JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

llbsolver: add secret mounts 

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
docker-18.09
Tonis Tiigi 2018-07-19 14:44:18 -07:00
parent 71e3c24df1
commit 2da2aff164
10 changed files with 1497 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
session/secrets/generate.go Normal file
View File

@ -0,0 +1,3 @@
package secrets
//go:generate protoc --gogoslick_out=plugins=grpc:. secrets.proto

30
session/secrets/secrets.go Normal file
View File

@ -0,0 +1,30 @@
package secrets
import (
"context"
"github.com/moby/buildkit/session"
"github.com/pkg/errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type SecretStore interface {
GetSecret(context.Context, string) ([]byte, error)
}
var ErrNotFound = errors.Errorf("not found")
func GetSecret(ctx context.Context, c session.Caller, id string) ([]byte, error) {
client := NewSecretsClient(c.Conn())
resp, err := client.GetSecret(ctx, &GetSecretRequest{
ID: id,
})
if err != nil {
if st, ok := status.FromError(err); ok && (st.Code() == codes.Unimplemented || st.Code() == codes.NotFound) {
return nil, errors.Wrapf(ErrNotFound, "secret %s not found", id)
}
return nil, err
}
return resp.Data, nil
}

813
session/secrets/secrets.pb.go Normal file
View File

@ -0,0 +1,813 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: secrets.proto
/*
Package secrets is a generated protocol buffer package.
It is generated from these files:
secrets.proto
It has these top-level messages:
GetSecretRequest
GetSecretResponse
*/
package secrets
import proto "github.com/gogo/protobuf/proto"
import fmt "fmt"
import math "math"
import bytes "bytes"
import strings "strings"
import reflect "reflect"
import sortkeys "github.com/gogo/protobuf/sortkeys"
import context "golang.org/x/net/context"
import grpc "google.golang.org/grpc"
import io "io"
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
type GetSecretRequest struct {
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
}
func (m *GetSecretRequest) Reset() { *m = GetSecretRequest{} }
func (*GetSecretRequest) ProtoMessage() {}
func (*GetSecretRequest) Descriptor() ([]byte, []int) { return fileDescriptorSecrets, []int{0} }
func (m *GetSecretRequest) GetID() string {
if m != nil {
return m.ID
}
return ""
}
func (m *GetSecretRequest) GetAnnotations() map[string]string {
if m != nil {
return m.Annotations
}
return nil
}
type GetSecretResponse struct {
Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
}
func (m *GetSecretResponse) Reset() { *m = GetSecretResponse{} }
func (*GetSecretResponse) ProtoMessage() {}
func (*GetSecretResponse) Descriptor() ([]byte, []int) { return fileDescriptorSecrets, []int{1} }
func (m *GetSecretResponse) GetData() []byte {
if m != nil {
return m.Data
}
return nil
}
func init() {
proto.RegisterType((*GetSecretRequest)(nil), "moby.buildkit.secrets.v1.GetSecretRequest")
proto.RegisterType((*GetSecretResponse)(nil), "moby.buildkit.secrets.v1.GetSecretResponse")
}
func (this *GetSecretRequest) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*GetSecretRequest)
if !ok {
that2, ok := that.(GetSecretRequest)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ID != that1.ID {
return false
}
if len(this.Annotations) != len(that1.Annotations) {
return false
}
for i := range this.Annotations {
if this.Annotations[i] != that1.Annotations[i] {
return false
}
}
return true
}
func (this *GetSecretResponse) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*GetSecretResponse)
if !ok {
that2, ok := that.(GetSecretResponse)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !bytes.Equal(this.Data, that1.Data) {
return false
}
return true
}
func (this *GetSecretRequest) GoString() string {
if this == nil {
return "nil"
}
s := make([]string, 0, 6)
s = append(s, "&secrets.GetSecretRequest{")
s = append(s, "ID: "+fmt.Sprintf("%#v", this.ID)+",\n")
keysForAnnotations := make([]string, 0, len(this.Annotations))
for k, _ := range this.Annotations {
keysForAnnotations = append(keysForAnnotations, k)
}
sortkeys.Strings(keysForAnnotations)
mapStringForAnnotations := "map[string]string{"
for _, k := range keysForAnnotations {
mapStringForAnnotations += fmt.Sprintf("%#v: %#v,", k, this.Annotations[k])
}
mapStringForAnnotations += "}"
if this.Annotations != nil {
s = append(s, "Annotations: "+mapStringForAnnotations+",\n")
}
s = append(s, "}")
return strings.Join(s, "")
}
func (this *GetSecretResponse) GoString() string {
if this == nil {
return "nil"
}
s := make([]string, 0, 5)
s = append(s, "&secrets.GetSecretResponse{")
s = append(s, "Data: "+fmt.Sprintf("%#v", this.Data)+",\n")
s = append(s, "}")
return strings.Join(s, "")
}
func valueToGoStringSecrets(v interface{}, typ string) string {
rv := reflect.ValueOf(v)
if rv.IsNil() {
return "nil"
}
pv := reflect.Indirect(rv).Interface()
return fmt.Sprintf("func(v %v) *%v { return &v } ( %#v )", typ, typ, pv)
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// Client API for Secrets service
type SecretsClient interface {
GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error)
}
type secretsClient struct {
cc *grpc.ClientConn
}
func NewSecretsClient(cc *grpc.ClientConn) SecretsClient {
return &secretsClient{cc}
}
func (c *secretsClient) GetSecret(ctx context.Context, in *GetSecretRequest, opts ...grpc.CallOption) (*GetSecretResponse, error) {
out := new(GetSecretResponse)
err := grpc.Invoke(ctx, "/moby.buildkit.secrets.v1.Secrets/GetSecret", in, out, c.cc, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for Secrets service
type SecretsServer interface {
GetSecret(context.Context, *GetSecretRequest) (*GetSecretResponse, error)
}
func RegisterSecretsServer(s *grpc.Server, srv SecretsServer) {
s.RegisterService(&_Secrets_serviceDesc, srv)
}
func _Secrets_GetSecret_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(GetSecretRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(SecretsServer).GetSecret(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/moby.buildkit.secrets.v1.Secrets/GetSecret",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(SecretsServer).GetSecret(ctx, req.(*GetSecretRequest))
}
return interceptor(ctx, in, info, handler)
}
var _Secrets_serviceDesc = grpc.ServiceDesc{
ServiceName: "moby.buildkit.secrets.v1.Secrets",
HandlerType: (*SecretsServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "GetSecret",
Handler: _Secrets_GetSecret_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "secrets.proto",
}
func (m *GetSecretRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalTo(dAtA)
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GetSecretRequest) MarshalTo(dAtA []byte) (int, error) {
var i int
_ = i
var l int
_ = l
if len(m.ID) > 0 {
dAtA[i] = 0xa
i++
i = encodeVarintSecrets(dAtA, i, uint64(len(m.ID)))
i += copy(dAtA[i:], m.ID)
}
if len(m.Annotations) > 0 {
for k, _ := range m.Annotations {
dAtA[i] = 0x12
i++
v := m.Annotations[k]
mapSize := 1 + len(k) + sovSecrets(uint64(len(k))) + 1 + len(v) + sovSecrets(uint64(len(v)))
i = encodeVarintSecrets(dAtA, i, uint64(mapSize))
dAtA[i] = 0xa
i++
i = encodeVarintSecrets(dAtA, i, uint64(len(k)))
i += copy(dAtA[i:], k)
dAtA[i] = 0x12
i++
i = encodeVarintSecrets(dAtA, i, uint64(len(v)))
i += copy(dAtA[i:], v)
}
}
return i, nil
}
func (m *GetSecretResponse) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalTo(dAtA)
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GetSecretResponse) MarshalTo(dAtA []byte) (int, error) {
var i int
_ = i
var l int
_ = l
if len(m.Data) > 0 {
dAtA[i] = 0xa
i++
i = encodeVarintSecrets(dAtA, i, uint64(len(m.Data)))
i += copy(dAtA[i:], m.Data)
}
return i, nil
}
func encodeVarintSecrets(dAtA []byte, offset int, v uint64) int {
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return offset + 1
}
func (m *GetSecretRequest) Size() (n int) {
var l int
_ = l
l = len(m.ID)
if l > 0 {
n += 1 + l + sovSecrets(uint64(l))
}
if len(m.Annotations) > 0 {
for k, v := range m.Annotations {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovSecrets(uint64(len(k))) + 1 + len(v) + sovSecrets(uint64(len(v)))
n += mapEntrySize + 1 + sovSecrets(uint64(mapEntrySize))
}
}
return n
}
func (m *GetSecretResponse) Size() (n int) {
var l int
_ = l
l = len(m.Data)
if l > 0 {
n += 1 + l + sovSecrets(uint64(l))
}
return n
}
func sovSecrets(x uint64) (n int) {
for {
n++
x >>= 7
if x == 0 {
break
}
}
return n
}
func sozSecrets(x uint64) (n int) {
return sovSecrets(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (this *GetSecretRequest) String() string {
if this == nil {
return "nil"
}
keysForAnnotations := make([]string, 0, len(this.Annotations))
for k, _ := range this.Annotations {
keysForAnnotations = append(keysForAnnotations, k)
}
sortkeys.Strings(keysForAnnotations)
mapStringForAnnotations := "map[string]string{"
for _, k := range keysForAnnotations {
mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k])
}
mapStringForAnnotations += "}"
s := strings.Join([]string{`&GetSecretRequest{`,
`ID:` + fmt.Sprintf("%v", this.ID) + `,`,
`Annotations:` + mapStringForAnnotations + `,`,
`}`,
}, "")
return s
}
func (this *GetSecretResponse) String() string {
if this == nil {
return "nil"
}
s := strings.Join([]string{`&GetSecretResponse{`,
`Data:` + fmt.Sprintf("%v", this.Data) + `,`,
`}`,
}, "")
return s
}
func valueToStringSecrets(v interface{}) string {
rv := reflect.ValueOf(v)
if rv.IsNil() {
return "nil"
}
pv := reflect.Indirect(rv).Interface()
return fmt.Sprintf("*%v", pv)
}
func (m *GetSecretRequest) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: GetSecretRequest: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: GetSecretRequest: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthSecrets
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ID = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSecrets
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Annotations == nil {
m.Annotations = make(map[string]string)
}
var mapkey string
var mapvalue string
for iNdEx < postIndex {
entryPreIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
if fieldNum == 1 {
var stringLenmapkey uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapkey |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapkey := int(stringLenmapkey)
if intStringLenmapkey < 0 {
return ErrInvalidLengthSecrets
}
postStringIndexmapkey := iNdEx + intStringLenmapkey
if postStringIndexmapkey > l {
return io.ErrUnexpectedEOF
}
mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
iNdEx = postStringIndexmapkey
} else if fieldNum == 2 {
var stringLenmapvalue uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapvalue |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapvalue := int(stringLenmapvalue)
if intStringLenmapvalue < 0 {
return ErrInvalidLengthSecrets
}
postStringIndexmapvalue := iNdEx + intStringLenmapvalue
if postStringIndexmapvalue > l {
return io.ErrUnexpectedEOF
}
mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
iNdEx = postStringIndexmapvalue
} else {
iNdEx = entryPreIndex
skippy, err := skipSecrets(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSecrets
}
if (iNdEx + skippy) > postIndex {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
m.Annotations[mapkey] = mapvalue
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSecrets(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSecrets
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *GetSecretResponse) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: GetSecretResponse: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: GetSecretResponse: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Data", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSecrets
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthSecrets
}
postIndex := iNdEx + byteLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Data = append(m.Data[:0], dAtA[iNdEx:postIndex]...)
if m.Data == nil {
m.Data = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSecrets(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSecrets
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipSecrets(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSecrets
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSecrets
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
return iNdEx, nil
case 1:
iNdEx += 8
return iNdEx, nil
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSecrets
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
iNdEx += length
if length < 0 {
return 0, ErrInvalidLengthSecrets
}
return iNdEx, nil
case 3:
for {
var innerWire uint64
var start int = iNdEx
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSecrets
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
innerWire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
innerWireType := int(innerWire & 0x7)
if innerWireType == 4 {
break
}
next, err := skipSecrets(dAtA[start:])
if err != nil {
return 0, err
}
iNdEx = start + next
}
return iNdEx, nil
case 4:
return iNdEx, nil
case 5:
iNdEx += 4
return iNdEx, nil
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
}
panic("unreachable")
}
var (
ErrInvalidLengthSecrets = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowSecrets = fmt.Errorf("proto: integer overflow")
)
func init() { proto.RegisterFile("secrets.proto", fileDescriptorSecrets) }
var fileDescriptorSecrets = []byte{
// 279 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x2d, 0x4e, 0x4d, 0x2e,
0x4a, 0x2d, 0x29, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0xc8, 0xcd, 0x4f, 0xaa, 0xd4,
0x4b, 0x2a, 0xcd, 0xcc, 0x49, 0xc9, 0xce, 0x2c, 0xd1, 0x83, 0x49, 0x96, 0x19, 0x2a, 0x1d, 0x64,
0xe4, 0x12, 0x70, 0x4f, 0x2d, 0x09, 0x06, 0x8b, 0x04, 0xa5, 0x16, 0x96, 0xa6, 0x16, 0x97, 0x08,
0xf1, 0x71, 0x31, 0x79, 0xba, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x06, 0x31, 0x79, 0xba, 0x08,
0xc5, 0x72, 0x71, 0x27, 0xe6, 0xe5, 0xe5, 0x97, 0x24, 0x96, 0x64, 0xe6, 0xe7, 0x15, 0x4b, 0x30,
0x29, 0x30, 0x6b, 0x70, 0x1b, 0x59, 0xeb, 0xe1, 0x32, 0x54, 0x0f, 0xdd, 0x40, 0x3d, 0x47, 0x84,
0x6e, 0xd7, 0xbc, 0x92, 0xa2, 0xca, 0x20, 0x64, 0xf3, 0xa4, 0xec, 0xb8, 0x04, 0xd0, 0x15, 0x08,
0x09, 0x70, 0x31, 0x67, 0xa7, 0x56, 0x42, 0xdd, 0x00, 0x62, 0x0a, 0x89, 0x70, 0xb1, 0x96, 0x25,
0xe6, 0x94, 0xa6, 0x4a, 0x30, 0x81, 0xc5, 0x20, 0x1c, 0x2b, 0x26, 0x0b, 0x46, 0x25, 0x75, 0x2e,
0x41, 0x24, 0x1b, 0x8b, 0x0b, 0xf2, 0xf3, 0x8a, 0x53, 0x85, 0x84, 0xb8, 0x58, 0x52, 0x12, 0x4b,
0x12, 0xc1, 0x26, 0xf0, 0x04, 0x81, 0xd9, 0x46, 0xf9, 0x5c, 0xec, 0x10, 0x55, 0xc5, 0x42, 0x29,
0x5c, 0x9c, 0x70, 0x3d, 0x42, 0x5a, 0xc4, 0x7b, 0x45, 0x4a, 0x9b, 0x28, 0xb5, 0x10, 0x47, 0x38,
0x99, 0x5e, 0x78, 0x28, 0xc7, 0x70, 0xe3, 0xa1, 0x1c, 0xc3, 0x87, 0x87, 0x72, 0x8c, 0x0d, 0x8f,
0xe4, 0x18, 0x57, 0x3c, 0x92, 0x63, 0x3c, 0xf1, 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07,
0x8f, 0xe4, 0x18, 0x5f, 0x3c, 0x92, 0x63, 0xf8, 0xf0, 0x48, 0x8e, 0x71, 0xc2, 0x63, 0x39, 0x86,
0x28, 0x76, 0xa8, 0x59, 0x49, 0x6c, 0xe0, 0x58, 0x33, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x05,
0x4e, 0x56, 0xde, 0xc6, 0x01, 0x00, 0x00,
}

