-
Notifications
You must be signed in to change notification settings - Fork 563
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add withPlainSecretVariable #5445
Conversation
bc4dd07
to
f00f9ed
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work, only minor/trivial changes. 👍
Not entirely sure about the name, but can't think of a better one. 🙂
Resolves: dagger#5000 Signed-off-by: Vasek - Tom C <tom@epitech.eu>
Co-authored-by: Helder Correia <174525+helderco@users.noreply.github.com> Signed-off-by: Vasek - Tom C <tom@quartz.technology>
Signed-off-by: Vasek - Tom C <tom@epitech.eu>
7c1a5f0
to
2c4cbcf
Compare
@helderco PR update and ready for review :) |
Not a fan of the name here either, since it sounds like you're doing something wrong ("secrets in plaintext"). Technically the Personally I don't see much value in having an API shorthand here in the first place, since there can be value in decoupling secrets from all the places they're used, especially if a secret is used in multiple places. The status quo is slightly repetitive if you keep env var names + secret names matching all the time, but doesn't seem that awful: container.WithSecretVariable("FOO", client.SetSecret("FOO", "hey"))
container.WithPlainSecretVariable("FOO", "hey") If we can find a good name I'd be onboard though. It's possible I just don't have the empathy for above yet, and I don't mind sugar in the API for really common use cases, especially if it makes it easier to quickly script a bunch of things. Some ideas:
I don't love any of'em but I think it's important to drop "Plain." |
Yes, that’s exactly why! I also considered
I was kind of wondering the same thing. It reminds me of #4835 but that was a harder problem because it couldn’t easily be solved in the API. However, this is easy to abstract away. There’s a docs example in Python where an addr = await ctr.with_registry_auth(
"docker.io",
Env.DOCKERHUB_USERNAME,
Env.DOCKERHUB_PASSWORD.as_secret(dagger_client),
) And the abstraction is easy to do: class Env(StrEnum):
...
DOCKERHUB_USERNAME = auto()
DOCKERHUB_PASSWORD = auto()
def as_secret(self, client: dagger.Client) -> dagger.Secret:
return client.set_secret(self.name.lower(), self.value) Another example is to make a chainable util for this, e.g., for reducing the duplication of mentioning the same host env var name: func SecretHostEnv(c *dagger.Client, name string) dagger.ContainerWithFunc {
return func(ctr *dagger.Container) *dagger.Container {
return ctr.WithSecretVariable(
name,
client.SetSecret(name, os.GetEnv(name))
)
}
}
ctr := c.Container().
From("alpine").
...
WithEnvVariable("ABI_USER")
With(SecretHostEnv(c, "ABI_PASS")).
WithExec(...) Note that this isn’t strictly equal to what the PR does but that’s the point. These are conveniences for specific use cases and depend on users’ needs. While we want to make it easy for the most common use cases, we also need to consider how much there’s to gain. My point is the same as @vito’s:
I also wonder about the future for secrets. I know this has been discussed but I don’t have full context. My understanding is that we want a pluggable system for multiple different sources for secrets. I’m not sure if the current |
@TomChv would you mind trying out |
I think this PR will be one hold until I've fix #3457, but I can try too add a release note for #5488 |
PR Closed, see #5000 (comment) |
Resolves: #5000