diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-11-30 19:29:33 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-30 19:29:33 +0100 |
commit | 85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa (patch) | |
tree | 0753c3c1069bcfa4abb893ed44a851fbf59a3550 /pkg/bindings/images/build.go | |
parent | 3fac03cf04e68eb3351aff8c33bac6bea85810f6 (diff) | |
parent | c80a2e4495f877bc0f6a522e99b511de6c0d525d (diff) | |
download | podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.gz podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.bz2 podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.zip |
Merge pull request #12414 from flouthoc/api-allow-secrets
tunnel: allow `remote` and `API` to accept `--secrets`
Diffstat (limited to 'pkg/bindings/images/build.go')
-rw-r--r-- | pkg/bindings/images/build.go | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 3b0bebe9f..25770fdfc 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -5,6 +5,7 @@ import ( "compress/gzip" "context" "encoding/json" + "fmt" "io" "io/ioutil" "net/http" @@ -377,6 +378,59 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } params.Set("dockerfile", string(cFileJSON)) } + + // build secrets are usually absolute host path or relative to context dir on host + // in any case move secret to current context and ship the tar. + if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 { + secretsForRemote := []string{} + + for _, secret := range secrets { + secretOpt := strings.Split(secret, ",") + if len(secretOpt) > 0 { + modifiedOpt := []string{} + for _, token := range secretOpt { + arr := strings.SplitN(token, "=", 2) + if len(arr) > 1 { + if arr[0] == "src" { + // read specified secret into a tmp file + // move tmp file to tar and change secret source to relative tmp file + tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret") + if err != nil { + return nil, err + } + defer os.Remove(tmpSecretFile.Name()) // clean up + defer tmpSecretFile.Close() + srcSecretFile, err := os.Open(arr[1]) + if err != nil { + return nil, err + } + defer srcSecretFile.Close() + _, err = io.Copy(tmpSecretFile, srcSecretFile) + if err != nil { + return nil, err + } + + //add tmp file to context dir + tarContent = append(tarContent, tmpSecretFile.Name()) + + modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFile.Name())) + modifiedOpt = append(modifiedOpt, modifiedSrc) + } else { + modifiedOpt = append(modifiedOpt, token) + } + } + } + secretsForRemote = append(secretsForRemote, strings.Join(modifiedOpt[:], ",")) + } + } + + c, err := jsoniter.MarshalToString(secretsForRemote) + if err != nil { + return nil, err + } + params.Add("secrets", c) + } + tarfile, err := nTar(append(excludes, dontexcludes...), tarContent...) if err != nil { logrus.Errorf("Cannot tar container entries %v error: %v", tarContent, err) |