USEFULL
/
drone
mirror of https://github.com/harness/drone.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use correct label naming convention

pull/2624/head
Brad Rydzewski 2019-03-08 16:58:50 -08:00
parent dd2cc872c2
commit 55abbdb5d3
7 changed files with 26 additions and 936 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
operator/runner/registry.go
View File

@ -1,109 +0,0 @@
// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.
package runner
// import (
// "context"
// "encoding/json"
// "strings"
// "github.com/drone/drone-yaml/yaml"
// "github.com/drone/drone/core"
// "github.com/drone/drone/plugin/registry/auths"
// )
// type registryManager struct {
// build *core.Build
// config *yaml.Manifest
// repo *core.Repository
// auths core.RegistryService
// secrets core.SecretService
// }
// func (s *registryManager) list(_ context.Context) ([]*core.Registry, error) {
// // get the registry credentials from the external
// // registry credential provider. This could, for example,
// // source credentials from ~/.docker/config.json
// registries, err := s.auths.List(noContext, &core.RegistryRequest{
// Repo: s.repo,
// Build: s.build,
// })
// if err != nil {
// return nil, err
// }
// // // get the registry credentials from the external
// // // user-defined registry credential provider.
// // userdef, err := s.auths.ListEndpoint(noContext, &core.RegistryRequest{
// // Repo: s.repo,
// // Build: s.build,
// // }, s.repo.Endpoints.Registry)
// // if err != nil {
// // return nil, err
// // }
// // // append user-defined registry credentials to the list.
// // registries = append(registries, userdef...)
// // the user can also define registry credentials in the
// // yaml secret section.
// for _, resource := range s.config.Resources {
// res, ok := resource.(*yaml.Secret)
// if !ok {
// continue
// }
// for name, value := range res.Data {
// // skip secrets the are intended for use with authenticating
// // to the docker registry and pulling private images.
// if isDockerConfig(name) == false {
// continue
// }
// if res.Type == "encrypted" {
// value = strings.Replace(value, " ", "", -1)
// value = strings.Replace(value, "\n", "", -1)
// plaintext, err := decrypt(core.EncryptAESGCM, value, s.repo.Secret)
// if err != nil {
// return nil, err
// }
// secret := new(core.Secret)
// err = json.Unmarshal([]byte(plaintext), secret)
// if err != nil {
// return nil, err
// }
// parsed, err := auths.ParseString(secret.Data)
// if err != nil {
// return nil, err
// }
// registries = append(registries, parsed...)
// } else {
// // the user has the option of aliasing the
// // secret name. If the user specifies an external
// // name it must be used for the external query.
// req := &core.SecretRequest{
// Name: value,
// Repo: s.repo,
// Build: s.build,
// }
// //
// // TODO: bradrydzewski this should fetch from
// // the user-defined secrets.
// //
// secret, err := s.secrets.Find(noContext, req)
// if err != nil {
// return nil, err
// }
// parsed, err := auths.ParseString(secret.Data)
// if err != nil {
// return nil, err
// }
// registries = append(registries, parsed...)
// }
// }
// }
// return registries, nil
// }

323
operator/runner/registry_test.go
View File

@ -1,323 +0,0 @@
// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.
package runner
// import (
// "context"
// "encoding/json"
// "io"
// "testing"
// "github.com/drone/drone-yaml/yaml"
// "github.com/drone/drone/core"
// "github.com/drone/drone/mock"
// "github.com/golang/mock/gomock"
// "github.com/google/go-cmp/cmp"
// )
// func Test_RegistryManager_ListExternal(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// want := []*core.Registry{
// {
// Address: "docker.io",
// Username: "octocat",
// Password: "pa55word",
// },
// }
// service := mock.NewMockRegistryService(controller)
// service.EXPECT().List(gomock.Any(), gomock.Any()).Return(want, nil)
// service.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// manager := registryManager{
// auths: service,
// config: &yaml.Manifest{},
// repo: &core.Repository{},
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// }
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }
// // this test verifies that the registry credential manager
// // exits and returns an error if unable to fetch registry
// // credentials from the external provider.
// func Test_RegistryManager_ListExternal_Err(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// service := mock.NewMockRegistryService(controller)
// service.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, io.EOF)
// manager := registryManager{
// auths: service,
// }
// _, err := manager.list(noContext)
// if err == nil {
// t.Errorf("Expect error fetching external secret")
// }
// }
// // this test verifies that the registry credential manager
// // skips secrets that are not docker_auth_config files.
// func Test_RegistryManager_ListInternal_Skip(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// service := mock.NewMockRegistryService(controller)
// service.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, nil)
// service.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// manager := registryManager{
// repo: &core.Repository{},
// auths: service,
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_password": "docker_password",
// },
// },
// },
// },
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// }
// var want []*core.Registry
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }
// // this test verifies that the registry credential manager
// // fetches registry credentials from the remote secret store,
// // and successfully parses the .docker/config.json contents.
// func Test_RegistryManager_ListExternalSecrets(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// mockRepo := &core.Repository{
// Slug: "octocat/hello-world",
// }
// mockBuild := &core.Build{
// Event: core.EventPullRequest,
// Fork: "octocat/hello-world",
// }
// mockSecret := &core.Secret{
// Name: "docker_auth_config",
// Data: `{"auths": {"index.docker.io": {"auth": "b2N0b2NhdDpjb3JyZWN0LWhvcnNlLWJhdHRlcnktc3RhcGxl"}}}`,
// }
// mockSecretReq := &core.SecretRequest{
// Name: mockSecret.Name,
// Repo: mockRepo,
// Build: mockBuild,
// }
// mockResp := func(ctx context.Context, req *core.SecretRequest) (*core.Secret, error) {
// if diff := cmp.Diff(req, mockSecretReq); diff != "" {
// t.Errorf(diff)
// }
// return mockSecret, nil
// }
// registries := mock.NewMockRegistryService(controller)
// registries.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, nil)
// registries.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// secrets := mock.NewMockSecretService(controller)
// secrets.EXPECT().Find(gomock.Any(), gomock.Any()).DoAndReturn(mockResp)
// manager := registryManager{
// auths: registries,
// secrets: secrets,
// repo: mockRepo,
// build: mockBuild,
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_auth_config": "docker_auth_config",
// },
// },
// },
// },
// }
// want := []*core.Registry{
// {
// Address: "index.docker.io",
// Username: "octocat",
// Password: "correct-horse-battery-staple",
// },
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }
// // this test verifies that the registry credential manager
// // fetches registry credentials from the remote secret store,
// // and returns an error if external rpc call fails.
// func Test_RegistryManager_ListExternalSecrets_Err(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// registries := mock.NewMockRegistryService(controller)
// registries.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, nil)
// registries.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// secrets := mock.NewMockSecretService(controller)
// secrets.EXPECT().Find(gomock.Any(), gomock.Any()).Return(nil, io.EOF)
// manager := registryManager{
// repo: &core.Repository{},
// auths: registries,
// secrets: secrets,
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_auth_config": "docker_auth_config",
// },
// },
// },
// },
// }
// _, err := manager.list(noContext)
// if err == nil {
// t.Errorf("Expect error")
// }
// }
// // this test verifies that the registry credential manager
// // fetches registry credentials from the remote secret store,
// // and returns an error if the .docker/config.json contents
// // cannot be unmarshaled.
// func Test_RegistryManager_ListExternalSecrets_ParseErr(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// mockSecret := &core.Secret{
// Name: "docker_auth_config",
// Data: `[]`,
// }
// registries := mock.NewMockRegistryService(controller)
// registries.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, nil)
// registries.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// secrets := mock.NewMockSecretService(controller)
// secrets.EXPECT().Find(gomock.Any(), gomock.Any()).Return(mockSecret, nil)
// manager := registryManager{
// auths: registries,
// secrets: secrets,
// repo: &core.Repository{
// Slug: "octocat/hello-world",
// },
// build: &core.Build{
// Event: core.EventPush,
// Fork: "octocat/hello-world",
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_auth_config": "docker_auth_config",
// },
// },
// },
// },
// }
// _, err := manager.list(noContext)
// if _, ok := err.(*json.UnmarshalTypeError); !ok {
// t.Errorf("Expect decoding error")
// }
// }
// // this test verifies that the registry credential manager
// // can decrypt inline registry credentials included in the yaml,
// // where the encrypted content is a .docker/config.json file.
// func Test_RegistryManager_ListInline(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// if true {
// t.Skipf("skip docker_auth_config encryption test")
// return
// }
// registries := mock.NewMockRegistryService(controller)
// registries.EXPECT().List(gomock.Any(), gomock.Any()).Return(nil, nil)
// registries.EXPECT().ListEndpoint(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, nil)
// manager := registryManager{
// auths: registries,
// repo: &core.Repository{
// Secret: "m5bahAG7YVp114R4YgMv5uW7bTEzx7yn",
// Slug: "octocat/hello-world",
// },
// build: &core.Build{
// Event: core.EventPush,
// Fork: "octocat/hello-world",
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "docker_auth_config": "0jye_JUWxgu1qZRd56d9GSnl3-gJgsBAakeKAQ4BX_UDSvT0ntcwXT38KfiI5OY-BNZSKwfoQrQuPYn2VJWXcUMSmy0JLdBEDzWJ-m8s-KPBApuh6vVTafKzrslK-E0P7ZfqiR0ulXWsHqJhzVXInjITx8oxsmcZ458Fwbvk6gXLudRsKKr6RjI4Jcr4mQGT",
// },
// },
// },
// },
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// want := []*core.Registry{
// {
// Address: "index.docker.io",
// Username: "octocat",
// Password: "correct-horse-battery-staple",
// },
// }
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }

