auth support for tls endpoint

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

src/auth.ts

@@ -0,0 +1,51 @@
+import * as fs from 'fs';
+
+export const envPrefix = 'BUILDER_NODE';
+
+export function setCredentials(credsdir: string, index: number, driver: string, endpoint: string): Array<string> {
+  let url: URL;
+  try {
+    url = new URL(endpoint);
+  } catch (e) {
+    return [];
+  }
+  switch (url.protocol) {
+    case 'tcp:': {
+      return setBuildKitClientCerts(credsdir, index, driver, url);
+    }
+  }
+  return [];
+}
+
+function setBuildKitClientCerts(credsdir: string, index: number, driver: string, endpoint: URL): Array<string> {
+  const driverOpts: Array<string> = [];
+  const buildkitCacert = process.env[`${envPrefix}_${index}_AUTH_TLS_CACERT`] || '';
+  const buildkitCert = process.env[`${envPrefix}_${index}_AUTH_TLS_CERT`] || '';
+  const buildkitKey = process.env[`${envPrefix}_${index}_AUTH_TLS_KEY`] || '';
+  if (buildkitCacert.length == 0 && buildkitCert.length == 0 && buildkitKey.length == 0) {
+    return driverOpts;
+  }
+  let host = endpoint.hostname;
+  if (endpoint.port.length > 0) {
+    host += `-${endpoint.port}`;
+  }
+  if (buildkitCacert.length > 0) {
+    const cacertpath = `${credsdir}/cacert_${host}.pem`;
+    fs.writeFileSync(cacertpath, buildkitCacert);
+    driverOpts.push(`cacert=${cacertpath}`);
+  }
+  if (buildkitCert.length > 0) {
+    const certpath = `${credsdir}/cert_${host}.pem`;
+    fs.writeFileSync(certpath, buildkitCert);
+    driverOpts.push(`cert=${certpath}`);
+  }
+  if (buildkitKey.length > 0) {
+    const keypath = `${credsdir}/key_${host}.pem`;
+    fs.writeFileSync(keypath, buildkitKey);
+    driverOpts.push(`key=${keypath}`);
+  }
+  if (driver != 'remote') {
+    return [];
+  }
+  return driverOpts;
+}