Implement backend for concealing secrets

This commit is contained in:
Don 2016-11-16 11:28:36 -08:00
parent cdb9cd915e
commit e77936f5c8
8 changed files with 57 additions and 2 deletions

View file

@ -23,6 +23,9 @@ type RepoSecret struct {
// whether the secret requires verification
SkipVerify bool `json:"skip_verify" meddler:"secret_skip_verify"`
// whether the secret should be concealed in the build log
Conceal bool `json:"conceal" meddler:"secret_conceal"`
}
// Secret transforms a repo secret into a simple secret.
@ -33,6 +36,7 @@ func (s *RepoSecret) Secret() *Secret {
Images: s.Images,
Events: s.Events,
SkipVerify: s.SkipVerify,
Conceal: s.Conceal,
}
}
@ -44,6 +48,7 @@ func (s *RepoSecret) Clone() *RepoSecret {
Images: s.Images,
Events: s.Events,
SkipVerify: s.SkipVerify,
Conceal: s.Conceal,
}
}

View file

@ -21,6 +21,9 @@ type Secret struct {
// whether the secret requires verification
SkipVerify bool `json:"skip_verify"`
// whether the secret should be concealed in the build log
Conceal bool `json:"conceal"`
}
// Match returns true if an image and event match the restricted list.

View file

@ -23,6 +23,9 @@ type TeamSecret struct {
// whether the secret requires verification
SkipVerify bool `json:"skip_verify" meddler:"team_secret_skip_verify"`
// whether the secret should be concealed in the build log
Conceal bool `json:"conceal" meddler:"team_secret_conceal"`
}
// Secret transforms a repo secret into a simple secret.
@ -33,6 +36,7 @@ func (s *TeamSecret) Secret() *Secret {
Images: s.Images,
Events: s.Events,
SkipVerify: s.SkipVerify,
Conceal: s.Conceal,
}
}
@ -44,6 +48,7 @@ func (s *TeamSecret) Clone() *TeamSecret {
Images: s.Images,
Events: s.Events,
SkipVerify: s.SkipVerify,
Conceal: s.Conceal,
}
}

View file

@ -0,0 +1,12 @@
-- +migrate Up
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
UPDATE secrets SET secret_conceal = false;
UPDATE team_secrets SET team_secret_conceal = false;
-- +migrate Down
ALTER TABLE secrets DROP COLUMN secret_conceal;
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;

View file

@ -0,0 +1,12 @@
-- +migrate Up
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
UPDATE secrets SET secret_conceal = false;
UPDATE team_secrets SET team_secret_conceal = false;
-- +migrate Down
ALTER TABLE secrets DROP COLUMN secret_conceal;
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;

View file

@ -0,0 +1,12 @@
-- +migrate Up
ALTER TABLE secrets ADD COLUMN secret_conceal BOOLEAN;
ALTER TABLE team_secrets ADD COLUMN team_secret_conceal BOOLEAN;
UPDATE secrets SET secret_conceal = 0;
UPDATE team_secrets SET team_secret_conceal = 0;
-- +migrate Down
ALTER TABLE secrets DROP COLUMN secret_conceal;
ALTER TABLE team_secrets DROP COLUMN team_secret_conceal;

View file

@ -28,7 +28,8 @@ func TestRepoSecrets(t *testing.T) {
Value: "bar",
Images: []string{"docker", "gcr"},
Events: []string{"push", "tag"},
SkipVerify: false,
SkipVerify: true,
Conceal: true,
}
err := s.SetSecret(secret)
g.Assert(err == nil).IsTrue()
@ -40,6 +41,8 @@ func TestRepoSecrets(t *testing.T) {
g.Assert(got.Value).Equal(secret.Value)
g.Assert(got.Images).Equal(secret.Images)
g.Assert(got.Events).Equal(secret.Events)
g.Assert(got.SkipVerify).Equal(secret.SkipVerify)
g.Assert(got.Conceal).Equal(secret.Conceal)
})
g.It("Should update a secret", func() {

View file

@ -28,7 +28,8 @@ func TestTeamSecrets(t *testing.T) {
Value: "bar",
Images: []string{"docker", "gcr"},
Events: []string{"push", "tag"},
SkipVerify: false,
SkipVerify: true,
Conceal: true,
}
err := s.SetTeamSecret(secret)
g.Assert(err == nil).IsTrue()
@ -40,6 +41,8 @@ func TestTeamSecrets(t *testing.T) {
g.Assert(got.Value).Equal(secret.Value)
g.Assert(got.Images).Equal(secret.Images)
g.Assert(got.Events).Equal(secret.Events)
g.Assert(got.SkipVerify).Equal(secret.SkipVerify)
g.Assert(got.Conceal).Equal(secret.Conceal)
})
g.It("Should update a secret", func() {