20
operator/runner/runner.go
View File

@ -277,16 +277,16 @@ func (r *Runner) Run(ctx context.Context, id int64) error {
transform.WithEnviron(r.Environ), transform.WithEnviron(r.Environ),
transform.WithLables( transform.WithLables(
map[string]string{ map[string]string{
"io.drone": "true", "io.drone": "true",
"io.core.build.number": fmt.Sprint(m.Build.Number), "io.drone.build.number": fmt.Sprint(m.Build.Number),
"io.core.repo.namespace": m.Repo.Namespace, "io.drone.repo.namespace": m.Repo.Namespace,
"io.core.repo.name": m.Repo.Name, "io.drone.repo.name": m.Repo.Name,
"io.core.stage.name": m.Stage.Name, "io.drone.stage.name": m.Stage.Name,
"io.core.stage.number": fmt.Sprint(m.Stage.Number), "io.drone.stage.number": fmt.Sprint(m.Stage.Number),
"io.core.ttl": fmt.Sprint(time.Duration(m.Repo.Timeout) * time.Minute), "io.drone.ttl": fmt.Sprint(time.Duration(m.Repo.Timeout) * time.Minute),
"io.core.expires": fmt.Sprint(time.Now().Add(time.Duration(m.Repo.Timeout)*time.Minute + time.Hour).Unix()), "io.drone.expires": fmt.Sprint(time.Now().Add(time.Duration(m.Repo.Timeout)*time.Minute + time.Hour).Unix()),
"io.core.created": fmt.Sprint(time.Now().Unix()), "io.drone.created": fmt.Sprint(time.Now().Unix()),
"io.core.protected": "false", "io.drone.protected": "false",
}, },
), // TODO append labels here ), // TODO append labels here
transform.WithLimits( transform.WithLimits(

