Coder Social home page Coder Social logo

Comments (3)

yann-soubeyrand avatar yann-soubeyrand commented on July 30, 2024

On Discord, there have been some proposals:

  • We could add an argument when passing a secret, like cmd:command-to-run:s.
  • We could use a different scheme, like cmd-s:command-to-run.
  • We could add an annotation on the function parameter, like in Go
func (*Module) Function(
// +strip
secret *dagger.Secret
)

from dagger.

yann-soubeyrand avatar yann-soubeyrand commented on July 30, 2024

If feasible, I personally prefer the last one.

from dagger.

helderco avatar helderco commented on July 30, 2024

If feasible, I personally prefer the last one.

I don't think that's a good option. The function shouldn't need to know if the secret needs stripping or not. That responsibility should fall to the one loading the secret. See also:

I don't think we should do this with options at the point of use. Secrets should be marked to do this at point of load.

- Originally posted by @jedevc in #7220 (comment)

I also like @sipsma's suggestion here:

Hm yeah I agree this is likely what users would want 99.99% of the time and fairly annoying to require them to deal with themselves in userspace (i.e. get secret plaintext, strip newlines, create new modified secret).

I feel like there must be some obscure corner case where this isn't desired, but I can't think of any concretely either. And push comes to shove if we need to support the 0.01% of cases we can always add some kludge like --token=file-raw:/some/token/file/where/trailing/newlines/matter or similar.

- Originally posted by @sipsma in #6845 (review)

So if the most common thing is to want to strip the newline, then we strip it by default, and offer these alternatives to keep it as is:

  • env-raw:
  • file-raw:
  • cmd-raw:

Which seems clearer than the opposite default:

  • env-strip:
  • file-strip:
  • cmd-strip:

Flipping defaults is always a breaking change though, and @sipsma already reverted his suggestion to default to not touch it:

I'm good with reverting the change to strip newlines. I think we could consider the inverse of my suggestion on that PR and instead support a CLI syntax that does strip newlines for use cases that call for that. But I think this situation proves it's probably better to default to the exact contents of the file/command/env var.

- Originally posted by @sipsma in #7220 (comment)

Emphasis mine, because I tend to agree with that.

from dagger.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.