Allow mounting multiple secrets

dln · dln · commit 67af3e1097cd · 2019-05-19T21:48:07.000+02:00
diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml
@@ -5,9 +5,9 @@ steps:
       - uname -a
       - echo 'Hello, World!'
       - ls -lR /foo
-      - cat /foo/bar/foo
-      - cat /foo/bar/bar
     plugins:
       - EmbarkStudios/k8s:
           image: alpine
-          mount-secret: dlntest:/foo/bar
+          mount-secret:
+            - dlntest:/foo/bar
+            - dlntest2:/foo/baz
diff --git a/README.md b/README.md
@@ -125,11 +125,12 @@ The name of the secret containing the git credentials used for checking out sour
 
 The key of the secret value containing the SSH key used when checking out source code with SSH as transport.
 
-### `mount-secret` (optional, string)
+### `mount-secret` (optional, string or array)
 
 Mount a secret as a directory inside the container. Must be in the form of `secretName:/some/mount/path`.
+Multiple secrets may be mounted by specifying a list of secret/mount pairs.
 
-Example: `my-secret:/my/secrets`
+Example: `my-secret:/my/secret`
 
 ### `build-path-host-path` (optional, string)
 
diff --git a/lib/job.jsonnet b/lib/job.jsonnet
@@ -165,19 +165,20 @@ function(jobName, agentEnv={}, stepEnvFile='') {
   },
 
   local secretMount = {
-    local mv = std.splitLimit(env.BUILDKITE_PLUGIN_K8S_MOUNT_SECRET, ':', 1),
-    mount:
-      if std.length(mv) < 2 then []
-      else [{ mountPath: mv[1], name: mv[0] }],
-    volume:
-      if std.length(mv) < 2 then []
-      else [{
-        name: mv[0],
-        secret: {
-          defaultMode: 256,
-          secretName: mv[0],
-        },
-      }],
+    local cfg = [
+      std.splitLimit(env[f], ':', 1)
+      for f in std.objectFields(env)
+      if std.startsWith(f, 'BUILDKITE_PLUGIN_K8S_MOUNT_SECRET')
+         && env[f] != ''
+    ],
+    mount: [
+      { name: c[0], mountPath: c[1] }
+      for c in cfg
+    ],
+    volume: [
+      { name: c[0], secret: { secretName: c[0], defaultMode: 256 } }
+      for c in cfg
+    ],
   },
 
   local commandArgs =
diff --git a/plugin.yml b/plugin.yml
@@ -22,7 +22,7 @@ configuration:
     init-image:
       type: string
     mount-secret:
-      type: [string]
+      type: [string, array]
     privileged:
       type: boolean
     secret-name:
