diff options
author | Aditya Rajan <arajan@redhat.com> | 2021-11-26 18:18:30 +0530 |
---|---|---|
committer | Aditya Rajan <arajan@redhat.com> | 2021-11-30 14:19:29 +0530 |
commit | e7204178e175d8ad619faa626ba284c777886cd3 (patch) | |
tree | 4903432e6c852b299695a92756cfc72bb1476186 /pkg/bindings | |
parent | bfcaf538bb000d7eb72975d234a95f566da54715 (diff) | |
download | podman-e7204178e175d8ad619faa626ba284c777886cd3.tar.gz podman-e7204178e175d8ad619faa626ba284c777886cd3.tar.bz2 podman-e7204178e175d8ad619faa626ba284c777886cd3.zip |
podman-remote: copy secret to contextdir is absolute path on host
Podman remote must treat build secrets as part of context directory. If
secret path is absolute path on host copy it to tar file and pass it to
remote server.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/bindings')
-rw-r--r-- | pkg/bindings/images/build.go | 61 |
1 files changed, 54 insertions, 7 deletions
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 9c2e3e6b2..25770fdfc 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -5,6 +5,7 @@ import ( "compress/gzip" "context" "encoding/json" + "fmt" "io" "io/ioutil" "net/http" @@ -116,13 +117,6 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } params.Add("dnsservers", c) } - if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 { - c, err := jsoniter.MarshalToString(secrets) - if err != nil { - return nil, err - } - params.Add("secrets", c) - } if dnsoptions := options.CommonBuildOpts.DNSOptions; len(dnsoptions) > 0 { c, err := jsoniter.MarshalToString(dnsoptions) if err != nil { @@ -384,6 +378,59 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO } params.Set("dockerfile", string(cFileJSON)) } + + // build secrets are usually absolute host path or relative to context dir on host + // in any case move secret to current context and ship the tar. + if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 { + secretsForRemote := []string{} + + for _, secret := range secrets { + secretOpt := strings.Split(secret, ",") + if len(secretOpt) > 0 { + modifiedOpt := []string{} + for _, token := range secretOpt { + arr := strings.SplitN(token, "=", 2) + if len(arr) > 1 { + if arr[0] == "src" { + // read specified secret into a tmp file + // move tmp file to tar and change secret source to relative tmp file + tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret") + if err != nil { + return nil, err + } + defer os.Remove(tmpSecretFile.Name()) // clean up + defer tmpSecretFile.Close() + srcSecretFile, err := os.Open(arr[1]) + if err != nil { + return nil, err + } + defer srcSecretFile.Close() + _, err = io.Copy(tmpSecretFile, srcSecretFile) + if err != nil { + return nil, err + } + + //add tmp file to context dir + tarContent = append(tarContent, tmpSecretFile.Name()) + + modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFile.Name())) + modifiedOpt = append(modifiedOpt, modifiedSrc) + } else { + modifiedOpt = append(modifiedOpt, token) + } + } + } + secretsForRemote = append(secretsForRemote, strings.Join(modifiedOpt[:], ",")) + } + } + + c, err := jsoniter.MarshalToString(secretsForRemote) + if err != nil { + return nil, err + } + params.Add("secrets", c) + } + tarfile, err := nTar(append(excludes, dontexcludes...), tarContent...) if err != nil { logrus.Errorf("Cannot tar container entries %v error: %v", tarContent, err) |