buildx/util/buildflags/secrets.go

package buildflags

import (
	"strings"

	controllerapi "github.com/docker/buildx/controller/pb"
	"github.com/pkg/errors"
	"github.com/tonistiigi/go-csvvalue"
)

type Secret struct {
	ID       string `json:"id,omitempty"`
	FilePath string `json:"src,omitempty"`
	Env      string `json:"env,omitempty"`
}

func (s *Secret) Equal(other *Secret) bool {
	return s.ID == other.ID && s.FilePath == other.FilePath && s.Env == other.Env
}

func (s *Secret) String() string {
	var b csvBuilder
	if s.ID != "" {
		b.Write("id", s.ID)
	}
	if s.FilePath != "" {
		b.Write("src", s.FilePath)
	}
	if s.Env != "" {
		b.Write("env", s.Env)
	}
	return b.String()
}

func (s *Secret) ToPB() *controllerapi.Secret {
	return &controllerapi.Secret{
		ID:       s.ID,
		FilePath: s.FilePath,
		Env:      s.Env,
	}
}

func (s *Secret) UnmarshalText(text []byte) error {
	value := string(text)
	fields, err := csvvalue.Fields(value, nil)
	if err != nil {
		return errors.Wrap(err, "failed to parse csv secret")
	}

	*s = Secret{}

	var typ string
	for _, field := range fields {
		parts := strings.SplitN(field, "=", 2)
		key := strings.ToLower(parts[0])

		if len(parts) != 2 {
			return errors.Errorf("invalid field '%s' must be a key=value pair", field)
		}

		value := parts[1]
		switch key {
		case "type":
			if value != "file" && value != "env" {
				return errors.Errorf("unsupported secret type %q", value)
			}
			typ = value
		case "id":
			s.ID = value
		case "source", "src":
			s.FilePath = value
		case "env":
			s.Env = value
		default:
			return errors.Errorf("unexpected key '%s' in '%s'", key, field)
		}
	}
	if typ == "env" && s.Env == "" {
		s.Env = s.FilePath
		s.FilePath = ""
	}
	return nil
}

func ParseSecretSpecs(sl []string) ([]*controllerapi.Secret, error) {
	fs := make([]*controllerapi.Secret, 0, len(sl))
	for _, v := range sl {
		s, err := parseSecret(v)
		if err != nil {
			return nil, err
		}
		fs = append(fs, s)
	}
	return fs, nil
}

func parseSecret(value string) (*controllerapi.Secret, error) {
	var s Secret
	if err := s.UnmarshalText([]byte(value)); err != nil {
		return nil, err
	}
	return s.ToPB(), nil
}
build: split buildflags package Planned to be imported by nerdctl in future. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2021-04-09 14:20:26 +08:00			`package buildflags`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00
			`import (`
			`"strings"`

controller: strongly type the controller api Strongly typing the API allows us to perform all command line parsing fully on the client-side, where we have access to the client local directory and all the client environment variables, which may not be available on the remote server. Additionally, the controller api starts to look a lot like build.Options, so at some point in the future there may be an oppportunity to merge the two, which would allow both build and bake to execute through the controller, instead of needing to maintain multiple code paths. Signed-off-by: Justin Chadwell <me@jedevc.com> 2023-02-09 20:03:58 +08:00			`controllerapi "github.com/docker/buildx/controller/pb"`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`"github.com/pkg/errors"`
use csvvalue package for parsing csv inputs This package is better suited for parsing single-line CSV strings. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2024-06-28 11:31:23 +08:00			`"github.com/tonistiigi/go-csvvalue"`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`)`

bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`type Secret struct {`
			ID string `json:"id,omitempty"`
			FilePath string `json:"src,omitempty"`
			Env string `json:"env,omitempty"`
			`}`

			`func (s Secret) Equal(other Secret) bool {`
			`return s.ID == other.ID && s.FilePath == other.FilePath && s.Env == other.Env`
			`}`

			`func (s *Secret) String() string {`
			`var b csvBuilder`
			`if s.ID != "" {`
			`b.Write("id", s.ID)`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`if s.FilePath != "" {`
			`b.Write("src", s.FilePath)`
			`}`
			`if s.Env != "" {`
			`b.Write("env", s.Env)`
			`}`
			`return b.String()`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`

bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`func (s Secret) ToPB() controllerapi.Secret {`
			`return &controllerapi.Secret{`
			`ID: s.ID,`
			`FilePath: s.FilePath,`
			`Env: s.Env,`
			`}`
			`}`

			`func (s *Secret) UnmarshalText(text []byte) error {`
			`value := string(text)`
use csvvalue package for parsing csv inputs This package is better suited for parsing single-line CSV strings. Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2024-06-28 11:31:23 +08:00			`fields, err := csvvalue.Fields(value, nil)`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`if err != nil {`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`return errors.Wrap(err, "failed to parse csv secret")`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`

bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`*s = Secret{}`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00
Allow secrets with env Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-12-19 11:18:51 +08:00			`var typ string`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`for _, field := range fields {`
			`parts := strings.SplitN(field, "=", 2)`
			`key := strings.ToLower(parts[0])`

			`if len(parts) != 2 {`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`return errors.Errorf("invalid field '%s' must be a key=value pair", field)`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`

			`value := parts[1]`
			`switch key {`
			`case "type":`
Allow secrets with env Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-12-19 11:18:51 +08:00			`if value != "file" && value != "env" {`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`return errors.Errorf("unsupported secret type %q", value)`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`
Allow secrets with env Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-12-19 11:18:51 +08:00			`typ = value`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`case "id":`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`s.ID = value`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`case "source", "src":`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`s.FilePath = value`
Allow secrets with env Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-12-19 11:18:51 +08:00			`case "env":`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`s.Env = value`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`default:`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`return errors.Errorf("unexpected key '%s' in '%s'", key, field)`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`
			`}`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`if typ == "env" && s.Env == "" {`
			`s.Env = s.FilePath`
			`s.FilePath = ""`
			`}`
			`return nil`
			`}`

			`func ParseSecretSpecs(sl []string) ([]*controllerapi.Secret, error) {`
			`fs := make([]*controllerapi.Secret, 0, len(sl))`
			`for _, v := range sl {`
			`s, err := parseSecret(v)`
			`if err != nil {`
			`return nil, err`
			`}`
			`fs = append(fs, s)`
			`}`
			`return fs, nil`
			`}`

			`func parseSecret(value string) (*controllerapi.Secret, error) {`
			`var s Secret`
			`if err := s.UnmarshalText([]byte(value)); err != nil {`
			`return nil, err`
Allow secrets with env Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2020-12-19 11:18:51 +08:00			`}`
bake: initial set of composable bake attributes This allows using either the csv syntax or object syntax to specify certain attributes. This applies to the following fields: - output - cache-from - cache-to - secret - ssh There are still some remaining fields to translate. Specifically ulimits, annotations, and attest. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com> 2024-11-22 02:06:14 +08:00			`return s.ToPB(), nil`
build: basis of build command Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 2019-03-24 12:30:29 +08:00			`}`