github.com/hernad/nomad@v1.6.112/e2e/workload_id/input/identity.nomad

github.com/hernad/nomad@v1.6.112/e2e/workload_id/input/identity.nomad (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  job "identity" {
     5    datacenters = ["dc1"]
     6    type        = "batch"
     7  
     8    constraint {
     9      attribute = "${attr.kernel.name}"
    10      value     = "linux"
    11    }
    12  
    13    group "identity" {
    14  
    15      # none task should log no secrets
    16      task "none" {
    17        driver = "docker"
    18        config {
    19          image = "bash:5"
    20  
    21          #HACK(schmichael) without the ending `sleep 2` we seem to sometimes miss logs :(
    22          args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done; sleep 2"]
    23        }
    24        resources {
    25          cpu    = 16
    26          memory = 32
    27          disk   = 64
    28        }
    29      }
    30  
    31      # empty task should log no secrets
    32      task "empty" {
    33  
    34        identity {}
    35  
    36        driver = "docker"
    37        config {
    38          image = "bash:5"
    39  
    40          #HACK(schmichael) without the ending `sleep 2` we seem to sometimes miss logs :(
    41          args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done; sleep 2"]
    42        }
    43        resources {
    44          cpu    = 16
    45          memory = 32
    46          disk   = 64
    47        }
    48      }
    49  
    50      # env task should log only env var
    51      task "env" {
    52  
    53        identity {
    54          env  = true
    55          file = false
    56        }
    57  
    58        driver = "docker"
    59        config {
    60          image = "bash:5"
    61  
    62          #HACK(schmichael) without the ending `sleep 2` we seem to sometimes miss logs :(
    63          args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done; sleep 2"]
    64        }
    65        resources {
    66          cpu    = 16
    67          memory = 32
    68          disk   = 64
    69        }
    70      }
    71  
    72      # file task should log only env var
    73      task "file" {
    74  
    75        identity {
    76          file = true
    77        }
    78  
    79        driver = "docker"
    80        config {
    81          image = "bash:5"
    82  
    83          #HACK(schmichael) without the ending `sleep 2` we seem to sometimes miss logs :(
    84          args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done; sleep 2"]
    85        }
    86        resources {
    87          cpu    = 16
    88          memory = 32
    89          disk   = 64
    90        }
    91      }
    92  
    93      # falsey task should be the same as no identity block
    94      task "falsey" {
    95  
    96        identity {
    97          env  = false
    98          file = false
    99        }
   100  
   101        driver = "docker"
   102        config {
   103          image = "bash:5"
   104  
   105          #HACK(schmichael) without the ending `sleep 2` we seem to sometimes miss logs :(
   106          args = ["-c", "wc -c < secrets/nomad_token; env | grep NOMAD_TOKEN; echo done; sleep 2"]
   107        }
   108        resources {
   109          cpu    = 16
   110          memory = 32
   111          disk   = 64
   112        }
   113      }
   114    }
   115  }