: "/src": from: contents mount: "/run/secrets/token": secret: account.token } } diff --git a/tests/stdlib.bats b/tests/stdlib.bats index cf4325f7..1032aad0 100644 --- a/tests/stdlib.bats +++ b/tests/stdlib.bats @@ -21,9 +21,7 @@ setup() { } @test "stdlib: netlify" { - skip_unless_secrets_available "$TESTDIR"/stdlib/netlify/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/netlify --input-yaml "$TESTDIR"/stdlib/netlify/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/netlify/ } @test "stdlib: kubernetes" { @@ -47,9 +45,7 @@ setup() { } @test "stdlib: aws: eks" { - skip_unless_secrets_available "$TESTDIR"/stdlib/aws/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/aws/eks --input-yaml "$TESTDIR"/stdlib/aws/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/aws/eks } @test "stdlib: aws: ecr" { diff --git a/tests/stdlib/aws/eks/.dagger/env/default/.gitignore b/tests/stdlib/aws/eks/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/aws/eks/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/aws/eks/.dagger/env/default/plan/eks.cue b/tests/stdlib/aws/eks/.dagger/env/default/plan/eks.cue new file mode 100644 index 00000000..d0a92e9d --- /dev/null +++ b/tests/stdlib/aws/eks/.dagger/env/default/plan/eks.cue @@ -0,0 +1,53 @@ +package eks + +import ( + "dagger.io/aws" + "dagger.io/aws/eks" + "dagger.io/kubernetes" + "dagger.io/dagger/op" +) + +TestConfig: awsConfig: aws.#Config & { + region: "us-east-2" +} + +TestCluster: eks.#KubeConfig & { + config: TestConfig.awsConfig + clusterName: *"dagger-example-eks-cluster" | string +} + +TestEks: { + #GetPods: + """ + kubectl get pods -A + """ + + #up: [ + op.#Load & { + from: kubernetes.#Kubectl + }, + + op.#WriteFile & { + dest: "/kubeconfig" + content: TestCluster.kubeconfig + }, + + op.#WriteFile & { + dest: "/getPods.sh" + content: #GetPods + }, + + op.#Exec & { + always: true + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "/getPods.sh", + ] + env: KUBECONFIG: "/kubeconfig" + }, + ] +} diff --git a/tests/stdlib/aws/eks/.dagger/env/default/values.yaml b/tests/stdlib/aws/eks/.dagger/env/default/values.yaml new file mode 100644 index 00000000..0d793b24 --- /dev/null +++ b/tests/stdlib/aws/eks/.dagger/env/default/values.yaml @@ -0,0 +1,26 @@ +name: default +inputs: + TestConfig.awsConfig.accessKey: + secret: ENC[AES256_GCM,data:dzhlip9kKU8mMEycFjq6MobD5BA=,iv:LKeYUbXpnWIZneGs7DCLVKxv1W2aa/3EVGO4jnDlOgc=,tag:+TcxQahxFTweyoPaROTJSQ==,type:str] + TestConfig.awsConfig.secretKey: + secret: ENC[AES256_GCM,data:bu3AI5jODWv4ePvRKw2l/1UOuH07Z0/oB2hiY4QqrhTcfjdSbr6kBg==,iv:BqddzzXqvAv0cAj2SVhoFx/kUOnRsoevqMRujCINVv0=,tag:u0KjVnbN8h54CLFARJmJ0g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzV0ZXNW5qaGNJMjF5bnBO + d1Z1RXFhSnNRM1Vwa3lyWFJ6VVFDZTQ3cUhZClh0N1lxZ3dwSFhHTjRyS092OVVj + Tkw4ZlU4S3g0T1VGS1RYYnB1dGlzbVkKLS0tIEc4T1Z3SEU2NUNhd2FkSXlIUERM + UE5Cd2VwYkd1MHlTOXNJVEU3RVpqU2sK86kXU6ZaaVHTg9BuCEcOxnDrrW00+bwu + AHttbzqYVuC3YxXjOTzAZL8aYTStk14wGdI6TirZ9pX0fyaKAfzBUQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-27T16:01:59Z" + mac: ENC[AES256_GCM,data:T+0rcT9Xi/kJ8+EzCd7ewenDmc1cH/t2MxCpf+QXkILUC/uE8OgROizDMAiUYI2HpeBfZrmUgLMVzlTZirIbC51eWLAf6itbSIGKkVuz0uSNwhRpKGAROg6U1h39Scg6RpAvpzSTZvYOx5SwP78Uc6NQdp5yTDEb+0e9Wqzu+jU=,iv:INAN+EPwBv5dWWHQnaMr4QOBQWx3WCcohORvIPrBZN8=,tag:N4vtDowFKTDSHmMob5HgCw==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue b/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue index fab14d50..e5a9f690 100644 --- a/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue +++ b/tests/stdlib/aws/s3/.dagger/env/default/plan/s3.cue @@ -24,7 +24,7 @@ TestS3UploadFile: { verify: #VerifyS3 & { config: TestConfig.awsConfig target: deploy.target - file: "test.txt" + file: "test.txt" } } @@ -40,12 +40,12 @@ TestS3UploadDir: { verifyFile: #VerifyS3 & { config: TestConfig.awsConfig target: deploy.target - file: "dirFile.txt" + file: "dirFile.txt" } verifyDir: #VerifyS3 & { config: TestConfig.awsConfig target: deploy.target - file: "foo.txt" + file: "foo.txt" } } diff --git a/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue b/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue index 92724885..d1fb596b 100644 --- a/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue +++ b/tests/stdlib/aws/s3/.dagger/env/default/plan/verify.cue @@ -33,20 +33,20 @@ import ( "-c", #""" aws s3 ls --recursive \#(target) > /contents - """# + """#, ] }, op.#Export & { source: "/contents" format: "string" - } + }, ] } } #VerifyS3: { - file: string + file: string config: aws.#Config target: string @@ -76,7 +76,7 @@ import ( "-eo", "pipefail", "-c", - "grep -q \(file) /test" + "grep -q \(file) /test", ] }, ] diff --git a/tests/stdlib/docker/push-pull/push-pull.cue b/tests/stdlib/docker/push-pull/push-pull.cue index 0487db70..40b72be3 100644 --- a/tests/stdlib/docker/push-pull/push-pull.cue +++ b/tests/stdlib/docker/push-pull/push-pull.cue @@ -11,7 +11,7 @@ source: dagger.#Artifact registry: { username: string - secret: dagger.#Secret + secret: string } TestPushAndPull: { diff --git a/tests/stdlib/netlify/.dagger/env/net/.gitignore b/tests/stdlib/netlify/.dagger/env/net/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/netlify/.dagger/env/net/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue b/tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue new file mode 100644 index 00000000..798a2f35 --- /dev/null +++ b/tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue @@ -0,0 +1,46 @@ +package netlify + +import ( + "dagger.io/dagger/op" + "dagger.io/alpine" + "dagger.io/netlify" +) + +TestNetlify: { + // Generate a website containing the random number + html: #up: [ + op.#WriteFile & { + content: random + dest: "index.html" + }, + ] + + // Deploy to netlify + deploy: netlify.#Site & { + contents: html + name: "dagger-test" + } + + // Check if the deployed site has the random marker + check: #up: [ + op.#Load & { + from: alpine.#Image & { + package: bash: "=~5.1" + package: curl: true + } + }, + op.