From c30db6a9557a63ca931dba90348000102abfd1de Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 2 Dec 2024 14:46:58 -0800 Subject: [PATCH 1/2] bake: fix entitlements path checks for local outputs Previous check based on dest attributes was not correct as the attributes already get converted before validation happens. Because the local path is not preserved for single-file outputs and gets replaced by io.Writer, a temporary array variable was needed. This value should instead be added to ExportEntry struct in BuildKit in future revision. Signed-off-by: Tonis Tiigi (cherry picked from commit c6e403ad7f239409a28355be9a494805d895759b) --- bake/bake.go | 3 ++- bake/entitlements.go | 13 ++---------- bake/entitlements_test.go | 24 ++++------------------ build/build.go | 43 ++++++++++++++++++++------------------- controller/build/build.go | 2 +- controller/pb/export.go | 29 ++++++++++++++------------ 6 files changed, 47 insertions(+), 67 deletions(-) diff --git a/bake/bake.go b/bake/bake.go index 10f6cf1e..f3eea4f7 100644 --- a/bake/bake.go +++ b/bake/bake.go @@ -1329,7 +1329,8 @@ func toBuildOpt(t *Target, inp *Input) (*build.Options, error) { if err != nil { return nil, err } - bo.Exports, err = controllerapi.CreateExports(outputs) + + bo.Exports, bo.ExportsLocalPathsTemporary, err = controllerapi.CreateExports(outputs) if err != nil { return nil, err } diff --git a/bake/entitlements.go b/bake/entitlements.go index b7160481..116051ff 100644 --- a/bake/entitlements.go +++ b/bake/entitlements.go @@ -113,17 +113,8 @@ func (c EntitlementConf) check(bo build.Options, expected *EntitlementConf) erro roPaths[p] = struct{}{} } - for _, out := range bo.Exports { - if out.Type == "local" { - if dest, ok := out.Attrs["dest"]; ok { - rwPaths[dest] = struct{}{} - } - } - if out.Type == "tar" { - if dest, ok := out.Attrs["dest"]; ok && dest != "-" { - rwPaths[dest] = struct{}{} - } - } + for _, p := range bo.ExportsLocalPathsTemporary { + rwPaths[p] = struct{}{} } for _, ce := range bo.CacheTo { diff --git a/bake/entitlements_test.go b/bake/entitlements_test.go index 16cd8bc6..ef1bbdec 100644 --- a/bake/entitlements_test.go +++ b/bake/entitlements_test.go @@ -10,7 +10,6 @@ import ( "github.com/docker/buildx/build" "github.com/docker/buildx/controller/pb" "github.com/docker/buildx/util/osutil" - "github.com/moby/buildkit/client" "github.com/moby/buildkit/client/llb" "github.com/moby/buildkit/util/entitlements" "github.com/stretchr/testify/require" @@ -279,25 +278,10 @@ func TestValidateEntitlements(t *testing.T) { { name: "ExportLocal", opt: build.Options{ - Exports: []client.ExportEntry{ - { - Type: "local", - Attrs: map[string]string{ - "dest": dir1, - }, - }, - { - Type: "local", - Attrs: map[string]string{ - "dest": filepath.Join(dir1, "subdir"), - }, - }, - { - Type: "local", - Attrs: map[string]string{ - "dest": dir2, - }, - }, + ExportsLocalPathsTemporary: []string{ + dir1, + filepath.Join(dir1, "subdir"), + dir2, }, }, expected: EntitlementConf{ diff --git a/build/build.go b/build/build.go index 3a2e7663..4663d1f4 100644 --- a/build/build.go +++ b/build/build.go @@ -62,27 +62,28 @@ const ( type Options struct { Inputs Inputs - Ref string - Allow []entitlements.Entitlement - Attests map[string]*string - BuildArgs map[string]string - CacheFrom []client.CacheOptionsEntry - CacheTo []client.CacheOptionsEntry - CgroupParent string - Exports []client.ExportEntry - ExtraHosts []string - Labels map[string]string - NetworkMode string - NoCache bool - NoCacheFilter []string - Platforms []specs.Platform - Pull bool - SecretSpecs []*controllerapi.Secret - SSHSpecs []*controllerapi.SSH - ShmSize opts.MemBytes - Tags []string - Target string - Ulimits *opts.UlimitOpt + Ref string + Allow []entitlements.Entitlement + Attests map[string]*string + BuildArgs map[string]string + CacheFrom []client.CacheOptionsEntry + CacheTo []client.CacheOptionsEntry + CgroupParent string + Exports []client.ExportEntry + ExportsLocalPathsTemporary []string // should be removed after client.ExportEntry update in buildkit v0.19.0 + ExtraHosts []string + Labels map[string]string + NetworkMode string + NoCache bool + NoCacheFilter []string + Platforms []specs.Platform + Pull bool + SecretSpecs []*controllerapi.Secret + SSHSpecs []*controllerapi.SSH + ShmSize opts.MemBytes + Tags []string + Target string + Ulimits *opts.UlimitOpt Session []session.Attachable Linked bool // Linked marks this target as exclusively linked (not requested by the user). diff --git a/controller/build/build.go