Skip to content

Commit

Permalink
fix(secrets): support schedule event (#308)
Browse files Browse the repository at this point in the history
  • Loading branch information
ecrupper authored Sep 1, 2023
1 parent a94085e commit 4edd970
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 19 deletions.
4 changes: 3 additions & 1 deletion library/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ func (s *Secret) Match(from *pipeline.Container) bool {
}

// check incoming events
switch from.Environment["BUILD_EVENT"] {
switch from.Environment["VELA_BUILD_EVENT"] {
case constants.EventPush:
eACL = checkEvent(events, constants.EventPush)
case constants.EventPull:
Expand All @@ -81,6 +81,8 @@ func (s *Secret) Match(from *pipeline.Container) bool {
eACL = checkEvent(events, constants.EventDeploy)
case constants.EventComment:
eACL = checkEvent(events, constants.EventComment)
case constants.EventSchedule:
eACL = checkEvent(events, constants.EventSchedule)
}

// check images whitelist
Expand Down
44 changes: 26 additions & 18 deletions library/secret_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,88 +43,96 @@ func TestLibrary_Secret_Match(t *testing.T) {
{ // test matching secret events
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"push"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "pull_request"},
Environment: map[string]string{"VELA_BUILD_EVENT": "pull_request"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"pull_request"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "tag"},
Environment: map[string]string{"VELA_BUILD_EVENT": "tag"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"tag"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "deployment"},
Environment: map[string]string{"VELA_BUILD_EVENT": "deployment"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"deployment"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "comment"},
Environment: map[string]string{"VELA_BUILD_EVENT": "comment"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"comment"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "fake_event"},
Environment: map[string]string{"VELA_BUILD_EVENT": "fake_event"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"push"}},
want: false,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"push", "pull_request"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"VELA_BUILD_EVENT": "schedule"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{}, Events: &[]string{"push", "pull_request", "schedule"}},
want: true,
},

{ // test matching secret images
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine"}, Events: &[]string{}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine:latest"}, Events: &[]string{}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine:1"}, Events: &[]string{}},
want: false,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine", "centos"}, Events: &[]string{}},
want: true,
Expand All @@ -133,39 +141,39 @@ func TestLibrary_Secret_Match(t *testing.T) {
{ // test matching secret events and images
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine"}, Events: &[]string{"push"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine:latest"}, Events: &[]string{"push"}},
want: true,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine:1"}, Events: &[]string{"push"}},
want: false,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "pull_request"},
Environment: map[string]string{"VELA_BUILD_EVENT": "pull_request"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine:latest"}, Events: &[]string{"push"}},
want: false,
},
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
},
sec: &Secret{Name: &v, Value: &v, Images: &[]string{"alpine", "centos"}, Events: &[]string{"push"}},
want: true,
Expand All @@ -174,7 +182,7 @@ func TestLibrary_Secret_Match(t *testing.T) {
{ // test build events with image ACLs and rulesets
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
Ruleset: pipeline.Ruleset{
If: pipeline.Rules{
Event: []string{"push"},
Expand All @@ -187,7 +195,7 @@ func TestLibrary_Secret_Match(t *testing.T) {
{
step: &pipeline.Container{
Image: "alpine:latest",
Environment: map[string]string{"BUILD_EVENT": "push"},
Environment: map[string]string{"VELA_BUILD_EVENT": "push"},
Ruleset: pipeline.Ruleset{
If: pipeline.Rules{
Event: []string{"push"},
Expand Down

0 comments on commit 4edd970

Please sign in to comment.