worker: fix unknown secret regression
If the secret exists but is not owned by the user, GetSecret now returns sql.ErrNoRows and the previous owner ID check is not useful. Unknown secrets should not fail the build.
This commit is contained in:
parent
994883a04f
commit
bb3c35344b
|
@ -4,6 +4,7 @@ import (
|
|||
"bytes"
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"database/sql"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"io"
|
||||
|
@ -263,12 +264,11 @@ func (ctx *JobContext) SendSecrets() error {
|
|||
for _, uuid := range ctx.Manifest.Secrets {
|
||||
ctx.Log.Printf("Resolving secret %s\n", uuid)
|
||||
secret, err := GetSecret(ctx.Db, uuid, ctx.Job.OwnerId)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "GetSecret")
|
||||
}
|
||||
if secret.UserId != ctx.Job.OwnerId {
|
||||
ctx.Log.Printf("Warning: access denied for secret %s\n", uuid)
|
||||
if err == sql.ErrNoRows {
|
||||
ctx.Log.Printf("Warning: secret %s not found\n", uuid)
|
||||
continue
|
||||
} else if err != nil {
|
||||
return errors.Wrap(err, "GetSecret")
|
||||
}
|
||||
switch secret.SecretType {
|
||||
case "ssh_key":
|
||||
|
|
Loading…
Reference in New Issue