118
operator/runner/secrets.go
View File

@ -13,121 +13,3 @@ func toSecretMap(secrets []*core.Secret) map[string]string {
} }
return set return set
} }
// import (
// "context"
// "encoding/json"
// "strings"
// "github.com/drone/drone-yaml/yaml"
// "github.com/drone/drone/core"
// "github.com/drone/drone/crypto/aesgcm"
// "github.com/drone/drone/crypto/secretbox"
// )
// var noContext = context.Background()
// type secretManager struct {
// repo *core.Repository
// build *core.Build
// config *yaml.Manifest
// remote core.SecretService
// }
// func (s *secretManager) list(_ context.Context) ([]*core.Secret, error) {
// var secrets []*core.Secret
// for _, resource := range s.config.Resources {
// res, ok := resource.(*yaml.Secret)
// if !ok {
// continue
// }
// for name, value := range res.Data {
// // skip secrets the are intended for use with authenticating
// // to the docker registry and pulling private images.
// if isDockerConfig(name) {
// continue
// }
// if res.Type == "encrypted" {
// value = strings.Replace(value, " ", "", -1)
// value = strings.Replace(value, "\n", "", -1)
// plaintext, err := decrypt(core.EncryptAESGCM, value, s.repo.Secret)
// if err != nil {
// return nil, err
// }
// secret := new(core.Secret)
// secret.Name = name
// err = json.Unmarshal([]byte(plaintext), secret)
// if err != nil {
// return nil, err
// }
// if secret.Pull == false && s.build.Event == core.EventPullRequest {
// continue
// }
// secrets = append(secrets, secret)
// } else {
// // the user has the option of aliasing the
// // secret name. If the user specifies an external
// // name it must be used for the external query.
// req := &core.SecretRequest{
// Name: value,
// Repo: s.repo,
// Build: s.build,
// }
// // if s.repo.Endpoints.Secret.Endpoint != "" {
// // // fetch the secret from the user-defined endpoint.
// // secret, err := s.remote.FindEndpoint(noContext, req, s.repo.Endpoints.Secret)
// // if err != nil {
// // return nil, err
// // }
// // if secret == nil {
// // continue
// // }
// // secrets = append(secrets, &core.Secret{
// // Name: name, // use the aliased name.
// // Data: secret.Data,
// // })
// // } else {
// // fetch the secret from the global endpoint.
// secret, err := s.remote.Find(noContext, req)
// if err != nil {
// return nil, err
// }
// if secret == nil {
// continue
// }
// secrets = append(secrets, &core.Secret{
// Name: name, // use the aliased name.
// Data: secret.Data,
// })
// // }
// }
// }
// }
// return secrets, nil
// }
// // helper function extracts the ciphertext and algorithm type
// // // from the yaml secret structure.
// // func extractCiphertext(secret yaml.Secret) (algorithm, ciphertext string, ok bool) {
// // return core.EncryptAESGCM, secret.Data, true
// // }
// // helper funciton decrypts the ciphertext using the provided
// // decryption algorithm and decryption key.
// func decrypt(algorithm, ciphertext, key string) (string, error) {
// switch algorithm {
// case core.EncryptAESGCM:
// return aesgcm.DecryptString(ciphertext, key)
// default:
// return secretbox.Decrypt(ciphertext, key)
// }
// }
// // helper function returns true if the build event matches the
// // docker_auth_config variable name.
// func isDockerConfig(name string) bool {
// return strings.EqualFold(name, "DOCKER_AUTH_CONFIG")
// }

