Make secret env var available to exec session

Secret environment variables were only available to a podman run/start. This commit makes sure that exec sessions can see them as well. Signed-off-by: Ashley Cui <acui@redhat.com>
author: Ashley Cui <acui@redhat.com> 2021-08-31 09:57:03 -0400
committer: Ashley Cui <acui@redhat.com> 2021-08-31 13:53:51 -0400
commit: 1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7 (patch)
tree: 0265fce296519a0a3d8f3d39cea9d37dfcb66142 /libpod
parent: 8ab84b437352bf2b3653fe92fbfa60a59b980a93 (diff)
download: podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.tar.gz
podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.tar.bz2
podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.zip
1 files changed, 13 insertions, 0 deletions
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index 469bc7d86..85ae95097 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -685,6 +685,19 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio
 		pspec.Env = append(pspec.Env, env...)
 	}
 
+	// Add secret envs if they exist
+	manager, err := c.runtime.SecretsManager()
+	if err != nil {
+		return nil, err
+	}
+	for name, secr := range c.config.EnvSecrets {
+		_, data, err := manager.LookupSecretData(secr.Name)
+		if err != nil {
+			return nil, err
+		}
+		pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data)))
+	}
+
 	if options.Cwd != "" {
 		pspec.Cwd = options.Cwd
 	}
author	Ashley Cui <acui@redhat.com>	2021-08-31 09:57:03 -0400
committer	Ashley Cui <acui@redhat.com>	2021-08-31 13:53:51 -0400
commit	1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7 (patch)
tree	0265fce296519a0a3d8f3d39cea9d37dfcb66142 /libpod
parent	8ab84b437352bf2b3653fe92fbfa60a59b980a93 (diff)
download	podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.tar.gz podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.tar.bz2 podman-1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7.zip