19
session/secrets/secrets.proto Normal file
View File

@ -0,0 +1,19 @@
syntax = "proto3";
package moby.buildkit.secrets.v1;
option go_package = "secrets";
service Secrets{
rpc GetSecret(GetSecretRequest) returns (GetSecretResponse);
}
message GetSecretRequest {
string ID = 1;
map<string, string> annotations = 2;
}
message GetSecretResponse {
bytes data = 1;
}

54
session/secrets/secretsprovider/secretsprovider.go Normal file
View File

@ -0,0 +1,54 @@
package secretsprovider
import (
"context"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/session/secrets"
"github.com/pkg/errors"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func NewSecretProvider(store secrets.SecretStore) session.Attachable {
return &secretProvider{
store: store,
}
}
type secretProvider struct {
store secrets.SecretStore
}
func (sp *secretProvider) Register(server *grpc.Server) {
secrets.RegisterSecretsServer(server, sp)
}
func (sp *secretProvider) GetSecret(ctx context.Context, req *secrets.GetSecretRequest) (*secrets.GetSecretResponse, error) {
dt, err := sp.store.GetSecret(ctx, req.ID)
if err != nil {
if errors.Cause(err) == secrets.ErrNotFound {
return nil, status.Errorf(codes.NotFound, err.Error())
}
return nil, err
}
return &secrets.GetSecretResponse{
Data: dt,
}, nil
}
func FromMap(m map[string][]byte) session.Attachable {
return NewSecretProvider(mapStore(m))
}
type mapStore map[string][]byte
func (m mapStore) GetSecret(ctx context.Context, id string) ([]byte, error) {
v, ok := m[id]
if !ok {
return nil, errors.WithStack(secrets.ErrNotFound)
}
return v, nil
}