360
operator/runner/secrets_test.go
View File

@ -1,360 +0,0 @@
// Copyright 2019 Drone.IO Inc. All rights reserved.
// Use of this source code is governed by the Drone Non-Commercial License
// that can be found in the LICENSE file.
package runner
// import (
// "context"
// "encoding/json"
// "io"
// "testing"
// "github.com/drone/drone-yaml/yaml"
// "github.com/drone/drone/core"
// "github.com/drone/drone/mock"
// "github.com/golang/mock/gomock"
// "github.com/google/go-cmp/cmp"
// )
// func Test_SecretManager_List_SkipDockerAuthConfig(t *testing.T) {
// manager := secretManager{
// repo: &core.Repository{
// Secret: "m5bahAG7YVp114R4YgMv5uW7bTEzx7yn",
// },
// build: &core.Build{
// Event: core.EventPush,
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "DOCKER_AUTH_CONFIG": "LiDvQo6Zw5ArpwCByD4Pb9DAibl5bMaUInzXFT93sEoejT_jNZQCtXpIbuGJh7Iw3ixyd8vMDC0vXiQWw5VhKvLWLKg=",
// },
// },
// },
// },
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// if len(got) != 0 {
// t.Errorf("Expect DOCKER_AUTH_CONFIG excluded from secret list")
// }
// }
// func Test_SecretManager_ListInline(t *testing.T) {
// manager := secretManager{
// repo: &core.Repository{
// Secret: "dvBIW3c7P5WW0iwMaPNKRCKIN19NgqMH",
// Slug: "octocat/hello-world",
// },
// build: &core.Build{
// Event: core.EventPush,
// Fork: "octocat/hello-world",
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "docker_password": "5OXQwLXkLY0eWcqx0oM7SzY6nKrMBBUlRIC5aod0kmRH0-85AaH-4itxTrS21VaG88NESE5HB5Klq9QtTkAXsaW9KQ==",
// },
// },
// },
// },
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// want := []*core.Secret{
// {
// Name: "docker_password",
// Data: "correct-horse-battery-staple",
// },
// }
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }
// func Test_SecretManager_ListInline_SkipPull(t *testing.T) {
// manager := secretManager{
// repo: &core.Repository{
// Secret: "dvBIW3c7P5WW0iwMaPNKRCKIN19NgqMH",
// Slug: "octocat/hello-world",
// },
// build: &core.Build{
// Event: core.EventPullRequest,
// Fork: "octocat/hello-world",
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "docker_password": "5OXQwLXkLY0eWcqx0oM7SzY6nKrMBBUlRIC5aod0kmRH0-85AaH-4itxTrS21VaG88NESE5HB5Klq9QtTkAXsaW9KQ==",
// },
// },
// },
// },
// }
// secrets, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// if len(secrets) != 0 {
// t.Errorf("Expect secret not exposed to a pull request")
// }
// }
// func Test_SecretManager_ListInline_DecryptErr(t *testing.T) {
// manager := secretManager{
// repo: &core.Repository{
// Secret: "invalid",
// },
// build: &core.Build{
// Event: core.EventPush,
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "docker_password": "LiDvQo6Zw5ArpwCByD4Pb9DAibl5bMaUInzXFT93sEoejT_jNZQCtXpIbuGJh7Iw3ixyd8vMDC0vXiQWw5VhKvLWLKg=",
// },
// },
// },
// },
// }
// _, err := manager.list(noContext)
// if err == nil {
// t.Errorf("Expect decryption error")
// }
// }
// func Test_SecretManager_ListInline_DecodeErr(t *testing.T) {
// manager := secretManager{
// repo: &core.Repository{
// Secret: "m5bahAG7YVp114R4YgMv5uW7bTEzx7yn",
// },
// build: &core.Build{
// Event: core.EventPush,
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "encrypted",
// Data: map[string]string{
// "docker_password": "nNOfLyHNFMecBwWq4DxGIkIRqfCX3DElxc7sejue",
// },
// },
// },
// },
// }
// _, err := manager.list(noContext)
// if _, ok := err.(*json.UnmarshalTypeError); !ok {
// t.Errorf("Expect decoding error")
// }
// }
// func Test_SecretManager_ListExternal(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// mockRepo := &core.Repository{
// Slug: "octocat/hello-world",
// }
// mockBuild := &core.Build{
// Event: core.EventPullRequest,
// Fork: "octocat/hello-world",
// }
// mockSecret := &core.Secret{
// Name: "docker_password",
// Data: "correct-horse-battery-staple",
// }
// mockSecretReq := &core.SecretRequest{
// Name: mockSecret.Name,
// Repo: mockRepo,
// Build: mockBuild,
// }
// mockResp := func(ctx context.Context, req *core.SecretRequest) (*core.Secret, error) {
// if diff := cmp.Diff(req, mockSecretReq); diff != "" {
