// AddBuildSecrets adds the defined secrets into a build. The input format for
// the secrets is "<secretName>:<destinationDir>". The destinationDir is
// optional and when not specified the default is the current working directory.
func (r *SourceRepository) AddBuildSecrets(secrets []string) error {
injections := s2iapi.VolumeList{}
r.secrets = []buildapi.SecretBuildSource{}
for _, in := range secrets {
if err := injections.Set(in); err != nil {
return err
}
}
secretExists := func(name string) bool {
for _, s := range r.secrets {
if s.Secret.Name == name {
return true
}
}
return false
}
for _, in := range injections {
if r.GetStrategy() == generate.StrategyDocker && filepath.IsAbs(in.Destination) {
return fmt.Errorf("for the docker strategy, the secret destination directory %q must be a relative path", in.Destination)
}
if len(validation.ValidateSecretName(in.Source, false)) != 0 {
return fmt.Errorf("the %q must be valid secret name", in.Source)
}
if secretExists(in.Source) {
return fmt.Errorf("the %q secret can be used just once", in.Source)
}
r.secrets = append(r.secrets, buildapi.SecretBuildSource{
Secret: kapi.LocalObjectReference{Name: in.Source},
DestinationDir: in.Destination,
})
}
return nil
}
// AddBuildSecrets adds the defined secrets into a build. The input format for
// the secrets is "<secretName>:<destinationDir>". The destinationDir is
// optional and when not specified the default is the current working directory.
func (r *SourceRepository) AddBuildSecrets(secrets []string) error {
injections := s2iapi.InjectionList{}
r.secrets = []buildapi.SecretBuildSource{}
for _, in := range secrets {
if err := injections.Set(in); err != nil {
return err
}
}
secretExists := func(name string) bool {
for _, s := range r.secrets {
if s.Secret.Name == name {
return true
}
}
return false
}
for _, in := range injections {
if ok, _ := validation.ValidateSecretName(in.SourcePath, false); !ok {
return fmt.Errorf("the %q must be valid secret name", in.SourcePath)
}
if secretExists(in.SourcePath) {
return fmt.Errorf("the %q secret can be used just once", in.SourcePath)
}
r.secrets = append(r.secrets, buildapi.SecretBuildSource{
Secret: kapi.LocalObjectReference{Name: in.SourcePath},
DestinationDir: in.DestinationDir,
})
}
return nil
}
func validateSecrets(secrets []buildapi.SecretBuildSource, isDockerStrategy bool, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
for i, s := range secrets {
if len(s.Secret.Name) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("secret")))
}
if ok, _ := validation.ValidateSecretName(s.Secret.Name, false); !ok {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("secret"), s, "must be valid secret name"))
}
if strings.HasPrefix(path.Clean(s.DestinationDir), "..") {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("destinationDir"), s.DestinationDir, "destination dir cannot start with '..'"))
}
if isDockerStrategy && filepath.IsAbs(s.DestinationDir) {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("destinationDir"), s.DestinationDir, "for the docker strategy the destinationDir has to be relative path"))
}
}
return allErrs
}