118
solver/llbsolver/ops/exec.go
View File

@ -5,8 +5,10 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path"
"path/filepath"
"runtime"
"sort"
"strings"
@ -19,6 +21,9 @@ import (
"github.com/moby/buildkit/cache"
"github.com/moby/buildkit/cache/metadata"
"github.com/moby/buildkit/executor"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/session/secrets"
"github.com/moby/buildkit/snapshot"
"github.com/moby/buildkit/solver"
"github.com/moby/buildkit/solver/llbsolver"
@ -35,6 +40,7 @@ const execCacheType = "buildkit.exec.v0"
type execOp struct {
op *pb.ExecOp
cm cache.Manager
sm *session.Manager
md *metadata.Store
exec executor.Executor
w worker.Worker
@ -43,10 +49,11 @@ type execOp struct {
cacheMounts map[string]*cacheRefShare
}
func NewExecOp(v solver.Vertex, op *pb.Op_Exec, cm cache.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
func NewExecOp(v solver.Vertex, op *pb.Op_Exec, cm cache.Manager, sm *session.Manager, md *metadata.Store, exec executor.Executor, w worker.Worker) (solver.Op, error) {
return &execOp{
op: op.Exec,
cm: cm,
sm: sm,
md: md,
exec: exec,
numInputs: len(v.Inputs()),
@ -259,6 +266,106 @@ func (e *execOp) getRefCacheDirNoCache(ctx context.Context, key string, ref cach
return mRef, nil
}
func (e *execOp) getSecretMountable(ctx context.Context, m *pb.Mount) (cache.Mountable, error) {
if m.SecretOpt == nil {
return nil, errors.Errorf("invalid sercet mount options")
}
sopt := *m.SecretOpt
id := sopt.ID
if id == "" {
return nil, errors.Errorf("secret ID missing from mount options")
}
sessionID := session.FromContext(ctx)
if sessionID == "" {
return nil, errors.New("could not access local files without session")
}
timeoutCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
defer cancel()
caller, err := e.sm.Get(timeoutCtx, sessionID)
if err != nil {
return nil, err
}
dt, err := secrets.GetSecret(ctx, caller, id)
if err != nil {
if errors.Cause(err) == secrets.ErrNotFound && m.SecretOpt.Optional {
return nil, nil
}
return nil, err
}
return &secretMount{mount: m, data: dt}, nil
}
type secretMount struct {
mount *pb.Mount
data []byte
}
func (sm *secretMount) Mount(ctx context.Context, readonly bool) (snapshot.Mountable, error) {
return &secretMountInstance{sm: sm}, nil
}
type secretMountInstance struct {
sm *secretMount
root string
}
func (sm *secretMountInstance) Mount() ([]mount.Mount, error) {
dir, err := ioutil.TempDir("", "buildkit-secrets")
if err != nil {
return nil, errors.Wrap(err, "failed to create temp dir")
}
if err := os.Chmod(dir, 0711); err != nil {
return nil, err
}
if err := mount.All([]mount.Mount{{
Type: "tmpfs",
Source: "tmpfs",
Options: []string{"nodev", "nosuid", "noexec", fmt.Sprintf("uid=%d,gid=%d", os.Getuid(), os.Getgid())},
}}, dir); err != nil {
return nil, errors.Wrap(err, "unable to setup secret mount")
}
sm.root = dir
randID := identity.NewID()
fp := filepath.Join(dir, randID)
if err := ioutil.WriteFile(fp, sm.sm.data, 0600); err != nil {
sm.Release()
return nil, err
}
if err := os.Chown(fp, int(sm.sm.mount.SecretOpt.Uid), int(sm.sm.mount.SecretOpt.Gid)); err != nil {
return nil, err
}
if err := os.Chmod(fp, os.FileMode(sm.sm.mount.SecretOpt.Mode)); err != nil {
return nil, err
}
return []mount.Mount{{
Type: "bind",
Source: fp,
Options: []string{"ro", "rbind"},
}}, nil
}
func (sm *secretMountInstance) Release() error {
if sm.root != "" {
if err := mount.Unmount(sm.root, 0); err != nil {
return err
}
return os.RemoveAll(sm.root)
}
return nil
}
func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Result, error) {
var mounts []executor.Mount
var root cache.Mountable
@ -347,6 +454,15 @@ func (e *execOp) Exec(ctx context.Context, inputs []solver.Result) ([]solver.Res
case pb.MountType_TMPFS:
mountable = newTmpfs()
case pb.MountType_SECRET:
secretMount, err := e.getSecretMountable(ctx, m)
if err != nil {
return nil, err
}
if secretMount == nil {
continue
}
mountable = secretMount
default:
return nil, errors.Errorf("mount type %s not implemented", m.MountType)
}

2
solver/pb/caps.go
View File

@ -187,7 +187,7 @@ func init() {
Caps.Init(apicaps.Cap{
ID: CapMountSecret,
Enabled: false, // example for future
Enabled: true,
Status: apicaps.CapStatusExperimental,
})

