aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAshley Cui <acui@redhat.com>2022-09-09 10:57:45 -0400
committerPaul Holzinger <pholzing@redhat.com>2022-09-12 18:05:17 +0200
commit72e715a1109426114ef054042be28014380a246d (patch)
treef37bdb7e103f4a8443d7fb8d0e3845d019ad0a67
parentcd32b929e35cdb2d6b49853a7b0e5d93921b0979 (diff)
downloadpodman-72e715a1109426114ef054042be28014380a246d.tar.gz
podman-72e715a1109426114ef054042be28014380a246d.tar.bz2
podman-72e715a1109426114ef054042be28014380a246d.zip
Use new secret store API
Refactored secrets API in common for stability purposes. Move podman to said API. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rw-r--r--pkg/domain/infra/abi/play.go9
-rw-r--r--pkg/domain/infra/abi/secrets.go8
-rw-r--r--pkg/specgen/generate/kube/play_test.go6
-rw-r--r--vendor/github.com/containers/common/libnetwork/network/interface.go42
-rw-r--r--vendor/github.com/containers/common/pkg/config/default.go2
-rw-r--r--vendor/github.com/containers/common/pkg/secrets/secrets.go33
-rw-r--r--vendor/modules.txt2
9 files changed, 77 insertions, 31 deletions
diff --git a/go.mod b/go.mod
index 2ee4df39a..a12ef2760 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
github.com/containernetworking/cni v1.1.2
github.com/containernetworking/plugins v1.1.1
github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27
- github.com/containers/common v0.49.2-0.20220908074553-1a09baf471c4
+ github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/image/v5 v5.22.1-0.20220907162003-651744379993
github.com/containers/ocicrypt v1.1.5
diff --git a/go.sum b/go.sum
index f35770f31..7c718b5a8 100644
--- a/go.sum
+++ b/go.sum
@@ -424,8 +424,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19
github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27 h1:LRgKJ/JUd6iTocPg/q7oMZ9ilnbew50JXClXgiEoR9Q=
github.com/containers/buildah v1.27.1-0.20220907121344-97a52b13bb27/go.mod h1:0iWhIkE70dkoVuwpmZy5/DXpBdI3C23iYmBQccTDWMU=
github.com/containers/common v0.49.1/go.mod h1:ueM5hT0itKqCQvVJDs+EtjornAQtrHYxQJzP2gxeGIg=
-github.com/containers/common v0.49.2-0.20220908074553-1a09baf471c4 h1:+Z/KvBR34ihTFkliEGuj+kNX+8G/OEv1n8Nv4OiAXkI=
-github.com/containers/common v0.49.2-0.20220908074553-1a09baf471c4/go.mod h1:HaPvle8BvLTyjtY9B4HJoNCl60DpHwCDLA2FsZTWaak=
+github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7 h1:iSrqOya92AllZSA7y64Aamfcr4iOxgf4iatc9uFeL0U=
+github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7/go.mod h1:HaPvle8BvLTyjtY9B4HJoNCl60DpHwCDLA2FsZTWaak=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/image/v5 v5.22.0/go.mod h1:D8Ksv2RNB8qLJ7xe1P3rgJJOSQpahA6amv2Ax++/YO4=
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index db72bb355..d447b4d00 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -16,6 +16,7 @@ import (
"github.com/containers/common/libimage"
nettypes "github.com/containers/common/libnetwork/types"
"github.com/containers/common/pkg/config"
+ "github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/types"
"github.com/containers/podman/v4/libpod"
"github.com/containers/podman/v4/libpod/define"
@@ -1110,7 +1111,13 @@ func (ic *ContainerEngine) playKubeSecret(secret *v1.Secret) (*entities.SecretCr
if secret.Immutable != nil && *secret.Immutable {
meta["immutable"] = "true"
}
- secretID, err := secretsManager.Store(secret.Name, data, "file", opts, meta)
+
+ storeOpts := secrets.StoreOptions{
+ DriverOpts: opts,
+ Metadata: meta,
+ }
+
+ secretID, err := secretsManager.Store(secret.Name, data, "file", storeOpts)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index e17de5a8c..47159d65a 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -8,6 +8,7 @@ import (
"path/filepath"
"strings"
+ "github.com/containers/common/pkg/secrets"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/domain/utils"
)
@@ -42,10 +43,15 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
}
}
- secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts, nil)
+ storeOpts := secrets.StoreOptions{
+ DriverOpts: options.DriverOpts,
+ }
+
+ secretID, err := manager.Store(name, data, options.Driver, storeOpts)
if err != nil {
return nil, err
}
+
return &entities.SecretCreateReport{
ID: secretID,
}, nil
diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go
index 470c0c39c..ec0dc4bcd 100644
--- a/pkg/specgen/generate/kube/play_test.go
+++ b/pkg/specgen/generate/kube/play_test.go
@@ -24,11 +24,15 @@ func createSecrets(t *testing.T, d string) *secrets.SecretsManager {
"path": d,
}
+ storeOpts := secrets.StoreOptions{
+ DriverOpts: driverOpts,
+ }
+
for _, s := range k8sSecrets {
data, err := json.Marshal(s.Data)
assert.NoError(t, err)
- _, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts, nil)
+ _, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, storeOpts)
assert.NoError(t, err)
}
diff --git a/vendor/github.com/containers/common/libnetwork/network/interface.go b/vendor/github.com/containers/common/libnetwork/network/interface.go
index 545655fd3..2093e1049 100644
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@@ -132,29 +132,41 @@ func defaultNetworkBackend(store storage.Store, conf *config.Config) (backend ty
return types.CNI, nil
}
- // now check if there are already containers, images and CNI networks (new install?)
