vendor: add buildkit

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>

vendor/github.com/moby/buildkit/util/entitlements/entitlements.go

@@ -0,0 +1,70 @@
+package entitlements
+
+import "github.com/pkg/errors"
+
+type Entitlement string
+
+const (
+	EntitlementSecurityConfined   Entitlement = "security.confined"
+	EntitlementSecurityUnconfined Entitlement = "security.unconfined" // unimplemented
+	EntitlementNetworkHost        Entitlement = "network.host"
+	EntitlementNetworkNone        Entitlement = "network.none"
+)
+
+var all = map[Entitlement]struct{}{
+	EntitlementSecurityConfined:   {},
+	EntitlementSecurityUnconfined: {},
+	EntitlementNetworkHost:        {},
+	EntitlementNetworkNone:        {},
+}
+
+var defaults = map[Entitlement]struct{}{
+	EntitlementSecurityConfined: {},
+	EntitlementNetworkNone:      {},
+}
+
+func Parse(s string) (Entitlement, error) {
+	_, ok := all[Entitlement(s)]
+	if !ok {
+		return "", errors.Errorf("unknown entitlement %s", s)
+	}
+	return Entitlement(s), nil
+}
+
+func WhiteList(allowed, supported []Entitlement) (Set, error) {
+	m := map[Entitlement]struct{}{}
+
+	var supm Set
+	if supported != nil {
+		var err error
+		supm, err = WhiteList(supported, nil)
+		if err != nil { // should not happen
+			return nil, err
+		}
+	}
+
+	for _, e := range allowed {
+		e, err := Parse(string(e))
+		if err != nil {
+			return nil, err
+		}
+		if supported != nil {
+			if !supm.Allowed(e) {
+				return nil, errors.Errorf("entitlement %s is not allowed", e)
+			}
+		}
+		m[e] = struct{}{}
+	}
+
+	for e := range defaults {
+		m[e] = struct{}{}
+	}
+	return Set(m), nil
+}
+
+type Set map[Entitlement]struct{}
+
+func (s Set) Allowed(e Entitlement) bool {
+	_, ok := s[e]
+	return ok
+}