// t.Errorf(diff)
// }
// return mockSecret, nil
// }
// service := mock.NewMockSecretService(controller)
// service.EXPECT().Find(gomock.Any(), gomock.Any()).DoAndReturn(mockResp)
// manager := secretManager{
// repo: mockRepo,
// build: mockBuild,
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_password": "docker_password",
// },
// },
// },
// },
// remote: service,
// }
// got, err := manager.list(noContext)
// if err != nil {
// t.Error(err)
// return
// }
// want := []*core.Secret{
// {
// Name: "docker_password",
// Data: "correct-horse-battery-staple",
// },
// }
// if diff := cmp.Diff(got, want); diff != "" {
// t.Errorf(diff)
// }
// }
// func Test_SecretManager_ListExternal_Err(t *testing.T) {
// controller := gomock.NewController(t)
// defer controller.Finish()
// service := mock.NewMockSecretService(controller)
// service.EXPECT().Find(gomock.Any(), gomock.Any()).Return(nil, io.EOF)
// manager := secretManager{
// repo: &core.Repository{
// Slug: "octocat/hello-world",
// },
// build: &core.Build{
// Event: core.EventPush,
// },
// config: &yaml.Manifest{
// Resources: []yaml.Resource{
// &yaml.Secret{
// Kind: "secret",
// Type: "external",
// Data: map[string]string{
// "docker_password": "docker_password",
// },
// },
// },
// },
// remote: service,
// }
// _, err := manager.list(noContext)
// if err == nil {
// t.Errorf("Expect error fetching external secret")
// }
// }
// // func Test_extractCiphertext(t *testing.T) {
// // tests := []struct {
// // secret config.Secret
// // algorithm string
// // ciphertext string
// // ok bool
// // }{
// // {
// // secret: config.Secret{Secretbox: "LiDvQo6Zw5ArpwCByD4Pb9DAibl5bMaUInzXFT93sEoejT_jNZQCtXpIbuGJh7Iw3ixyd8vMDC0vXiQWw5VhKvLWLKg="},
// // algorithm: core.EncryptSecretBox,
// // ciphertext: "LiDvQo6Zw5ArpwCByD4Pb9DAibl5bMaUInzXFT93sEoejT_jNZQCtXpIbuGJh7Iw3ixyd8vMDC0vXiQWw5VhKvLWLKg=",
// // ok: true,
// // },
// // {
// // secret: config.Secret{Aesgcm: "JjnUFKmN-H0GJmXO8oByrgZoCb0imNTcGgV496TNB7Y3MESCerxYvxjWWP1RQdPibfT1P97F1WA="},
// // algorithm: core.EncryptAESGCM,
// // ciphertext: "JjnUFKmN-H0GJmXO8oByrgZoCb0imNTcGgV496TNB7Y3MESCerxYvxjWWP1RQdPibfT1P97F1WA=",
// // ok: true,
// // },
// // {
// // secret: config.Secret{},
// // ok: false,
// // },
// // }
// // for i, test := range tests {
// // algorithm, ciphertext, ok := extractCiphertext(test.secret)
// // if got, want := algorithm, test.algorithm; got != want {
// // t.Errorf("Want algorithm %s at index %v", want, i)
// // }
// // if got, want := ciphertext, test.ciphertext; got != want {
// // t.Errorf("Want ciphertext %s at index %v", want, i)
// // }
// // if got, want := ok, test.ok; got != want {
// // t.Errorf("Want ok %v at index %v", want, i)
// // }
// // }
// // }
// func Test_decrypt(t *testing.T) {
// tests := []struct {
// Key string
// Algorithm string
// Ciphertext string
// Plaintext string
// }{
// {
// Algorithm: core.EncryptSecretBox,
// Plaintext: "correct-horse-battery-staple",
// Ciphertext: "LiDvQo6Zw5ArpwCByD4Pb9DAibl5bMaUInzXFT93sEoejT_jNZQCtXpIbuGJh7Iw3ixyd8vMDC0vXiQWw5VhKvLWLKg=",
// Key: "m5bahAG7YVp114R4YgMv5uW7bTEzx7yn",
// },
// {
// Algorithm: core.EncryptAESGCM,
// Plaintext: "correct-horse-battery-staple",
// Ciphertext: "JjnUFKmN-H0GJmXO8oByrgZoCb0imNTcGgV496TNB7Y3MESCerxYvxjWWP1RQdPibfT1P97F1WA=",
// Key: "m5bahAG7YVp114R4YgMv5uW7bTEzx7yn",
// },
// }
// for i, test := range tests {
// plaintext, _ := decrypt(test.Algorithm, test.Ciphertext, test.Key)
// if got, want := plaintext, test.Plaintext; got != want {
// t.Errorf("Want %v at index %v", want, i)
// }
// }
// }
// func Test_isDockerConfig(t *testing.T) {
// tests := []struct {
// Name string
// Match bool
// }{
// {
// Name: "docker_auth_config",
// Match: true,
// },
// {
// Name: "DOCKER_auth_CONFIG",
// Match: true,
// },
// {
// Name: "docker_config",
// Match: false,
// },
// }
// for i, test := range tests {
// if got, want := isDockerConfig(test.Name), test.Match; got != want {
// t.Errorf("Want %v at index %v", want, i)
// }
// }
// }

