correct pull policy and update secret masking

go-vela · Aug 13, 2024 · 1dda99b · 1dda99b
1 parent 39973b0
commit 1dda99b
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 11 deletions.
diff --git a/cmd/vela-worker/run.go b/cmd/vela-worker/run.go
@@ -14,6 +14,7 @@ import (
 
 	api "github.com/go-vela/server/api/types"
 	"github.com/go-vela/server/queue"
+	"github.com/go-vela/types/constants"
 	"github.com/go-vela/types/pipeline"
 	"github.com/go-vela/worker/executor"
 	"github.com/go-vela/worker/runtime"
@@ -80,6 +81,7 @@ func run(c *cli.Context) error {
 			Detach:      true,
 			Image:       c.String("executor.outputs-image"),
 			Environment: make(map[string]string),
+			Pull:        constants.PullNotPresent,
 		}
 	}
 

diff --git a/executor/linux/outputs.go b/executor/linux/outputs.go
@@ -52,7 +52,7 @@ func (o *outputSvc) create(ctx context.Context, ctn *pipeline.Container, timeout
 	return nil
 }
 
-// destroy cleans up secret plugin after execution.
+// destroy cleans up outputs container after execution.
 func (o *outputSvc) destroy(ctx context.Context, ctn *pipeline.Container) error {
 	// exit if outputs container has not been configured
 	if len(ctn.Image) == 0 {
@@ -81,7 +81,7 @@ func (o *outputSvc) destroy(ctx context.Context, ctn *pipeline.Container) error
 	return nil
 }
 
-// exec runs a secret plugins for a pipeline.
+// exec runs the outputs sidecar container for a pipeline.
 func (o *outputSvc) exec(ctx context.Context, _outputs *pipeline.Container) error {
 	// exit if outputs container has not been configured
 	if len(_outputs.Image) == 0 {

diff --git a/executor/linux/secret.go b/executor/linux/secret.go
@@ -349,7 +349,7 @@ func injectSecrets(ctn *pipeline.Container, m map[string]*library.Secret) error
 		logrus.Tracef("matching secret %s to container %s", _secret.Source, ctn.Name)
 		// ensure the secret matches with the container
 		if s.Match(ctn) {
-			ctn.Environment[strings.ToUpper(_secret.Target)] = s.GetValue()
+			ctn.Environment[_secret.Target] = s.GetValue()
 		}
 	}
 

diff --git a/executor/linux/step.go b/executor/linux/step.go
@@ -443,7 +443,7 @@ func getSecretValues(ctn *pipeline.Container) []string {
 	// gather secrets' values from the environment map for masking
 	for _, secret := range ctn.Secrets {
 		// capture secret from environment
-		s, ok := ctn.Environment[strings.ToUpper(secret.Target)]
+		s, ok := ctn.Environment[secret.Target]
 		if !ok {
 			continue
 		}

diff --git a/executor/linux/step_test.go b/executor/linux/step_test.go
@@ -889,11 +889,11 @@ func TestLinux_getSecretValues(t *testing.T) {
 				Secrets: pipeline.StepSecretSlice{
 					{
 						Source: "someSource",
-						Target: "secret_username",
+						Target: "SECRET_USERNAME",
 					},
 					{
 						Source: "someOtherSource",
-						Target: "secret_password",
+						Target: "SECRET_PASSWORD",
 					},
 					{
 						Source: "disallowedSecret",
@@ -920,11 +920,11 @@ func TestLinux_getSecretValues(t *testing.T) {
 				Secrets: pipeline.StepSecretSlice{
 					{
 						Source: "someSource",
-						Target: "secret_username",
+						Target: "SECRET_USERNAME",
 					},
 					{
 						Source: "someOtherSource",
-						Target: "secret_password",
+						Target: "SECRET_PASSWORD",
 					},
 				},
 			},

diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-vela/sdk-go v0.24.0
 	github.com/go-vela/server v0.24.1
-	github.com/go-vela/types v0.24.0
+	github.com/go-vela/types v0.24.1-0.20240813201820-772b29b91a5e
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-cmp v0.6.0
 	github.com/joho/godotenv v1.5.1

diff --git a/go.sum b/go.sum
@@ -107,8 +107,8 @@ github.com/go-vela/sdk-go v0.24.0 h1:QmwcF8h/Fq1mwbE8mdvqyTmXM2Z3sE0dLQLEMc7HA4w
 github.com/go-vela/sdk-go v0.24.0/go.mod h1:TmJI0KOt/KweLy0HE4JGpKYDPsbhW4sdl2AY/tWP0tY=
 github.com/go-vela/server v0.24.1 h1:iM5REZBh6oHD0nxEH4O6dkUWNhY3MNrWBLNWGUUwcP8=
 github.com/go-vela/server v0.24.1/go.mod h1:jCnJPiyaRLcdy1u5fKIf7BqsbYAbVMjjI7dlyxZovME=
-github.com/go-vela/types v0.24.0 h1:KkkiXxw3uHckh/foyadmLY1YnLw6vhZbz9XwqONCj6o=
-github.com/go-vela/types v0.24.0/go.mod h1:YWj6BIapl9Kbj4yHq/fp8jltXdGiwD/gTy1ez32Rzag=
+github.com/go-vela/types v0.24.1-0.20240813201820-772b29b91a5e h1:6OHP0aQ2SKwNyL5Q+qYo+Yts6MD3PwmkqWKGoH3AlTI=
+github.com/go-vela/types v0.24.1-0.20240813201820-772b29b91a5e/go.mod h1:YWj6BIapl9Kbj4yHq/fp8jltXdGiwD/gTy1ez32Rzag=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=