summaryrefslogtreecommitdiff
path: root/pkg/bindings
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2021-11-26 18:18:30 +0530
committerAditya Rajan <arajan@redhat.com>2021-11-30 14:19:29 +0530
commite7204178e175d8ad619faa626ba284c777886cd3 (patch)
tree4903432e6c852b299695a92756cfc72bb1476186 /pkg/bindings
parentbfcaf538bb000d7eb72975d234a95f566da54715 (diff)
downloadpodman-e7204178e175d8ad619faa626ba284c777886cd3.tar.gz
podman-e7204178e175d8ad619faa626ba284c777886cd3.tar.bz2
podman-e7204178e175d8ad619faa626ba284c777886cd3.zip
podman-remote: copy secret to contextdir is absolute path on host
Podman remote must treat build secrets as part of context directory. If secret path is absolute path on host copy it to tar file and pass it to remote server. Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/bindings')
-rw-r--r--pkg/bindings/images/build.go61
1 files changed, 54 insertions, 7 deletions
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 9c2e3e6b2..25770fdfc 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -5,6 +5,7 @@ import (
"compress/gzip"
"context"
"encoding/json"
+ "fmt"
"io"
"io/ioutil"
"net/http"
@@ -116,13 +117,6 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Add("dnsservers", c)
}
- if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 {
- c, err := jsoniter.MarshalToString(secrets)
- if err != nil {
- return nil, err
- }
- params.Add("secrets", c)
- }
if dnsoptions := options.CommonBuildOpts.DNSOptions; len(dnsoptions) > 0 {
c, err := jsoniter.MarshalToString(dnsoptions)
if err != nil {
@@ -384,6 +378,59 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Set("dockerfile", string(cFileJSON))
}
+
+ // build secrets are usually absolute host path or relative to context dir on host
+ // in any case move secret to current context and ship the tar.
+ if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 {
+ secretsForRemote := []string{}
+
+ for _, secret := range secrets {
+ secretOpt := strings.Split(secret, ",")
+ if len(secretOpt) > 0 {
+ modifiedOpt := []string{}
+ for _, token := range secretOpt {
+ arr := strings.SplitN(token, "=", 2)
+ if len(arr) > 1 {
+ if arr[0] == "src" {
+ // read specified secret into a tmp file
+ // move tmp file to tar and change secret source to relative tmp file
+ tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret")
+ if err != nil {
+ return nil, err
+ }
+ defer os.Remove(tmpSecretFile.Name()) // clean up
+ defer tmpSecretFile.Close()
+ srcSecretFile, err := os.Open(arr[1])
+ if err != nil {
+ return nil, err
+ }
+ defer srcSecretFile.Close()
+ _, err = io.Copy(tmpSecretFile, srcSecretFile)
+ if err != nil {
+ return nil, err
+ }
+
+ //add tmp file to context dir
+ tarContent = append(tarContent, tmpSecretFile.Name())
+
+ modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFile.Name()))
+ modifiedOpt = append(modifiedOpt, modifiedSrc)
+ } else {
+ modifiedOpt = append(modifiedOpt, token)
+ }
+ }
+ }
+ secretsForRemote = append(secretsForRemote, strings.Join(modifiedOpt[:], ","))
+ }
+ }
+
+ c, err := jsoniter.MarshalToString(secretsForRemote)
+ if err != nil {
+ return nil, err
+ }
+ params.Add("secrets", c)
+ }
+
tarfile, err := nTar(append(excludes, dontexcludes...), tarContent...)
if err != nil {
logrus.Errorf("Cannot tar container entries %v error: %v", tarContent, err)