Merge pull request #12294 from flouthoc/secret-mount-target

secret: honor custom `target=` for secrets with `type=mount` for ctr.
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2021-11-16 01:45:27 +0100
committer: GitHub <noreply@github.com> 2021-11-16 01:45:27 +0100
commit: be681ab5189dea3eef73082d0b494699072e66aa (patch)
tree: 8ade1d5a1a0dd359af68d6c22ff7fd860e589a3c /libpod
parent: 45d28c2219b64d81323b7a15fef589b11b6c63b3 (diff)
parent: 014cc4b9d9a15db6e61331a3be37a98235db8301 (diff)
download: podman-be681ab5189dea3eef73082d0b494699072e66aa.tar.gz
podman-be681ab5189dea3eef73082d0b494699072e66aa.tar.bz2
podman-be681ab5189dea3eef73082d0b494699072e66aa.zip
2 files changed, 12 insertions, 1 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 86989a02f..c38acb513 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -259,6 +259,8 @@ type ContainerSecret struct {
 	GID uint32
 	// Mode is the mode of the secret file
 	Mode uint32
+	// Secret target inside container
+	Target string
 }
 
 // ContainerNetworkDescriptions describes the relationship between the CNI
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 4a15d495f..1a4508448 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1888,8 +1888,17 @@ rootless=%d
 			return errors.Wrapf(err, "error creating secrets mount")
 		}
 		for _, secret := range c.Secrets() {
+			secretFileName := secret.Name
+			base := "/run/secrets"
+			if secret.Target != "" {
+				secretFileName = secret.Target
+				//If absolute path for target given remove base.
+				if filepath.IsAbs(secretFileName) {
+					base = ""
+				}
+			}
 			src := filepath.Join(c.config.SecretsPath, secret.Name)
-			dest := filepath.Join("/run/secrets", secret.Name)
+			dest := filepath.Join(base, secretFileName)
 			c.state.BindMounts[dest] = src
 		}
 	}
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2021-11-16 01:45:27 +0100
committer	GitHub <noreply@github.com>	2021-11-16 01:45:27 +0100
commit	be681ab5189dea3eef73082d0b494699072e66aa (patch)
tree	8ade1d5a1a0dd359af68d6c22ff7fd860e589a3c /libpod
parent	45d28c2219b64d81323b7a15fef589b11b6c63b3 (diff)
parent	014cc4b9d9a15db6e61331a3be37a98235db8301 (diff)
download	podman-be681ab5189dea3eef73082d0b494699072e66aa.tar.gz podman-be681ab5189dea3eef73082d0b494699072e66aa.tar.bz2 podman-be681ab5189dea3eef73082d0b494699072e66aa.zip