feat: Adds 'file' block to image

Also adds ability to create env variables from secrets

Author: Alan Christie

decoder/job-definition-schema.yaml

@@ -134,6 +134,8 @@ definitions:
         $ref: '#/definitions/cores'
       environment:
         $ref: '#/definitions/environment'
+      file:
+        $ref: '#/definitions/file'
     required:
     - name
     - tag
@@ -172,6 +174,7 @@ definitions:
         - $ref: '#/definitions/environment-value-from-api-token'
         - $ref: '#/definitions/environment-value-from-constant'
         - $ref: '#/definitions/environment-value-from-secret'
+        - $ref: '#/definitions/environment-value-from-account-server-asset'
     required:
     - name
     - value-from
@@ -244,6 +247,67 @@ definitions:
     required:
     - secret
 
+  # An Image environment from an Account Server 'asset'.
+  # At the moment we expect the secret to be unencrypted,
+  # just 'opaque', so it can be read by the DM without special actions.
+  environment-value-from-account-server-asset:
+    type: object
+    additionalProperties: false
+    properties:
+      account-server-asset:
+        type: object
+        properties:
+          # The name of the secret object,
+          # i.e. its metadata->name.
+          name:
+            $ref: '#/definitions/rfc-1035-name'
+        required:
+        - name
+    required:
+    - account-server-asset
+
+  # Image file definitions
+  file:
+    type: array
+    items:
+      $ref: '#/definitions/file-content-from'
+
+  # An Image file from something else
+  file-content-from:
+    type: object
+    additionalProperties: false
+    properties:
+      name:
+        $ref: '#/definitions/path-and-file-name'
+      content-from:
+        oneOf:
+        - $ref: '#/definitions/file-content-from-account-server-asset'
+    required:
+    - name
+    - content-from
+
+  # An Image file-from an account-server-asset declaration
+  file-content-from-account-server-asset:
+    type: object
+    additionalProperties: false
+    properties:
+      account-server-asset:
+        type: object
+        properties:
+          name:
+            $ref: '#/definitions/rfc-1035-name'
+        required:
+        - name
+    required:
+    - account-server-asset
+
+  # The pattern for Image file names.
+  path-and-file-name:
+    type: string
+    minLength: 2
+    maxLength: 256
+    pattern: '^/.{1,255}$'
+
   # The pattern for Image environment names.
   # Classic linux/shell,
   # i.e. letters, digits and '_' and must begin letter or '_'

tests/test_validate_job_schema.py

@@ -89,6 +89,42 @@ def test_validate_image_env_from_secret():
     assert error is None
 
 
+def test_validate_image_env_from_account_server_asset():
+    # Arrange
+    text: Dict[str, Any] = deepcopy(_MINIMAL)
+    demo_job: Dict[str, Any] = text["jobs"]["demo"]
+    demo_job["image"]["environment"] = [
+        {
+            "name": "ENV_VAR",
+            "value-from": {"account-server-asset": {"name": "asset-a"}},
+        }
+    ]
+
+    # Act
+    error = decoder.validate_job_schema(text)
+
+    # Assert
+    assert error is None
+
+
+def test_validate_image_file_from_account_server_asset():
+    # Arrange
+    text: Dict[str, Any] = deepcopy(_MINIMAL)
+    demo_job: Dict[str, Any] = text["jobs"]["demo"]
+    demo_job["image"]["file"] = [
+        {
+            "name": "/usr/local/licence.txt",
+            "content-from": {"account-server-asset": {"name": "asset-a"}},
+        }
+    ]
+
+    # Act
+    error = decoder.validate_job_schema(text)
+
+    # Assert
+    assert error is None
+
+
 def test_validate_image_memory_32gi():
     # Arrange
     text: Dict[str, Any] = deepcopy(_MINIMAL)