#Exec & { + args: [ + "/bin/bash", + "--noprofile", + "--norc", + "-eo", + "pipefail", + "-c", + #""" + test "$(curl \#(deploy.deployUrl))" = "\#(random)" + """#, + ] + }, + ] +} diff --git a/tests/stdlib/netlify/.dagger/env/net/plan/random.cue b/tests/stdlib/netlify/.dagger/env/net/plan/random.cue new file mode 100644 index 00000000..a9c5c710 --- /dev/null +++ b/tests/stdlib/netlify/.dagger/env/net/plan/random.cue @@ -0,0 +1,20 @@ +package netlify + +import ( + "dagger.io/alpine" + "dagger.io/dagger/op" +) + +// Generate a random number +random: { + string + #up: [ + op.#Load & {from: alpine.#Image}, + op.#Exec & { + args: ["sh", "-c", "cat /dev/urandom | tr -dc 'a-z' | fold -w 10 | head -n 1 | tr -d '\n' > /rand"] + }, + op.#Export & { + source: "/rand" + }, + ] +} diff --git a/tests/stdlib/netlify/.dagger/env/net/values.yaml b/tests/stdlib/netlify/.dagger/env/net/values.yaml new file mode 100644 index 00000000..2045a92d --- /dev/null +++ b/tests/stdlib/netlify/.dagger/env/net/values.yaml @@ -0,0 +1,26 @@ +name: net +inputs: + TestNetlify.deploy.account.name: + text: blocklayer + TestNetlify.deploy.account.token: + secret: ENC[AES256_GCM,data:oWKi8eqTUEs+YClokLKeAKsEj3qae4yQTn/67u6ga4Ptcq4+MyYS/6wAUg==,iv:Xfw+L/4p7vO+jb/EVyYOvsIZ9KxZbi30ms2Ckg4E8cE=,tag:G4EBBer04D6FHFP9e+feTw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWHFLRUtscWVma0lQM3Qv + M2czUFJhSEpnczdJTWhadnJHOWowaXd1dWtJCmk3aU15NDJYcmtUOE5pZ0lIQzRu + dTYvRFdsM0ZoUjFWSG91UnZRVWdvZjgKLS0tIENhK2VWNHByY3hYNUVmWDRmOUFM + SEdUK2RsaUxuVWg2aXUwdVJ0eUtrWWMKWkQDBuL5e4QDx5Wy6+fHiD+J4fp7QdMm + lsqgmxRvJMWgEvm1U+hDAo/Pkn8PFUFJf0KxEvkdF4qGuguQePgzFQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-27T14:36:27Z" + mac: ENC[AES256_GCM,data:S3l8tVat/Yp7fH5feeL4JxL+uQwZ0zwv8/LPsOoBebfDFWuE/j9sFZD304OT7XNCsfG8R/lqdpoxYmiyH6ToHeZyktXalpk0tAkwFXUV4VUZKyIn81UirbtWx4OT6fW7jusqqg2uX3nhvjGd+QerhEC4Qu4o8lQCKCMzLuQjmVw=,iv:4ucl0O+VgdK/SwtEad1jXIWJ4pQSxlWCCUzFbqNLDgg=,tag:xno2U/FIVW6KgSXW5RWDsw==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 From f2819dc1a557277b7083dd6e755170285a8c6f80 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Thu, 27 May 2021 18:43:48 -0700 Subject: [PATCH 4/7] ci: import dagger key Signed-off-by: Andrea Luzzardi --- .github/workflows/ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9a7d41c..d82991fc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,6 +82,13 @@ jobs: sudo curl -L -o /usr/local/bin/sops https://github.com/mozilla/sops/releases/download/v3.6.1/sops-v3.6.1.linux sudo chmod +x /usr/local/bin/sops + - name: Import Dagger private key + env: + DAGGER_AGE_KEY: ${{ secrets.DAGGER_AGE_KEY }} + run: | + mkdir ~/.dagger + echo "$DAGGER_AGE_KEY" > ~/.dagger/keys.txt + - name: Import PGP private key env: SOPS_PGP_KEY: ${{ secrets.SOPS_PGP_KEY }} From 28fd9c341f746d823b87b499460bb48c2c0f5696 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Thu, 27 May 2021 19:11:01 -0700 Subject: [PATCH 5/7] stdlib: update gcp to use secrets Signed-off-by: Andrea Luzzardi --- stdlib/gcp/gcloud.cue | 7 +--- tests/stdlib.bats | 8 ++--- .../gcp/gcr/.dagger/env/default/.gitignore | 2 ++ .../{ => .dagger/env/default/plan}/gcr.cue | 0 .../{ => .dagger/env/default/plan}/random.cue | 0 .../gcp/gcr/.dagger/env/default/values.yaml | 28 +++++++++++++++ .../gcp/gke/.dagger/env/default/.gitignore | 2 ++ .../{ => .dagger/env/default/plan}/gke.cue | 0 .../gcp/gke/.dagger/env/default/values.yaml | 28 +++++++++++++++ tests/stdlib/gcp/inputs.yaml | 36 ------------------- 10 files changed, 63 insertions(+), 48 deletions(-) create mode 100644 tests/stdlib/gcp/gcr/.dagger/env/default/.gitignore rename tests/stdlib/gcp/gcr/{ => .dagger/env/default/plan}/gcr.cue (100%) rename tests/stdlib/gcp/gcr/{ => .dagger/env/default/plan}/random.cue (100%) create mode 100644 tests/stdlib/gcp/gcr/.dagger/env/default/values.yaml create mode 100644 tests/stdlib/gcp/gke/.dagger/env/default/.gitignore rename tests/stdlib/gcp/gke/{ => .dagger/env/default/plan}/gke.cue (100%) create mode 100644 tests/stdlib/gcp/gke/.dagger/env/default/values.yaml delete mode 100644 tests/stdlib/gcp/inputs.yaml diff --git a/stdlib/gcp/gcloud.cue b/stdlib/gcp/gcloud.cue index 4550990a..c8792ba2 100644 --- a/stdlib/gcp/gcloud.cue +++ b/stdlib/gcp/gcloud.cue @@ -32,14 +32,9 @@ import ( ] }, - // Setup auth - op.#WriteFile & { - dest: "/service_key" - content: config.serviceKey - }, - op.#Exec & { args: ["gcloud", "-q", "auth", "activate-service-account", "--key-file=/service_key"] + mount: "/service_key": secret: config.serviceKey }, op.#Exec & { diff --git a/tests/stdlib.bats b/tests/stdlib.bats index 1032aad0..40c47ac5 100644 --- a/tests/stdlib.bats +++ b/tests/stdlib.bats @@ -53,15 +53,11 @@ setup() { } @test "stdlib: gcp: gke" { - skip_unless_secrets_available "$TESTDIR"/stdlib/gcp/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/gcp/gke --input-yaml "$TESTDIR"/stdlib/gcp/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/gcp/gke } @test "stdlib: gcp: gcr" { - skip_unless_secrets_available "$TESTDIR"/stdlib/gcp/inputs.yaml - - "$DAGGER" compute "$TESTDIR"/stdlib/gcp/gcr --input-yaml "$TESTDIR"/stdlib/gcp/inputs.yaml + "$DAGGER" up -w "$TESTDIR"/stdlib/gcp/gcr } @test "stdlib: docker-build" { diff --git a/tests/stdlib/gcp/gcr/.dagger/env/default/.gitignore b/tests/stdlib/gcp/gcr/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/gcp/gcr/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/gcp/gcr/gcr.cue b/tests/stdlib/gcp/gcr/.dagger/env/default/plan/gcr.cue similarity index 100% rename from tests/stdlib/gcp/gcr/gcr.cue rename to tests/stdlib/gcp/gcr/.dagger/env/default/plan/gcr.cue diff --git a/tests/stdlib/gcp/gcr/random.cue b/tests/stdlib/gcp/gcr/.dagger/env/default/plan/random.cue similarity index 100% rename from tests/stdlib/gcp/gcr/random.cue rename to tests/stdlib/gcp/gcr/.dagger/env/default/plan/random.cue diff --git a/tests/stdlib/gcp/gcr/.dagger/env/default/values.yaml b/tests/stdlib/gcp/gcr/.dagger/env/default/values.yaml new file mode 100644 index 00000000..bff70a40 --- /dev/null +++ b/tests/stdlib/gcp/gcr/.dagger/env/default/values.yaml @@ -0,0 +1,28 @@ +name: default +inputs: + TestConfig.gcpConfig.project: + text: dagger-ci + TestConfig.gcpConfig.region: + text: us-west2-a + TestConfig.gcpConfig.serviceKey: + secret: ENC[AES256_GCM,data:UEKTXvyrBgHKOYE9vSGoHua9wWALjghxWu+ui9K3MAS+1mnVlc1qjTbwv/1/hIIkRNlyhY6WlN0k3x2imusFFInzrNZ5G4FJHGiP/zaazd7shUS8LZsh1cL0I1jnsaDJaz4Zw0yVu+FT1z2/+9l81U9MrtvbLNKFSqZJsrymZl5lUCxiRsUEBiC0/rOoOlQ88kfnxUdBXnG7ABciqPUK7cYaMo5RbB1a9YfacB8S2sosClxK727jUgD20I12ru+y5Y/hg00BhBl9bIg35VTI8PFeZvRqQowqaJO+i1BjQbBYef8s9faYdZGEP0hUrvUpPek4Z0ZBDRbxRfRFAiXBbWbvCJErGlsmcNGqllixgDbcYQNKBTjZEKke4PGHtahmPXOIOO9/fxnUCoci//azJ5fUP0Kdiw06DQYQnngwRSA/nOqTBiuWcfiTLY00iQxoh+8Mt5/CMTXhRz8PpRpvXtKLe4ogaVbEBMOXe8+nMtwt0H6kV+YmHgA+vVHw0WYtBF6gmKnXuGWT/dz94SHGe9oMiK7H7KtfRCyN1SBAx3H9R3qitt9114TlWRBvfrVtDsb/E0MQdnbXZQirJ/2ev78DTc5bdRTFus2vvHZB2RP+wr7sB8A+jcWS1RBv0NJOZoPlHqKIfB93NBhI8wU+lqEbTn2Zm0LAvGVypws3ci+0GJFReIok9yGc/WucFBDMWi8tDOwUdbreX7EpdGLSn9Rwq0Oeuo5Udy5Qo4xFAC/v2yCzqb7MrZzX1S+OHyNObUTGuEyTOL8t91KYBebHtLK0Ud9qQoYuO5IvYCGeKIHr5FDFCYKDJAlW8Y9Iw27LsU45rqeHTjUi1BqOLfXZbns79w8WYiz5bqc3eMXmYOgCKtU5BwLo9LV7WR+FW8cCi9gSJHnRbc8uT9V1NWaGeoKuaPXpBWLH/GTKXEKuy1HXz+yPgQsYYN2yrGNgmgXpKbxgp92h6LRA/PRjxrjkAV8kVdivxG3GUFVfq4ZtGlLdRrcYCkDIZVpwPrNp8Qg5NLn5xhWj1hsqqOOJdeDHHLkS48A9pLAhPubRWH0s1IixLstnJ95DGIZDE0QpEh7STctqvS7SVhclroKI5xzT7w3C78fxTKC//JkdrV0/rQ2CQ1u+emaCUt3X1WwYofudoMjp5iESscDvw6PnqzubUT51FwGtAf2hkT07VQWZ2CcNP4dvYgDSsc26Y0hwWdr+ppCy1xbmpENU5moUPELtF9w2da1zG5N32Fcxr9VOqOGwa4pqkasIQPCRdqsEa/34g95L7Z1BAXpMxCLTbW5nxD3wQBsrsTjO0rmBh4n9BdKjqj5GrXOTceAaJ+L3o07aVIzICJ5HGo7GQXjaQOABzysbGr7bdBIQyp//ruqXNLVSaylIunZJY4/HFdqetZj6jfb4rE+/GkjFLw23Ym8RIDYJQsTAR8OdwZNtVPrILdve1ohlyBW/nS+gy5dZ3qHnE9ZxbgN6FpRYr9G4acK3yCyMeuBdiB6Tqz0o6xz/c2WLWpWcw/HivVce53MfbqMhj0K/jjpl+fsJT/+ZkaPviDrOtKR/WPz/ewNwQ7pZgCubtlzCmPw8pBKjP+uI9tvwydgnV8I/LdEvS0IrP9m22kPZiw/m7mPQPkDA7IzQSIlrmWMCt/iJ0rvVEtkyi1pPyzVVby4OyzvyhexVcFu2X1x5jOqfUL3eEjO+IhMJufVCOVlUKNHPci0r4KQZ07n1wPCjUoCN4MMl9D8yaP0l8SQmSmp9/DFVZ1Cd5m+O0cmaQfZX8dYV52uxkPnkRNn9SnKCz5Nf8tBG8p+kvznEYw6d4UKQLocFdzeBU6FBa4zQSf+oXHghds9YGJoWNAGzD9ucgVNyu4hU2rq7UDnAwT/pm8FTbw/OM2uCyPr80J3CpgKPdA0+jEvBNxlezsZeLyTntoZLIstgllETxC9QjqfCVtnQYBYT8oFCXZPadyBZPPVrXvQORCpRXJCQ9iyoiKTQCCOGqGyIgC+23Q0ebmZPr7e4I5JbBZWeh6ek2RRWOZMI0lkLeE72KO+9h8HPxmgMhPtDes/l6DmWjAPb6IwZSM9SseTYF447HL5rQKkv4x7W4Cu1pACSc/2qqdUwnC6jydk8EY2zPa9kdguwdSiDr+KwASZex2MKMJa+peXhTDLqB7jxiO7snU4r0nk7E0B3IBqWM89PVskyNTJXqTkAXyzHWag1S8URPhk9Q9UYpyVCWRzs4nfXAX2WgCJl9iw8ZXrIJZ3fGs3vXQMYI/kGJ7rGIDWhcQEDJGKJYrBCh6zNsbSzBagd5AQ6DNIUEvTUcPvxZP6sy+uiiMMqErDgbi2IT3G6E5sEL0sO7GtrVWoxDQWXX80vtf146fnNNp4uS2wGta7b4kguAt39olceX7nUrYgzLm1aXcr0ObbRjcPdeSlNGLTJGlZRNtvTlFdT1RgTQBfRdG3d1JCraCGsAWxBC+Bwa/zAcdIwUNnMfgdZ5eOAyiBTmoGAAOkUr7avSVvP5Xyrk9JlNzeArrjZUFMYOcXBfkMquqD1NoPHUZ12u9jCoj109zJquxcJ1zGT5TylJYSTc9xz46TfLrz5KvsMhfetBx0ocY8lXjbs3pzB6ZswDGzF4j0eiWBfu9UZoiQVtt1eIfAPoZO9u/n2Wbpx+ov+mJFf0dZklKDED5CUbmj8/izOdE9KbiPDFr1nZZQbO+YwJYhjxxqxzwC41CvH5XQTCCadeWgb5cHEwwunFRVCYeEFvTlP6nR9pS19UZoQvPNk5NEnZVKxWVD1lK18frvX8MxIpB2xaSbUkvGi3tueinLa7OYVfjirBJ1GYbuADa4H0KOxi4MP59ah6TOmsZstA6plFbtRRtk4Iofzu1mAyUN52SZzwCvH5/IxOh6vQxg7EcMfB8O5+S87PeE3vd1ch+UVDwQ3fvNmjd7/77XdKZiR7bwiDxodxABpG4iYrxcfkGPOTCKUlisgFNNmSmwG7FJMYWkz3RcEHib/biklnEKbm/9G5000cwZXXglZb8QjleSklkSEZa4DYec1SNvD/KwRbk5lYr03TDl7DrZo3WjKWvWGMUs3,iv:tPbOGayR7NiXcuHWjX0pX/nSitOxmsr4qqrc6irlIJI=,tag:apejA4UTYTuwT4CUSeoaRQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRThSTEE1Rm5HU2Y2NkJZ + SEd2blAyeEVnMHBqRGxXMEQ3TGFzWTBwd1EwCnA0OFVmTCsxSmpNV29adGt2ZHFH + WE9vN1ZoNENFV2t1TGVuZkdwVndNbVUKLS0tIGpHZEptYWxEZVNjcXF4NkoyWHRv + ZXd6Qmd1YUtxMnVTVkYybWgrV3pVK2MKowMeOZU3j3BxERT0DwhQYCGUDBK6gCdo + WByubiBATdsb7h7ytCC4HutWppynK4MpU+Ya9NP83AZuXo+Wa2u6aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T02:07:09Z" + mac: ENC[AES256_GCM,data:QqbgWep3l7dIfE4imJ3SKsMdexh7DgUvjtGwSgKbHHnT0p2MwIdFMY7pB0ZJvlc3ZwQyioT3wqF9xgn4U60a4piGtDYsyWjZn52tQAPy0p9c+sOHn+WlFVu1FJeljU4Q3mlEqdA6g993nsbJp9RnNShpc65rQXUMLkw2lXhOAak=,iv:1pp1D1fUFGI+Kn/H2efaqroJV+rzJRGmWo2ZTseTDis=,tag:ePCkD/G2KEbN7cxiMpy9fg==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/tests/stdlib/gcp/gke/.dagger/env/default/.gitignore b/tests/stdlib/gcp/gke/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/stdlib/gcp/gke/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/stdlib/gcp/gke/gke.cue b/tests/stdlib/gcp/gke/.dagger/env/default/plan/gke.cue similarity index 100% rename from tests/stdlib/gcp/gke/gke.cue rename to tests/stdlib/gcp/gke/.dagger/env/default/plan/gke.cue diff --git a/tests/stdlib/gcp/gke/.dagger/env/default/values.yaml b/tests/stdlib/gcp/gke/.dagger/env/default/values.yaml new file mode 100644 index 00000000..bff70a40 --- /dev/null +++ b/tests/stdlib/gcp/gke/.dagger/env/default/values.yaml @@ -0,0 +1,28 @@ +name: default +inputs: + TestConfig.gcpConfig.project: + text: dagger-ci + TestConfig.gcpConfig.region: + text: us-west2-a + TestConfig.gcpConfig.serviceKey: + secret: ENC[AES256_GCM,data:UEKTXvyrBgHKOYE9vSGoHua9wWALjghxWu+ui9K3MAS+1mnVlc1qjTbwv/1/hIIkRNlyhY6WlN0k3x2imusFFInzrNZ5G4FJHGiP/zaazd7shUS8LZsh1cL0I1jnsaDJaz4Zw0yVu+FT1z2/+9l81U9MrtvbLNKFSqZJsrymZl5lUCxiRsUEBiC0/rOoOlQ88kfnxUdBXnG7ABciqPUK7cYaMo5RbB1a9YfacB8S2sosClxK727jUgD20I12ru+y5Y/hg00BhBl9bIg35VTI8PFeZvRqQowqaJO+i1BjQbBYef8s9faYdZGEP0hUrvUpPek4Z0ZBDRbxRfRFAiXBbWbvCJErGlsmcNGqllixgDbcYQNKBTjZEKke4PGHtahmPXOIOO9/fxnUCoci//azJ5fUP0Kdiw06DQYQnngwRSA/nOqTBiuWcfiTLY00iQxoh+8Mt5/CMTXhRz8PpRpvXtKLe4ogaVbEBMOXe8+nMtwt0H6kV+YmHgA+vVHw0WYtBF6gmKnXuGWT/dz94SHGe9oMiK7H7KtfRCyN1SBAx3H9R3qitt9114TlWRBvfrVtDsb/E0MQdnbXZQirJ/2ev78DTc5bdRTFus2vvHZB2RP+wr7sB8A+jcWS1RBv0NJOZoPlHqKIfB93NBhI8wU+lqEbTn2Zm0LAvGVypws3ci+0GJFReIok9yGc/WucFBDMWi8tDOwUdbreX7EpdGLSn9Rwq0Oeuo5Udy5Qo4xFAC/v2yCzqb7MrZzX1S+OHyNObUTGuEyTOL8t91KYBebHtLK0Ud9qQoYuO5IvYCGeKIHr5FDFCYKDJAlW8Y9Iw27LsU45rqeHTjUi1BqOLfXZbns79w8WYiz5bqc3eMXmYOgCKtU5BwLo9LV7WR+FW8cCi9gSJHnRbc8uT9V1NWaGeoKuaPXpBWLH/GTKXEKuy1HXz+yPgQsYYN2yrGNgmgXpKbxgp92h6LRA/PRjxrjkAV8kVdivxG3GUFVfq4ZtGlLdRrcYCkDIZVpwPrNp8Qg5NLn5xhWj1hsqqOOJdeDHHLkS48A9pLAhPubRWH0s1IixLstnJ95DGIZDE0QpEh7STctqvS7SVhclroKI5xzT7w3C78fxTKC//JkdrV0/rQ2CQ1u+emaCUt3X1WwYofudoMjp5iESscDvw6PnqzubUT51FwGtAf2hkT07VQWZ2CcNP4dvYgDSsc26Y0hwWdr+ppCy1xbmpENU5moUPELtF9w2da1zG5N32Fcxr9VOqOGwa4pqkasIQPCRdqsEa/34g95L7Z1BAXpMxCLTbW5nxD3wQBsrsTjO0rmBh4n9BdKjqj5GrXOTceAaJ+L3o07aVIzICJ5HGo7GQXjaQOABzysbGr7bdBIQyp//ruqXNLVSaylIunZJY4/HFdqetZj6jfb4rE+/GkjFLw23Ym8RIDYJQsTAR8OdwZNtVPrILdve1ohlyBW/nS+gy5dZ3qHnE9ZxbgN6FpRYr9G4acK3yCyMeuBdiB6Tqz0o6xz/c2WLWpWcw/HivVce53MfbqMhj0K/jjpl+fsJT/+ZkaPviDrOtKR/WPz/ewNwQ7pZgCubtlzCmPw8pBKjP+uI9tvwydgnV8I/LdEvS0IrP9m22kPZiw/m7mPQPkDA7IzQSIlrmWMCt/iJ0rvVEtkyi1pPyzVVby4OyzvyhexVcFu2X1x5jOqfUL3eEjO+IhMJufVCOVlUKNHPci0r4KQZ07n1wPCjUoCN4MMl9D8yaP0l8SQmSmp9/DFVZ1Cd5m+O0cmaQfZX8dYV52uxkPnkRNn9SnKCz5Nf8tBG8p+kvznEYw6d4UKQLocFdzeBU6FBa4zQSf+oXHghds9YGJoWNAGzD9ucgVNyu4hU2rq7UDnAwT/pm8FTbw/OM2uCyPr80J3CpgKPdA0+jEvBNxlezsZeLyTntoZLIstgllETxC9QjqfCVtnQYBYT8oFCXZPadyBZPPVrXvQORCpRXJCQ9iyoiKTQCCOGqGyIgC+23Q0ebmZPr7e4I5JbBZWeh6ek2RRWOZMI0lkLeE72KO+9h8HPxmgMhPtDes/l6DmWjAPb6IwZSM9SseTYF447HL5rQKkv4x7W4Cu1pACSc/2qqdUwnC6jydk8EY2zPa9kdguwdSiDr+KwASZex2MKMJa+peXhTDLqB7jxiO7snU4r0nk7E0B3IBqWM89PVskyNTJXqTkAXyzHWag1S8URPhk9Q9UYpyVCWRzs4nfXAX2WgCJl9iw8ZXrIJZ3fGs3vXQMYI/kGJ7rGIDWhcQEDJGKJYrBCh6zNsbSzBagd5AQ6DNIUEvTUcPvxZP6sy+uiiMMqErDgbi2IT3G6E5sEL0sO7GtrVWoxDQWXX80vtf146fnNNp4uS2wGta7b4kguAt39olceX7nUrYgzLm1aXcr0ObbRjcPdeSlNGLTJGlZRNtvTlFdT1RgTQBfRdG3d1JCraCGsAWxBC+Bwa/zAcdIwUNnMfgdZ5eOAyiBTmoGAAOkUr7avSVvP5Xyrk9JlNzeArrjZUFMYOcXBfkMquqD1NoPHUZ12u9jCoj109zJquxcJ1zGT5TylJYSTc9xz46TfLrz5KvsMhfetBx0ocY8lXjbs3pzB6ZswDGzF4j0eiWBfu9UZoiQVtt1eIfAPoZO9u/n2Wbpx+ov+mJFf0dZklKDED5CUbmj8/izOdE9KbiPDFr1nZZQbO+YwJYhjxxqxzwC41CvH5XQTCCadeWgb5cHEwwunFRVCYeEFvTlP6nR9pS19UZoQvPNk5NEnZVKxWVD1lK18frvX8MxIpB2xaSbUkvGi3tueinLa7OYVfjirBJ1GYbuADa4H0KOxi4MP59ah6TOmsZstA6plFbtRRtk4Iofzu1mAyUN52SZzwCvH5/IxOh6vQxg7EcMfB8O5+S87PeE3vd1ch+UVDwQ3fvNmjd7/77XdKZiR7bwiDxodxABpG4iYrxcfkGPOTCKUlisgFNNmSmwG7FJMYWkz3RcEHib/biklnEKbm/9G5000cwZXXglZb8QjleSklkSEZa4DYec1SNvD/KwRbk5lYr03TDl7DrZo3WjKWvWGMUs3,iv:tPbOGayR7NiXcuHWjX0pX/nSitOxmsr4qqrc6irlIJI=,tag:apejA4UTYTuwT4CUSeoaRQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRThSTEE1Rm5HU2Y2NkJZ + SEd2blAyeEVnMHBqRGxXMEQ3TGFzWTBwd1EwCnA0OFVmTCsxSmpNV29adGt2ZHFH + WE9vN1ZoNENFV2t1TGVuZkdwVndNbVUKLS0tIGpHZEptYWxEZVNjcXF4NkoyWHRv + ZXd6Qmd1YUtxMnVTVkYybWgrV3pVK2MKowMeOZU3j3BxERT0DwhQYCGUDBK6gCdo + WByubiBATdsb7h7ytCC4HutWppynK4MpU+Ya9NP83AZuXo+Wa2u6aQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T02:07:09Z" + mac: ENC[AES256_GCM,data:QqbgWep3l7dIfE4imJ3SKsMdexh7DgUvjtGwSgKbHHnT0p2MwIdFMY7pB0ZJvlc3ZwQyioT3wqF9xgn4U60a4piGtDYsyWjZn52tQAPy0p9c+sOHn+WlFVu1FJeljU4Q3mlEqdA6g993nsbJp9RnNShpc65rQXUMLkw2lXhOAak=,iv:1pp1D1fUFGI+Kn/H2efaqroJV+rzJRGmWo2ZTseTDis=,tag:ePCkD/G2KEbN7cxiMpy9fg==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/tests/stdlib/gcp/inputs.yaml b/tests/stdlib/gcp/inputs.yaml deleted file mode 100644 index 3324a2cc..00000000 --- a/tests/stdlib/gcp/inputs.yaml +++ /dev/null @@ -1,36 +0,0 @@ -TestConfig: - gcpConfig: - project: ENC[AES256_GCM,data:QVioZWWseno1,iv:WHdf8+4/rHg/NUug6GW4lFkJsUU4VhpE489myNTRnr4=,tag:7uUBSj6ncrfhmbtLNxURFA==,type:str] - serviceKey: ENC[AES256_GCM,data:eAYD6rwPbHx5HFCWvUexeEa1ugxQ6AcKfKRmrAB4rOwyGzNpwQI0QmQJ12Wr0t3EYQQ5n0dEA7HdHk8igCwM67yNRkP5lBIosDERryEQiVLQxWxR0vLXbLJVWcjb6YiILVQ54PgShN/agCd0qN/VWpqEkTpdg9yk2N1ACsnvxxb8zuEcd/hlvMxJbH8EM9/fCJ0Q4voBU+xji7EQWgvo9PYiO8jy1vO7g3PfN1x0RUnLQ8YsXFEY/4qe5zmZhUiXbxplmTS8jlLb/V62H9NJQQIgUr1Bl90fisc1casTFWZ+ewhhnJMfssFstyDCYhXUp1RujTy6vv60WjXRWxaqfQjpR6iK2Bwnb3knj4SaFylhktXHMaE2mvIZiM+NNyV2NX0zCuCNMhEd3l+t8GHh6v3r13O4j3ET5EhxvwJZSj4RunHY6ey59d+PxGudJO5+6GzSuwBsHxgWEREIUgbUIzbVD7mDL6j3p6KqQMu5TZx2hTWxCjrdgyKma4Y0ubC9cB53gl2UafYcF9sYAmCGLq72jLtPA500dEWOEElXtOnyreVSSx1qT8WoxAAf6knQogAotE1zvymZgNfAwc6J0hIZCx0u2BxbOQHlWPpVnug7dXtLyFIVoMlzB9sJFCMLXEaueC0oaARuzC44TnJmC/wXSHCGB9BTGx5iCvzakzFNpoH1OYSBisgvbqFvPdH8g5PnbQizHCRImodHikcInVNWpnu0KKqrrC9aTx6nNu1zMMJxMsLBTRg4IyKiwAbC0CsntbwZBbX4P9ePCLYofDbBYVRgz1C1IoGkq/t11QoIx7NVK9bYS/kxFHC/eh9S2k0IsM8sbGDyRfpX4KFRJD8WIr5BNzGmMzR5ZwV+pVwYMs+xugAxUWXZHUW0xWjbAB49rlmjrs96KFBKLAe/Zr5JZLs9lRQqBg9F6r+OJTy5CcPMVD6y0+76IhYDGkic6x4HeAF0f0r38feBlS1m1E/Zs0mboucLNQ09pnuU5T3gDvg64bR2/xLHk/ljuWX3hZy7M4H6geNfNlktlAio7f6v8QKYC4uDfrsCNOIgAqnB0sOpECGr4g6fYC9SOO/CbB1IY51NBCX7F5b8bSaKurvqsddvxPRfDET+SH+Sk1vhutdXtVgotTlhwr7yA6kBMtSu44KwbZjWRQCT/GzACEkR47qIt6Vv/ZfxJY3o18oeiY4O5nCBKEvBCDZbPIfdbY6uwmS01Zujc1DMSojC5MVYsq1u0EuyXgCPBr6A/jlxDbb2VLSwCa8rOwgJYsXJGiapeFbh8LxlI3eEV5dlAZSAokUr6ET2F+n3quxAOSmJHPF0qQV2D5GGEREeHuoOcXpgeOV8zfA3K1O3nCeWJ1JHIfl8KjwsCHvDP8jYHkFu2ZkuJYbCS2Ot6uyF2qGv0sLKjmr4TfIL+ccJSKivgvCcRiTIriTL9nN0159T8JXWY5wnKbbxW6fYZMhst/FyFV3xN1qbymWSt+0aR2SPcEgSHEUUBeOKMzzcEzM5Yao/Kxc4EY+r6Zg0FVXywEPzFSqxsdhON9AaKBVq4riqMSe2rbqk0shjdPVdsCOzOPa60iU5Kb4jfa7ddYdB0hu8yd2D+qa6pFyizq4aGJedK59AbuJy38pwOifx44VuInOnTYM+zhg8S5qDGe+jrUOZ2jA9V5pRbkZjv5DIf9/zt0E0OIWkVAwvLSmM69s7+Exs79U3m3tl6c2y0FFE4+3SZVYwGWoepkSBgvKEIdIC58FasaXyVzTR2iU5dxVVn13ZTd+CtfPlHH7MIcC+4ZxUgjbp+iJpuYKGLjTMqJcDd0L1PAKsrNruLTHMDBwi+P37MG048sC+Nrk1fGCwYlOb5Uz+Q4HGc3G/9eRFr7cvcG4FkEdw3x5wKdD+XU19raZb5CEAiGSEI16myxhCinsiEDwaDDhnWwYVfcCkXjZBvNijjW9BErTnoOOxV9mae4SJt+q3AVcx9w1BjLW8oygEuvOsGv4h+HZCZZlVLfFku8RkASXOApb5eTEYcK2qSDufHOzrQlGq0M7lcO+OoSSVDkklEbv7D/avJzW/NSlG1XC1x07c9kDsHLX0FDKnd1uQeyyKYaupA37IOMR5imOoti6sCgGrR1mzozTMpY8KPyAjoc7Avfnu98MZnH5BwL8crqWwSC/30fV7Zu3KhnmvhlpIykUo9YC5cwYbhwaTQ/5SwvO78BoIwWMe/28ZkKtOhYIkNl5zi3EQws7YNJPmpyqnFdwF7xX+zOCjn97uqHJnTj1LzddfclvQmi2WmfkdnHq7TDVSd9edmvPoRVIaHXGzzSpWmw4WpgRbobm6Pf2GltMnFtq1cyLuQidNxNMXYkQp3p/bH66PWrZz9t4ZoXDyvq8QKpKrkXmxNWWVIbXbvXUyjWU9ycfi76JiuupNM7jmBPaMFN1wDtFagswHTs0Aq6wYpt32gtCYqc8UV216dzzQEBFp68cso7XbChV9tGfJyOybwU6rRJzX5YFhSZqhr50W+UaESsqewQbqfE4sx94ekX6fFHzNWckzN5oFvRgM9RZgq6XFZQwuVofF2lmKaC16mmeTuR0y2y+MaI7dXy6yVw8UhLBcpkGvbxn0HYOK/bxhKgcbJmGEMxGvWSQg4TckpjYUM1W+0u9wlbpoBW7DdfeRT0zZr5yLtOuIgeGajIIGpJufed+7hpDMDnAh/kBNJdzvdx6U/LAKUB2vING/R2Q6sI5nGtQgtzw4yECJy8E2QM3rszMlkSUVHbuW1NxtjA0Wy5GmNKAGiBPTOAIKbtARPZogNJN0Ceeoo6bMZ5iz8uHy4Uo5ynFx5fwxSvvQGroskfZZYtxH5HNtTdhzM5bRax0J5lrD/rZRnBytf5g9Pxj9YxBuIXv+v9Ujr+8GyQRgz25XpmygcCSWXzjJH0WgOBEMtjsoAekFDw56B+3TGeybQMHzR+XH0cZaWINpc6IV00kjd2EFbalVVvVOP5b2rKLsWjsgNDr3Hb5SC02F3NQ21wZI4ALohU0sMwICjRJxjjYmusAInQGkWg+RItETMrFxqrTShM+FPT5ROEUVAHUUsrYOeLc5,iv:M1AGMV/mWY3h+7DuCegKDG14ooHvrylJ1IGhzfW4g+4=,tag:DaZ1Y0pPsYU8C2EkavVQrw==,type:str] - region: ENC[AES256_GCM,data:q77ffNChCAOCeA==,iv:01JZwKtBQd4hur8M6xvIul66FhN33ulHzRnFeQy3QIQ=,tag:asvkETPb1cnukzk6zusxfg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2021-05-19T23:31:38Z" - mac: ENC[AES256_GCM,data:7t/Jd78t/ExyLtg5B3J+8vPPxCc9UWa6QBBK0yQxKUIAVJ31loYeyOw1pULMpNRST2EQXZ899Ejdp3eZAHpx7gSc6Sg9Ep5Bcm0Hy1MJ1V07AYr+6y6KVyUToVcWQhzC0IV8ud9g8w/HAP3VY6yOGjgkKVcJXozliJZ1HrnWIww=,iv:K+Lz17H3OoN9symOQ8tF/iaov6pxxduI7cvfSS3WhIA=,tag:9sOzCGy0NiG5utWt+9wTZw==,type:str] - pgp: - - created_at: "2021-04-21T18:01:22Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ//Wl/GkApRyvWZnMPky8m/4O06NtJ9Zl4n8nXNCnWQ7gFL - Wt6y62u4mjIuIX5edRwbD726vF0MR84LxfAZ8ppw3lbnM+XDVeT12JA7VS33SOgU - oQBl4qTWrBEdVV2f83n56SvcF4YQkHjKcWWeSQZ2LGTj1jqt35trD/KzXQTwYaEi - 9JX9N+NYfAhuTDsSVi+mGeQnYZS4PAxkd9rWUcTm41EWh+d7hzNtz5T1Tx+a7q+S - XnHf6hxe9Q52Lsyumihi16eExz1Ym+x16gGtP5ioSZUiO45yk5/+iihUJJE6pBMF - Tss7KjLcoVREpl506e8Gsi5HEiMxlCR6KYzDOYfr6IWe3dPPhg9xJSJBIjF7JktQ - Bvua5y18bZIrlstIHeoe1Us5wEiLQigfNLBsoEN/aCwRr8o1KGnDuBasKssRUapL - xL4TxxQdlY6TJP/c8UVWN5q4l+Phsyt12d5KtugRRMSKDn66kRbvT4ykUy23cBO7 - XN1dQ+E9gyJRHCM2lPMeQsz9YlzHejJB4N+3aOlUeZH51hfVAGMuaSzjdPCHowyP - MYwg8wuasqSgNuc3sHj5J0WI1Ka14cE0O6jGlXDmviBSEyvRxovC/E/nyf80vF7n - BIG2DVJE0zYS4Ci0ebN79G0RhbxBWeF2EAPxiVbcFL0cDw8e6YcoyUiinwL1llPS - XgHZdvhkq3523wLn+XJUbc0xLK2EEZaQY9bEAeroX4fkyruCAZgxADH2JBnuO5Bc - aUBP1do4DxCBAzL3rT4uFFaiOCO5dKrliI9y6XTksRQm1nFo3SclN51SbFGlWxc= - =6cuG - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 - unencrypted_suffix: _unencrypted - version: 3.7.1 From 1e1b28e1de9a9680cd868ff9509a5975a48c46a6 Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Fri, 28 May 2021 13:33:59 -0700 Subject: [PATCH 6/7] tests: examples/react tests to use native secrets Signed-off-by: Andrea Luzzardi --- tests/examples.bats | 10 +++--- .../react/.dagger/env/default/.gitignore | 2 ++ .../react/.dagger/env/default/values.yaml | 26 ++++++++++++++ tests/examples/react/inputs.yaml | 34 ------------------- 4 files changed, 32 insertions(+), 40 deletions(-) create mode 100644 tests/examples/react/.dagger/env/default/.gitignore create mode 100644 tests/examples/react/.dagger/env/default/values.yaml delete mode 100644 tests/examples/react/inputs.yaml diff --git a/tests/examples.bats b/tests/examples.bats index a35323ab..3611ddc0 100644 --- a/tests/examples.bats +++ b/tests/examples.bats @@ -5,15 +5,13 @@ setup() { } @test "example: react" { - skip_unless_secrets_available "$TESTDIR"/examples/react/inputs.yaml + cp -R "$TESTDIR"/examples/react/.dagger "$DAGGER_WORKSPACE"/.dagger + cp -R "$TESTDIR"/../examples/react/*.cue "$DAGGER_WORKSPACE"/.dagger/env/default/plan - "$DAGGER" init - dagger_new_with_plan react "$TESTDIR"/../examples/react - sops -d "$TESTDIR"/examples/react/inputs.yaml | "$DAGGER" -e "react" input yaml "" -f - - "$DAGGER" up -e "react" + "$DAGGER" up # curl the URL we just deployed to check if it worked - deployUrl=$("$DAGGER" query -l error -f text -e "react" www.deployUrl) + deployUrl=$("$DAGGER" query -l error -f text www.deployUrl) run curl -sS "$deployUrl" assert_success assert_output --partial "Todo App" diff --git a/tests/examples/react/.dagger/env/default/.gitignore b/tests/examples/react/.dagger/env/default/.gitignore new file mode 100644 index 00000000..01ec19b0 --- /dev/null +++ b/tests/examples/react/.dagger/env/default/.gitignore @@ -0,0 +1,2 @@ +# dagger state +state/** diff --git a/tests/examples/react/.dagger/env/default/values.yaml b/tests/examples/react/.dagger/env/default/values.yaml new file mode 100644 index 00000000..5931237e --- /dev/null +++ b/tests/examples/react/.dagger/env/default/values.yaml @@ -0,0 +1,26 @@ +name: default +inputs: + www.account.name: + text: blocklayer + www.account.token: + secret: ENC[AES256_GCM,data:AGeCt/UJzWJ4UnzS/+t21GYz5wXPUoplYXTi1USXdi72wZemhzZncR2a+A==,iv:07DgGFL0oKgQsSZnp9s/Zz+6rdLShtHfStJZ9tHpsI4=,tag:jkY6TMrf7DaJMAc8/kJcAw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBudkl4d2czaHZkSGt0SnVm + dm8xRTdaRE1WenpOczYxRFdMcDRkWDNmL1VzCjRHeWt3dnBITjlSNDZteWJhRmha + NWsrTThTZCt2eDJkRjgyOTFJeHdBMzgKLS0tIE9jOTFWMTRQei9iUkcvZDFrbmxn + ZnFaRWtEM241cDVCTStnK25BcDYyWlUKT2U8IFC21xMigjaTHHgkdUxIXKshxTmg + Q8254/qEWk+mJfsGxPf54d1RtqNqDX17kK/LeooSYAz7aqBjVLfG6w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T20:06:11Z" + mac: ENC[AES256_GCM,data:GnbN0nu7ZFZHtyXxZIQ+p1CuYm3TPR+zAZa7FcsIvuQgase1DEMySIV2MJIwhhj/6PMEngs4HSIIo/61qFpFI47CELxgwmfUPadtJVG9Z3o9HterMFrHHXQL+ULxXjP7jDeXhcsEDh1GN+yroc7mFy3SM9Typ3FVzyIq/Lqek5U=,iv:68S92VPpLtj+rwTapqx6IyHJQFmiXpHOQoyxpvH7MD4=,tag:C3Jj9mkeTNCe8EkFAwRYAg==,type:str] + pgp: [] + encrypted_suffix: secret + version: 3.7.1 diff --git a/tests/examples/react/inputs.yaml b/tests/examples/react/inputs.yaml deleted file mode 100644 index 08fbd772..00000000 --- a/tests/examples/react/inputs.yaml +++ /dev/null @@ -1,34 +0,0 @@ -www: - account: - name: ENC[AES256_GCM,data:EsPTWeiDCrVeUQ==,iv:9/tZQOrrjQejsK6NFcgQO9HaAnjIUv1Qc+S0slds+4o=,tag:n3NYautI94ilmEWG9UeFzA==,type:str] - token: ENC[AES256_GCM,data:Jx7oVJXcMX3hBmC6Kld7jxOOH/3CGSAzC7rRhHgs25iLFZG+F3iN5fYYVA==,iv:9SVNNv5CTM0AZns0x7x5bSI6jW93jSh8Xt21hXN1g28=,tag:QKBf7OsKs1TxvMA4gdA53Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - lastmodified: '2021-04-09T01:47:48Z' - mac: ENC[AES256_GCM,data:UqOr8wGUwf6iVnurG/dvpiZVN0k9NrLTaB5CQVn+QTRQybgYuLZLTJuTFNlAqFGvNO07OoGkDx/Vmhw9F6nJS0qUcHC5iWg+Bxaa7anHwer7fkA/xTjKpqJnE6iveq+hzumDgeFbGL7+EJvbyxtJioF/LnWa5gnduBVacizjbKc=,iv:x4ulAfd2R0BdkGF4zkMn+wX+Y8wF3jEeFOu3+5t+wz4=,tag:e5uOip0iAt9xJa6RJGukCA==,type:str] - pgp: - - created_at: '2021-03-18T22:02:51Z' - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ/5ARrCGVOpwmCdsKV4MHwwGvmQCOhfidOqftWUXV5j3s08 - LFbwZcnTaHDNobgebmgS9WVwiR2GA955Fopz89Tp6MDVNkgQKK6rbJjpBCBrNTR9 - ko0/VLklrtW00PEWih23NOCinoFXk/yVlDaxDiyTzIdaYr5yY8nBsde7Kx7v1VqP - Hniu65318B8EGGpPTbB8vG+9nAiZganCJmrzSNUo41jpmhPhRhAPQBVAWoBbJ4i1 - 2MOtd46KWGsV+Y6+vqTwnJ1BuCOW1QzxaTp2AHlgYnApidqK8RFTOKONmfF0jgkk - bKi5JIK2nObytHopuUj9wU0XkMqbHYYD9XbBXqGeMFmftvyGUqOzPZSTLYObTQbS - /wKWjCnwHfRRWq9+z56K27EBY9ksgGEUhDA+IdhZPKfXBrW4N9u4YZHfMCJk1mPQ - oAQzWAResWvyzuI+q3OlTmax95COog8kv1Xe2Mf/XNGLvkyvp9de8jtPkK23/CON - 0+7tH/p0UDrJZFNRQn65P18S0rgc1u2GOE5allD4th8TGNx1zk8GWNgc+jBUasnc - teVToBpDejC4JtF2NcDm2zyXdhjXF9msGJWcofgwJgPciBy/j4D+X6+3MUvyjvv+ - DU4DmIq2a3sTVBQ0xdsAsF2phkjCUeFQY4LdcSbEUsvDuiTpoNq5yhY6ESMiny/S - XgHByC8CVHfz/3XosgBo6lOTCwwP8yCLe+vJwEt3EiOZiNVQ8WUogIlq5hU91oTQ - B5LTVCm2rJNb5zQzOd7/aF0t0h46xaZHm2WS0jsEwEWZM86OUPk8sAmFHRcVQ+s= - =qLN2 - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 - unencrypted_suffix: _unencrypted - version: 3.6.1 From 868fd018f4eea8e78e78c077d840fefbe1e794fa Mon Sep 17 00:00:00 2001 From: Andrea Luzzardi Date: Fri, 28 May 2021 13:50:28 -0700 Subject: [PATCH 7/7] tests: fix remaining tests due to secrets Signed-off-by: Andrea Luzzardi --- .github/workflows/ci.yml | 6 --- tests/examples.bats | 1 + tests/helpers.bash | 3 ++ tests/ops/push-container/inputs.yaml | 39 +++++++------------ tests/ops/push-container/main.cue | 2 +- tests/stdlib.bats | 4 +- tests/stdlib/aws/inputs.yaml | 34 ---------------- tests/stdlib/docker/push-pull/inputs.yaml | 39 +++++++------------ .../.dagger/env/{net => default}/.gitignore | 0 .../env/{net => default}/plan/netlify.cue | 0 .../env/{net => default}/plan/random.cue | 0 .../.dagger/env/{net => default}/values.yaml | 6 +-- tests/stdlib/netlify/inputs.yaml | 35 ----------------- tests/stdlib/terraform/s3/inputs.yaml | 24 ++++++++++++ tests/stdlib/terraform/s3/main.cue | 7 ++-- 15 files changed, 66 insertions(+), 134 deletions(-) delete mode 100644 tests/stdlib/aws/inputs.yaml rename tests/stdlib/netlify/.dagger/env/{net => default}/.gitignore (100%) rename tests/stdlib/netlify/.dagger/env/{net => default}/plan/netlify.cue (100%) rename tests/stdlib/netlify/.dagger/env/{net => default}/plan/random.cue (100%) rename tests/stdlib/netlify/.dagger/env/{net => default}/values.yaml (74%) delete mode 100644 tests/stdlib/netlify/inputs.yaml create mode 100644 tests/stdlib/terraform/s3/inputs.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d82991fc..5b32fd2b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,12 +89,6 @@ jobs: mkdir ~/.dagger echo "$DAGGER_AGE_KEY" > ~/.dagger/keys.txt - - name: Import PGP private key - env: - SOPS_PGP_KEY: ${{ secrets.SOPS_PGP_KEY }} - run: | - echo "$SOPS_PGP_KEY" | base64 -d | gpg --import - - name: Login to Docker Hub uses: docker/login-action@v1 with: diff --git a/tests/examples.bats b/tests/examples.bats index 3611ddc0..5bbb051b 100644 --- a/tests/examples.bats +++ b/tests/examples.bats @@ -6,6 +6,7 @@ setup() { @test "example: react" { cp -R "$TESTDIR"/examples/react/.dagger "$DAGGER_WORKSPACE"/.dagger + mkdir "$DAGGER_WORKSPACE"/.dagger/env/default/plan cp -R "$TESTDIR"/../examples/react/*.cue "$DAGGER_WORKSPACE"/.dagger/env/default/plan "$DAGGER" up diff --git a/tests/helpers.bash b/tests/helpers.bash index 7a796768..ca5fe74b 100644 --- a/tests/helpers.bash +++ b/tests/helpers.bash @@ -12,6 +12,9 @@ common_setup() { DAGGER_WORKSPACE="$(mktemp -d -t dagger-workspace-XXXXXX)" export DAGGER_WORKSPACE + + SOPS_AGE_KEY_FILE=~/.dagger/keys.txt + export SOPS_AGE_KEY_FILE } dagger_new_with_plan() { diff --git a/tests/ops/push-container/inputs.yaml b/tests/ops/push-container/inputs.yaml index f054b2cf..2c68689b 100644 --- a/tests/ops/push-container/inputs.yaml +++ b/tests/ops/push-container/inputs.yaml @@ -1,34 +1,23 @@ registry: - username: ENC[AES256_GCM,data:8AH6p9WHidanCA==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:mzR7xTKeQNDvkyd2Dm3AKw==,type:str] - secret: ENC[AES256_GCM,data:GtuaBAhFBw2JFaeuOm6mUr3m1j5fvCJjcWAzjsdU2xASFxwO,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:MCCUCOSutjRCI92raYrxdg==,type:str] + username: ENC[AES256_GCM,data:Yuv+E9dhGZnCxw==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:8+EeJfySzwMczqrzIEDy+w==,type:str] + secret: ENC[AES256_GCM,data:OcxwHjWcTdtyKRb7whgG/fzmIG/bpQoSlUVIIhyeEX31lGWh,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:M1M1hsqKP0TyQbkU5c6oGg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] - lastmodified: "2021-04-27T00:59:33Z" - mac: ENC[AES256_GCM,data:qk+oo4m5OpfuQ+R3pZUuvn+gqAk15OAJzOULrlYqt1FIDRk/Q5ah5QpIbVxeP1EDVyuY/V/E0ZngRlSV7Dyx6Cp/moMd8AFBHNgnTB+Lq+NmZ9HR1QMOxpbMpJmUGn7MqQ1Ys4wy0p2q2Y2+TuUpKwmRGJbGVYEVmqvV5OT3jhc=,iv:QsUFa2GVzy6iqqLXRz8HascQZPIIzKBhxHdlabov02k=,tag:7lk63FeXsOlTCgfmWd7zrg==,type:str] - pgp: - - created_at: "2021-03-18T22:59:59Z" + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ//etnfnpfCo9rAkctR+Fwg/7VdVL3Rov+6gnyjUnoN1BS1 - 8jnBF/86AZ7uK89dTcTZCsK1hKPxeYg1kJTKpA+zfDORupzTWcMrRyjwNk5wQ2Vg - N1adUwFsBQpk8WptpsU/ro6+3yH+Nn35begs6hP2fH/EQ9XOxw5gY0kp0AFjGaKJ - tRZVrr3f2hpLESo6LILRO97UXZiGcwTn5onslECL92260cU1nqEQp+ESK7XrdYIG - 99oM3eXEraKw4WuQDaDE6U135aUl6vIJWD1JZzyr3RW3+5O9pn5rpN3Wc0TbDR6+ - 9Fs/TjuA1h5eJzbt+lkA74BtxPOBv9O7HJnWJpXjiG0VUGHdFXoq5Tr5Ol68RQxa - BWe7IfTO6FHN0xOl1dY7cn5jtf+xlFjL86s9OkrJUFa9lbQx8L/QPCeA2Xiu4tpW - +wTSel13k8Uv/JSGgLwSohW6N4XTQYdxPkO+a1V08adwFBXaGgqxfg0rNehcS5fp - y3TEq84cOlBsaI+rYpnOTPEajtYWfTe8WFf+lBOn1vZ9EiupjZtefGX2MIWPXoaK - kVBgRvzjp4/BY68yRvdi5sZFd2nakl+DOXzouuFbzsOkxL3o9FA9aCVsXtFqqzSG - Hvq4ZJ5ivXf6vQf+s7Tgc4qxW2CQwIPZVkHhQossrWgtkQ4WDAyzfhF0YuhEnpLS - XgGNLr82LMVmempaJd7GfAR2nwGnLUTYny1KoiW/1ie6DPwLZBX/UxPOplaS5wYH - Xd3gV3smg5xZ7/rfvzKTzJ1a5yH6D3xI05UtnUWdqojONcXS9NS+P7RArngJwSs= - =m0OS - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaE5NYkdtR0FiOWZTcW54 + UzRTL3lwQ3owV0QyWmYzVmQ1K0swa2xZK0RnClZSblRIQUxpUWNUdGJBMngwRlFT + RXI1aHJMUVVySVF2dzBLN1djZitSWlEKLS0tIGd6RWttckdQTVV1Qi9uWUEvQitR + ODEwdXlXSy8veWZkNUpNbWszMVE3M0EKSiQ0AVvySOUHg6RZkcbmpLTHSlnT2zw7 + Em+pRLYs7GXyilGvSwlRw5O+SrNNQU8Tr8/Yumif2Mks5r3TatDqdA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T20:47:36Z" + mac: ENC[AES256_GCM,data:tSOZ6GWrpwPkwCYdtN9/Ym9OXGDzLfXaTATBodaLVjxsVtjaFSxjN15gcjtcxU9KNiOo77fJuEgHgQTQmzHrjSBkvX0zgGoNGU1KCQ3XqRMzfjm1yBU7sWb7lCwjAUqzhERRwe9Vja9GkDSgT+B+CUIRDyqQa1jXg0HlQldhEr0=,iv:ZioCDF8NueNw9miTWxhYWvn1cDw9wUxzMIlp9b2UEgE=,tag:CM4mbhrYW83/ijHNRtIWBw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1 diff --git a/tests/ops/push-container/main.cue b/tests/ops/push-container/main.cue index 212afee5..4a36d10e 100644 --- a/tests/ops/push-container/main.cue +++ b/tests/ops/push-container/main.cue @@ -8,7 +8,7 @@ import ( registry: { username: string - secret: dagger.