541
solver/pb/ops.pb.go
View File

@ -18,6 +18,7 @@
Meta
Mount
CacheOpt
SecretOpt
CopyOp
CopySource
SourceOp
@ -469,6 +470,7 @@ type Mount struct {
Readonly bool `protobuf:"varint,5,opt,name=readonly,proto3" json:"readonly,omitempty"`
MountType MountType `protobuf:"varint,6,opt,name=mountType,proto3,enum=pb.MountType" json:"mountType,omitempty"`
CacheOpt *CacheOpt `protobuf:"bytes,20,opt,name=cacheOpt" json:"cacheOpt,omitempty"`
SecretOpt *SecretOpt `protobuf:"bytes,21,opt,name=secretOpt" json:"secretOpt,omitempty"`
}
func (m *Mount) Reset() { *m = Mount{} }
@ -511,6 +513,13 @@ func (m *Mount) GetCacheOpt() *CacheOpt {
return nil
}
func (m *Mount) GetSecretOpt() *SecretOpt {
if m != nil {
return m.SecretOpt
}
return nil
}
// CacheOpt defines options specific to cache mounts
type CacheOpt struct {
// ID is an optional namespace for the mount
@ -538,6 +547,61 @@ func (m *CacheOpt) GetSharing() CacheSharingOpt {
return CacheSharingOpt_SHARED
}
// SecretOpt defines options describing secret mounts
type SecretOpt struct {
// ID of secret. Used for quering the value.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
// UID of secret file
Uid uint32 `protobuf:"varint,2,opt,name=uid,proto3" json:"uid,omitempty"`
// GID of secret file
Gid uint32 `protobuf:"varint,3,opt,name=gid,proto3" json:"gid,omitempty"`
// Mode is the filesystem mode of secret file
Mode uint32 `protobuf:"varint,4,opt,name=mode,proto3" json:"mode,omitempty"`
// Optional defines if secret value is required. Error is produced
// if value is not found and optional is false.
Optional bool `protobuf:"varint,5,opt,name=optional,proto3" json:"optional,omitempty"`
}
func (m *SecretOpt) Reset() { *m = SecretOpt{} }
func (m *SecretOpt) String() string { return proto.CompactTextString(m) }
func (*SecretOpt) ProtoMessage() {}
func (*SecretOpt) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{7} }
func (m *SecretOpt) GetID() string {
if m != nil {
return m.ID
}
return ""
}
func (m *SecretOpt) GetUid() uint32 {
if m != nil {
return m.Uid
}
return 0
}
func (m *SecretOpt) GetGid() uint32 {
if m != nil {
return m.Gid
}
return 0
}
func (m *SecretOpt) GetMode() uint32 {
if m != nil {
return m.Mode
}
return 0
}
func (m *SecretOpt) GetOptional() bool {
if m != nil {
return m.Optional
}
return false
}
// CopyOp copies files across Ops.
type CopyOp struct {
Src []*CopySource `protobuf:"bytes,1,rep,name=src" json:"src,omitempty"`
@ -547,7 +611,7 @@ type CopyOp struct {
func (m *CopyOp) Reset() { *m = CopyOp{} }
func (m *CopyOp) String() string { return proto.CompactTextString(m) }
func (*CopyOp) ProtoMessage() {}
func (*CopyOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{7} }
func (*CopyOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{8} }
func (m *CopyOp) GetSrc() []*CopySource {
if m != nil {
@ -572,7 +636,7 @@ type CopySource struct {
func (m *CopySource) Reset() { *m = CopySource{} }
func (m *CopySource) String() string { return proto.CompactTextString(m) }
func (*CopySource) ProtoMessage() {}
func (*CopySource) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{8} }
func (*CopySource) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{9} }
func (m *CopySource) GetSelector() string {
if m != nil {
@ -593,7 +657,7 @@ type SourceOp struct {
func (m *SourceOp) Reset() { *m = SourceOp{} }
func (m *SourceOp) String() string { return proto.CompactTextString(m) }
func (*SourceOp) ProtoMessage() {}
func (*SourceOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{9} }
func (*SourceOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{10} }
func (m *SourceOp) GetIdentifier() string {
if m != nil {
@ -621,7 +685,7 @@ type BuildOp struct {
func (m *BuildOp) Reset() { *m = BuildOp{} }
func (m *BuildOp) String() string { return proto.CompactTextString(m) }
func (*BuildOp) ProtoMessage() {}
func (*BuildOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{10} }
func (*BuildOp) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{11} }
func (m *BuildOp) GetInputs() map[string]*BuildInput {
if m != nil {
@ -652,7 +716,7 @@ type BuildInput struct {
func (m *BuildInput) Reset() { *m = BuildInput{} }
func (m *BuildInput) String() string { return proto.CompactTextString(m) }
func (*BuildInput) ProtoMessage() {}
func (*BuildInput) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{11} }
func (*BuildInput) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{12} }
// OpMetadata is a per-vertex metadata entry, which can be defined for arbitrary Op vertex and overridable on the run time.
type OpMetadata struct {
@ -669,7 +733,7 @@ type OpMetadata struct {
func (m *OpMetadata) Reset() { *m = OpMetadata{} }
func (m *OpMetadata) String() string { return proto.CompactTextString(m) }
func (*OpMetadata) ProtoMessage() {}
func (*OpMetadata) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{12} }
func (*OpMetadata) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{13} }
func (m *OpMetadata) GetIgnoreCache() bool {
if m != nil {
@ -706,7 +770,7 @@ type ExportCache struct {
func (m *ExportCache) Reset() { *m = ExportCache{} }
func (m *ExportCache) String() string { return proto.CompactTextString(m) }
func (*ExportCache) ProtoMessage() {}
func (*ExportCache) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{13} }
func (*ExportCache) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{14} }
func (m *ExportCache) GetValue() bool {
if m != nil {
@ -725,7 +789,7 @@ type ProxyEnv struct {
func (m *ProxyEnv) Reset() { *m = ProxyEnv{} }
func (m *ProxyEnv) String() string { return proto.CompactTextString(m) }
func (*ProxyEnv) ProtoMessage() {}
func (*ProxyEnv) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{14} }
func (*ProxyEnv) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{15} }
func (m *ProxyEnv) GetHttpProxy() string {
if m != nil {
@ -763,7 +827,7 @@ type WorkerConstraints struct {
func (m *WorkerConstraints) Reset() { *m = WorkerConstraints{} }
func (m *WorkerConstraints) String() string { return proto.CompactTextString(m) }
func (*WorkerConstraints) ProtoMessage() {}
func (*WorkerConstraints) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{15} }
func (*WorkerConstraints) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{16} }
func (m *WorkerConstraints) GetFilter() []string {
if m != nil {
@ -784,7 +848,7 @@ type Definition struct {
func (m *Definition) Reset() { *m = Definition{} }
func (m *Definition) String() string { return proto.CompactTextString(m) }
func (*Definition) ProtoMessage() {}
func (*Definition) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{16} }
func (*Definition) Descriptor() ([]byte, []int) { return fileDescriptorOps, []int{17} }
func (m *Definition) GetDef() [][]byte {
if m != nil {
@ -808,6 +872,7 @@ func init() {
proto.RegisterType((*Meta)(nil), "pb.Meta")
proto.RegisterType((*Mount)(nil), "pb.Mount")
proto.RegisterType((*CacheOpt)(nil), "pb.CacheOpt")
