ResourcePlugin Step Specification
This document provides a reference for a ResourcePlugin step specification. A step specification describes a step of a ResourcePlugin phase workflow that executes a script.
Here is an example of a ResourcePlugin step:
- name: stepInput
name: step1 # name of the step containing the output
output: dbsecret # name of the output from step1
env: DBSECRET # injected into step environment
- name: password
description: "password to access the database"
dd if=/dev/urandom count=1 > /tmp/secret
Name is required and must be unique amongst all steps in any resource plugin
phase workflow (phases
Inputs specifies data consumed by the step and how to make that data available to the container running the step.
Each input has a required name and that name must be unique amongst all inputs.
Each resource in a Sandbox can provide parameters to a resource plugin in the
form of a map from strings to strings. An input to a step refering to these
parameters should set
true and the name of the input
should correspond to a key in the sandbox parameters map. Otherwise,
valueFromSandbox should be
valueFromStep should be specified.
valueFromStep specifies the output of another step to be consumed
as input. It has 2 fields,
name which is the name of the step
producing an output to be consumed, and
output, which is the name
of the output within that step to consume as input.
Each input has an
as specification which tells how to present the
data to the container running the step. Data may be presented as
an environment variable, or placed in a file at location
env specifes the name of the environmental variable.
Outputs specifes data produced by the step for consumption by other steps or by sandboxed workloads in sandboxes
Each output has a name that must be unique amongst all names
Each output has an optional description which is a short string.
valueFromPath tells the Signadot Operator to take the output from
a given path once the script has terminated. For example, we may
echo a > /tmp/a
- name: a
The path should exist once the script successfully terminates.
The script field is a string containing a script to run. The script uses the
#!/path/to/interpreter unix shebang format, where
/path/to/interpreter is fed input from the rest of the file.
There are no constraints on the interpreter other than that it must be recognized on the ResourcePlugin runner.
Following this pattern, the script may reference anything present on the runner, including secret mounts, environmental variables, tools such as helm, etc.
script is required and must start with
#!. The maximum size of a script is