From bfcaf538bb000d7eb72975d234a95f566da54715 Mon Sep 17 00:00:00 2001
From: Aditya Rajan <arajan@redhat.com>
Date: Thu, 25 Nov 2021 17:10:50 +0530
Subject: [PATCH] api: allow build api to accept secrets

Following commit makes sure that `build` api can accept external
secret and allows currently `NOOP` `podman-remote build -t tag
--secret id=mysecret,src=/path/on/remote` to become functional.

Just like `docker` following api is a hidden field and only exposed to
`podman-remote` but could document it if it needs exposed on `swagger`.

Signed-off-by: Aditya Rajan <arajan@redhat.com>
---
 pkg/api/handlers/compat/images_build.go | 12 ++++++++++++
 pkg/bindings/images/build.go            |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index ac5934c139..18f9dc98b0 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -122,6 +122,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		Target                 string   `schema:"target"`
 		Timestamp              int64    `schema:"timestamp"`
 		Ulimits                string   `schema:"ulimits"`
+		Secrets                string   `schema:"secrets"`
 	}{
 		Dockerfile: "Dockerfile",
 		Registry:   "docker.io",
@@ -239,6 +240,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		dnssearch = m
 	}
 
+	var secrets = []string{}
+	if _, found := r.URL.Query()["secrets"]; found {
+		var m = []string{}
+		if err := json.Unmarshal([]byte(query.Secrets), &m); err != nil {
+			utils.BadRequest(w, "secrets", query.Secrets, err)
+			return
+		}
+		secrets = m
+	}
+
 	var output string
 	if len(query.Tag) > 0 {
 		output = query.Tag[0]
@@ -447,6 +458,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 			SeccompProfilePath: seccomp,
 			ShmSize:            strconv.Itoa(query.ShmSize),
 			Ulimit:             ulimits,
+			Secrets:            secrets,
 		},
 		CNIConfigDir:                   rtc.Network.CNIPluginDirs[0],
 		CNIPluginPath:                  util.DefaultCNIPluginPath,
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 3b0bebe9f3..9c2e3e6b2d 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -116,6 +116,13 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
 		}
 		params.Add("dnsservers", c)
 	}
+	if secrets := options.CommonBuildOpts.Secrets; len(secrets) > 0 {
+		c, err := jsoniter.MarshalToString(secrets)
+		if err != nil {
+			return nil, err
+		}
+		params.Add("secrets", c)
+	}
 	if dnsoptions := options.CommonBuildOpts.DNSOptions; len(dnsoptions) > 0 {
 		c, err := jsoniter.MarshalToString(dnsoptions)
 		if err != nil {