proto.RegisterType((*SecretOpt)(nil), "pb.SecretOpt")
proto.RegisterType((*CopyOp)(nil), "pb.CopyOp")
proto.RegisterType((*CopySource)(nil), "pb.CopySource")
proto.RegisterType((*SourceOp)(nil), "pb.SourceOp")
@ -1194,6 +1259,18 @@ func (m *Mount) MarshalTo(dAtA []byte) (int, error) {
}
i += n10
}
if m.SecretOpt != nil {
dAtA[i] = 0xaa
i++
dAtA[i] = 0x1
i++
i = encodeVarintOps(dAtA, i, uint64(m.SecretOpt.Size()))
n11, err := m.SecretOpt.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n11
}
return i, nil
}
@ -1226,6 +1303,55 @@ func (m *CacheOpt) MarshalTo(dAtA []byte) (int, error) {
return i, nil
}
func (m *SecretOpt) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalTo(dAtA)
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SecretOpt) MarshalTo(dAtA []byte) (int, error) {
var i int
_ = i
var l int
_ = l
if len(m.ID) > 0 {
dAtA[i] = 0xa
i++
i = encodeVarintOps(dAtA, i, uint64(len(m.ID)))
i += copy(dAtA[i:], m.ID)
}
if m.Uid != 0 {
dAtA[i] = 0x10
i++
i = encodeVarintOps(dAtA, i, uint64(m.Uid))
}
if m.Gid != 0 {
dAtA[i] = 0x18
i++
i = encodeVarintOps(dAtA, i, uint64(m.Gid))
}
if m.Mode != 0 {
dAtA[i] = 0x20
i++
i = encodeVarintOps(dAtA, i, uint64(m.Mode))
}
if m.Optional {
dAtA[i] = 0x28
i++
if m.Optional {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i++
}
return i, nil
}
func (m *CopyOp) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@ -1372,11 +1498,11 @@ func (m *BuildOp) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintOps(dAtA, i, uint64(v.Size()))
n11, err := v.MarshalTo(dAtA[i:])
n12, err := v.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n11
i += n12
}
}
}
@ -1384,11 +1510,11 @@ func (m *BuildOp) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x1a
i++
i = encodeVarintOps(dAtA, i, uint64(m.Def.Size()))
n12, err := m.Def.MarshalTo(dAtA[i:])
n13, err := m.Def.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n12
i += n13
}
if len(m.Attrs) > 0 {
for k, _ := range m.Attrs {
@ -1479,11 +1605,11 @@ func (m *OpMetadata) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x22
i++
i = encodeVarintOps(dAtA, i, uint64(m.ExportCache.Size()))
n13, err := m.ExportCache.MarshalTo(dAtA[i:])
n14, err := m.ExportCache.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n13
i += n14
}
if len(m.Caps) > 0 {
for k, _ := range m.Caps {
@ -1654,11 +1780,11 @@ func (m *Definition) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintOps(dAtA, i, uint64((&v).Size()))
n14, err := (&v).MarshalTo(dAtA[i:])
n15, err := (&v).MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n14
i += n15
}
}
return i, nil
@ -1846,6 +1972,10 @@ func (m *Mount) Size() (n int) {
l = m.CacheOpt.Size()
n += 2 + l + sovOps(uint64(l))
}
if m.SecretOpt != nil {
l = m.SecretOpt.Size()
n += 2 + l + sovOps(uint64(l))
}
return n
}
@ -1862,6 +1992,28 @@ func (m *CacheOpt) Size() (n int) {
return n
}
func (m *SecretOpt) Size() (n int) {
var l int
_ = l
l = len(m.ID)
if l > 0 {
n += 1 + l + sovOps(uint64(l))
}
if m.Uid != 0 {
n += 1 + sovOps(uint64(m.Uid))
}
if m.Gid != 0 {
n += 1 + sovOps(uint64(m.Gid))
}
if m.Mode != 0 {
n += 1 + sovOps(uint64(m.Mode))
}
if m.Optional {
n += 2
}
return n
}
func (m *CopyOp) Size() (n int) {
var l int
_ = l
@ -3136,6 +3288,39 @@ func (m *Mount) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 21:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SecretOpt", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthOps
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.SecretOpt == nil {
m.SecretOpt = &SecretOpt{}
}
if err := m.SecretOpt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipOps(dAtA[iNdEx:])
@ -3255,6 +3440,162 @@ func (m *CacheOpt) Unmarshal(dAtA []byte) error {
}
return nil
}
func (m *SecretOpt) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: SecretOpt: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: SecretOpt: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ID", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthOps
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ID = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
}
m.Uid = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Uid |= (uint32(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
}
m.Gid = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Gid |= (uint32(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
case 4:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
}
m.Mode = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Mode |= (uint32(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
case 5:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Optional", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowOps
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
m.Optional = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skipOps(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthOps
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *CopyOp) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@ -5027,84 +5368,88 @@ var (
func init() { proto.RegisterFile("ops.proto", fileDescriptorOps) }
var fileDescriptorOps = []byte{
// 1264 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x4d, 0x6f, 0xdb, 0x46,
0x13, 0x36, 0xa9, 0x2f, 0x72, 0xe8, 0x38, 0x7a, 0x37, 0x79, 0x53, 0xd5, 0x4d, 0x6d, 0x95, 0x29,
0x0a, 0x25, 0x8e, 0x25, 0x40, 0x01, 0x92, 0xa0, 0x87, 0xa0, 0xd6, 0x47, 0x60, 0x35, 0x4d, 0x15,
0xac, 0x0c, 0xf7, 0x18, 0x50, 0xd4, 0x4a, 0x26, 0x22, 0x73, 0x09, 0x72, 0x99, 0x5a, 0x87, 0x16,
0x68, 0x7e, 0x41, 0x81, 0x02, 0xbd, 0xf7, 0x87, 0xf4, 0x9e, 0x63, 0xaf, 0xed, 0x21, 0x2d, 0xd2,
0x3f, 0x52, 0xcc, 0xee, 0x8a, 0x64, 0x9c, 0x14, 0x4d, 0xd0, 0x9e, 0xb8, 0x3b, 0xf3, 0xcc, 0xec,
0xcc, 0x33, 0xb3, 0xb3, 0x04, 0x9b, 0x47, 0x49, 0x3b, 0x8a, 0xb9, 0xe0, 0xc4, 0x8c, 0xa6, 0xdb,
0xfb, 0x8b, 0x40, 0x9c, 0xa4, 0xd3, 0xb6, 0xcf, 0x4f, 0x3b, 0x0b, 0xbe, 0xe0, 0x1d, 0xa9, 0x9a,
0xa6, 0x73, 0xb9, 0x93, 0x1b, 0xb9, 0x52, 0x26, 0xee, 0x4f, 0x26, 0x98, 0xe3, 0x88, 0x7c, 0x04,
0xd5, 0x20, 0x8c, 0x52, 0x91, 0x34, 0x8c, 0x66, 0xa9, 0xe5, 0x74, 0xed, 0x76, 0x34, 0x6d, 0x8f,
0x50, 0x42, 0xb5, 0x82, 0x34, 0xa1, 0xcc, 0xce, 0x98, 0xdf, 0x30, 0x9b, 0x46, 0xcb, 0xe9, 0x02,
0x02, 0x86, 0x67, 0xcc, 0x1f, 0x47, 0x87, 0x1b, 0x54, 0x6a, 0xc8, 0x27, 0x50, 0x4d, 0x78, 0x1a,
0xfb, 0xac, 0x51, 0x92, 0x98, 0x4d, 0xc4, 0x4c, 0xa4, 0x44, 0xa2, 0xb4, 0x16, 0x3d, 0xf9, 0x3c,
0x5a, 0x35, 0xca, 0xb9, 0xa7, 0x3e, 0x8f, 0x56, 0xca, 0x13, 0x6a, 0xc8, 0x35, 0xa8, 0x4c, 0xd3,
0x60, 0x39, 0x6b, 0x54, 0x24, 0xc4, 0x41, 0x48, 0x0f, 0x05, 0x12, 0xa3, 0x74, 0xa4, 0x05, 0x56,
0xb4, 0xf4, 0xc4, 0x9c, 0xc7, 0xa7, 0x0d, 0xc8, 0x0f, 0x7c, 0xa4, 0x65, 0x34, 0xd3, 0x92, 0x3b,
0xe0, 0xf8, 0x3c, 0x4c, 0x44, 0xec, 0x05, 0xa1, 0x48, 0x1a, 0x8e, 0x04, 0xff, 0x1f, 0xc1, 0x5f,
0xf1, 0xf8, 0x09, 0x8b, 0xfb, 0xb9, 0x92, 0x16, 0x91, 0xbd, 0x32, 0x98, 0x3c, 0x72, 0x7f, 0x34,
0xc0, 0x5a, 0x7b, 0x25, 0x2e, 0x6c, 0x1e, 0xc4, 0xfe, 0x49, 0x20, 0x98, 0x2f, 0xd2, 0x98, 0x35,
0x8c, 0xa6, 0xd1, 0xb2, 0xe9, 0x2b, 0x32, 0xb2, 0x05, 0xe6, 0x78, 0x22, 0x89, 0xb2, 0xa9, 0x39,
0x9e, 0x90, 0x06, 0xd4, 0x8e, 0xbd, 0x38, 0xf0, 0x42, 0x21, 0x99, 0xb1, 0xe9, 0x7a, 0x4b, 0xae,
0x82, 0x3d, 0x9e, 0x1c, 0xb3, 0x38, 0x09, 0x78, 0x28, 0xf9, 0xb0, 0x69, 0x2e, 0x20, 0x3b, 0x00,
0xe3, 0xc9, 0x7d, 0xe6, 0xa1, 0xd3, 0xa4, 0x51, 0x69, 0x96, 0x5a, 0x36, 0x2d, 0x48, 0xdc, 0x6f,
0xa1, 0x22, 0x6b, 0x44, 0x3e, 0x87, 0xea, 0x2c, 0x58, 0xb0, 0x44, 0xa8, 0x70, 0x7a, 0xdd, 0xe7,
0x2f, 0x76, 0x37, 0x7e, 0x7b, 0xb1, 0x7b, 0xa3, 0xd0, 0x0c, 0x3c, 0x62, 0xa1, 0xcf, 0x43, 0xe1,
0x05, 0x21, 0x8b, 0x93, 0xce, 0x82, 0xef, 0x2b, 0x93, 0xf6, 0x40, 0x7e, 0xa8, 0xf6, 0x40, 0xae,
0x43, 0x25, 0x08, 0x67, 0xec, 0x4c, 0xc6, 0x5f, 0xea, 0x5d, 0xd2, 0xae, 0x9c, 0x71, 0x2a, 0xa2,
0x54, 0x8c, 0x50, 0x45, 0x15, 0xc2, 0x1d, 0x41, 0x55, 0xb5, 0x00, 0xb9, 0x0a, 0xe5, 0x53, 0x26,
0x3c, 0x79, 0xbc, 0xd3, 0xb5, 0x90, 0xda, 0x87, 0x4c, 0x78, 0x54, 0x4a, 0xb1, 0xbb, 0x4e, 0x79,
0x8a, 0xd4, 0x9b, 0x79, 0x77, 0x3d, 0x44, 0x09, 0xd5, 0x0a, 0xf7, 0x1b, 0x28, 0xa3, 0x01, 0x21,
0x50, 0xf6, 0xe2, 0x85, 0x6a, 0x43, 0x9b, 0xca, 0x35, 0xa9, 0x43, 0x89, 0x85, 0x4f, 0xa5, 0xad,
0x4d, 0x71, 0x89, 0x12, 0xff, 0xeb, 0x99, 0x26, 0x13, 0x97, 0x68, 0x97, 0x26, 0x2c, 0xd6, 0x1c,
0xca, 0x35, 0xb9, 0x0e, 0x76, 0x14, 0xf3, 0xb3, 0xd5, 0x63, 0xb4, 0xae, 0x14, 0x3a, 0x04, 0x85,
0xc3, 0xf0, 0x29, 0xb5, 0x22, 0xbd, 0x72, 0xbf, 0x33, 0xa1, 0x22, 0x03, 0x22, 0x2d, 0x4c, 0x3f,
0x4a, 0x15, 0x93, 0xa5, 0x1e, 0xd1, 0xe9, 0x83, 0x24, 0x3a, 0xcb, 0x1e, 0x49, 0xdf, 0x06, 0x2b,
0x61, 0x4b, 0xe6, 0x0b, 0x1e, 0xeb, 0x5a, 0x67, 0x7b, 0x0c, 0x67, 0x86, 0xe5, 0x50, 0x11, 0xca,
0x35, 0xd9, 0x83, 0x2a, 0x97, 0x1c, 0xca, 0x20, 0xff, 0x86, 0x59, 0x0d, 0x41, 0xe7, 0x31, 0xf3,
0x66, 0x3c, 0x5c, 0xae, 0x64, 0xe8, 0x16, 0xcd, 0xf6, 0x64, 0x0f, 0x6c, 0xc9, 0xda, 0xd1, 0x2a,
0x62, 0x8d, 0x6a, 0xd3, 0x68, 0x6d, 0x75, 0x2f, 0x64, 0x8c, 0xa2, 0x90, 0xe6, 0x7a, 0xbc, 0x25,
0xbe, 0xe7, 0x9f, 0xb0, 0x71, 0x24, 0x1a, 0x97, 0x73, 0x0e, 0xfa, 0x5a, 0x46, 0x33, 0xad, 0x3b,
0x02, 0x6b, 0x2d, 0xc5, 0x0e, 0x1e, 0x0d, 0x74, 0x6f, 0x9b, 0xa3, 0x01, 0xd9, 0x87, 0x5a, 0x72,
0xe2, 0xc5, 0x41, 0xb8, 0x90, 0xa9, 0x6e, 0x75, 0x2f, 0x65, 0x4e, 0x26, 0x4a, 0x8e, 0xbe, 0xd6,
0x18, 0xf7, 0x1e, 0x54, 0xd5, 0x8d, 0x26, 0x4d, 0x28, 0x25, 0xb1, 0xaf, 0xa7, 0xca, 0xd6, 0xfa,
0xaa, 0xab, 0xa1, 0x40, 0x51, 0x95, 0x51, 0x65, 0xe6, 0x54, 0xb9, 0x14, 0x20, 0x87, 0xfd, 0x37,
0x25, 0x71, 0x7f, 0x30, 0xc0, 0x5a, 0x0f, 0x23, 0xbc, 0x59, 0xc1, 0x8c, 0x85, 0x22, 0x98, 0x07,
0x2c, 0xd6, 0x79, 0x16, 0x24, 0x64, 0x1f, 0x2a, 0x9e, 0x10, 0xf1, 0xba, 0x61, 0xdf, 0x2b, 0x4e,
0xb2, 0xf6, 0x01, 0x6a, 0x86, 0xa1, 0x88, 0x57, 0x54, 0xa1, 0xb6, 0xef, 0x02, 0xe4, 0x42, 0xec,
0xce, 0x27, 0x6c, 0xa5, 0xbd, 0xe2, 0x92, 0x5c, 0x86, 0xca, 0x53, 0x6f, 0x99, 0x32, 0x1d, 0x94,
0xda, 0x7c, 0x6a, 0xde, 0x35, 0xdc, 0x9f, 0x4d, 0xa8, 0xe9, 0xc9, 0x46, 0x6e, 0x42, 0x4d, 0x4e,
0x36, 0x1d, 0xd1, 0x9b, 0x33, 0x5d, 0x43, 0x48, 0x27, 0x1b, 0xd9, 0x85, 0x18, 0xb5, 0x2b, 0x35,
0xba, 0x75, 0x8c, 0xf9, 0x00, 0x2f, 0xcd, 0xd8, 0x5c, 0xcf, 0x66, 0x59, 0x8a, 0x01, 0x9b, 0x07,
0x61, 0x20, 0x02, 0x1e, 0x52, 0x54, 0x91, 0x9b, 0xeb, 0xac, 0xcb, 0xd2, 0xe3, 0x95, 0xa2, 0xc7,
0xd7, 0x93, 0x1e, 0x81, 0x53, 0x38, 0xe6, 0x0d, 0x59, 0x7f, 0x5c, 0xcc, 0x5a, 0x1f, 0x29, 0xdd,
0xa9, 0x87, 0x25, 0x67, 0xe1, 0x5f, 0xf0, 0x77, 0x1b, 0x20, 0x77, 0xf9, 0xf6, 0x9d, 0xe2, 0x3e,
0x2b, 0x01, 0x8c, 0x23, 0x1c, 0x39, 0x33, 0x4f, 0x4e, 0xa8, 0xcd, 0x60, 0x11, 0xf2, 0x98, 0x3d,
0x96, 0xd7, 0x41, 0xda, 0x5b, 0xd4, 0x51, 0x32, 0xd9, 0xe6, 0xe4, 0x00, 0x9c, 0x19, 0x4b, 0xfc,
0x38, 0x88, 0x90, 0x30, 0x4d, 0xfa, 0x2e, 0xe6, 0x94, 0xfb, 0x69, 0x0f, 0x72, 0x84, 0xe2, 0xaa,
0x68, 0x43, 0xba, 0xb0, 0xc9, 0xce, 0x22, 0x1e, 0x0b, 0x7d, 0x8a, 0x7a, 0x00, 0x2f, 0xaa, 0xa7,
0x14, 0xe5, 0xf2, 0x24, 0xea, 0xb0, 0x7c, 0x43, 0x3c, 0x28, 0xfb, 0x5e, 0xa4, 0xa6, 0xbf, 0xd3,
0x6d, 0x9c, 0x3b, 0xaf, 0xef, 0x45, 0x8a, 0xb4, 0xde, 0x2d, 0xcc, 0xf5, 0xd9, 0xef, 0xbb, 0x7b,
0x85, 0x91, 0x7f, 0xca, 0xa7, 0xab, 0x8e, 0xec, 0x97, 0x27, 0x81, 0xe8, 0xa4, 0x22, 0x58, 0x76,
0xbc, 0x28, 0x40, 0x77, 0x68, 0x38, 0x1a, 0x50, 0xe9, 0x7a, 0xfb, 0x1e, 0xd4, 0xcf, 0xc7, 0xfd,
0x2e, 0x35, 0xd8, 0xbe, 0x03, 0x76, 0x16, 0xc7, 0x3f, 0x19, 0x5a, 0xc5, 0xe2, 0x5d, 0x03, 0xa7,
0x90, 0x37, 0x02, 0x8f, 0x25, 0x50, 0xb1, 0xaf, 0x36, 0xee, 0x33, 0x7c, 0x7d, 0xf5, 0x9c, 0x26,
0x1f, 0x02, 0x9c, 0x08, 0x11, 0x3d, 0x96, 0x83, 0x5b, 0x1f, 0x62, 0xa3, 0x44, 0x22, 0xc8, 0x2e,
0x38, 0xb8, 0x49, 0xb4, 0x5e, 0x45, 0x2a, 0x2d, 0x12, 0x05, 0xf8, 0x00, 0xec, 0x79, 0x66, 0xae,
0x86, 0xb3, 0x35, 0x5f, 0x5b, 0xbf, 0x0f, 0x56, 0xc8, 0xb5, 0x4e, 0xbd, 0x23, 0xb5, 0x90, 0x4b,
0x95, 0xbb, 0x07, 0xff, 0x7b, 0xed, 0x57, 0x81, 0x5c, 0x81, 0xea, 0x3c, 0x58, 0x0a, 0x79, 0x5d,
0xf1, 0x69, 0xd2, 0x3b, 0xf7, 0x57, 0x03, 0x20, 0xbf, 0x5a, 0xc8, 0x08, 0xde, 0x3b, 0xc4, 0x6c,
0xaa, 0x7b, 0xb6, 0x04, 0xeb, 0x54, 0x57, 0x50, 0xf7, 0xd1, 0xd5, 0x57, 0xaf, 0x63, 0x7b, 0x5d,
0x60, 0x55, 0xdb, 0xae, 0xae, 0xed, 0xbb, 0x3c, 0xe7, 0xd9, 0x09, 0xdb, 0x0f, 0xe0, 0xc2, 0x2b,
0xee, 0xde, 0xf2, 0xa6, 0xe6, 0x5d, 0x56, 0x28, 0xd9, 0x8d, 0xcf, 0xc0, 0xce, 0x9e, 0x19, 0x62,
0x41, 0xb9, 0x37, 0xfa, 0x72, 0x50, 0xdf, 0x20, 0x00, 0xd5, 0xc9, 0xb0, 0x4f, 0x87, 0x47, 0x75,
0x83, 0xd4, 0xa0, 0x34, 0x99, 0x1c, 0xd6, 0x4d, 0x62, 0x43, 0xa5, 0x7f, 0xd0, 0x3f, 0x1c, 0xd6,
0x4b, 0xb8, 0x3c, 0x7a, 0xf8, 0xe8, 0xfe, 0xa4, 0x5e, 0xbe, 0x71, 0x1b, 0x2e, 0x9e, 0x7b, 0x37,
0xa4, 0xf5, 0xe1, 0x01, 0x1d, 0xa2, 0x27, 0x07, 0x6a, 0x8f, 0xe8, 0xe8, 0xf8, 0xe0, 0x68, 0x58,
0x37, 0x50, 0xf1, 0xc5, 0xb8, 0xff, 0x60, 0x38, 0xa8, 0x9b, 0xbd, 0xfa, 0xf3, 0x97, 0x3b, 0xc6,
0x2f, 0x2f, 0x77, 0x8c, 0x3f, 0x5e, 0xee, 0x18, 0xdf, 0xff, 0xb9, 0xb3, 0x31, 0xad, 0xca, 0x5f,
0xd8, 0x5b, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x35, 0x35, 0x9f, 0xfe, 0x02, 0x0b, 0x00, 0x00,
// 1328 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xcb, 0x6e, 0xdb, 0x46,
0x17, 0x36, 0xa9, 0x8b, 0xc9, 0x43, 0xdb, 0xd1, 0x3f, 0xb9, 0xfc, 0xfa, 0xfd, 0xa7, 0xb6, 0xcb,
0x14, 0x85, 0x13, 0xc7, 0x12, 0xa0, 0x00, 0x49, 0xd0, 0x45, 0x50, 0xeb, 0x12, 0x58, 0x4d, 0x53,
0x05, 0x23, 0xc3, 0x5d, 0x06, 0x14, 0x35, 0x92, 0x89, 0x48, 0x1c, 0x82, 0x1c, 0xa6, 0xd6, 0xa2,
0x5d, 0xe4, 0x09, 0x0a, 0x14, 0xe8, 0xbe, 0x2f, 0xd0, 0x37, 0xe8, 0x3e, 0xcb, 0x6e, 0xdb, 0x45,
0x5a, 0xa4, 0x2f, 0x52, 0x9c, 0x99, 0xe1, 0x25, 0x97, 0xa2, 0x09, 0xda, 0x15, 0x67, 0xce, 0xe5,
0x9b, 0x33, 0xdf, 0x39, 0x67, 0x0e, 0xc1, 0xe6, 0x51, 0xd2, 0x8a, 0x62, 0x2e, 0x38, 0x31, 0xa3,
0xc9, 0xf6, 0xe1, 0x3c, 0x10, 0x67, 0xe9, 0xa4, 0xe5, 0xf3, 0x65, 0x7b, 0xce, 0xe7, 0xbc, 0x2d,
0x55, 0x93, 0x74, 0x26, 0x77, 0x72, 0x23, 0x57, 0xca, 0xc5, 0xfd, 0xc1, 0x04, 0x73, 0x14, 0x91,
0x0f, 0xa1, 0x1e, 0x84, 0x51, 0x2a, 0x92, 0xa6, 0xb1, 0x57, 0xd9, 0x77, 0x3a, 0x76, 0x2b, 0x9a,
0xb4, 0x86, 0x28, 0xa1, 0x5a, 0x41, 0xf6, 0xa0, 0xca, 0xce, 0x99, 0xdf, 0x34, 0xf7, 0x8c, 0x7d,
0xa7, 0x03, 0x68, 0x30, 0x38, 0x67, 0xfe, 0x28, 0x3a, 0x5e, 0xa3, 0x52, 0x43, 0x3e, 0x86, 0x7a,
0xc2, 0xd3, 0xd8, 0x67, 0xcd, 0x8a, 0xb4, 0xd9, 0x40, 0x9b, 0xb1, 0x94, 0x48, 0x2b, 0xad, 0x45,
0x24, 0x9f, 0x47, 0xab, 0x66, 0xb5, 0x40, 0xea, 0xf1, 0x68, 0xa5, 0x90, 0x50, 0x43, 0xae, 0x41,
0x6d, 0x92, 0x06, 0x8b, 0x69, 0xb3, 0x26, 0x4d, 0x1c, 0x34, 0xe9, 0xa2, 0x40, 0xda, 0x28, 0x1d,
0xd9, 0x07, 0x2b, 0x5a, 0x78, 0x62, 0xc6, 0xe3, 0x65, 0x13, 0x8a, 0x03, 0x1f, 0x69, 0x19, 0xcd,
0xb5, 0xe4, 0x0e, 0x38, 0x3e, 0x0f, 0x13, 0x11, 0x7b, 0x41, 0x28, 0x92, 0xa6, 0x23, 0x8d, 0x2f,
0xa3, 0xf1, 0x97, 0x3c, 0x7e, 0xc2, 0xe2, 0x5e, 0xa1, 0xa4, 0x65, 0xcb, 0x6e, 0x15, 0x4c, 0x1e,
0xb9, 0xdf, 0x1b, 0x60, 0x65, 0xa8, 0xc4, 0x85, 0x8d, 0xa3, 0xd8, 0x3f, 0x0b, 0x04, 0xf3, 0x45,
0x1a, 0xb3, 0xa6, 0xb1, 0x67, 0xec, 0xdb, 0xf4, 0x15, 0x19, 0xd9, 0x02, 0x73, 0x34, 0x96, 0x44,
0xd9, 0xd4, 0x1c, 0x8d, 0x49, 0x13, 0xd6, 0x4f, 0xbd, 0x38, 0xf0, 0x42, 0x21, 0x99, 0xb1, 0x69,
0xb6, 0x25, 0x57, 0xc1, 0x1e, 0x8d, 0x4f, 0x59, 0x9c, 0x04, 0x3c, 0x94, 0x7c, 0xd8, 0xb4, 0x10,
0x90, 0x1d, 0x80, 0xd1, 0xf8, 0x3e, 0xf3, 0x10, 0x34, 0x69, 0xd6, 0xf6, 0x2a, 0xfb, 0x36, 0x2d,
0x49, 0xdc, 0x6f, 0xa0, 0x26, 0x73, 0x44, 0x3e, 0x83, 0xfa, 0x34, 0x98, 0xb3, 0x44, 0xa8, 0x70,
0xba, 0x9d, 0xe7, 0x2f, 0x76, 0xd7, 0x7e, 0x7d, 0xb1, 0x7b, 0xa3, 0x54, 0x0c, 0x3c, 0x62, 0xa1,
0xcf, 0x43, 0xe1, 0x05, 0x21, 0x8b, 0x93, 0xf6, 0x9c, 0x1f, 0x2a, 0x97, 0x56, 0x5f, 0x7e, 0xa8,
0x46, 0x20, 0xd7, 0xa1, 0x16, 0x84, 0x53, 0x76, 0x2e, 0xe3, 0xaf, 0x74, 0x2f, 0x6a, 0x28, 0x67,
0x94, 0x8a, 0x28, 0x15, 0x43, 0x54, 0x51, 0x65, 0xe1, 0x0e, 0xa1, 0xae, 0x4a, 0x80, 0x5c, 0x85,
0xea, 0x92, 0x09, 0x4f, 0x1e, 0xef, 0x74, 0x2c, 0xa4, 0xf6, 0x21, 0x13, 0x1e, 0x95, 0x52, 0xac,
0xae, 0x25, 0x4f, 0x91, 0x7a, 0xb3, 0xa8, 0xae, 0x87, 0x28, 0xa1, 0x5a, 0xe1, 0x7e, 0x0d, 0x55,
0x74, 0x20, 0x04, 0xaa, 0x5e, 0x3c, 0x57, 0x65, 0x68, 0x53, 0xb9, 0x26, 0x0d, 0xa8, 0xb0, 0xf0,
0xa9, 0xf4, 0xb5, 0x29, 0x2e, 0x51, 0xe2, 0x7f, 0x35, 0xd5, 0x64, 0xe2, 0x12, 0xfd, 0xd2, 0x84,
0xc5, 0x9a, 0x43, 0xb9, 0x26, 0xd7, 0xc1, 0x8e, 0x62, 0x7e, 0xbe, 0x7a, 0x8c, 0xde, 0xb5, 0x52,
0x85, 0xa0, 0x70, 0x10, 0x3e, 0xa5, 0x56, 0xa4, 0x57, 0xee, 0x8f, 0x26, 0xd4, 0x64, 0x40, 0x64,
0x1f, 0xaf, 0x1f, 0xa5, 0x8a, 0xc9, 0x4a, 0x97, 0xe8, 0xeb, 0x83, 0x24, 0x3a, 0xbf, 0x3d, 0x92,
0xbe, 0x0d, 0x56, 0xc2, 0x16, 0xcc, 0x17, 0x3c, 0xd6, 0xb9, 0xce, 0xf7, 0x18, 0xce, 0x14, 0xd3,
0xa1, 0x22, 0x94, 0x6b, 0x72, 0x00, 0x75, 0x2e, 0x39, 0x94, 0x41, 0xfe, 0x05, 0xb3, 0xda, 0x04,
0xc1, 0x63, 0xe6, 0x4d, 0x79, 0xb8, 0x58, 0xc9, 0xd0, 0x2d, 0x9a, 0xef, 0xc9, 0x01, 0xd8, 0x92,
0xb5, 0x93, 0x55, 0xc4, 0x9a, 0xf5, 0x3d, 0x63, 0x7f, 0xab, 0xb3, 0x99, 0x33, 0x8a, 0x42, 0x5a,
0xe8, 0xb1, 0x4b, 0x7c, 0xcf, 0x3f, 0x63, 0xa3, 0x48, 0x34, 0x2f, 0x15, 0x1c, 0xf4, 0xb4, 0x8c,
0xe6, 0x5a, 0x84, 0x4d, 0x98, 0x1f, 0x33, 0x81, 0xa6, 0x97, 0xa5, 0xa9, 0x84, 0x1d, 0x67, 0x42,
0x5a, 0xe8, 0xdd, 0x21, 0x58, 0x19, 0x04, 0x96, 0xfb, 0xb0, 0xaf, 0x1b, 0xc1, 0x1c, 0xf6, 0xc9,
0x21, 0xac, 0x27, 0x67, 0x5e, 0x1c, 0x84, 0x73, 0xc9, 0xcb, 0x56, 0xe7, 0x62, 0x7e, 0xe2, 0x58,
0xc9, 0x11, 0x2c, 0xb3, 0x71, 0x39, 0xd8, 0xf9, 0x11, 0x6f, 0x60, 0x35, 0xa0, 0x92, 0x06, 0x53,
0x89, 0xb3, 0x49, 0x71, 0x89, 0x92, 0x79, 0xa0, 0x72, 0xbf, 0x49, 0x71, 0x89, 0x64, 0x2f, 0xf9,
0x94, 0x49, 0x5a, 0x37, 0xa9, 0x5c, 0x23, 0x7f, 0x3c, 0x12, 0x01, 0x0f, 0xbd, 0x45, 0xc6, 0x5f,
0xb6, 0x77, 0xef, 0x41, 0x5d, 0xbd, 0x37, 0x64, 0x0f, 0x2a, 0x49, 0xec, 0xeb, 0x37, 0x6f, 0x2b,
0x7b, 0x88, 0xd4, 0x93, 0x45, 0x51, 0x95, 0x27, 0xd2, 0x2c, 0x12, 0xe9, 0x52, 0x80, 0xc2, 0xec,
0xdf, 0x29, 0x18, 0xf7, 0x3b, 0x03, 0xac, 0xec, 0xa9, 0xc4, 0xbe, 0x0f, 0xa6, 0x2c, 0x14, 0xc1,
0x2c, 0x60, 0xb1, 0x26, 0xa3, 0x24, 0x21, 0x87, 0x50, 0xf3, 0x84, 0x88, 0xb3, 0x76, 0xfa, 0x6f,
0xf9, 0x9d, 0x6d, 0x1d, 0xa1, 0x66, 0x10, 0x8a, 0x78, 0x45, 0x95, 0xd5, 0xf6, 0x5d, 0x80, 0x42,
0x88, 0xfc, 0x3d, 0x61, 0x2b, 0x8d, 0x8a, 0x4b, 0x72, 0x09, 0x6a, 0x4f, 0xbd, 0x45, 0xca, 0x74,
0x50, 0x6a, 0xf3, 0x89, 0x79, 0xd7, 0x70, 0x7f, 0x32, 0x61, 0x5d, 0xbf, 0xbb, 0xe4, 0x26, 0xac,
0xcb, 0x77, 0x57, 0x47, 0xf4, 0xf6, 0x9b, 0x66, 0x26, 0xa4, 0x9d, 0x0f, 0x94, 0x52, 0x8c, 0x1a,
0x4a, 0x0d, 0x16, 0x1d, 0x63, 0x31, 0x5e, 0x2a, 0x53, 0x36, 0xd3, 0x93, 0x43, 0xa6, 0xa2, 0xcf,
0x66, 0x41, 0x18, 0x60, 0xce, 0x28, 0xaa, 0xc8, 0xcd, 0xec, 0xd6, 0x55, 0x89, 0x78, 0xa5, 0x8c,
0xf8, 0xe6, 0xa5, 0x87, 0xe0, 0x94, 0x8e, 0x79, 0xcb, 0xad, 0x3f, 0x2a, 0xdf, 0x5a, 0x1f, 0x29,
0xe1, 0xd4, 0xd8, 0x2b, 0x58, 0xf8, 0x07, 0xfc, 0xdd, 0x06, 0x28, 0x20, 0xdf, 0xbd, 0x52, 0xdc,
0x67, 0x15, 0x80, 0x51, 0x84, 0x0f, 0xe2, 0xd4, 0x93, 0xef, 0xe7, 0x46, 0x30, 0x0f, 0x79, 0xcc,
0x1e, 0xcb, 0x66, 0x95, 0xfe, 0x16, 0x75, 0x94, 0x4c, 0xf6, 0x15, 0x39, 0x02, 0x67, 0xca, 0x12,
0x3f, 0x0e, 0x64, 0x91, 0x6b, 0xd2, 0x77, 0xf1, 0x4e, 0x05, 0x4e, 0xab, 0x5f, 0x58, 0x28, 0xae,
0xca, 0x3e, 0xa4, 0x03, 0x1b, 0xec, 0x3c, 0xe2, 0xb1, 0xd0, 0xa7, 0xa8, 0xf1, 0x7c, 0x41, 0x0d,
0x7a, 0x94, 0xcb, 0x93, 0xa8, 0xc3, 0x8a, 0x0d, 0xf1, 0xa0, 0xea, 0x7b, 0x91, 0x9a, 0x4d, 0x4e,
0xa7, 0xf9, 0xda, 0x79, 0x3d, 0x2f, 0x52, 0xa4, 0x75, 0x6f, 0xe1, 0x5d, 0x9f, 0xfd, 0xb6, 0x7b,
0x50, 0x1a, 0x48, 0x4b, 0x3e, 0x59, 0xb5, 0x65, 0xbd, 0x3c, 0x09, 0x44, 0x3b, 0x15, 0xc1, 0xa2,
0xed, 0x45, 0x01, 0xc2, 0xa1, 0xe3, 0xb0, 0x4f, 0x25, 0xf4, 0xf6, 0x3d, 0x68, 0xbc, 0x1e, 0xf7,
0xfb, 0xe4, 0x60, 0xfb, 0x0e, 0xd8, 0x79, 0x1c, 0x7f, 0xe7, 0x68, 0x95, 0x93, 0x77, 0x0d, 0x9c,
0xd2, 0xbd, 0xd1, 0xf0, 0x54, 0x1a, 0x2a, 0xf6, 0xd5, 0xc6, 0x7d, 0x86, 0xff, 0x06, 0x7a, 0x8a,
0x90, 0x0f, 0x00, 0xce, 0x84, 0x88, 0x1e, 0xcb, 0xb1, 0xa2, 0x0f, 0xb1, 0x51, 0x22, 0x2d, 0xc8,
0x2e, 0x38, 0xb8, 0x49, 0xb4, 0x5e, 0x45, 0x2a, 0x3d, 0x12, 0x65, 0xf0, 0x7f, 0xb0, 0x67, 0xb9,
0xbb, 0x1a, 0x1d, 0xd6, 0x2c, 0xf3, 0xfe, 0x1f, 0x58, 0x21, 0xd7, 0x3a, 0x35, 0xe5, 0xd6, 0x43,
0x2e, 0x55, 0xee, 0x01, 0xfc, 0xe7, 0x8d, 0x1f, 0x19, 0x72, 0x05, 0xea, 0xb3, 0x60, 0x21, 0x64,
0xbb, 0xe2, 0xe0, 0xd4, 0x3b, 0xf7, 0x17, 0x03, 0xa0, 0x68, 0x2d, 0x64, 0x04, 0xfb, 0x0e, 0x6d,
0x36, 0x54, 0x9f, 0x2d, 0xc0, 0x5a, 0xea, 0x0c, 0xea, 0x3a, 0xba, 0xfa, 0x6a, 0x3b, 0xb6, 0xb2,
0x04, 0xab, 0xdc, 0x76, 0x74, 0x6e, 0xdf, 0xe7, 0x67, 0x23, 0x3f, 0x61, 0xfb, 0x01, 0x6c, 0xbe,
0x02, 0xf7, 0x8e, 0x9d, 0x5a, 0x54, 0x59, 0x29, 0x65, 0x37, 0x3e, 0x05, 0x3b, 0x1f, 0x82, 0xc4,
0x82, 0x6a, 0x77, 0xf8, 0x45, 0xbf, 0xb1, 0x46, 0x00, 0xea, 0xe3, 0x41, 0x8f, 0x0e, 0x4e, 0x1a,
0x06, 0x59, 0x87, 0xca, 0x78, 0x7c, 0xdc, 0x30, 0x89, 0x0d, 0xb5, 0xde, 0x51, 0xef, 0x78, 0xd0,
0xa8, 0xe0, 0xf2, 0xe4, 0xe1, 0xa3, 0xfb, 0xe3, 0x46, 0xf5, 0xc6, 0x6d, 0xb8, 0xf0, 0xda, 0xa0,
0x92, 0xde, 0xc7, 0x47, 0x74, 0x80, 0x48, 0x0e, 0xac, 0x3f, 0xa2, 0xc3, 0xd3, 0xa3, 0x93, 0x41,
0xc3, 0x40, 0xc5, 0xe7, 0xa3, 0xde, 0x83, 0x41, 0xbf, 0x61, 0x76, 0x1b, 0xcf, 0x5f, 0xee, 0x18,
0x3f, 0xbf, 0xdc, 0x31, 0x7e, 0x7f, 0xb9, 0x63, 0x7c, 0xfb, 0xc7, 0xce, 0xda, 0xa4, 0x2e, 0x7f,
0xb0, 0x6f, 0xfd, 0x19, 0x00, 0x00, 0xff, 0xff, 0xa3, 0xba, 0x5c, 0x6e, 0xa0, 0x0b, 0x00, 0x00,
}