+ // If there are any containers then return CNI
cons, err := store.Containers()
if err != nil {
return "", err
}
- if len(cons) == 0 {
- imgs, err := store.Images()
- if err != nil {
+ if len(cons) != 0 {
+ return types.CNI, nil
+ }
+
+ // If there are any non ReadOnly images then return CNI
+ imgs, err := store.Images()
+ if err != nil {
+ return "", err
+ }
+ for _, i := range imgs {
+ if !i.ReadOnly {
+ return types.CNI, nil
+ }
+ }
+
+ // If there are CNI Networks then return CNI
+ cniInterface, err := getCniInterface(conf)
+ if err == nil {
+ nets, err := cniInterface.NetworkList()
+ // there is always a default network so check > 1
+ if err != nil && !errors.Is(err, os.ErrNotExist) {
return "", err
}
- if len(imgs) == 0 {
- cniInterface, err := getCniInterface(conf)
- if err == nil {
- nets, err := cniInterface.NetworkList()
- // there is always a default network so check <= 1
- if err == nil && len(nets) <= 1 {
- // we have a fresh system so use netavark
- return types.Netavark, nil
- }
- }
+
+ if len(nets) > 1 {
+ // we do not have a fresh system so use CNI
+ return types.CNI, nil
}
}
- return types.CNI, nil
+ return types.Netavark, nil
}
func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go
index b0d62779b..3a3a558a1 100644
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@@ -280,8 +280,6 @@ func defaultConfigFromMemory() (*EngineConfig, error) {
}
c.TmpDir = tmp
- c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log")
-
c.EventsLogFileMaxSize = eventsLogMaxSize(DefaultEventsLogSizeMax)
c.CompatAPIEnforceDockerHub = true
diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go
index ff12fa799..705da3dda 100644
--- a/vendor/github.com/containers/common/pkg/secrets/secrets.go
+++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go
@@ -72,13 +72,15 @@ type Secret struct {
Name string `json:"name"`
// ID is the unique secret ID
ID string `json:"id"`
+ // Labels are labels on the secret
+ Labels map[string]string `json:"labels,omitempty"`
// Metadata stores other metadata on the secret
Metadata map[string]string `json:"metadata,omitempty"`
// CreatedAt is when the secret was created
CreatedAt time.Time `json:"createdAt"`
// Driver is the driver used to store secret data
Driver string `json:"driver"`
- // DriverOptions is other metadata needed to use the driver
+ // DriverOptions are extra options used to run this driver
DriverOptions map[string]string `json:"driverOptions"`
}
@@ -100,6 +102,16 @@ type SecretsDriver interface {
Delete(id string) error
}
+// StoreOptions are optional metadata fields that can be set when storing a new secret
+type StoreOptions struct {
+ // DriverOptions are extra options used to run this driver
+ DriverOpts map[string]string
+ // Metadata stores extra metadata on the secret
+ Metadata map[string]string
+ // Labels are labels on the secret
+ Labels map[string]string
+}
+
// NewManager creates a new secrets manager
// rootPath is the directory where the secrets data file resides
func NewManager(rootPath string) (*SecretsManager, error) {
@@ -129,7 +141,7 @@ func NewManager(rootPath string) (*SecretsManager, error) {
// Store takes a name, creates a secret and stores the secret metadata and the secret payload.
// It returns a generated ID that is associated with the secret.
// The max size for secret data is 512kB.
-func (s *SecretsManager) Store(name string, data []byte, driverType string, driverOpts map[string]string, metadata map[string]string) (string, error) {
+func (s *SecretsManager) Store(name string, data []byte, driverType string, options StoreOptions) (string, error) {
err := validateSecretName(name)
if err != nil {
return "", err
@@ -168,16 +180,23 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, driv
}
}
- if metadata == nil {
- metadata = make(map[string]string)
+ if options.Metadata == nil {
+ options.Metadata = make(map[string]string)
+ }
+ if options.Labels == nil {
+ options.Labels = make(map[string]string)
+ }
+ if options.DriverOpts == nil {
+ options.DriverOpts = make(map[string]string)
}
secr.Driver = driverType
- secr.Metadata = metadata
+ secr.Metadata = options.Metadata
secr.CreatedAt = time.Now()
- secr.DriverOptions = driverOpts
+ secr.DriverOptions = options.DriverOpts
+ secr.Labels = options.Labels
- driver, err := getDriver(driverType, driverOpts)
+ driver, err := getDriver(driverType, options.DriverOpts)
if err != nil {
return "", err
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 43fa24b56..a2ac343f3 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -110,7 +110,7 @@ github.com/containers/buildah/pkg/rusage
github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/util
-# github.com/containers/common v0.49.2-0.20220908074553-1a09baf471c4
+# github.com/containers/common v0.49.2-0.20220909190843-e5685792b5d7
## explicit
github.com/containers/common/libimage
github.com/containers/common/libimage/define