16
scheduler/kube/kube.go
View File

@ -110,14 +110,14 @@ func (s *kubeScheduler) Schedule(ctx context.Context, stage *core.Stage) error {
Namespace: s.namespace(), Namespace: s.namespace(),
Annotations: map[string]string{ Annotations: map[string]string{
"io.drone": "true", "io.drone": "true",
"io.core.stage.created": time.Unix(stage.Created, 0).String(), "io.drone.stage.created": time.Unix(stage.Created, 0).String(),
"io.core.stage.scheduled": time.Now().String(), "io.drone.stage.scheduled": time.Now().String(),
"io.core.stage.id": fmt.Sprint(stage.ID), "io.drone.stage.id": fmt.Sprint(stage.ID),
"io.core.stage.number": fmt.Sprint(stage.Number), "io.drone.stage.number": fmt.Sprint(stage.Number),
"io.core.stage.os": fmt.Sprint(stage.OS), "io.drone.stage.os": fmt.Sprint(stage.OS),
"io.core.stage.arch": fmt.Sprint(stage.Arch), "io.drone.stage.arch": fmt.Sprint(stage.Arch),
"io.core.build.id": fmt.Sprint(stage.BuildID), "io.drone.build.id": fmt.Sprint(stage.BuildID),
"io.core.repo.id": fmt.Sprint(stage.RepoID), "io.drone.repo.id": fmt.Sprint(stage.RepoID),
}, },
}, },
Spec: batchv1.JobSpec{ Spec: batchv1.JobSpec{

16
scheduler/nomad/nomad.go
View File

@ -112,14 +112,14 @@ func (s *nomadScheduler) Schedule(ctx context.Context, stage *core.Stage) error
}, },
Meta: map[string]string{ Meta: map[string]string{
"io.drone": "true", "io.drone": "true",
"io.core.stage.created": time.Unix(stage.Created, 0).String(), "io.drone.stage.created": time.Unix(stage.Created, 0).String(),
"io.core.stage.scheduled": time.Now().String(), "io.drone.stage.scheduled": time.Now().String(),
"io.core.stage.id": fmt.Sprint(stage.ID), "io.drone.stage.id": fmt.Sprint(stage.ID),
"io.core.stage.number": fmt.Sprint(stage.Number), "io.drone.stage.number": fmt.Sprint(stage.Number),
"io.core.stage.os": fmt.Sprint(stage.OS), "io.drone.stage.os": fmt.Sprint(stage.OS),
"io.core.stage.arch": fmt.Sprint(stage.Arch), "io.drone.stage.arch": fmt.Sprint(stage.Arch),
"io.core.build.id": fmt.Sprint(stage.BuildID), "io.drone.build.id": fmt.Sprint(stage.BuildID),
"io.core.repo.id": fmt.Sprint(stage.RepoID), "io.drone.repo.id": fmt.Sprint(stage.RepoID),
}, },
} }