Make all secrets case insensitive by formatting them to uppercase (#470)

* Uppercase secrets, print error when secret with same name already exists * Test lower-to-upper case formatting for secrets
2021-01-12 17:54:53 +00:00 · 2021-01-12 17:54:53 +00:00 · 2811101dea
commit 2811101dea
parent 1b38d5c4d9
3 changed files with 15 additions and 0 deletions
--- a/cmd/secrets.go
+++ b/cmd/secrets.go
@ -15,6 +15,10 @@ func newSecrets(secretList []string) secrets {
 	s := make(map[string]string)
 	for _, secretPair := range secretList {
 		secretPairParts := strings.SplitN(secretPair, "=", 2)
+		secretPairParts[0] = strings.ToUpper(secretPairParts[0])
+		if strings.ToUpper(s[secretPairParts[0]]) == secretPairParts[0] {
+			log.Fatalf("Secret %s is already defined (secrets are case insensitive)", secretPairParts[0])
+		}
 		if len(secretPairParts) == 2 {
 			s[secretPairParts[0]] = secretPairParts[1]
 		} else if env, ok := os.LookupEnv(secretPairParts[0]); ok && env != "" {
--- a/pkg/runner/expression.go
+++ b/pkg/runner/expression.go
@ -61,6 +61,9 @@ type expressionEvaluator struct {
 }

 func (ee *expressionEvaluator) Evaluate(in string) (string, bool, error) {
+	if strings.HasPrefix(in, `secrets.`){
+		in = `secrets.`+strings.ToUpper(strings.SplitN(in, `.`, 2)[1])
+	}
 	re := ee.Rewrite(in)
 	if re != in {
 		log.Debugf("Evaluating '%s' instead of '%s'", re, in)
--- a/pkg/runner/expression_test.go
+++ b/pkg/runner/expression_test.go
@ -14,6 +14,9 @@ func TestEvaluate(t *testing.T) {
 	rc := &RunContext{
 		Config: &Config{
 			Workdir: ".",
+			Secrets: map[string]string{
+				"LOWER_CASE_SECRET": "value",
+			},
 		},
 		Env: map[string]string{
 			"key": "value",
@ -102,6 +105,7 @@ func TestEvaluate(t *testing.T) {
 		{"matrix.os", "Linux", ""},
 		{"matrix.foo", "bar", ""},
 		{"env.key", "value", ""},
+		{"secrets.lower_case_secret", "value", ""},
 	}

 	for _, table := range tables {
@ -124,6 +128,9 @@ func TestInterpolate(t *testing.T) {
 	rc := &RunContext{
 		Config: &Config{
 			Workdir: ".",
+			Secrets: map[string]string{
+				"LOWER_CASE_SECRET": "value",
+			},
 		},
 		Env: map[string]string{
 			"KEYWITHNOTHING":       "valuewithnothing",
@ -151,6 +158,7 @@ func TestInterpolate(t *testing.T) {
 		{" ${{ env.KEYWITHNOTHING }} ", " valuewithnothing "},
 		{" ${{ env.KEY-WITH-HYPHENS }} ", " value-with-hyphens "},
 		{" ${{ env.KEY_WITH_UNDERSCORES }} ", " value_with_underscores "},
+		{" ${{ secrets.lower_case_secret }} ", " value "},
 		{"${{ env.UNKNOWN }}", ""},
 		{"${{ env.SOMETHING_TRUE }}", "true"},
 		{"${{ env.SOMETHING_FALSE }}", "false"},