diff --git a/pkg/compose/publish.go b/pkg/compose/publish.go index 90ad19b0a..e08d7d29e 100644 --- a/pkg/compose/publish.go +++ b/pkg/compose/publish.go @@ -297,7 +297,6 @@ func (s *composeService) generateImageDigestsOverride(ctx context.Context, proje return override.MarshalYAML() } -//nolint:gocyclo func (s *composeService) preChecks(project *types.Project, options api.PublishOptions) (bool, error) { if ok, err := s.checkOnlyBuildSection(project); !ok || err != nil { return false, err @@ -340,50 +339,20 @@ func (s *composeService) preChecks(project *types.Project, options api.PublishOp return false, err } } - envVariables, err := s.checkEnvironmentVariables(project, options) + err = s.checkEnvironmentVariables(project, options) if err != nil { return false, err } - if len(envVariables) > 0 { - b := strings.Builder{} - b.WriteString("you are about to publish environment variables within your OCI artifact.\n" + - "please double check that you are not leaking sensitive data\n") - for key, val := range envVariables { - b.WriteString("Service/Config ") - b.WriteString(key) - b.WriteRune('\n') - for k, v := range val { - b.WriteString(fmt.Sprintf("%s=%v\n", k, *v)) - } - } - b.WriteString("Are you ok to publish these environment variables?") - confirm, err := s.prompt(b.String(), false) - if err != nil || !confirm { - return false, err - } - } return true, nil } -func (s *composeService) checkEnvironmentVariables(project *types.Project, options api.PublishOptions) (map[string]types.MappingWithEquals, error) { - envVarList := map[string]types.MappingWithEquals{} +func (s *composeService) checkEnvironmentVariables(project *types.Project, options api.PublishOptions) error { errorList := map[string][]string{} for _, service := range project.Services { if len(service.EnvFiles) > 0 { errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has env_file declared.", service.Name)) } - if len(service.Environment) > 0 { - errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has environment variable(s) declared.", service.Name)) - envVarList[service.Name] = service.Environment - } - } - - for _, config := range project.Configs { - if config.Environment != "" { - errorList[config.Name] = append(errorList[config.Name], fmt.Sprintf("config %q is declare as an environment variable.", config.Name)) - envVarList[config.Name] = types.NewMappingWithEquals([]string{fmt.Sprintf("%s=%s", config.Name, config.Environment)}) - } } if !options.WithEnvironment && len(errorList) > 0 { @@ -395,10 +364,10 @@ func (s *composeService) checkEnvironmentVariables(project *types.Project, optio errorMsg.WriteString(fmt.Sprintf("%s\n", err)) } } - return nil, fmt.Errorf("%s%s", errorMsg.String(), errorMsgSuffix) + return fmt.Errorf("%s%s", errorMsg.String(), errorMsgSuffix) } - return envVarList, nil + return nil } func envFileLayers(files map[string]string) []v1.Descriptor { diff --git a/pkg/e2e/publish_test.go b/pkg/e2e/publish_test.go index 7e9015520..b5488df60 100644 --- a/pkg/e2e/publish_test.go +++ b/pkg/e2e/publish_test.go @@ -29,18 +29,10 @@ func TestPublishChecks(t *testing.T) { c := NewParallelCLI(t) const projectName = "compose-e2e-explicit-profiles" - t.Run("publish error environment", func(t *testing.T) { - res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-environment.yml", - "-p", projectName, "publish", "test/test") - res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has environment variable(s) declared. -To avoid leaking sensitive data,`}) - }) - t.Run("publish error env_file", func(t *testing.T) { res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-env-file.yml", "-p", projectName, "publish", "test/test") res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has env_file declared. -service "serviceA" has environment variable(s) declared. To avoid leaking sensitive data,`}) }) @@ -49,8 +41,6 @@ To avoid leaking sensitive data,`}) "-p", projectName, "publish", "test/test") // we don't in which order the services will be loaded, so we can't predict the order of the error messages assert.Assert(t, strings.Contains(res.Combined(), `service "serviceB" has env_file declared.`), res.Combined()) - assert.Assert(t, strings.Contains(res.Combined(), `service "serviceB" has environment variable(s) declared.`), res.Combined()) - assert.Assert(t, strings.Contains(res.Combined(), `service "serviceA" has environment variable(s) declared.`), res.Combined()) assert.Assert(t, strings.Contains(res.Combined(), `To avoid leaking sensitive data, you must either explicitly allow the sending of environment variables by using the --with-env flag, or remove sensitive data from your Compose configuration `), res.Combined()) @@ -70,52 +60,12 @@ or remove sensitive data from your Compose configuration assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined()) }) - t.Run("publish approve validation message", func(t *testing.T) { - cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml", - "-p", projectName, "publish", "test/test", "--with-env", "--dry-run") - cmd.Stdin = strings.NewReader("y\n") - res := icmd.RunCmd(cmd) - res.Assert(t, icmd.Expected{ExitCode: 0}) - assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables?"), res.Combined()) - assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined()) - assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined()) - }) - - t.Run("publish refuse validation message", func(t *testing.T) { - cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml", - "-p", projectName, "publish", "test/test", "--with-env", "--dry-run") - cmd.Stdin = strings.NewReader("n\n") - res := icmd.RunCmd(cmd) - res.Assert(t, icmd.Expected{ExitCode: 0}) - assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables?"), res.Combined()) - assert.Assert(t, !strings.Contains(res.Combined(), "test/test publishing"), res.Combined()) - assert.Assert(t, !strings.Contains(res.Combined(), "test/test published"), res.Combined()) - }) - t.Run("publish with extends", func(t *testing.T) { res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-with-extends.yml", "-p", projectName, "publish", "test/test", "--dry-run") assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined()) }) - t.Run("publish list env variables", func(t *testing.T) { - cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-multi-env-config.yml", - "-p", projectName, "publish", "test/test", "--with-env", "--dry-run") - cmd.Stdin = strings.NewReader("n\n") - res := icmd.RunCmd(cmd) - res.Assert(t, icmd.Expected{ExitCode: 0}) - out := res.Combined() - assert.Assert(t, strings.Contains(out, `you are about to publish environment variables within your OCI artifact. -please double check that you are not leaking sensitive data`), out) - assert.Assert(t, strings.Contains(out, `Service/Config serviceA -FOO=bar`), out) - assert.Assert(t, strings.Contains(out, `Service/Config serviceB`), out) - // we don't know in which order the env variables will be loaded - assert.Assert(t, strings.Contains(out, `FOO=bar`), out) - assert.Assert(t, strings.Contains(out, `BAR=baz`), out) - assert.Assert(t, strings.Contains(out, `QUIX=`), out) - }) - t.Run("refuse to publish with bind mount", func(t *testing.T) { cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-bind-mount.yml", "-p", projectName, "publish", "test/test", "--dry-run")