Skip to content

Structural cycle when dagger do --with and dagger.#DecodeSecret are conjointly used #1867

Closed
#2024
Closed
Structural cycle when dagger do --with and dagger.#DecodeSecret are conjointly used#1867
#2024
@grouville

Description

@grouville
grouville
opened on Mar 26, 2022

Issue

When running dagger with the --with option in a plan using the dagger.#DecodeSecret action, structural cycle errors gets triggered, even if the referenced key is not being used

$ dagger -p ./debug.cue do --with 'actions: ref:"d"' good --log-format plain
5:52PM INF client.commands.so | computing
5:52PM INF client.commands.so | completed    duration=0s
5:52PM INF actions.good | computing
5:52PM INF actions.good | completed    duration=0s
5:52PM FTL system | failed to execute plan: actions.good.output: 4 errors in empty disjunction:
actions.good.output: field not allowed: Password:
    /Users/home/Documents/test/cue.mod/pkg/dagger.io/dagger/secrets.cue:14:10
    /Users/home/Documents/test/cue.mod/pkg/dagger.io/dagger/types.cue:24:10
    /Users/home/Documents/test/debug.cue:1:1
    /Users/home/Documents/test/debug.cue:8:1
    /Users/home/Documents/test/debug.cue:20:9
actions.good.output.Password: 2 errors in empty disjunction:
actions.good.output.Password: field not allowed: contents:
    /Users/home/Documents/test/cue.mod/pkg/dagger.io/dagger/secrets.cue:14:10
    /Users/home/Documents/test/cue.mod/pkg/dagger.io/dagger/secrets.cue:14:31
    /Users/home/Documents/test/cue.mod/pkg/dagger.io/dagger/types.cue:24:10
    /Users/home/Documents/test/debug.cue:1:1
    /Users/home/Documents/test/debug.cue:8:1
    /Users/home/Documents/test/debug.cue:20:9
actions.good.output.Password.Password: structural cycle

Repro

package main

import (
	"dagger.io/dagger"
)

dagger.#Plan & {
	client: {
		commands: "so": {
			"name": "sops"
			"args": ["-d", "./toto.yaml"]
			"stdout": dagger.#Secret
		}
	}

	actions: {
		ref: string

		good: dagger.#DecodeSecret & {
			"input":  client.commands.so.stdout
			"format": "yaml"
		}
	}
}

toto.yaml (you have the sops key)

Password: ENC[AES256_GCM,data:bZXOwQ==,iv:Y3Xl1RtIBIc+73Dg5e10Oe4+3Yv/6OYdEnyby8Prqn0=,tag:+NOr+Pwt03ELpCKzhUi5vA==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWXpJOG9qNkh3cE1jTmN0
            SDc3akljSUVVdTk1K3QrNm1Ud3QzK1NESFRZCmt6TlRjTjU2OFRSVU16cUUyaktn
            NzBoaDVrYXhHNzFIbkFqQklpcXUwODgKLS0tIFFTamJiQmRxSzJiOFl6cVU3ZytQ
            YnRHQkpFWXFqR2JaVWRuczVBVlY4bzQKI6UBGT94wISCRUQ5s9Y23LSkMr46XXrt
            GLYOcANgsnKzZDSF80w7H3SgE3vKIHhPsD5729o94RWJ5r+8pVCxjQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2022-03-26T16:04:56Z"
    mac: ENC[AES256_GCM,data:8YJOf0i3MAmrD6za8dEXLUnmgdD+tu11Vn1N+O8BEOaU+hwNlT4zpYRZCa/B/0nqaxn8TZEUJHM+uw7nA9fRotoX6sdQ3Tk0wUVOLkvzEYHJELW/7Cut+8cZwnj5RzsnfzMF2VKgT6s3CksTKUacW76IFxsuAKUSso4vc1gXDxE=,iv:cNSW+0wdwglkdXt+WOH7JTeBXyuyhRV08TZeWlZuDJI=,tag:QuWqjelVpiBwoOKgHYPTWg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.1

Working command: dagger -p ./debug.cue do good --log-format plain
Failing command: dagger -p ./debug.cue do --with 'actions: ref:"d"' good --log-format plain

Solution

I don't have a clue regarding the root cause

cc @jlongtine

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions