allow referencing secrets by name in manifests
Signed-off-by: Lucy Ekatarina <lucy@dragnof.pro>
This commit is contained in:
parent
e36caade11
commit
6117c412fc
|
@ -51,7 +51,7 @@ func LoadManifest(in string) (*Manifest, error) {
|
|||
|
||||
for _, sec := range manifest.Secrets {
|
||||
_, err := uuid.Parse(sec)
|
||||
if err != nil {
|
||||
if err != nil && (len(sec) <= 3 || len(sec) >= 512) {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
|
|
@ -82,10 +82,21 @@ class Manifest:
|
|||
if not isinstance(env, dict):
|
||||
raise Exception("Expected environment to be a dictionary")
|
||||
if secrets:
|
||||
if not isinstance(secrets, list) or not all([isinstance(s, str) for s in secrets]):
|
||||
raise Exception("Expected secrets to be a UUID array")
|
||||
# Will throw exception on invalid UUIDs as well
|
||||
secrets = list(map(uuid.UUID, secrets))
|
||||
if not isinstance(secrets, list) or not all(
|
||||
[isinstance(s, str) for s in secrets]
|
||||
):
|
||||
raise Exception("Expected secrets to be a UUID/String array")
|
||||
|
||||
def uuid_or_string(s):
|
||||
try:
|
||||
uuid.UUID(s)
|
||||
except ValueError:
|
||||
if len(s) >= 3 and len(s) <= 512:
|
||||
s
|
||||
else:
|
||||
raise Exception("Secret names must be between 3 and 512 chars")
|
||||
|
||||
secrets = list(map(uuid_or_string, secrets))
|
||||
if shell is not None and not isinstance(shell, bool):
|
||||
raise Exception("Expected shell to be a boolean")
|
||||
if artifacts is not None and (
|
||||
|
|
|
@ -3,6 +3,8 @@ package main
|
|||
import (
|
||||
"database/sql"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
type Job struct {
|
||||
|
@ -82,7 +84,15 @@ func GetJob(db *sql.DB, id int) (*Job, error) {
|
|||
return &job, nil
|
||||
}
|
||||
|
||||
func GetSecret(db *sql.DB, uuid string) (*Secret, error) {
|
||||
func GetSecret(db *sql.DB, sec string, ownerId int) (*Secret, error) {
|
||||
_, err := uuid.Parse(sec)
|
||||
if err != nil {
|
||||
return GetSecretByName(db, sec, ownerId)
|
||||
}
|
||||
return GetSecretById(db, sec)
|
||||
}
|
||||
|
||||
func GetSecretById(db *sql.DB, uuid string) (*Secret, error) {
|
||||
row := db.QueryRow(`
|
||||
SELECT
|
||||
"id", "user_id", "created", "updated", "uuid",
|
||||
|
@ -94,7 +104,23 @@ func GetSecret(db *sql.DB, uuid string) (*Secret, error) {
|
|||
&secret.Id, &secret.UserId, &secret.Created, &secret.Updated,
|
||||
&secret.Uuid, &secret.Name, &secret.SecretType, &secret.Secret,
|
||||
&secret.Path, &secret.Mode); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &secret, nil
|
||||
}
|
||||
|
||||
func GetSecretByName(db *sql.DB, uuid string, ownerId int) (*Secret, error) {
|
||||
row := db.QueryRow(`
|
||||
SELECT
|
||||
"id", "user_id", "created", "updated", "uuid",
|
||||
"name", "secret_type", "secret", "path", "mode"
|
||||
FROM "secret" WHERE "name" = $1 AND "user_id" = $2;
|
||||
`, uuid, ownerId)
|
||||
var secret Secret
|
||||
if err := row.Scan(
|
||||
&secret.Id, &secret.UserId, &secret.Created, &secret.Updated,
|
||||
&secret.Uuid, &secret.Name, &secret.SecretType, &secret.Secret,
|
||||
&secret.Path, &secret.Mode); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &secret, nil
|
||||
|
|
|
@ -5,6 +5,7 @@ require (
|
|||
github.com/go-redis/redis/v8 v8.2.3
|
||||
github.com/gocelery/gocelery v0.0.0-20201111034804-825d89059344
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
|
||||
github.com/google/uuid v1.0.0
|
||||
github.com/kr/pty v1.1.3
|
||||
github.com/lib/pq v1.8.0
|
||||
github.com/martinlindhe/base36 v1.1.0
|
||||
|
|
|
@ -212,6 +212,7 @@ github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hf
|
|||
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
|
||||
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
|
||||
github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA=
|
||||
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
|
||||
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
|
||||
|
|
|
@ -262,7 +262,7 @@ func (ctx *JobContext) SendSecrets() error {
|
|||
sshKeys := 0
|
||||
for _, uuid := range ctx.Manifest.Secrets {
|
||||
ctx.Log.Printf("Resolving secret %s\n", uuid)
|
||||
secret, err := GetSecret(ctx.Db, uuid)
|
||||
secret, err := GetSecret(ctx.Db, uuid, ctx.Job.OwnerId)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "GetSecret")
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue