github.com/tilt-dev/tilt@v0.33.15-0.20240515162809-0a22ed45d8a0/internal/docker/buildkit/secret.go

github.com/tilt-dev/tilt@v0.33.15-0.20240515162809-0a22ed45d8a0/internal/docker/buildkit/secret.go (about)

     1  /**
     2  Code for parsing Buildkit arguments adapted from Docker CLI
     3  
     4  Adapted from
     5  https://github.com/docker/cli/blob/28ac2f82c690ac8f37c2980f2787572815439a50/cli/command/image/build_buildkit.go
     6  
     7  
     8     Copyright 2013-2017 Docker, Inc.
     9  
    10     Licensed under the Apache License, Version 2.0 (the "License");
    11     you may not use this file except in compliance with the License.
    12     You may obtain a copy of the License at
    13  
    14         http://www.apache.org/licenses/LICENSE-2.0
    15  
    16     Unless required by applicable law or agreed to in writing, software
    17     distributed under the License is distributed on an "AS IS" BASIS,
    18     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    19     See the License for the specific language governing permissions and
    20     limitations under the License.
    21  */
    22  
    23  package buildkit
    24  
    25  import (
    26  	"encoding/csv"
    27  	"strings"
    28  
    29  	"github.com/moby/buildkit/session"
    30  	"github.com/moby/buildkit/session/secrets/secretsprovider"
    31  	"github.com/pkg/errors"
    32  )
    33  
    34  func ParseSecretSpecs(sl []string) (session.Attachable, error) {
    35  	fs := make([]secretsprovider.Source, 0, len(sl))
    36  	for _, v := range sl {
    37  		s, err := parseSecret(v)
    38  		if err != nil {
    39  			return nil, err
    40  		}
    41  		fs = append(fs, *s)
    42  	}
    43  	store, err := secretsprovider.NewStore(fs)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  	return secretsprovider.NewSecretProvider(store), nil
    48  }
    49  
    50  func parseSecret(value string) (*secretsprovider.Source, error) {
    51  	csvReader := csv.NewReader(strings.NewReader(value))
    52  	fields, err := csvReader.Read()
    53  	if err != nil {
    54  		return nil, errors.Wrap(err, "failed to parse csv secret")
    55  	}
    56  
    57  	fs := secretsprovider.Source{}
    58  
    59  	var typ string
    60  	for _, field := range fields {
    61  		parts := strings.SplitN(field, "=", 2)
    62  		key := strings.ToLower(parts[0])
    63  
    64  		if len(parts) != 2 {
    65  			return nil, errors.Errorf("invalid field '%s' must be a key=value pair", field)
    66  		}
    67  
    68  		value := parts[1]
    69  		switch key {
    70  		case "type":
    71  			if value != "file" && value != "env" {
    72  				return nil, errors.Errorf("unsupported secret type %q", value)
    73  			}
    74  			typ = value
    75  		case "id":
    76  			fs.ID = value
    77  		case "source", "src":
    78  			fs.FilePath = value
    79  		case "env":
    80  			fs.Env = value
    81  		default:
    82  			return nil, errors.Errorf("unexpected key '%s' in '%s'", key, field)
    83  		}
    84  	}
    85  	if typ == "env" && fs.Env == "" {
    86  		fs.Env = fs.FilePath
    87  		fs.FilePath = ""
    88  	}
    89  	return &fs, nil
    90  }