16
solver/pb/ops.proto
View File

@ -63,6 +63,7 @@ message Mount {
bool readonly = 5;
MountType mountType = 6;
CacheOpt cacheOpt = 20;
SecretOpt secretOpt = 21;
}
// MountType defines a type of a mount from a supported set
@ -92,6 +93,21 @@ enum CacheSharingOpt {
LOCKED = 2;
}
// SecretOpt defines options describing secret mounts
message SecretOpt {
// ID of secret. Used for quering the value.
string ID = 1;
// UID of secret file
uint32 uid = 2;
// GID of secret file
uint32 gid = 3;
// Mode is the filesystem mode of secret file
uint32 mode = 4;
// Optional defines if secret value is required. Error is produced
// if value is not found and optional is false.
bool optional = 5;
}
// CopyOp copies files across Ops.
message CopyOp {
repeated CopySource src = 1;

2
worker/base/worker.go
View File

@ -215,7 +215,7 @@ func (w *Worker) ResolveOp(v solver.Vertex, s frontend.FrontendLLBBridge) (solve
case *pb.Op_Source:
return ops.NewSourceOp(v, op, baseOp.Platform, w.SourceManager, w)
case *pb.Op_Exec:
return ops.NewExecOp(v, op, w.CacheManager, w.MetadataStore, w.Executor, w)
return ops.NewExecOp(v, op, w.CacheManager, w.SessionManager, w.MetadataStore, w.Executor, w)
case *pb.Op_Build:
return ops.NewBuildOp(v, op, s, w)
}