// AddBuildSecrets adds the defined secrets into a build. The input format for // the secrets is "<secretName>:<destinationDir>". The destinationDir is // optional and when not specified the default is the current working directory. func (r *SourceRepository) AddBuildSecrets(secrets []string) error { injections := s2iapi.VolumeList{} r.secrets = []buildapi.SecretBuildSource{} for _, in := range secrets { if err := injections.Set(in); err != nil { return err } } secretExists := func(name string) bool { for _, s := range r.secrets { if s.Secret.Name == name { return true } } return false } for _, in := range injections { if r.GetStrategy() == generate.StrategyDocker && filepath.IsAbs(in.Destination) { return fmt.Errorf("for the docker strategy, the secret destination directory %q must be a relative path", in.Destination) } if len(validation.ValidateSecretName(in.Source, false)) != 0 { return fmt.Errorf("the %q must be valid secret name", in.Source) } if secretExists(in.Source) { return fmt.Errorf("the %q secret can be used just once", in.Source) } r.secrets = append(r.secrets, buildapi.SecretBuildSource{ Secret: kapi.LocalObjectReference{Name: in.Source}, DestinationDir: in.Destination, }) } return nil }
// AddBuildSecrets adds the defined secrets into a build. The input format for // the secrets is "<secretName>:<destinationDir>". The destinationDir is // optional and when not specified the default is the current working directory. func (r *SourceRepository) AddBuildSecrets(secrets []string) error { injections := s2iapi.InjectionList{} r.secrets = []buildapi.SecretBuildSource{} for _, in := range secrets { if err := injections.Set(in); err != nil { return err } } secretExists := func(name string) bool { for _, s := range r.secrets { if s.Secret.Name == name { return true } } return false } for _, in := range injections { if ok, _ := validation.ValidateSecretName(in.SourcePath, false); !ok { return fmt.Errorf("the %q must be valid secret name", in.SourcePath) } if secretExists(in.SourcePath) { return fmt.Errorf("the %q secret can be used just once", in.SourcePath) } r.secrets = append(r.secrets, buildapi.SecretBuildSource{ Secret: kapi.LocalObjectReference{Name: in.SourcePath}, DestinationDir: in.DestinationDir, }) } return nil }
func validateSecrets(secrets []buildapi.SecretBuildSource, isDockerStrategy bool, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} for i, s := range secrets { if len(s.Secret.Name) == 0 { allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("secret"))) } if ok, _ := validation.ValidateSecretName(s.Secret.Name, false); !ok { allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("secret"), s, "must be valid secret name")) } if strings.HasPrefix(path.Clean(s.DestinationDir), "..") { allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("destinationDir"), s.DestinationDir, "destination dir cannot start with '..'")) } if isDockerStrategy && filepath.IsAbs(s.DestinationDir) { allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("destinationDir"), s.DestinationDir, "for the docker strategy the destinationDir has to be relative path")) } } return allErrs }