From bfcaf538bb000d7eb72975d234a95f566da54715 Mon Sep 17 00:00:00 2001 From: Aditya Rajan Date: Thu, 25 Nov 2021 17:10:50 +0530 Subject: api: allow build api to accept secrets Following commit makes sure that `build` api can accept external secret and allows currently `NOOP` `podman-remote build -t tag --secret id=mysecret,src=/path/on/remote` to become functional. Just like `docker` following api is a hidden field and only exposed to `podman-remote` but could document it if it needs exposed on `swagger`. Signed-off-by: Aditya Rajan --- pkg/api/handlers/compat/images_build.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'pkg/api/handlers/compat/images_build.go') diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index ac5934c13..18f9dc98b 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Target string `schema:"target"` Timestamp int64 `schema:"timestamp"` Ulimits string `schema:"ulimits"` + Secrets string `schema:"secrets"` }{ Dockerfile: "Dockerfile", Registry: "docker.io", @@ -239,6 +240,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { dnssearch = m } + var secrets = []string{} + if _, found := r.URL.Query()["secrets"]; found { + var m = []string{} + if err := json.Unmarshal([]byte(query.Secrets), &m); err != nil { + utils.BadRequest(w, "secrets", query.Secrets, err) + return + } + secrets = m + } + var output string if len(query.Tag) > 0 { output = query.Tag[0] @@ -447,6 +458,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { SeccompProfilePath: seccomp, ShmSize: strconv.Itoa(query.ShmSize), Ulimit: ulimits, + Secrets: secrets, }, CNIConfigDir: rtc.Network.CNIPluginDirs[0], CNIPluginPath: util.DefaultCNIPluginPath, -- cgit v1.2.3-54-g00ecf