diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-05-07 05:34:26 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-07 05:34:26 -0400 |
| commit | 141ba94f9735d88a494f252ad7aa78fd4b86d8ea (patch) | |
| tree | 6381cf512d4e9d99747e90004d4be024036687d8 /cmd/podman/common | |
| parent | 41ac68d197b53f3c151b81e2eddbc00bcf1a117f (diff) | |
| parent | 2634cb234f1500b76a2fd89351b9ad8a737a24ea (diff) | |
| download | podman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.tar.gz podman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.tar.bz2 podman-141ba94f9735d88a494f252ad7aa78fd4b86d8ea.zip | |
Merge pull request #10221 from ashley-cui/envsec
Add support for environment variable secrets
Diffstat (limited to 'cmd/podman/common')
| -rw-r--r-- | cmd/podman/common/specgen.go | 73 |
1 files changed, 72 insertions, 1 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 7896ddfc1..5dc2ec864 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -639,12 +639,16 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } s.RestartPolicy = splitRestart[0] } + + s.Secrets, s.EnvSecrets, err = parseSecrets(c.Secrets) + if err != nil { + return err + } s.Remove = c.Rm s.StopTimeout = &c.StopTimeout s.Timeout = c.Timeout s.Timezone = c.Timezone s.Umask = c.Umask - s.Secrets = c.Secrets s.PidFile = c.PidFile s.Volatile = c.Rm @@ -773,3 +777,70 @@ func parseThrottleIOPsDevices(iopsDevices []string) (map[string]specs.LinuxThrot } return td, nil } + +func parseSecrets(secrets []string) ([]string, map[string]string, error) { + secretParseError := errors.New("error parsing secret") + var mount []string + envs := make(map[string]string) + for _, val := range secrets { + source := "" + secretType := "" + target := "" + split := strings.Split(val, ",") + + // --secret mysecret + if len(split) == 1 { + source = val + mount = append(mount, source) + continue + } + // --secret mysecret,opt=opt + if !strings.Contains(split[0], "=") { + source = split[0] + split = split[1:] + } + // TODO: implement other secret options + for _, val := range split { + kv := strings.SplitN(val, "=", 2) + if len(kv) < 2 { + return nil, nil, errors.Wrapf(secretParseError, "option %s must be in form option=value", val) + } + switch kv[0] { + case "source": + source = kv[1] + case "type": + if secretType != "" { + return nil, nil, errors.Wrap(secretParseError, "cannot set more tha one secret type") + } + if kv[1] != "mount" && kv[1] != "env" { + return nil, nil, errors.Wrapf(secretParseError, "type %s is invalid", kv[1]) + } + secretType = kv[1] + case "target": + target = kv[1] + default: + return nil, nil, errors.Wrapf(secretParseError, "option %s invalid", val) + } + } + + if secretType == "" { + secretType = "mount" + } + if source == "" { + return nil, nil, errors.Wrapf(secretParseError, "no source found %s", val) + } + if secretType == "mount" { + if target != "" { + return nil, nil, errors.Wrapf(secretParseError, "target option is invalid for mounted secrets") + } + mount = append(mount, source) + } + if secretType == "env" { + if target == "" { + target = source + } + envs[target] = source + } + } + return mount, envs, nil +} |