b/controller/build/build.go index 7a57dc7d..5e0c89c2 100644 --- a/controller/build/build.go +++ b/controller/build/build.go @@ -93,7 +93,7 @@ func RunBuild(ctx context.Context, dockerCli command.Cli, in *controllerapi.Buil } opts.Session = append(opts.Session, ssh) - outputs, err := controllerapi.CreateExports(in.Exports) + outputs, _, err := controllerapi.CreateExports(in.Exports) if err != nil { return nil, nil, nil, err } diff --git a/controller/pb/export.go b/controller/pb/export.go index 3de33eb3..af60bc88 100644 --- a/controller/pb/export.go +++ b/controller/pb/export.go @@ -10,15 +10,16 @@ import ( "github.com/pkg/errors" ) -func CreateExports(entries []*ExportEntry) ([]client.ExportEntry, error) { +func CreateExports(entries []*ExportEntry) ([]client.ExportEntry, []string, error) { var outs []client.ExportEntry + var localPaths []string if len(entries) == 0 { - return nil, nil + return nil, nil, nil } var stdoutUsed bool for _, entry := range entries { if entry.Type == "" { - return nil, errors.Errorf("type is required for output") + return nil, nil, errors.Errorf("type is required for output") } out := client.ExportEntry{ @@ -49,20 +50,21 @@ func CreateExports(entries []*ExportEntry) ([]client.ExportEntry, error) { if supportDir { if entry.Destination == "" { - return nil, errors.Errorf("dest is required for %s exporter", out.Type) + return nil, nil, errors.Errorf("dest is required for %s exporter", out.Type) } if entry.Destination == "-" { - return nil, errors.Errorf("dest cannot be stdout for %s exporter", out.Type) + return nil, nil, errors.Errorf("dest cannot be stdout for %s exporter", out.Type) } fi, err := os.Stat(entry.Destination) if err != nil && !os.IsNotExist(err) { - return nil, errors.Wrapf(err, "invalid destination directory: %s", entry.Destination) + return nil, nil, errors.Wrapf(err, "invalid destination directory: %s", entry.Destination) } if err == nil && !fi.IsDir() { - return nil, errors.Errorf("destination directory %s is a file", entry.Destination) + return nil, nil, errors.Errorf("destination directory %s is a file", entry.Destination) } out.OutputDir = entry.Destination + localPaths = append(localPaths, entry.Destination) } if supportFile { if entry.Destination == "" && out.Type != client.ExporterDocker { @@ -70,32 +72,33 @@ func CreateExports(entries []*ExportEntry) ([]client.ExportEntry, error) { } if entry.Destination == "-" { if stdoutUsed { - return nil, errors.Errorf("multiple outputs configured to write to stdout") + return nil, nil, errors.Errorf("multiple outputs configured to write to stdout") } if _, err := console.ConsoleFromFile(os.Stdout); err == nil { - return nil, errors.Errorf("dest file is required for %s exporter. refusing to write to console", out.Type) + return nil, nil, errors.Errorf("dest file is required for %s exporter. refusing to write to console", out.Type) } out.Output = wrapWriteCloser(os.Stdout) stdoutUsed = true } else if entry.Destination != "" { fi, err := os.Stat(entry.Destination) if err != nil && !os.IsNotExist(err) { - return nil, errors.Wrapf(err, "invalid destination file: %s", entry.Destination) + return nil, nil, errors.Wrapf(err, "invalid destination file: %s", entry.Destination) } if err == nil && fi.IsDir() { - return nil, errors.Errorf("destination file %s is a directory", entry.Destination) + return nil, nil, errors.Errorf("destination file %s is a directory", entry.Destination) } f, err := os.Create(entry.Destination) if err != nil { - return nil, errors.Errorf("failed to open %s", err) + return nil, nil, errors.Errorf("failed to open %s", err) } out.Output = wrapWriteCloser(f) + localPaths = append(localPaths, entry.Destination) } } outs = append(outs, out) } - return outs, nil + return outs, localPaths, nil } func wrapWriteCloser(wc io.WriteCloser) func(map[string]string) (io.WriteCloser, error) { From b2c0c26c26791019ffa0fc1153626d515553ca3d Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 2 Dec 2024 16:45:12 -0800 Subject: [PATCH 2/2] bake: allow entitlements from overrides automatically If override specifies a path, mark it automatically allowed so there is no need to use duplicate flags for defining the same feature. Signed-off-by: Tonis Tiigi (cherry picked from commit dd596d654213e1ecaa6388e2d96846e784c12e9f) --- bake/bake.go | 78 +++++++++++++++++---- bake/bake_test.go | 168 +++++++++++++++++++++++----------------------- commands/bake.go | 2 +- 3 files changed, 151 insertions(+), 97 deletions(-) diff --git a/bake/bake.go b/bake/bake.go index f3eea4f7..89aaec1a 100644 --- a/bake/bake.go +++ b/bake/bake.go @@ -193,7 +193,7 @@ func ListTargets(files []File) ([]string, error) { return dedupSlice(targets), nil } -func ReadTargets(ctx context.Context, files []File, targets, overrides []string, defaults map[string]string) (map[string]*Target, map[string]*Group, error) { +func ReadTargets(ctx context.Context, files []File, targets, overrides []string, defaults map[string]string, ent *EntitlementConf) (map[string]*Target, map[string]*Group, error) { c, _, err := ParseFiles(files, defaults) if err != nil { return nil, nil, err @@ -212,7 +212,7 @@ func ReadTargets(ctx context.Context, files []File, targets, overrides []string, for _, target := range targets { ts, gs := c.ResolveGroup(target) for _, tname := range ts { - t, err := c.ResolveTarget(tname, o) + t, err := c.ResolveTarget(tname, o, ent) if err != nil { return nil, nil, err } @@ -244,7 +244,7 @@ func ReadTargets(ctx context.Context, files []File, targets, overrides []string, } for name, t := range m { - if err := c.loadLinks(name, t, m, o, nil); err != nil { + if err := c.loadLinks(name, t, m, o, nil, ent); err != nil { return nil, nil, err } } @@ -476,7 +476,7 @@ func (c Config) expandTargets(pattern string) ([]string, error) { return names, nil } -func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[string]map[string]Override, visited []string) error { +func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[string]map[string]Override, visited []string, ent *EntitlementConf) error { visited = append(visited, name) for _, v := range t.Contexts { if strings.HasPrefix(v, "target:") { @@ -492,7 +492,7 @@ func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[st t2, ok := m[target] if !ok { var err error - t2, err = c.ResolveTarget(target, o) + t2, err = c.ResolveTarget(target, o, ent) if err != nil { return err } @@ -500,7 +500,7 @@ func (c Config) loadLinks(name string, t *Target, m map[string]*Target, o map[st t2.linked = true m[target] = t2 } - if err := c.loadLinks(target, t2, m, o, visited); err != nil { + if err := c.loadLinks(target, t2, m, o, visited, ent); err != nil { return err } @@ -627,8 +627,8 @@ func (c Config) group(name string, visited map[string]visit) ([]string, []string return targets, groups } -func (c Config) ResolveTarget(name string, overrides map[string]map[string]Override) (*Target, error) { - t, err := c.target(name, map[string]*Target{}, overrides) +func (c Config) ResolveTarget(name string, overrides map[string]map[string]Override, ent *EntitlementConf) (*Target, error) { + t, err := c.target(name, map[string]*Target{}, overrides, ent) if err != nil { return nil, err } @@ -644,7 +644,7 @@ func (c Config) ResolveTarget(name string, overrides map[string]map[string]Overr return t, nil } -func (c Config) target(name string, visited map[string]*Target, overrides map[string]map[string]Override) (*Target, error) { +func (c Config) target(name string, visited map[string]*Target, overrides map[string]map[string]Override, ent *EntitlementConf) (*Target, error) { if t, ok := visited[name]; ok { return t, nil } @@ -661,7 +661,7 @@ func (c Config) target(name string, visited map[string]*Target, overrides map[st } tt := &Target{} for _, name := range t.Inherits { - t, err := c.target(name, visited, overrides) + t, err := c.target(name, visited, overrides, ent) if err != nil { return nil, err } @@ -673,7 +673,7 @@ func (c Config) target(name string, visited map[string]*Target, overrides map[st m.Merge(tt) m.Merge(t) tt = m - if err := tt.AddOverrides(overrides[name]); err != nil { + if err := tt.AddOverrides(overrides[name], ent); err != nil { return nil, err } tt.normalize() @@ -856,7 +856,7 @@ func (t *Target) Merge(t2 *Target) { t.Inherits = append(t.Inherits, t2.Inherits...) } -func (t *Target) AddOverrides(overrides map[string]Override) error { +func (t *Target) AddOverrides(overrides map[string]Override, ent *EntitlementConf) error { for key, o := range overrides { value := o.Value keys := strings.SplitN(key, ".", 2) @@ -893,22 +893,76 @@ func (t *Target) AddOverrides(overrides map[string]Override) error { t.Tags = o.ArrValue case "cache-from": t.CacheFrom = o.ArrValue + cacheFrom, err := buildflags.ParseCacheEntry(o.ArrValue) + if err != nil { + return err + } + for _, c := range cacheFrom { + if c.Type == "local" { + if v, ok := c.Attrs["src"]; ok { + ent.FSRead = append(ent.FSRead, v) + } + } + } case "cache-to": t.CacheTo = o.ArrValue + cacheTo, err := buildflags.ParseCacheEntry(o.ArrValue) + if err != nil { + return err + } + for _, c := range cacheTo { + if c.Type == "local" { + if v, ok := c.Attrs["dest"]; ok { + ent.FSWrite = append(ent.FSWrite, v) + } + } + } case "target": t.Target = &value case "call": t.Call = &value case "secrets": t.Secrets = o.ArrValue + secrets, err := buildflags.ParseSecretSpecs(o.ArrValue) + if err != nil { + return errors.Wrap(err, "invalid value for outputs") + } + for _, s := range secrets { + if s.FilePath != "" { + ent.FSRead = append(ent.FSRead, s.FilePath) + } + } case "ssh": t.SSH = o.ArrValue + ssh, err := buildflags.ParseSSHSpecs(o.ArrValue) + if err != nil { + return errors.Wrap(err, "invalid value for outputs") + } + for _, s := range ssh { + ent.FSRead = append(ent.FSRead, s.Paths...) + } case "platform": t.Platforms = o.ArrValue case "output": t.Outputs = o.ArrValue + outputs, err := buildflags.ParseExports(o.ArrValue) + if err != nil { + return errors.Wrap(err, "invalid value for outputs") + } + for _, o := range outputs { + if o.Destination != "" { + ent.FSWrite = append(ent.FSWrite, o.Destination) + } + } case "entitlements": t.Entitlements = append(t.Entitlements, o.ArrValue...) + for _, v := range o.ArrValue { + if v == string(EntitlementKeyNetworkHost) { + ent.NetworkHost = true + } else if v == string(EntitlementKeySecurityInsecure) { + ent.SecurityInsecure = true + } + } case "annotations": t.Annotations = append(t.Annotations, o.ArrValue...) case "attest": diff --git a/bake/bake_test.go b/bake/bake_test.go index 1e4117ee..d589b447 100644 --- a/bake/bake_test.go +++ b/bake/bake_test.go @@ -40,7 +40,7 @@ target "webapp" { t.Run("NoOverrides", func(t *testing.T) { t.Parallel() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -58,7 +58,7 @@ target "webapp" { t.Run("InvalidTargetOverrides", func(t *testing.T) { t.Parallel() - _, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"nosuchtarget.context=foo"}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"nosuchtarget.context=foo"}, nil, &EntitlementConf{}) require.Error(t, err) require.Equal(t, "could not find any target matching 'nosuchtarget'", err.Error()) }) @@ -74,7 +74,7 @@ target "webapp" { "webapp.args.VAR_FROMENV" + t.Name(), "webapp.args.VAR_INHERITED=override", // not overriding VAR_BOTH on purpose - }, nil) + }, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, "Dockerfile.webapp", *m["webapp"].Dockerfile) @@ -103,7 +103,7 @@ target "webapp" { m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{ "webDEP.args.VAR_INHERITED=override", "webDEP.args.VAR_BOTH=override", - }, nil) + }, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, ptrstr("override"), m["webapp"].Args["VAR_INHERITED"]) @@ -115,10 +115,10 @@ target "webapp" { t.Run("ContextOverride", func(t *testing.T) { t.Parallel() - _, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.context"}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.context"}, nil, &EntitlementConf{}) require.Error(t, err) - m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.context=foo"}, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.context=foo"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, "foo", *m["webapp"].Context) require.Equal(t, 1, len(g)) @@ -127,7 +127,7 @@ target "webapp" { t.Run("NoCacheOverride", func(t *testing.T) { t.Parallel() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.no-cache=false"}, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.no-cache=false"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, false, *m["webapp"].NoCache) require.Equal(t, 1, len(g)) @@ -135,14 +135,14 @@ target "webapp" { }) t.Run("ShmSizeOverride", func(t *testing.T) { - m, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.shm-size=256m"}, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.shm-size=256m"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, "256m", *m["webapp"].ShmSize) }) t.Run("PullOverride", func(t *testing.T) { t.Parallel() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.pull=false"}, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"webapp"}, []string{"webapp.pull=false"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, false, *m["webapp"].Pull) require.Equal(t, 1, len(g)) @@ -210,7 +210,7 @@ target "webapp" { } for _, test := range cases { t.Run(test.name, func(t *testing.T) { - m, g, err := ReadTargets(ctx, []File{fp}, test.targets, test.overrides, nil) + m, g, err := ReadTargets(ctx, []File{fp}, test.targets, test.overrides, nil, &EntitlementConf{}) test.check(t, m, g, err) }) } @@ -225,7 +225,7 @@ func TestPushOverride(t *testing.T) { `target "app" { }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, "type=image,push=true", m["app"].Outputs[0]) @@ -239,7 +239,7 @@ func TestPushOverride(t *testing.T) { output = ["type=image,compression=zstd"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, "type=image,compression=zstd,push=true", m["app"].Outputs[0]) @@ -253,7 +253,7 @@ func TestPushOverride(t *testing.T) { output = ["type=image,compression=zstd"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=false"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=false"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, "type=image,compression=zstd,push=false", m["app"].Outputs[0]) @@ -267,7 +267,7 @@ func TestPushOverride(t *testing.T) { output = ["type=registry"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, "type=registry", m["app"].Outputs[0]) @@ -281,7 +281,7 @@ func TestPushOverride(t *testing.T) { output = ["type=registry"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=false"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.push=false"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 0, len(m["app"].Outputs)) }) @@ -296,7 +296,7 @@ func TestPushOverride(t *testing.T) { target "bar" { }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m)) require.Equal(t, 1, len(m["foo"].Outputs)) @@ -314,7 +314,7 @@ func TestLoadOverride(t *testing.T) { `target "app" { }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, "type=docker", m["app"].Outputs[0]) @@ -328,7 +328,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=docker"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, []string{"type=docker"}, m["app"].Outputs) @@ -342,7 +342,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=image"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m["app"].Outputs)) require.Equal(t, []string{"type=image", "type=docker"}, m["app"].Outputs) @@ -356,7 +356,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=image"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=false"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=false"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m["app"].Outputs)) require.Equal(t, []string{"type=image"}, m["app"].Outputs) @@ -370,7 +370,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=registry"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m["app"].Outputs)) require.Equal(t, []string{"type=registry", "type=docker"}, m["app"].Outputs) @@ -384,7 +384,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=oci,dest=out"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m["app"].Outputs)) require.Equal(t, []string{"type=oci,dest=out", "type=docker"}, m["app"].Outputs) @@ -398,7 +398,7 @@ func TestLoadOverride(t *testing.T) { output = ["type=docker,dest=out"] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"app"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m["app"].Outputs)) require.Equal(t, []string{"type=docker,dest=out", "type=docker"}, m["app"].Outputs) @@ -414,7 +414,7 @@ func TestLoadOverride(t *testing.T) { target "bar" { }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.load=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.load=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m)) require.Equal(t, 1, len(m["foo"].Outputs)) @@ -435,7 +435,7 @@ func TestLoadAndPushOverride(t *testing.T) { target "bar" { }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.load=true", "*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo", "bar"}, []string{"*.load=true", "*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m)) @@ -456,7 +456,7 @@ func TestLoadAndPushOverride(t *testing.T) { output = [ "type=registry" ] }`), } - m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo"}, []string{"*.load=true", "*.push=true"}, nil) + m, _, err := ReadTargets(context.TODO(), []File{fp}, []string{"foo"}, []string{"*.load=true", "*.push=true"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -512,7 +512,7 @@ services: ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp, fp2, fp3}, []string{"default"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp, fp2, fp3}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 3, len(m)) @@ -559,7 +559,7 @@ services: ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp}, []string{"web.app"}, nil, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"web.app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) _, ok := m["web_app"] @@ -567,7 +567,7 @@ services: require.Equal(t, "Dockerfile.webapp", *m["web_app"].Dockerfile) require.Equal(t, ptrstr("1"), m["web_app"].Args["buildno"]) - m, _, err = ReadTargets(ctx, []File{fp2}, []string{"web_app"}, nil, nil) + m, _, err = ReadTargets(ctx, []File{fp2}, []string{"web_app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) _, ok = m["web_app"] @@ -575,7 +575,7 @@ services: require.Equal(t, "Dockerfile", *m["web_app"].Dockerfile) require.Equal(t, ptrstr("12"), m["web_app"].Args["buildno2"]) - m, g, err := ReadTargets(ctx, []File{fp, fp2}, []string{"default"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp, fp2}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) _, ok = m["web_app"] @@ -600,7 +600,7 @@ func TestHCLContextCwdPrefix(t *testing.T) { }`), } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -631,7 +631,7 @@ func TestHCLDockerfileCwdPrefix(t *testing.T) { cwd, err := os.Getwd() require.NoError(t, err) - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -662,7 +662,7 @@ func TestOverrideMerge(t *testing.T) { "app.platform=linux/arm", "app.platform=linux/ppc64le", "app.output=type=registry", - }, nil) + }, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -697,7 +697,7 @@ func TestReadContexts(t *testing.T) { } ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -713,7 +713,7 @@ func TestReadContexts(t *testing.T) { require.Equal(t, "baz", ctxs["foo"].Path) require.Equal(t, "def", ctxs["abc"].Path) - m, _, err = ReadTargets(ctx, []File{fp}, []string{"app"}, []string{"app.contexts.foo=bay", "base.contexts.ghi=jkl"}, nil) + m, _, err = ReadTargets(ctx, []File{fp}, []string{"app"}, []string{"app.contexts.foo=bay", "base.contexts.ghi=jkl"}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -731,7 +731,7 @@ func TestReadContexts(t *testing.T) { require.Equal(t, "jkl", ctxs["ghi"].Path) // test resetting base values - m, _, err = ReadTargets(ctx, []File{fp}, []string{"app"}, []string{"app.contexts.foo="}, nil) + m, _, err = ReadTargets(ctx, []File{fp}, []string{"app"}, []string{"app.contexts.foo="}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -766,7 +766,7 @@ func TestReadContextFromTargetUnknown(t *testing.T) { } ctx := context.TODO() - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "failed to find target bar") } @@ -790,7 +790,7 @@ services: ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp, fp2}, []string{"app1", "app2"}, nil, nil) + m, _, err := ReadTargets(ctx, []File{fp, fp2}, []string{"app1", "app2"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(m)) @@ -828,7 +828,7 @@ func TestReadContextFromTargetChain(t *testing.T) { `), } - m, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 3, len(m)) @@ -867,7 +867,7 @@ func TestReadContextFromTargetInfiniteLoop(t *testing.T) { } `), } - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app", "mid"}, []string{}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app", "mid"}, []string{}, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "infinite loop from") } @@ -889,7 +889,7 @@ func TestReadContextFromTargetMultiPlatform(t *testing.T) { } `), } - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil, &EntitlementConf{}) require.NoError(t, err) } @@ -910,7 +910,7 @@ func TestReadContextFromTargetInvalidPlatforms(t *testing.T) { } `), } - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, []string{}, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "defined for different platforms") } @@ -926,7 +926,7 @@ target "default" { dockerfile = "test" }`)} - m, g, err := ReadTargets(ctx, []File{f}, []string{"default"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 0, len(g)) require.Equal(t, 1, len(m)) @@ -944,10 +944,10 @@ target "image" { dockerfile = "test" }`)} - _, _, err := ReadTargets(ctx, []File{f}, []string{"default"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{f}, []string{"default"}, nil, nil, &EntitlementConf{}) require.Error(t, err) - m, g, err := ReadTargets(ctx, []File{f}, []string{"image"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"image"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image"}, g["default"].Targets) @@ -969,7 +969,7 @@ target "image" { dockerfile = "test" }`)} - m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -995,7 +995,7 @@ target "image" { dockerfile = "test" }`)} - m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -1003,7 +1003,7 @@ target "image" { require.Equal(t, 1, len(m)) require.Equal(t, "test", *m["image"].Dockerfile) - m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "foo"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -1083,7 +1083,7 @@ services: } }`)} - m, g, err := ReadTargets(ctx, []File{fhcl}, []string{"default"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fhcl}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image"}, g["default"].Targets) @@ -1091,7 +1091,7 @@ services: require.Equal(t, 1, len(m["image"].Outputs)) require.Equal(t, "type=docker", m["image"].Outputs[0]) - m, g, err = ReadTargets(ctx, []File{fhcl}, []string{"image-release"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fhcl}, []string{"image-release"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image-release"}, g["default"].Targets) @@ -1099,7 +1099,7 @@ services: require.Equal(t, 1, len(m["image-release"].Outputs)) require.Equal(t, "type=image,push=true", m["image-release"].Outputs[0]) - m, g, err = ReadTargets(ctx, []File{fhcl}, []string{"image", "image-release"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fhcl}, []string{"image", "image-release"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image", "image-release"}, g["default"].Targets) @@ -1108,21 +1108,21 @@ services: require.Equal(t, 1, len(m["image-release"].Outputs)) require.Equal(t, "type=image,push=true", m["image-release"].Outputs[0]) - m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"default"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image"}, g["default"].Targets) require.Equal(t, 1, len(m)) require.Equal(t, ".", *m["image"].Context) - m, g, err = ReadTargets(ctx, []File{fjson}, []string{"default"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fjson}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"image"}, g["default"].Targets) require.Equal(t, 1, len(m)) require.Equal(t, ".", *m["image"].Context) - m, g, err = ReadTargets(ctx, []File{fyml}, []string{"default"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fyml}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) sort.Strings(g["default"].Targets) @@ -1131,7 +1131,7 @@ services: require.Equal(t, "./Dockerfile", *m["addon"].Dockerfile) require.Equal(t, "./aws.Dockerfile", *m["aws"].Dockerfile) - m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"addon", "aws"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"addon", "aws"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) sort.Strings(g["default"].Targets) @@ -1140,7 +1140,7 @@ services: require.Equal(t, "./Dockerfile", *m["addon"].Dockerfile) require.Equal(t, "./aws.Dockerfile", *m["aws"].Dockerfile) - m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"addon", "aws", "image"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{fyml, fhcl}, []string{"addon", "aws", "image"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) sort.Strings(g["default"].Targets) @@ -1168,7 +1168,7 @@ target "image" { output = ["type=docker"] }`)} - m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -1176,7 +1176,7 @@ target "image" { require.Equal(t, 1, len(m)) require.Equal(t, "bar", *m["foo"].Dockerfile) - m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "foo"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -1202,7 +1202,7 @@ target "image" { output = ["type=docker"] }`)} - m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"foo"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo"}, g["default"].Targets) @@ -1211,7 +1211,7 @@ target "image" { require.Equal(t, "bar", *m["foo"].Dockerfile) require.Equal(t, "type=docker", m["image"].Outputs[0]) - m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "image"}, nil, nil) + m, g, err = ReadTargets(ctx, []File{f}, []string{"foo", "image"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 2, len(g)) require.Equal(t, []string{"foo", "image"}, g["default"].Targets) @@ -1273,7 +1273,7 @@ target "d" { for _, tt := range cases { tt := tt t.Run(tt.name, func(t *testing.T) { - m, g, err := ReadTargets(ctx, []File{f}, []string{"d"}, tt.overrides, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"d"}, tt.overrides, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"d"}, g["default"].Targets) @@ -1345,7 +1345,7 @@ group "default" { for _, tt := range cases { tt := tt t.Run(tt.name, func(t *testing.T) { - m, g, err := ReadTargets(ctx, []File{f}, []string{"default"}, tt.overrides, nil) + m, g, err := ReadTargets(ctx, []File{f}, []string{"default"}, tt.overrides, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(g)) require.Equal(t, []string{"child1", "child2"}, g["default"].Targets) @@ -1403,7 +1403,7 @@ func TestTargetName(t *testing.T) { _, _, err := ReadTargets(ctx, []File{{ Name: "docker-bake.hcl", Data: []byte(`target "` + tt.target + `" {}`), - }}, []string{tt.target}, nil, nil) + }}, []string{tt.target}, nil, nil, &EntitlementConf{}) if tt.wantErr { require.Error(t, err) } else { @@ -1490,7 +1490,7 @@ target "f" { for _, tt := range cases { tt := tt t.Run(strings.Join(tt.names, "+"), func(t *testing.T) { - m, g, err := ReadTargets(ctx, []File{f}, tt.names, nil, nil) + m, g, err := ReadTargets(ctx, []File{f}, tt.names, nil, nil, &EntitlementConf{}) require.NoError(t, err) var gnames []string @@ -1567,7 +1567,7 @@ func TestHCLNullVars(t *testing.T) { } ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -1602,7 +1602,7 @@ func TestJSONNullVars(t *testing.T) { } ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) require.Equal(t, 1, len(m)) @@ -1677,7 +1677,7 @@ func TestAttestDuplicates(t *testing.T) { } ctx := context.TODO() - m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil) + m, _, err := ReadTargets(ctx, []File{fp}, []string{"default"}, nil, nil, &EntitlementConf{}) require.Equal(t, []string{"type=sbom,foo=bar", "type=provenance,mode=max"}, m["default"].Attest) require.NoError(t, err) @@ -1688,7 +1688,7 @@ func TestAttestDuplicates(t *testing.T) { "provenance": ptrstr("type=provenance,mode=max"), }, opts["default"].Attests) - m, _, err = ReadTargets(ctx, []File{fp}, []string{"default"}, []string{"*.attest=type=sbom,disabled=true"}, nil) + m, _, err = ReadTargets(ctx, []File{fp}, []string{"default"}, []string{"*.attest=type=sbom,disabled=true"}, nil, &EntitlementConf{}) require.Equal(t, []string{"type=sbom,disabled=true", "type=provenance,mode=max"}, m["default"].Attest) require.NoError(t, err) @@ -1710,7 +1710,7 @@ func TestAnnotations(t *testing.T) { }`), } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -1737,7 +1737,7 @@ func TestHCLEntitlements(t *testing.T) { }`), } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -1777,7 +1777,7 @@ func TestEntitlementsForNetHostCompose(t *testing.T) { } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp, fp2}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp, fp2}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -1808,7 +1808,7 @@ func TestEntitlementsForNetHost(t *testing.T) { } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -1839,7 +1839,7 @@ func TestNetNone(t *testing.T) { } ctx := context.TODO() - m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + m, g, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) bo, err := TargetsToBuildOpt(m, &Input{}) @@ -1879,12 +1879,12 @@ target "app" { t.Run("Valid", func(t *testing.T) { t.Setenv("FOO", "bar") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) }) t.Run("Invalid", func(t *testing.T) { - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "FOO is required.") }) @@ -1916,19 +1916,19 @@ target "app" { t.Run("Valid", func(t *testing.T) { t.Setenv("FOO", "barbar") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) }) t.Run("InvalidLength", func(t *testing.T) { t.Setenv("FOO", "bar") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "FOO must be longer than 4 characters.") }) t.Run("InvalidEmpty", func(t *testing.T) { - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "FOO is required.") }) @@ -1957,19 +1957,19 @@ target "app" { t.Run("Valid", func(t *testing.T) { t.Setenv("FOO", "bar") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) }) t.Run("SetBar", func(t *testing.T) { t.Setenv("FOO", "bar") t.Setenv("BAR", "baz") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) }) t.Run("Invalid", func(t *testing.T) { - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "BAR requires FOO to be set.") }) @@ -1998,12 +1998,12 @@ target "app" { t.Run("Valid", func(t *testing.T) { t.Setenv("FOO", "10") - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) }) t.Run("Invalid", func(t *testing.T) { - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.Error(t, err) require.Contains(t, err.Error(), "FOO must be greater than 5.") }) @@ -2025,6 +2025,6 @@ target "app" { ctx := context.TODO() - _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil) + _, _, err := ReadTargets(ctx, []File{fp}, []string{"app"}, nil, nil, &EntitlementConf{}) require.NoError(t, err) } diff --git a/commands/bake.go b/commands/bake.go index ad94c23f..12befc84 100644 --- a/commands/bake.go +++ b/commands/bake.go @@ -199,7 +199,7 @@ func runBake(ctx context.Context, dockerCli command.Cli, targets []string, in ba } } - tgts, grps, err := bake.ReadTargets(ctx, files, targets, overrides, defaults) + tgts, grps, err := bake.ReadTargets(ctx, files, targets, overrides, defaults, &ent) if err != nil { return err }