Fix secrets patch for buildah bud

buildah bud was failing to get the secrets data The issue was buildah bud was not being given the /usr/share/containers/mounts.conf file path so it had no secrets to mount Also reworked the way the secrets data was being copied from the host to the container Signed-off-by: umohnani8 <umohnani@redhat.com>
2018-02-23 12:38:39 -05:00 · 2018-02-23 12:38:39 -05:00 · fb14850b50
parent 669ffddd99
commit fb14850b50
3 changed files with 47 additions and 124 deletions
--- a/cmd/buildah/bud.go
+++ b/cmd/buildah/bud.go
@ -220,6 +220,7 @@ func budCmd(c *cli.Context) error {
 		OutputFormat:          format,
 		SystemContext:         systemContext,
 		CommonBuildOpts:       commonOpts,
+		DefaultMountsFilePath: c.GlobalString("default-mounts-file"),
 	}

 	if !c.Bool("quiet") {
--- a/imagebuildah/build.go
+++ b/imagebuildah/build.go
@ -106,6 +106,8 @@ type BuildOptions struct {
 	// SystemContext holds parameters used for authentication.
 	SystemContext   *types.SystemContext
 	CommonBuildOpts *buildah.CommonBuildOptions
+	// DefaultMountsFilePath is the file path holding the mounts to be mounted in "host-path:container-path" format
+	DefaultMountsFilePath string
 }

 // Executor is a buildah-based implementation of the imagebuilder.Executor
@ -138,6 +140,7 @@ type Executor struct {
 	volumeCacheInfo                map[string]os.FileInfo
 	reportWriter                   io.Writer
 	commonBuildOptions             *buildah.CommonBuildOptions
+	defaultMountsFilePath          string
 }

 // Preserve informs the executor that from this point on, it needs to ensure
@ -436,6 +439,7 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) {
 		err:                   options.Err,
 		reportWriter:          options.ReportWriter,
 		commonBuildOptions:    options.CommonBuildOpts,
+		defaultMountsFilePath: options.DefaultMountsFilePath,
 	}
 	if exec.err == nil {
 		exec.err = os.Stderr
@ -479,6 +483,7 @@ func (b *Executor) Prepare(ib *imagebuilder.Builder, node *parser.Node, from str
 		ReportWriter:          b.reportWriter,
 		SystemContext:         b.systemContext,
 		CommonBuildOpts:       b.commonBuildOptions,
+		DefaultMountsFilePath: b.defaultMountsFilePath,
 	}
 	builder, err := buildah.NewBuilder(b.store, builderOptions)
 	if err != nil {
--- a/secrets.go
+++ b/secrets.go
@ -3,7 +3,6 @@ package buildah
 import (
 	"bufio"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@ -23,12 +22,6 @@ var (
 	OverrideMountsFile = "/etc/containers/mounts.conf"
 )

-// SecretData info
-type SecretData struct {
-	Name string
-	Data []byte
-}
-
 func getMounts(filePath string) []string {
 	file, err := os.Open(filePath)
 	if err != nil {
@ -48,67 +41,6 @@ func getMounts(filePath string) []string {
 	return mounts
 }

-// SaveTo saves secret data to given directory
-func (s SecretData) SaveTo(dir string) error {
-	path := filepath.Join(dir, s.Name)
-	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
-		return err
-	}
-	return ioutil.WriteFile(path, s.Data, 0700)
-}
-
-func readAll(root, prefix string) ([]SecretData, error) {
-	path := filepath.Join(root, prefix)
-
-	data := []SecretData{}
-
-	files, err := ioutil.ReadDir(path)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return data, nil
-		}
-
-		return nil, err
-	}
-
-	for _, f := range files {
-		fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
-		if err != nil {
-			// If the file did not exist, might be a dangling symlink
-			// Ignore the error
-			if os.IsNotExist(err) {
-				continue
-			}
-			return nil, err
-		}
-		data = append(data, fileData...)
-	}
-
-	return data, nil
-}
-
-func readFile(root, name string) ([]SecretData, error) {
-	path := filepath.Join(root, name)
-
-	s, err := os.Stat(path)
-	if err != nil {
-		return nil, err
-	}
-
-	if s.IsDir() {
-		dirData, err2 := readAll(root, name)
-		if err2 != nil {
-			return nil, err2
-		}
-		return dirData, nil
-	}
-	bytes, err := ioutil.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	return []SecretData{{Name: name, Data: bytes}}, nil
-}
-
 // getHostAndCtrDir separates the host:container paths
 func getMountsMap(path string) (string, string, error) {
 	arr := strings.SplitN(path, ":", 2)
@ -118,15 +50,6 @@ func getMountsMap(path string) (string, string, error) {
 	return "", "", errors.Errorf("unable to get host and container dir")
 }

-func getHostSecretData(hostDir string) ([]SecretData, error) {
-	var allSecrets []SecretData
-	hostSecrets, err := readAll(hostDir, "")
-	if err != nil {
-		return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
-	}
-	return append(allSecrets, hostSecrets...), nil
-}
-
 // secretMount copies the contents of host directory to container directory
 // and returns a list of mounts
 func secretMounts(filePath, mountLabel, containerWorkingDir string) ([]rspec.Mount, error) {
@ -157,16 +80,10 @@ func secretMounts(filePath, mountLabel, containerWorkingDir string) ([]rspec.Mou
 			return nil, err
 		}

-		data, err := getHostSecretData(hostDir)
-		if err != nil {
-			return nil, errors.Wrapf(err, "getting host secret data failed")
-		}
-		for _, s := range data {
-			err = s.SaveTo(ctrDirOnHost)
-			if err != nil {
-				return nil, err
-			}
+		if err = copyWithTar(hostDir, ctrDirOnHost); err != nil && !os.IsNotExist(err) {
+			return nil, errors.Wrapf(err, "error getting host secret data")
 		}
+
 		err = label.Relabel(ctrDirOnHost, mountLabel, false)
 		if err != nil {
 			return nil, errors.Wrap(err, "error applying correct labels")