diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-11-30 19:29:33 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-30 19:29:33 +0100 |
| commit | 85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa (patch) | |
| tree | 0753c3c1069bcfa4abb893ed44a851fbf59a3550 /pkg/api | |
| parent | 3fac03cf04e68eb3351aff8c33bac6bea85810f6 (diff) | |
| parent | c80a2e4495f877bc0f6a522e99b511de6c0d525d (diff) | |
| download | podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.gz podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.bz2 podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.zip | |
Merge pull request #12414 from flouthoc/api-allow-secrets
tunnel: allow `remote` and `API` to accept `--secrets`
Diffstat (limited to 'pkg/api')
| -rw-r--r-- | pkg/api/handlers/compat/images_build.go | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index bc53e9312..f85df02e1 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Target string `schema:"target"` Timestamp int64 `schema:"timestamp"` Ulimits string `schema:"ulimits"` + Secrets string `schema:"secrets"` }{ Dockerfile: "Dockerfile", Registry: "docker.io", @@ -242,6 +243,49 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { dnssearch = m } + var secrets = []string{} + if _, found := r.URL.Query()["secrets"]; found { + var m = []string{} + if err := json.Unmarshal([]byte(query.Secrets), &m); err != nil { + utils.BadRequest(w, "secrets", query.Secrets, err) + return + } + + // for podman-remote all secrets must be picked from context director + // hence modify src so contextdir is added as prefix + + for _, secret := range m { + secretOpt := strings.Split(secret, ",") + if len(secretOpt) > 0 { + modifiedOpt := []string{} + for _, token := range secretOpt { + arr := strings.SplitN(token, "=", 2) + if len(arr) > 1 { + if arr[0] == "src" { + /* move secret away from contextDir */ + /* to make sure we dont accidentally commit temporary secrets to image*/ + builderDirectory, _ := filepath.Split(contextDirectory) + // following path is outside build context + newSecretPath := filepath.Join(builderDirectory, arr[1]) + oldSecretPath := filepath.Join(contextDirectory, arr[1]) + err := os.Rename(oldSecretPath, newSecretPath) + if err != nil { + utils.BadRequest(w, "secrets", query.Secrets, err) + return + } + + modifiedSrc := fmt.Sprintf("src=%s", newSecretPath) + modifiedOpt = append(modifiedOpt, modifiedSrc) + } else { + modifiedOpt = append(modifiedOpt, token) + } + } + } + secrets = append(secrets, strings.Join(modifiedOpt[:], ",")) + } + } + } + var output string if len(tags) > 0 { possiblyNormalizedName, err := utils.NormalizeToDockerHub(r, tags[0]) @@ -476,6 +520,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { SeccompProfilePath: seccomp, ShmSize: strconv.Itoa(query.ShmSize), Ulimit: ulimits, + Secrets: secrets, }, CNIConfigDir: rtc.Network.CNIPluginDirs[0], CNIPluginPath: util.DefaultCNIPluginPath, |