diff options
| author | Ashley Cui <acui@redhat.com> | 2021-01-15 01:27:23 -0500 |
|---|---|---|
| committer | Ashley Cui <acui@redhat.com> | 2021-02-09 09:13:21 -0500 |
| commit | 832a69b0bee6ec289521fbd59ddd480372493ee3 (patch) | |
| tree | 4c8a14b7fad879dc454c37f8b59120cf74ceafd1 /cmd/podman/secrets/inspect.go | |
| parent | 2aaf631586e82192e6b7b992e6b5c8717eb792d7 (diff) | |
| download | podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.gz podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.bz2 podman-832a69b0bee6ec289521fbd59ddd480372493ee3.zip | |
Implement Secrets
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'cmd/podman/secrets/inspect.go')
| -rw-r--r-- | cmd/podman/secrets/inspect.go | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/cmd/podman/secrets/inspect.go b/cmd/podman/secrets/inspect.go new file mode 100644 index 000000000..f38ba7f65 --- /dev/null +++ b/cmd/podman/secrets/inspect.go @@ -0,0 +1,82 @@ +package secrets + +import ( + "context" + "encoding/json" + "fmt" + "html/template" + "os" + "text/tabwriter" + + "github.com/containers/common/pkg/report" + "github.com/containers/podman/v2/cmd/podman/common" + "github.com/containers/podman/v2/cmd/podman/parse" + "github.com/containers/podman/v2/cmd/podman/registry" + "github.com/containers/podman/v2/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + inspectCmd = &cobra.Command{ + Use: "inspect [options] SECRET [SECRET...]", + Short: "Inspect a secret", + Long: "Display detail information on one or more secrets", + RunE: inspect, + Example: "podman secret inspect MYSECRET", + Args: cobra.MinimumNArgs(1), + ValidArgsFunction: common.AutocompleteSecrets, + } +) + +var format string + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode, entities.TunnelMode}, + Command: inspectCmd, + Parent: secretCmd, + }) + flags := inspectCmd.Flags() + formatFlagName := "format" + flags.StringVar(&format, formatFlagName, "", "Format volume output using Go template") + _ = inspectCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteJSONFormat) +} + +func inspect(cmd *cobra.Command, args []string) error { + inspected, errs, _ := registry.ContainerEngine().SecretInspect(context.Background(), args) + + // always print valid list + if len(inspected) == 0 { + inspected = []*entities.SecretInfoReport{} + } + + if cmd.Flags().Changed("format") { + row := report.NormalizeFormat(format) + formatted := parse.EnforceRange(row) + + tmpl, err := template.New("inspect secret").Parse(formatted) + if err != nil { + return err + } + w := tabwriter.NewWriter(os.Stdout, 12, 2, 2, ' ', 0) + defer w.Flush() + tmpl.Execute(w, inspected) + } else { + buf, err := json.MarshalIndent(inspected, "", " ") + if err != nil { + return err + } + fmt.Println(string(buf)) + } + + if len(errs) > 0 { + if len(errs) > 1 { + for _, err := range errs[1:] { + fmt.Fprintf(os.Stderr, "error inspecting secret: %v\n", err) + } + } + return errors.Errorf("error inspecting secret: %v", errs[0]) + } + return nil +} |