Skip to content

Commit 36b0458

Browse files
crazy-maxcrazy-max
authored
Merge pull request #5833 from tonistiigi/secret-env-fix
solver: fix reading secrets from any session
2 parents 10d1923 + 91b55e8 commit 36b0458

File tree

3 files changed

+11
-11
lines changed

3 files changed

+11
-11
lines changed

frontend/gateway/container/container.go

+1-4
Original file line numberDiff line numberDiff line change
@@ -389,14 +389,11 @@ func (gwCtr *gatewayContainer) loadSecretEnv(ctx context.Context, secretEnv []*p
389389
err = gwCtr.sm.Any(ctx, gwCtr.group, func(ctx context.Context, _ string, caller session.Caller) error {
390390
dt, err = secrets.GetSecret(ctx, caller, id)
391391
if err != nil {
392-
if errors.Is(err, secrets.ErrNotFound) && sopt.Optional {
393-
return nil
394-
}
395392
return err
396393
}
397394
return nil
398395
})
399-
if err != nil {
396+
if err != nil && !(errors.Is(err, secrets.ErrNotFound) && sopt.Optional) {
400397
return nil, err
401398
}
402399
out = append(out, fmt.Sprintf("%s=%s", sopt.Name, string(dt)))

solver/llbsolver/ops/exec.go

+1-4
Original file line numberDiff line numberDiff line change
@@ -559,14 +559,11 @@ func (e *ExecOp) loadSecretEnv(ctx context.Context, g session.Group) ([]string,
559559
err = e.sm.Any(ctx, g, func(ctx context.Context, _ string, caller session.Caller) error {
560560
dt, err = secrets.GetSecret(ctx, caller, id)
561561
if err != nil {
562-
if errors.Is(err, secrets.ErrNotFound) && sopt.Optional {
563-
return nil
564-
}
565562
return err
566563
}
567564
return nil
568565
})
569-
if err != nil {
566+
if err != nil && !(errors.Is(err, secrets.ErrNotFound) && sopt.Optional) {
570567
return nil, err
571568
}
572569
out = append(out, fmt.Sprintf("%s=%s", sopt.Name, string(dt)))

source/git/source.go

+9-3
Original file line numberDiff line numberDiff line change
@@ -256,9 +256,11 @@ func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) e
256256
if err != nil {
257257
return err
258258
}
259-
return gs.sm.Any(ctx, g, func(ctx context.Context, _ string, caller session.Caller) error {
259+
err = gs.sm.Any(ctx, g, func(ctx context.Context, _ string, caller session.Caller) error {
260+
var err error
260261
for _, s := range sec {
261-
dt, err := secrets.GetSecret(ctx, caller, s.name)
262+
var dt []byte
263+
dt, err = secrets.GetSecret(ctx, caller, s.name)
262264
if err != nil {
263265
if errors.Is(err, secrets.ErrNotFound) {
264266
continue
@@ -271,8 +273,12 @@ func (gs *gitSourceHandler) getAuthToken(ctx context.Context, g session.Group) e
271273
gs.authArgs = []string{"-c", "http." + tokenScope(gs.src.Remote) + ".extraheader=Authorization: " + string(dt)}
272274
break
273275
}
274-
return nil
276+
return err
275277
})
278+
if errors.Is(err, secrets.ErrNotFound) {
279+
err = nil
280+
}
281+
return err
276282
}
277283

278284
func (gs *gitSourceHandler) mountSSHAuthSock(ctx context.Context, sshID string, g session.Group) (string, func() error, error) {

0 commit comments

Comments
 (0)