From 4fb92e1580092a62cf4be95289ac7cb8f73082cc Mon Sep 17 00:00:00 2001
From: David Gageot <david@gageot.net>
Date: Thu, 28 May 2020 08:31:50 +0200
Subject: [PATCH] [buildpacks] Support trusted builders

Signed-off-by: David Gageot <david@gageot.net>
---
 docs/content/en/schemas/v2beta5.json        |  7 +++++++
 pkg/skaffold/build/buildpacks/build_test.go | 19 ++++++++++++-------
 pkg/skaffold/build/buildpacks/lifecycle.go  | 15 ++++++++-------
 pkg/skaffold/schema/latest/config.go        |  3 +++
 4 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/docs/content/en/schemas/v2beta5.json b/docs/content/en/schemas/v2beta5.json
index b9a8d4ddf81..d580399a003 100755
--- a/docs/content/en/schemas/v2beta5.json
+++ b/docs/content/en/schemas/v2beta5.json
@@ -528,6 +528,12 @@
           "type": "string",
           "description": "overrides the stack's default run image.",
           "x-intellij-html-description": "overrides the stack's default run image."
+        },
+        "trustBuilder": {
+          "type": "boolean",
+          "description": "indicates that the builder should be trusted.",
+          "x-intellij-html-description": "indicates that the builder should be trusted.",
+          "default": "false"
         }
       },
       "preferredOrder": [
@@ -535,6 +541,7 @@
         "runImage",
         "env",
         "buildpacks",
+        "trustBuilder",
         "dependencies"
       ],
       "additionalProperties": false,
diff --git a/pkg/skaffold/build/buildpacks/build_test.go b/pkg/skaffold/build/buildpacks/build_test.go
index 0c1d1627ece..91b2e038f5b 100644
--- a/pkg/skaffold/build/buildpacks/build_test.go
+++ b/pkg/skaffold/build/buildpacks/build_test.go
@@ -65,16 +65,17 @@ func TestBuild(t *testing.T) {
 		},
 		{
 			description: "success with buildpacks",
-			artifact:    withBuildpacks([]string{"my/buildpack", "my/otherBuildpack"}, buildpacksArtifact("my/otherBuilder", "my/otherRun")),
+			artifact:    withTrustedBuilder(withBuildpacks([]string{"my/buildpack", "my/otherBuildpack"}, buildpacksArtifact("my/otherBuilder", "my/otherRun"))),
 			tag:         "img:tag",
 			api:         &testutil.FakeAPIClient{},
 			expectedOptions: &pack.BuildOptions{
-				AppPath:    ".",
-				Builder:    "my/otherBuilder",
-				RunImage:   "my/otherRun",
-				Buildpacks: []string{"my/buildpack", "my/otherBuildpack"},
-				Env:        map[string]string{},
-				Image:      "img:latest",
+				AppPath:      ".",
+				Builder:      "my/otherBuilder",
+				RunImage:     "my/otherRun",
+				Buildpacks:   []string{"my/buildpack", "my/otherBuildpack"},
+				TrustBuilder: true,
+				Env:          map[string]string{},
+				Image:        "img:latest",
 			},
 		},
 		{
@@ -257,6 +258,10 @@ func withSync(sync *latest.Sync, artifact *latest.Artifact) *latest.Artifact {
 	return artifact
 }
 
+func withTrustedBuilder(artifact *latest.Artifact) *latest.Artifact {
+	artifact.BuildpackArtifact.TrustBuilder = true
+	return artifact
+}
 func withBuildpacks(buildpacks []string, artifact *latest.Artifact) *latest.Artifact {
 	artifact.BuildpackArtifact.Buildpacks = buildpacks
 	return artifact
diff --git a/pkg/skaffold/build/buildpacks/lifecycle.go b/pkg/skaffold/build/buildpacks/lifecycle.go
index f57e778fde9..46460d0d228 100644
--- a/pkg/skaffold/build/buildpacks/lifecycle.go
+++ b/pkg/skaffold/build/buildpacks/lifecycle.go
@@ -95,13 +95,14 @@ func (b *Builder) build(ctx context.Context, out io.Writer, a *latest.Artifact,
 	alreadyPulled := images.AreAlreadyPulled(artifact.Builder, artifact.RunImage)
 
 	if err := runPackBuildFunc(ctx, out, b.localDocker, pack.BuildOptions{
-		AppPath:    workspace,
-		Builder:    artifact.Builder,
-		RunImage:   artifact.RunImage,
-		Buildpacks: buildpacks,
-		Env:        env,
-		Image:      latest,
-		NoPull:     alreadyPulled,
+		AppPath:      workspace,
+		Builder:      artifact.Builder,
+		RunImage:     artifact.RunImage,
+		Buildpacks:   buildpacks,
+		Env:          env,
+		Image:        latest,
+		NoPull:       alreadyPulled,
+		TrustBuilder: artifact.TrustBuilder,
 		// TODO(dgageot): Support project.toml include/exclude.
 		// FileFilter: func(string) bool { return true },
 	}); err != nil {
diff --git a/pkg/skaffold/schema/latest/config.go b/pkg/skaffold/schema/latest/config.go
index 5967e13a492..c27e6dbd2b7 100644
--- a/pkg/skaffold/schema/latest/config.go
+++ b/pkg/skaffold/schema/latest/config.go
@@ -750,6 +750,9 @@ type BuildpackArtifact struct {
 	// Order matters.
 	Buildpacks []string `yaml:"buildpacks,omitempty"`
 
+	// TrustBuilder indicates that the builder should be trusted.
+	TrustBuilder bool `yaml:"trustBuilder,omitempty"`
+
 	// Dependencies are the file dependencies that skaffold should watch for both rebuilding and file syncing for this artifact.
 	Dependencies *BuildpackDependencies `yaml:"dependencies,omitempty"`
 }