engine: exec: support uid/gid/mask for secret mounts

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2021-12-17 15:52:56 +01:00
parent 85114025e6
commit 82cbea8324
3 changed files with 35 additions and 5 deletions
--- a/plan/task/exec.go
+++ b/plan/task/exec.go
@@ -260,10 +260,19 @@ func (t *execTask) mountSecret(pctx *plancontext.Context, dest string, mnt *comp
 		return nil, err
 	}

-	// FIXME: handle uid, gid, optional
+	opts := struct {
+		UID  int
+		GID  int
+		Mask int
+	}{}
+
+	if err := mnt.Decode(&opts); err != nil {
+		return nil, err
+	}
+
 	return llb.AddSecret(dest,
 		llb.SecretID(contents.ID()),
-		llb.SecretFileOpt(0, 0, 0400), // uid, gid, mask)
+		llb.SecretFileOpt(opts.UID, opts.GID, opts.Mask),
 	), nil
 }