Skip to content

Commit

Permalink
api: allow build api to accept secrets
Browse files Browse the repository at this point in the history 
Following commit makes sure that `build` api can accept external
secret and allows currently `NOOP` `podman-remote build -t tag
--secret id=mysecret,src=/path/on/remote` to become functional.

Just like `docker` following api is a hidden field and only exposed to
`podman-remote` but could document it if it needs exposed on `swagger`.

Signed-off-by: Aditya Rajan <[email protected]>
  • Loading branch information
@flouthoc
flouthoc committed Nov 30, 2021
1 parent d51ebca commit bfcaf53
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
12 changes: 12 additions & 0 deletions pkg/api/handlers/compat/images_build.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
Target string `schema:"target"`
Timestamp int64 `schema:"timestamp"`
Ulimits string `schema:"ulimits"`
Secrets string `schema:"secrets"`
}{
Dockerfile: "Dockerfile",
Registry: "docker.io",
Expand Down Expand Up @@ -239,6 +240,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
dnssearch = m
}

var secrets = []string{}
if _, found := r.URL.Query()["secrets"]; found {
var m = []string{}
if err := json.Unmarshal([]byte(query.Secrets), &m); err != nil {
utils.BadRequest(w, "secrets", query.Secrets, err)
return
}
secrets = m
}

var output string
if len(query.Tag) > 0 {
output = query.Tag[0]
Expand Down Expand Up @@ -447,6 +458,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
SeccompProfilePath: seccomp,
ShmSize: strconv.Itoa(query.ShmSize),
Ulimit: ulimits,
Secrets: secrets,
},
CNIConfigDir: rtc.Network.CNIPluginDirs[0],
CNIPluginPath: util.DefaultCNIPluginPath,
Expand Down
7 changes: 7 additions & 0 deletions pkg/bindings/images/build.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,13 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
}
params.Add("dnsservers", c)
}
if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 {
c, err := jsoniter.MarshalToString(secrets)
if err != nil {
return nil, err
}
params.Add("secrets", c)
}
if dnsoptions := options.CommonBuildOpts.DNSOptions; len(dnsoptions) > 0 {
c, err := jsoniter.MarshalToString(dnsoptions)
if err != nil {
Expand Down

0 comments on commit bfcaf53

Please sign in to comment.