Expanding variables returns sensitive metadata (!72) · Merge requests · GitLab.org / Step Runner

Cameron Swords requested to merge introduce-variable-type into main Jul 15, 2024

What does this MR do?

Introduces a context.Variable type in place of the structpb.Value. Variable wraps the structpb.Value and provides additional sensitive metadata.

The Expand function in interpolate.go returns a context.Variable. The variable is considered sensitive if it expands an output variable that has been declared sensitive in the step specification. This will be extended in future MRs to consider other kinds of sensitive variables (e.g. environment variables).

A future MR will use the sensitive metadata returned by Expand to ensure that non-sensitive inputs are not derived from sensitive outputs. For the context of how this might be used, see Spike: Non sensitive inputs cannot be created u... (!71 - closed).

Reference

Sensitive outputs can only be given to sensitiv... (#94)

Edited Jul 16, 2024 by Cameron Swords

Expanding variables returns sensitive metadata

What does this MR do?

Reference

Merge request reports