aboutsummaryrefslogtreecommitdiff
path: root/pkg/bindings
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-11-30 19:29:33 +0100
committerGitHub <noreply@github.com>2021-11-30 19:29:33 +0100
commit85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa (patch)
tree0753c3c1069bcfa4abb893ed44a851fbf59a3550 /pkg/bindings
parent3fac03cf04e68eb3351aff8c33bac6bea85810f6 (diff)
parentc80a2e4495f877bc0f6a522e99b511de6c0d525d (diff)
downloadpodman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.gz
podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.tar.bz2
podman-85101f69d8ac18dcd66e19a8a368fbcc4c5e21aa.zip
Merge pull request #12414 from flouthoc/api-allow-secrets
tunnel: allow `remote` and `API` to accept `--secrets`
Diffstat (limited to 'pkg/bindings')
-rw-r--r--pkg/bindings/images/build.go54
1 files changed, 54 insertions, 0 deletions
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 3b0bebe9f..25770fdfc 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -5,6 +5,7 @@ import (
"compress/gzip"
"context"
"encoding/json"
+ "fmt"
"io"
"io/ioutil"
"net/http"
@@ -377,6 +378,59 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Set("dockerfile", string(cFileJSON))
}
+
+ // build secrets are usually absolute host path or relative to context dir on host
+ // in any case move secret to current context and ship the tar.
+ if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 {
+ secretsForRemote := []string{}
+
+ for _, secret := range secrets {
+ secretOpt := strings.Split(secret, ",")
+ if len(secretOpt) > 0 {
+ modifiedOpt := []string{}
+ for _, token := range secretOpt {
+ arr := strings.SplitN(token, "=", 2)
+ if len(arr) > 1 {
+ if arr[0] == "src" {
+ // read specified secret into a tmp file
+ // move tmp file to tar and change secret source to relative tmp file
+ tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret")
+ if err != nil {
+ return nil, err
+ }
+ defer os.Remove(tmpSecretFile.Name()) // clean up
+ defer tmpSecretFile.Close()
+ srcSecretFile, err := os.Open(arr[1])
+ if err != nil {
+ return nil, err
+ }
+ defer srcSecretFile.Close()
+ _, err = io.Copy(tmpSecretFile, srcSecretFile)
+ if err != nil {
+ return nil, err
+ }
+
+ //add tmp file to context dir
+ tarContent = append(tarContent, tmpSecretFile.Name())
+
+ modifiedSrc := fmt.Sprintf("src=%s", filepath.Base(tmpSecretFile.Name()))
+ modifiedOpt = append(modifiedOpt, modifiedSrc)
+ } else {
+ modifiedOpt = append(modifiedOpt, token)
+ }
+ }
+ }
+ secretsForRemote = append(secretsForRemote, strings.Join(modifiedOpt[:], ","))
+ }
+ }
+
+ c, err := jsoniter.MarshalToString(secretsForRemote)
+ if err != nil {
+ return nil, err
+ }
+ params.Add("secrets", c)
+ }
+
tarfile, err := nTar(append(excludes, dontexcludes...), tarContent...)
if err != nil {
logrus.Errorf("Cannot tar container entries %v error: %v", tarContent, err)