// AddBuildSecrets adds the defined secrets into a build. The input format for
// the secrets is "<secretName>:<destinationDir>". The destinationDir is
// optional and when not specified the default is the current working directory.
func (r *SourceRepository) AddBuildSecrets(secrets []string) error {
injections := s2iapi.VolumeList{}
r.secrets = []buildapi.SecretBuildSource{}
for _, in := range secrets {
if err := injections.Set(in); err != nil {
return err
}
}
secretExists := func(name string) bool {
for _, s := range r.secrets {
if s.Secret.Name == name {
return true
}
}
return false
}
for _, in := range injections {
if r.GetStrategy() == generate.StrategyDocker && filepath.IsAbs(in.Destination) {
return fmt.Errorf("for the docker strategy, the secret destination directory %q must be a relative path", in.Destination)
}
if len(validation.ValidateSecretName(in.Source, false)) != 0 {
return fmt.Errorf("the %q must be valid secret name", in.Source)
}
if secretExists(in.Source) {
return fmt.Errorf("the %q secret can be used just once", in.Source)
}
r.secrets = append(r.secrets, buildapi.SecretBuildSource{
Secret: kapi.LocalObjectReference{Name: in.Source},
DestinationDir: in.Destination,
})
}
return nil
}
func (i *integrationTest) exerciseInjectionBuild(tag, imageName string, injections []string) {
t := i.t
err := os.Mkdir("/tmp/s2i-test-dir", 0777)
if err != nil {
t.Errorf("Unable to create temporary directory: %v", err)
}
defer os.RemoveAll("/tmp/s2i-test-dir")
err = ioutil.WriteFile(filepath.Join("/tmp/s2i-test-dir/secret"), []byte("secret"), 0666)
if err != nil {
t.Errorf("Unable to write content to temporary injection file: %v", err)
}
injectionList := api.VolumeList{}
for _, i := range injections {
injectionList.Set(i)
}
config := &api.Config{
DockerConfig: dockerConfig(),
BuilderImage: imageName,
BuilderPullPolicy: api.DefaultBuilderPullPolicy,
Source: TestSource,
Tag: tag,
Injections: injectionList,
}
builder, err := strategies.GetStrategy(config)
if err != nil {
t.Fatalf("Unable to create builder: %v", err)
}
resp, err := builder.Build(config)
if err != nil {
t.Fatalf("Unexpected error occurred during build: %v", err)
}
if !resp.Success {
t.Fatalf("S2I build failed.")
}
i.checkForImage(tag)
containerID := i.createContainer(tag)
defer i.removeContainer(containerID)
// Check that the injected file is delivered to assemble script
i.fileExists(containerID, "/sti-fake/secret-delivered")
i.fileExists(containerID, "/sti-fake/relative-secret-delivered")
// Make sure the injected file does not exists in resulting image
files, err := util.ExpandInjectedFiles(injectionList)
if err != nil {
t.Errorf("Unexpected error: %v", err)
}
for _, f := range files {
if exitCode := i.runInImage(tag, "test -s "+f); exitCode == 0 {
t.Errorf("The file must be empty: %q, we got %q", f, err)
}
}
}