Handle secrets in DockerLogin operation

Before, secret was a plain text string, but it could lead to security issue so we are now handling secrets as `dagger.#Secret` or string. I've add a new struct SecretStore that expose the inputStore to easily retrieve secret value. Signed-off-by: Tom Chauveau <tom.chauveau@epitech.eu>
2021-08-31 13:04:16 +02:00
parent 47ef0a4c2a
commit a9fd97d7fe
5 changed files with 55 additions and 22 deletions
--- a/solver/secretsprovider.go
+++ b/solver/secretsprovider.go
@@ -11,8 +11,19 @@ import (
 	"go.dagger.io/dagger/state"
 )

-func NewSecretsProvider(st *state.State) session.Attachable {
-	return secretsprovider.NewSecretProvider(&inputStore{st})
+type SecretsStore struct {
+	Secrets session.Attachable
+	Store   *inputStore
+}
+
+func NewSecretsStoreProvider(st *state.State) SecretsStore {
+	store := &inputStore{st}
+
+	return SecretsStore{
+		Secrets: secretsprovider.NewSecretProvider(store),
+		Store:   store,
+	}
+
 }

 type inputStore struct {
--- a/solver/solver.go
+++ b/solver/solver.go
@@ -26,12 +26,12 @@ type Solver struct {
 }

 type Opts struct {
-	Control *bk.Client
-	Gateway bkgw.Client
-	Events  chan *bk.SolveStatus
-	Auth    *RegistryAuthProvider
-	Secrets session.Attachable
-	NoCache bool
+	Control      *bk.Client
+	Gateway      bkgw.Client
+	Events       chan *bk.SolveStatus
+	Auth         *RegistryAuthProvider
+	SecretsStore SecretsStore
+	NoCache      bool
 }

 func New(opts Opts) Solver {
@@ -61,6 +61,10 @@ func invalidateCache(def *llb.Definition) error {
 	return nil
 }

+func (s Solver) GetOptions() Opts {
+	return s.opts
+}
+
 func (s Solver) NoCache() bool {
 	return s.opts.NoCache
 }
@@ -189,7 +193,7 @@ func (s Solver) Export(ctx context.Context, st llb.State, img *dockerfile2llb.Im
 		Exports: []bk.ExportEntry{output},
 		Session: []session.Attachable{
 			s.opts.Auth,
-			s.opts.Secrets,
+			s.opts.SecretsStore.Secrets,
 			NewDockerSocketProvider(),
 		},
 	}