Handle secrets in DockerLogin operation

Before, secret was a plain text string, but it could lead to security issue so we are now handling secrets as `dagger.#Secret` or string. I've add a new struct SecretStore that expose the inputStore to easily retrieve secret value. Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
2021-08-31 13:04:16 +02:00
parent 47ef0a4c2a
commit a9fd97d7fe
5 changed files with 55 additions and 22 deletions
--- a/client/client.go
+++ b/client/client.go
@@ -128,15 +128,15 @@ func (c *Client) buildfn(ctx context.Context, st *state.State, env *environment.
 	// buildkit auth provider (registry)
 	auth := solver.NewRegistryAuthProvider()

-	// secrets
-	secrets := solver.NewSecretsProvider(st)
+	// session (secrets & store)
+	secretsStore := solver.NewSecretsStoreProvider(st)

 	// Setup solve options
 	opts := bk.SolveOpt{
 		LocalDirs: localdirs,
 		Session: []session.Attachable{
 			auth,
-			secrets,
+			secretsStore.Secrets,
 			solver.NewDockerSocketProvider(),
 		},
 		CacheExports: c.cfg.CacheExports,
@@ -171,12 +171,12 @@ func (c *Client) buildfn(ctx context.Context, st *state.State, env *environment.

 	resp, err := c.c.Build(ctx, opts, "", func(ctx context.Context, gw bkgw.Client) (*bkgw.Result, error) {
 		s := solver.New(solver.Opts{
-			Control: c.c,
-			Gateway: gw,
-			Events:  eventsCh,
-			Auth:    auth,
-			Secrets: secrets,
-			NoCache: c.cfg.NoCache,
+			Control:      c.c,
+			Gateway:      gw,
+			Events:       eventsCh,
+			Auth:         auth,
+			SecretsStore: secretsStore,
+			NoCache:      c.cfg.NoCache,
 		})

 		// Close events channel