sourcehut
/
builds.sr.ht
mirror of https://git.sr.ht/~sircmpwn/builds.sr.ht
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

worker: fix unknown secret regression 

If the secret exists but is not owned by the user, GetSecret now returns
sql.ErrNoRows and the previous owner ID check is not useful. Unknown
secrets should not fail the build.
This commit is contained in:
Drew DeVault 2024-02-07 10:46:55 +01:00
parent 994883a04f
commit bb3c35344b
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
worker/tasks.go
View File

@ -4,6 +4,7 @@ import (
"bytes"
"context"
"crypto/rand"
"database/sql"
"encoding/hex"
"fmt"
"io"
@ -263,12 +264,11 @@ func (ctx *JobContext) SendSecrets() error {
for _, uuid := range ctx.Manifest.Secrets {
ctx.Log.Printf("Resolving secret %s\n", uuid)
secret, err := GetSecret(ctx.Db, uuid, ctx.Job.OwnerId)
if err != nil {
return errors.Wrap(err, "GetSecret")
}
if secret.UserId != ctx.Job.OwnerId {
ctx.Log.Printf("Warning: access denied for secret %s\n", uuid)
if err == sql.ErrNoRows {
ctx.Log.Printf("Warning: secret %s not found\n", uuid)
continue
} else if err != nil {
return errors.Wrap(err, "GetSecret")
}
switch secret.SecretType {
case "ssh_key":