From e56ad842fb8e27bdf20b103203f6166526e16e48 Mon Sep 17 00:00:00 2001 From: Sascha Schwarze Date: Tue, 2 Apr 2024 12:08:40 +0200 Subject: [PATCH] Correct multiple secret values in one array parameter that references different secret variables --- .gitignore | 2 + pkg/reconciler/buildrun/resources/params.go | 3 +- .../buildrun/resources/params_test.go | 73 +++++++++++++++++++ 3 files changed, 77 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b45618b7bc..26a30cd708 100644 --- a/.gitignore +++ b/.gitignore @@ -62,6 +62,8 @@ anaconda-mode/ *.dylib # Test binary, build with 'go test -c' *.test +# Ginkgo report +ginkgo.report # Output of the go coverage tool, specifically when used with LiteIDE *.out ### Vim ### diff --git a/pkg/reconciler/buildrun/resources/params.go b/pkg/reconciler/buildrun/resources/params.go index 16c79c2dbf..b90d88f709 100644 --- a/pkg/reconciler/buildrun/resources/params.go +++ b/pkg/reconciler/buildrun/resources/params.go @@ -160,7 +160,8 @@ func HandleTaskRunParam(taskRun *pipelineapi.TaskRun, parameterDefinition *build return nil default: - for index, value := range paramValue.Values { + for index := range paramValue.Values { + value := paramValue.Values[index] switch { case value.ConfigMapValue != nil: envVarName, err := addConfigMapEnvVar(taskRun, paramValue.Name, value.ConfigMapValue.Name, value.ConfigMapValue.Key) diff --git a/pkg/reconciler/buildrun/resources/params_test.go b/pkg/reconciler/buildrun/resources/params_test.go index 3e95fb9d65..e790e6c550 100644 --- a/pkg/reconciler/buildrun/resources/params_test.go +++ b/pkg/reconciler/buildrun/resources/params_test.go @@ -674,5 +674,78 @@ var _ = Describe("HandleTaskRunParam", func() { }, })) }) + + It("adds multiple environment variables correctly", func() { + err := HandleTaskRunParam(taskRun, parameterDefinition, buildv1beta1.ParamValue{ + Name: "array-parameter", + Values: []buildv1beta1.SingleValue{ + { + Value: pointer.String("first entry"), + }, + { + SecretValue: &buildv1beta1.ObjectKeyRef{ + Name: "secret-name", + Key: "secret-key-1", + }, + }, + { + SecretValue: &buildv1beta1.ObjectKeyRef{ + Name: "secret-name", + Key: "secret-key-2", + Format: pointer.String("The secret value is ${SECRET_VALUE}"), + }, + }, + }, + }) + Expect(err).ToNot(HaveOccurred()) + + // Verify the environment variable that is only added to the second step + Expect(len(taskRun.Spec.TaskSpec.Steps[0].Env)).To(Equal(0)) + + Expect(len(taskRun.Spec.TaskSpec.Steps[1].Env)).To(Equal(2)) + + envVarName1 := taskRun.Spec.TaskSpec.Steps[1].Env[0].Name + Expect(envVarName1).To(HavePrefix("SHP_SECRET_PARAM_")) + Expect(taskRun.Spec.TaskSpec.Steps[1].Env[0]).To(BeEquivalentTo(corev1.EnvVar{ + Name: envVarName1, + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "secret-name", + }, + Key: "secret-key-1", + }, + }, + })) + + envVarName2 := taskRun.Spec.TaskSpec.Steps[1].Env[1].Name + Expect(envVarName2).To(HavePrefix("SHP_SECRET_PARAM_")) + Expect(taskRun.Spec.TaskSpec.Steps[1].Env[1]).To(BeEquivalentTo(corev1.EnvVar{ + Name: envVarName2, + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "secret-name", + }, + Key: "secret-key-2", + }, + }, + })) + + // Verify the parameters + Expect(taskRun.Spec.Params).To(BeEquivalentTo([]pipelineapi.Param{ + { + Name: "array-parameter", + Value: pipelineapi.ParamValue{ + Type: pipelineapi.ParamTypeArray, + ArrayVal: []string{ + "first entry", + fmt.Sprintf("$(%s)", envVarName1), + fmt.Sprintf("The secret value is $(%s)", envVarName2), + }, + }, + }, + })) + }) }) })