diff options
| author | Ashley Cui <acui@redhat.com> | 2021-01-15 01:27:23 -0500 |
|---|---|---|
| committer | Ashley Cui <acui@redhat.com> | 2021-02-09 09:13:21 -0500 |
| commit | 832a69b0bee6ec289521fbd59ddd480372493ee3 (patch) | |
| tree | 4c8a14b7fad879dc454c37f8b59120cf74ceafd1 /pkg/bindings/secrets/secrets.go | |
| parent | 2aaf631586e82192e6b7b992e6b5c8717eb792d7 (diff) | |
| download | podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.gz podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.bz2 podman-832a69b0bee6ec289521fbd59ddd480372493ee3.zip | |
Implement Secrets
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'pkg/bindings/secrets/secrets.go')
| -rw-r--r-- | pkg/bindings/secrets/secrets.go | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/pkg/bindings/secrets/secrets.go b/pkg/bindings/secrets/secrets.go new file mode 100644 index 000000000..3fd70dcad --- /dev/null +++ b/pkg/bindings/secrets/secrets.go @@ -0,0 +1,78 @@ +package secrets + +import ( + "context" + "io" + "net/http" + + "github.com/containers/podman/v2/pkg/bindings" + "github.com/containers/podman/v2/pkg/domain/entities" +) + +// List returns information about existing secrets in the form of a slice. +func List(ctx context.Context, options *ListOptions) ([]*entities.SecretInfoReport, error) { + var ( + secrs []*entities.SecretInfoReport + ) + conn, err := bindings.GetClient(ctx) + if err != nil { + return nil, err + } + response, err := conn.DoRequest(nil, http.MethodGet, "/secrets/json", nil, nil) + if err != nil { + return secrs, err + } + return secrs, response.Process(&secrs) +} + +// Inspect returns low-level information about a secret. +func Inspect(ctx context.Context, nameOrID string, options *InspectOptions) (*entities.SecretInfoReport, error) { + var ( + inspect *entities.SecretInfoReport + ) + conn, err := bindings.GetClient(ctx) + if err != nil { + return nil, err + } + response, err := conn.DoRequest(nil, http.MethodGet, "/secrets/%s/json", nil, nil, nameOrID) + if err != nil { + return inspect, err + } + return inspect, response.Process(&inspect) +} + +// Remove removes a secret from storage +func Remove(ctx context.Context, nameOrID string) error { + conn, err := bindings.GetClient(ctx) + if err != nil { + return err + } + + response, err := conn.DoRequest(nil, http.MethodDelete, "/secrets/%s", nil, nil, nameOrID) + if err != nil { + return err + } + return response.Process(nil) +} + +// Create creates a secret given some data +func Create(ctx context.Context, reader io.Reader, options *CreateOptions) (*entities.SecretCreateReport, error) { + var ( + create *entities.SecretCreateReport + ) + conn, err := bindings.GetClient(ctx) + if err != nil { + return nil, err + } + + params, err := options.ToParams() + if err != nil { + return nil, err + } + + response, err := conn.DoRequest(reader, http.MethodPost, "/secrets/create", params, nil) + if err != nil { + return nil, err + } + return create, response.Process(&create) +} |