#Secret + secret: string } TestPushContainer: { diff --git a/tests/stdlib.bats b/tests/stdlib.bats index 40c47ac5..2744abf4 100644 --- a/tests/stdlib.bats +++ b/tests/stdlib.bats @@ -77,14 +77,14 @@ setup() { } @test "stdlib: terraform" { - skip_unless_secrets_available "$TESTDIR"/stdlib/aws/inputs.yaml + skip_unless_secrets_available "$TESTDIR"/stdlib/terraform/s3/inputs.yaml "$DAGGER" init dagger_new_with_plan terraform "$TESTDIR"/stdlib/terraform/s3 cp -R "$TESTDIR"/stdlib/terraform/s3/testdata "$DAGGER_WORKSPACE"/testdata "$DAGGER" -e terraform input dir TestData "$DAGGER_WORKSPACE"/testdata - sops -d "$TESTDIR"/stdlib/aws/inputs.yaml | "$DAGGER" -e "terraform" input yaml "" -f - + sops -d "$TESTDIR"/stdlib/terraform/s3/inputs.yaml | "$DAGGER" -e "terraform" input yaml "" -f - # it must fail because of a missing var run "$DAGGER" up -e terraform diff --git a/tests/stdlib/aws/inputs.yaml b/tests/stdlib/aws/inputs.yaml deleted file mode 100644 index a4684b17..00000000 --- a/tests/stdlib/aws/inputs.yaml +++ /dev/null @@ -1,34 +0,0 @@ -TestConfig: - awsConfig: - accessKey: ENC[AES256_GCM,data:8Qs7BEbLD/tCUuRIitE/j511Lng=,iv:rNv9rnXSvIpKeUYRqseS9aKjEG4Wim7OW0EKEbBgp+M=,tag:pll2PjARaVnRXEXKuwvxTQ==,type:str] - secretKey: ENC[AES256_GCM,data:erQRIAf41W0cDaDO3peKsT3LyBzrOE4cn9vs5OIDCeTY047x3feXsw==,iv:zISyY5zGZHfe5HZJHdfIUpX6siFIgLMrwAbZRyLH9FU=,tag:znsdNX4c6KoGdWqFbYVkfg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - lastmodified: '2021-04-21T18:01:50Z' - mac: ENC[AES256_GCM,data:B0i5IWMMqzo5M2D+FunOk+XXpHVevnLt/o0ug4ld0YWxEb2FMiAR87td3VaiA5RLdVBEdaZkLR0gNrl3fcLYMjJzndmpLF9W626aL5nk3X/WgfF7QmwUoc6mS0M6GeIB6sghzLbhdH9fFS38G7Xm/isTlnILWcbJVANhmjJ+2kU=,iv:X7httONHYQ0jwDQWawx9AaOSFUPbrFA5Bq8T5TZCgsU=,tag:n7gVHeFZPDu7tNxaYLR8og==,type:str] - pgp: - - created_at: '2021-04-21T18:01:22Z' - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ//Wl/GkApRyvWZnMPky8m/4O06NtJ9Zl4n8nXNCnWQ7gFL - Wt6y62u4mjIuIX5edRwbD726vF0MR84LxfAZ8ppw3lbnM+XDVeT12JA7VS33SOgU - oQBl4qTWrBEdVV2f83n56SvcF4YQkHjKcWWeSQZ2LGTj1jqt35trD/KzXQTwYaEi - 9JX9N+NYfAhuTDsSVi+mGeQnYZS4PAxkd9rWUcTm41EWh+d7hzNtz5T1Tx+a7q+S - XnHf6hxe9Q52Lsyumihi16eExz1Ym+x16gGtP5ioSZUiO45yk5/+iihUJJE6pBMF - Tss7KjLcoVREpl506e8Gsi5HEiMxlCR6KYzDOYfr6IWe3dPPhg9xJSJBIjF7JktQ - Bvua5y18bZIrlstIHeoe1Us5wEiLQigfNLBsoEN/aCwRr8o1KGnDuBasKssRUapL - xL4TxxQdlY6TJP/c8UVWN5q4l+Phsyt12d5KtugRRMSKDn66kRbvT4ykUy23cBO7 - XN1dQ+E9gyJRHCM2lPMeQsz9YlzHejJB4N+3aOlUeZH51hfVAGMuaSzjdPCHowyP - MYwg8wuasqSgNuc3sHj5J0WI1Ka14cE0O6jGlXDmviBSEyvRxovC/E/nyf80vF7n - BIG2DVJE0zYS4Ci0ebN79G0RhbxBWeF2EAPxiVbcFL0cDw8e6YcoyUiinwL1llPS - XgHZdvhkq3523wLn+XJUbc0xLK2EEZaQY9bEAeroX4fkyruCAZgxADH2JBnuO5Bc - aUBP1do4DxCBAzL3rT4uFFaiOCO5dKrliI9y6XTksRQm1nFo3SclN51SbFGlWxc= - =6cuG - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 - unencrypted_suffix: _unencrypted - version: 3.6.1 diff --git a/tests/stdlib/docker/push-pull/inputs.yaml b/tests/stdlib/docker/push-pull/inputs.yaml index f054b2cf..a724329a 100644 --- a/tests/stdlib/docker/push-pull/inputs.yaml +++ b/tests/stdlib/docker/push-pull/inputs.yaml @@ -1,34 +1,23 @@ registry: - username: ENC[AES256_GCM,data:8AH6p9WHidanCA==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:mzR7xTKeQNDvkyd2Dm3AKw==,type:str] - secret: ENC[AES256_GCM,data:GtuaBAhFBw2JFaeuOm6mUr3m1j5fvCJjcWAzjsdU2xASFxwO,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:MCCUCOSutjRCI92raYrxdg==,type:str] + username: ENC[AES256_GCM,data:YDDLkr32orAgQw==,iv:ezThCQJv+bVBf8SdfSa2HFoP+eu6IZMPl5xvMOGDcps=,tag:sEV9Sonc9rjDbxXsV+UBIA==,type:str] + secret: ENC[AES256_GCM,data:moBq7PwFdtL/Z58ez+V1gR8QJsFRZEMsF82H/W6aJgf8Xdw8,iv:YAXcRzBoemmef5PBdAOBa5acNPo4BoKH7Ngud/CWYfA=,tag:LFkJvUZdltgHJ8TKVEeS/Q==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] - lastmodified: "2021-04-27T00:59:33Z" - mac: ENC[AES256_GCM,data:qk+oo4m5OpfuQ+R3pZUuvn+gqAk15OAJzOULrlYqt1FIDRk/Q5ah5QpIbVxeP1EDVyuY/V/E0ZngRlSV7Dyx6Cp/moMd8AFBHNgnTB+Lq+NmZ9HR1QMOxpbMpJmUGn7MqQ1Ys4wy0p2q2Y2+TuUpKwmRGJbGVYEVmqvV5OT3jhc=,iv:QsUFa2GVzy6iqqLXRz8HascQZPIIzKBhxHdlabov02k=,tag:7lk63FeXsOlTCgfmWd7zrg==,type:str] - pgp: - - created_at: "2021-03-18T22:59:59Z" + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ//etnfnpfCo9rAkctR+Fwg/7VdVL3Rov+6gnyjUnoN1BS1 - 8jnBF/86AZ7uK89dTcTZCsK1hKPxeYg1kJTKpA+zfDORupzTWcMrRyjwNk5wQ2Vg - N1adUwFsBQpk8WptpsU/ro6+3yH+Nn35begs6hP2fH/EQ9XOxw5gY0kp0AFjGaKJ - tRZVrr3f2hpLESo6LILRO97UXZiGcwTn5onslECL92260cU1nqEQp+ESK7XrdYIG - 99oM3eXEraKw4WuQDaDE6U135aUl6vIJWD1JZzyr3RW3+5O9pn5rpN3Wc0TbDR6+ - 9Fs/TjuA1h5eJzbt+lkA74BtxPOBv9O7HJnWJpXjiG0VUGHdFXoq5Tr5Ol68RQxa - BWe7IfTO6FHN0xOl1dY7cn5jtf+xlFjL86s9OkrJUFa9lbQx8L/QPCeA2Xiu4tpW - +wTSel13k8Uv/JSGgLwSohW6N4XTQYdxPkO+a1V08adwFBXaGgqxfg0rNehcS5fp - y3TEq84cOlBsaI+rYpnOTPEajtYWfTe8WFf+lBOn1vZ9EiupjZtefGX2MIWPXoaK - kVBgRvzjp4/BY68yRvdi5sZFd2nakl+DOXzouuFbzsOkxL3o9FA9aCVsXtFqqzSG - Hvq4ZJ5ivXf6vQf+s7Tgc4qxW2CQwIPZVkHhQossrWgtkQ4WDAyzfhF0YuhEnpLS - XgGNLr82LMVmempaJd7GfAR2nwGnLUTYny1KoiW/1ie6DPwLZBX/UxPOplaS5wYH - Xd3gV3smg5xZ7/rfvzKTzJ1a5yH6D3xI05UtnUWdqojONcXS9NS+P7RArngJwSs= - =m0OS - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVmQxTXNSeU1scWJvVDFJ + cExOL3AvR1JRRWp0cFFRWGtvQ1VKc2t1SUVFClVCS1hpN1dNTktoaWZ3R09OMFVM + STRyWmtHRVROMW1Oa28yQkMwOHd1UUUKLS0tIE5LL1pEb1dMSEVXTHBsNlJxOTcr + U2FyQUtYcXVVVTlVcW5zRXh5aUk3RUUKGiWb9jSl5xRHQxB56LtNclV5Jhs50sS7 + SAOBWgaYPjLpsI1oxgXf+B1FgBUEt3EMccrWRW85VvnOKOAUAJ53pQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T20:49:27Z" + mac: ENC[AES256_GCM,data:we6IaVqfT6KZ4s97JbdFCbxL2zotojLRLEbmgwEAfBhz4KAitulRItMn4I6aD1dEIwYGAFtQEcf+Wqz2yT7JC6iz1s2zNtGIaMbxxQZD6EQcJvNmY3vzqC4SKf0cRENGZWI5OscH9VVenTmOAxwwWvp9W4J52d2w9FAD9+vCl/c=,iv:vf8mZwr+z7DjCVHaRbk8jQO9/pso5INy/FmCPq/xlzo=,tag:sgSvlksSOVq5LU0ycAsXxw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1 