Fix secrets patch for buildah bud

buildah bud was failing to get the secrets data
The issue was buildah bud was not being given the /usr/share/containers/mounts.conf file path
so it had no secrets to mount
Also reworked the way the secrets data was being copied from the host to the container

Signed-off-by: umohnani8 <umohnani@redhat.com>

cmd/buildah/bud.go

@@ -207,19 +207,20 @@ func budCmd(c *cli.Context) error {
 	}
 
 	options := imagebuildah.BuildOptions{
-		ContextDirectory:    contextDir,
-		PullPolicy:          pullPolicy,
-		Compression:         imagebuildah.Gzip,
-		Quiet:               c.Bool("quiet"),
-		SignaturePolicyPath: c.String("signature-policy"),
-		Args:                args,
-		Output:              output,
-		AdditionalTags:      tags,
-		Runtime:             c.String("runtime"),
-		RuntimeArgs:         runtimeFlags,
-		OutputFormat:        format,
-		SystemContext:       systemContext,
-		CommonBuildOpts:     commonOpts,
+		ContextDirectory:      contextDir,
+		PullPolicy:            pullPolicy,
+		Compression:           imagebuildah.Gzip,
+		Quiet:                 c.Bool("quiet"),
+		SignaturePolicyPath:   c.String("signature-policy"),
+		Args:                  args,
+		Output:                output,
+		AdditionalTags:        tags,
+		Runtime:               c.String("runtime"),
+		RuntimeArgs:           runtimeFlags,
+		OutputFormat:          format,
+		SystemContext:         systemContext,
+		CommonBuildOpts:       commonOpts,
+		DefaultMountsFilePath: c.GlobalString("default-mounts-file"),
 	}
 
 	if !c.Bool("quiet") {

imagebuildah/build.go

@@ -106,6 +106,8 @@ type BuildOptions struct {
 	// SystemContext holds parameters used for authentication.
 	SystemContext   *types.SystemContext
 	CommonBuildOpts *buildah.CommonBuildOptions
+	// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format
+	DefaultMountsFilePath string
 }
 
 // Executor is a buildah-based implementation of the imagebuilder.Executor
@@ -138,6 +140,7 @@ type Executor struct {
 	volumeCacheInfo                map[string]os.FileInfo
 	reportWriter                   io.Writer
 	commonBuildOptions             *buildah.CommonBuildOptions
+	defaultMountsFilePath          string
 }
 
 // Preserve informs the executor that from this point on, it needs to ensure
@@ -419,23 +422,24 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
 		registry:                       options.Registry,
 		transport:                      options.Transport,
 		ignoreUnrecognizedInstructions: options.IgnoreUnrecognizedInstructions,
-		quiet:               options.Quiet,
-		runtime:             options.Runtime,
-		runtimeArgs:         options.RuntimeArgs,
-		transientMounts:     options.TransientMounts,
-		compression:         options.Compression,
-		output:              options.Output,
-		outputFormat:        options.OutputFormat,
-		additionalTags:      options.AdditionalTags,
-		signaturePolicyPath: options.SignaturePolicyPath,
-		systemContext:       options.SystemContext,
-		volumeCache:         make(map[string]string),
-		volumeCacheInfo:     make(map[string]os.FileInfo),
-		log:                 options.Log,
-		out:                 options.Out,
-		err:                 options.Err,
-		reportWriter:        options.ReportWriter,
-		commonBuildOptions:  options.CommonBuildOpts,
+		quiet:                 options.Quiet,
+		runtime:               options.Runtime,
+		runtimeArgs:           options.RuntimeArgs,
+		transientMounts:       options.TransientMounts,
+		compression:           options.Compression,
+		output:                options.Output,
+		outputFormat:          options.OutputFormat,
+		additionalTags:        options.AdditionalTags,
+		signaturePolicyPath:   options.SignaturePolicyPath,
+		systemContext:         options.SystemContext,
+		volumeCache:           make(map[string]string),
+		volumeCacheInfo:       make(map[string]os.FileInfo),
+		log:                   options.Log,
+		out:                   options.Out,
+		err:                   options.Err,
+		reportWriter:          options.ReportWriter,
+		commonBuildOptions:    options.CommonBuildOpts,
+		defaultMountsFilePath: options.DefaultMountsFilePath,
 	}
 	if exec.err == nil {
 		exec.err = os.Stderr
@@ -471,14 +475,15 @@ func (b *Executor) Prepare(ib *imagebuilder.Builder, node *parser.Node, from str
 		b.log("FROM %s", from)
 	}
 	builderOptions := buildah.BuilderOptions{
-		FromImage:           from,
-		PullPolicy:          b.pullPolicy,
-		Registry:            b.registry,
-		Transport:           b.transport,
-		SignaturePolicyPath: b.signaturePolicyPath,
-		ReportWriter:        b.reportWriter,
-		SystemContext:       b.systemContext,
-		CommonBuildOpts:     b.commonBuildOptions,
+		FromImage:             from,
+		PullPolicy:            b.pullPolicy,
+		Registry:              b.registry,
+		Transport:             b.transport,
+		SignaturePolicyPath:   b.signaturePolicyPath,
+		ReportWriter:          b.reportWriter,
+		SystemContext:         b.systemContext,
+		CommonBuildOpts:       b.commonBuildOptions,
+		DefaultMountsFilePath: b.defaultMountsFilePath,
 	}
 	builder, err := buildah.NewBuilder(b.store, builderOptions)
 	if err != nil {

secrets.go

@@ -3,7 +3,6 @@ package buildah
 import (
 	"bufio"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -23,12 +22,6 @@ var (
 	OverrideMountsFile = "/etc/containers/mounts.conf"
 )
 
-// SecretData info
-type SecretData struct {
-	Name string
-	Data []byte
-}
-
 func getMounts(filePath string) []string {
 	file, err := os.Open(filePath)
 	if err != nil {
@@ -48,67 +41,6 @@ func getMounts(filePath string) []string {
 	return mounts
 }
 
-// SaveTo saves secret data to given directory
-func (s SecretData) SaveTo(dir string) error {
-	path := filepath.Join(dir, s.Name)
-	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
-		return err
-	}
-	return ioutil.WriteFile(path, s.Data, 0700)
-}
-
-func readAll(root, prefix string) ([]SecretData, error) {
-	path := filepath.Join(root, prefix)
-
-	data := []SecretData{}
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return data, nil
-		}
-
-		return nil, err
-	}
-
-	for _, f := range files {
-		fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
-		if err != nil {
-			// If the file did not exist, might be a dangling symlink
-			// Ignore the error
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		data = append(data, fileData...)
-	}
-
-	return data, nil
-}
-
-func readFile(root, name string) ([]SecretData, error) {
-	path := filepath.Join(root, name)
-
-	s, err := os.Stat(path)
-	if err != nil {
-		return nil, err
-	}
-
-	if s.IsDir() {
-		dirData, err2 := readAll(root, name)
-		if err2 != nil {
-			return nil, err2
-		}
-		return dirData, nil
-	}
-	bytes, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	return []SecretData{{Name: name, Data: bytes}}, nil
-}
-
 // getHostAndCtrDir separates the host:container paths
 func getMountsMap(path string) (string, string, error) {
 	arr := strings.SplitN(path, ":", 2)
@@ -118,15 +50,6 @@ func getMountsMap(path string) (string, string, error) {
 	return "", "", errors.Errorf("unable to get host and container dir")
 }
 
-func getHostSecretData(hostDir string) ([]SecretData, error) {
-	var allSecrets []SecretData
-	hostSecrets, err := readAll(hostDir, "")
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
-	}
-	return append(allSecrets, hostSecrets...), nil
-}
-
 // secretMount copies the contents of host directory to container directory
 // and returns a list of mounts
 func secretMounts(filePath, mountLabel, containerWorkingDir string) ([]rspec.Mount, error) {
@@ -157,16 +80,10 @@ func secretMounts(filePath, mountLabel, containerWorkingDir string) ([]rspec.Mou
 			return nil, err
 		}
 
-		data, err := getHostSecretData(hostDir)
-		if err != nil {
-			return nil, errors.Wrapf(err, "getting host secret data failed")
-		}
-		for _, s := range data {
-			err = s.SaveTo(ctrDirOnHost)
-			if err != nil {
-				return nil, err
-			}
+		if err = copyWithTar(hostDir, ctrDirOnHost); err != nil && !os.IsNotExist(err) {
+			return nil, errors.Wrapf(err, "error getting host secret data")
 		}
+
 		err = label.Relabel(ctrDirOnHost, mountLabel, false)
 		if err != nil {
 			return nil, errors.Wrap(err, "error applying correct labels")