diff --git a/tests/stdlib/netlify/.dagger/env/net/.gitignore b/tests/stdlib/netlify/.dagger/env/default/.gitignore similarity index 100% rename from tests/stdlib/netlify/.dagger/env/net/.gitignore rename to tests/stdlib/netlify/.dagger/env/default/.gitignore diff --git a/tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue b/tests/stdlib/netlify/.dagger/env/default/plan/netlify.cue similarity index 100% rename from tests/stdlib/netlify/.dagger/env/net/plan/netlify.cue rename to tests/stdlib/netlify/.dagger/env/default/plan/netlify.cue diff --git a/tests/stdlib/netlify/.dagger/env/net/plan/random.cue b/tests/stdlib/netlify/.dagger/env/default/plan/random.cue similarity index 100% rename from tests/stdlib/netlify/.dagger/env/net/plan/random.cue rename to tests/stdlib/netlify/.dagger/env/default/plan/random.cue diff --git a/tests/stdlib/netlify/.dagger/env/net/values.yaml b/tests/stdlib/netlify/.dagger/env/default/values.yaml similarity index 74% rename from tests/stdlib/netlify/.dagger/env/net/values.yaml rename to tests/stdlib/netlify/.dagger/env/default/values.yaml index 2045a92d..75cb6fc7 100644 --- a/tests/stdlib/netlify/.dagger/env/net/values.yaml +++ b/tests/stdlib/netlify/.dagger/env/default/values.yaml @@ -1,4 +1,4 @@ -name: net +name: default inputs: TestNetlify.deploy.account.name: text: blocklayer @@ -19,8 +19,8 @@ sops: SEdUK2RsaUxuVWg2aXUwdVJ0eUtrWWMKWkQDBuL5e4QDx5Wy6+fHiD+J4fp7QdMm lsqgmxRvJMWgEvm1U+hDAo/Pkn8PFUFJf0KxEvkdF4qGuguQePgzFQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-05-27T14:36:27Z" - mac: ENC[AES256_GCM,data:S3l8tVat/Yp7fH5feeL4JxL+uQwZ0zwv8/LPsOoBebfDFWuE/j9sFZD304OT7XNCsfG8R/lqdpoxYmiyH6ToHeZyktXalpk0tAkwFXUV4VUZKyIn81UirbtWx4OT6fW7jusqqg2uX3nhvjGd+QerhEC4Qu4o8lQCKCMzLuQjmVw=,iv:4ucl0O+VgdK/SwtEad1jXIWJ4pQSxlWCCUzFbqNLDgg=,tag:xno2U/FIVW6KgSXW5RWDsw==,type:str] + lastmodified: "2021-05-28T20:40:41Z" + mac: ENC[AES256_GCM,data:12suvaaHfmdt0jaldFmaixGvWUbl0RP/By3l1S9XiUGLbB4tNfV65qsWv9BnjfD//98iV21dYkpCbXPQAITjM0MOGcrkZ9u3lDrmD2dTybHgxgniYJVe/X7BA5Y8uw4a3g+k+HqV5Z8i/iMGCEBbqakt20rNXqzGAFiWJfRcPGo=,iv:6TdOLjFJxn1uDsCLRNGpyUSiLszKHctN0crywXB5PfQ=,tag:XGcPX6lGeJcigxvOuiqyyw==,type:str] pgp: [] encrypted_suffix: secret version: 3.7.1 diff --git a/tests/stdlib/netlify/inputs.yaml b/tests/stdlib/netlify/inputs.yaml deleted file mode 100644 index bfdc3e13..00000000 --- a/tests/stdlib/netlify/inputs.yaml +++ /dev/null @@ -1,35 +0,0 @@ -TestNetlify: - deploy: - account: - name: ENC[AES256_GCM,data:AupEMRKMWvb8Wg==,iv:M4ni+CrI0udcYqgSTciuYZOVyZkTUVSrluSwJFIjqiE=,tag:dztVg8S/db5uI0cC7rivQg==,type:str] - token: ENC[AES256_GCM,data:W7Y1Qf4w5gn5OeGigY3a35VFP9THOZ7Hu9L5l84afwEpYlAQm+M8C67CHA==,iv:Jey3UX/3DihTGG87aFU2FWzEIuXlQ+pboxTd8Gx5gNY=,tag:LnpTzsVzTZkkk+jsbtkpKw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - lastmodified: '2021-03-19T00:15:11Z' - mac: ENC[AES256_GCM,data:bXUJxpw4wIzqzNRjYnyxiYqfTCk78YGOI8CdyIjhFsVgEhla8FmS/CCeUlEunfbTwaYQkWx+Uodz8MVk1yGcvjOl6KQvcIL8/U2uA3WYJaHI94ZdlE1J+YlLOdQR8D+RJbDkJiEhQKek2d21CM3A8njx5uUvWkzQE43lmeQAKgI=,iv:kITjaVpxc3vqLPl+mhufC5mADNk+86+u664jltBN9ro=,tag:j8/xMpLjgI8TvNb+O21C4g==,type:str] - pgp: - - created_at: '2021-03-19T00:15:11Z' - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAzqVY590vudzAQ//XsnreKKngyWdere1fMGDZxJgS7+e6dkg/2NfH58gcHvp - qv3/MqYN9rz/WhmpbZTdkahxuNOrsVjGT1hcBjjqgkK5wBiUqTaEGR6GKd1bhZ5o - t8oyYEPu4hUdzD52bcO/sapTymYSA6tc9XsGaMlferzsZVZ2T25nXpFrQ8gcRtbi - 12Tmx6FbiaqfOcNjCgcyQ7sS1oDLSXgKtj9yS8rC3LuD1ZR9HgeqBWycH318hFEH - Dkj0FlmVhF6cOZGK5WgUR7ibp5v44ta+A94HXIyUbEfN2yCo1iLxJRjH5s/S0xsJ - CwssAK3NtSxnxTk9UgX//pyl29WX2Bc3tbSEYn1pelHvWNfb6zWUMmc4O0pTtLJO - AFjeZvmB33ry1AFkuy+5NTp2B66NiiNTa7ojamTF3i2d6zVCGUJ9HO560i3pURax - 7YM1fsexBk0P6GohEdgWwx41BGqd8jt0vmrhrVIXeqDiykwYNUAkv55PTDWmG8MJ - bUNAEsKOaDHT0MaIGIqAmIdIWm//IdmK7sL8r9T3mnBQovtANRV1A+ejSWZF0fbG - DY8b4knVJVL8BMu0QnToSyHDChgAqr2liciZ+Cmx72hTVi8RkJzsBXMtjNG6bEiK - R8eBUueEsnU44PkHCJBg2gs3v+m2KUjlVbwNLFDG6/xFUs21j6bV7dhn2l3RZSPS - XgE0hKI6GK8uyu24E8mJ+pYZF4CYIgkTbyTN2fn64N3aNMn8L1bHonpXxexcnWaI - 46fatc3YtQg2mgoeNhvM7xtJYJU5RwfaTsjdjecK9jBKWiXXlgoLBwHJgkB03YQ= - =Lrp5 - -----END PGP MESSAGE----- - fp: 6CB37404020B5F0A0B41B5BB225EBAB0B936AC65 - unencrypted_suffix: _unencrypted - version: 3.6.1 diff --git a/tests/stdlib/terraform/s3/inputs.yaml b/tests/stdlib/terraform/s3/inputs.yaml new file mode 100644 index 00000000..ef2355cf --- /dev/null +++ b/tests/stdlib/terraform/s3/inputs.yaml @@ -0,0 +1,24 @@ +TestConfig: + awsConfig: + accessKey: ENC[AES256_GCM,data:cZLf9D1ymnU4A44oGiQ4fFKdEB0=,iv:rNv9rnXSvIpKeUYRqseS9aKjEG4Wim7OW0EKEbBgp+M=,tag:cOzI4KsDgCgi/w7ByFKJJw==,type:str] + secretKey: ENC[AES256_GCM,data:ZFIHfnQYYu7ZhoXogVIHbd2wakBTw9D0TiHeadSKaYAQemCun/egNg==,iv:zISyY5zGZHfe5HZJHdfIUpX6siFIgLMrwAbZRyLH9FU=,tag:uD+1eLHY/AKR9vnpyBh+GQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdU5ENVpScm0yd2RXWjRJ + aSsxWTNvSHBBeU94Z2ZKNjhXdzJHZGNybXkwCk9FVW5EM21LSTRHMkE5VG1SRFpL + ZGUyOHl3MEU3M3ZXTzBqSlExTU1uVTgKLS0tIDZRVDJOaEVZVnVSalRKMUVTTytV + ZWRONHhmOEJVd1lqM1NkMFdSNHU2THMKSjtxHeq/ZSgpXrevLH4AVYyRh4jO6qjT + J301rFx0Cu5qeSIhRiG54Pse83GD+fObDhfH0nPf5HZttDZxrISUdg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2021-05-28T20:45:06Z" + mac: ENC[AES256_GCM,data:7b6X10McAD1qvsS3ZFWeteP7zLC6IAo6NdFjvaX1iyrjoZ+fT8hNkIPVKyfPFTqZzNIZ7qEYJO2PKrTjbhf6a1LEsL9gtfoX4JwINDk66TgIsJsvdp4TRIlEKoRSKK08zc+A5YFAtD1Pj+a3+NnF32ZUsoH+jqSixH2hK51RI0U=,iv:JKeSA0bp+QBE8H/kS/eIL47k1Bsg4L0q/YU4OlJmIKU=,tag:f3gzp/Nv4p4DajNfoAicAg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/tests/stdlib/terraform/s3/main.cue b/tests/stdlib/terraform/s3/main.cue index 356b3683..244f000f 100644 --- a/tests/stdlib/terraform/s3/main.cue +++ b/tests/stdlib/terraform/s3/main.cue @@ -4,13 +4,14 @@ import ( "dagger.io/dagger" "dagger.io/terraform" - "dagger.io/aws" ) TestData: dagger.#Artifact -TestConfig: awsConfig: aws.#Config & { - region: "us-east-2" +TestConfig: awsConfig: { + accessKey: string + secretkey: string + region: "us-east-2" } TestTerraform: apply: terraform.#Configuration & {