Implement Secrets

Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit

Signed-off-by: Ashley Cui <acui@redhat.com>

2 files changed, 108 insertions, 0 deletions

diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 39bda1d72..9ff1714e7 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -81,6 +81,10 @@ type ContainerEngine interface {
 	PodTop(ctx context.Context, options PodTopOptions) (*StringSliceReport, error)
 	PodUnpause(ctx context.Context, namesOrIds []string, options PodunpauseOptions) ([]*PodUnpauseReport, error)
 	SetupRootless(ctx context.Context, cmd *cobra.Command) error
+	SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error)
+	SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error)
+	SecretList(ctx context.Context) ([]*SecretInfoReport, error)
+	SecretRm(ctx context.Context, nameOrID []string, opts SecretRmOptions) ([]*SecretRmReport, error)
 	Shutdown(ctx context.Context)
 	SystemDf(ctx context.Context, options SystemDfOptions) (*SystemDfReport, error)
 	Unshare(ctx context.Context, args []string) error
diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go
new file mode 100644
index 000000000..3cad4c099
--- /dev/null
+++ b/pkg/domain/entities/secrets.go
@@ -0,0 +1,104 @@
+package entities
+
+import (
+	"time"
+
+	"github.com/containers/podman/v2/pkg/errorhandling"
+)
+
+type SecretCreateReport struct {
+	ID string
+}
+
+type SecretCreateOptions struct {
+	Driver string
+}
+
+type SecretListRequest struct {
+	Filters map[string]string
+}
+
+type SecretListReport struct {
+	ID        string
+	Name      string
+	Driver    string
+	CreatedAt string
+	UpdatedAt string
+}
+
+type SecretRmOptions struct {
+	All bool
+}
+
+type SecretRmReport struct {
+	ID  string
+	Err error
+}
+
+type SecretInfoReport struct {
+	ID        string
+	CreatedAt time.Time
+	UpdatedAt time.Time
+	Spec      SecretSpec
+}
+
+type SecretSpec struct {
+	Name   string
+	Driver SecretDriverSpec
+}
+
+type SecretDriverSpec struct {
+	Name    string
+	Options map[string]string
+}
+
+// swagger:model SecretCreate
+type SecretCreateRequest struct {
+	// User-defined name of the secret.
+	Name string
+	// Base64-url-safe-encoded (RFC 4648) data to store as secret.
+	Data string
+	// Driver represents a driver (default "file")
+	Driver SecretDriverSpec
+}
+
+// Secret create response
+// swagger:response SecretCreateResponse
+type SwagSecretCreateResponse struct {
+	// in:body
+	Body struct {
+		SecretCreateReport
+	}
+}
+
+// Secret list response
+// swagger:response SecretListResponse
+type SwagSecretListResponse struct {
+	// in:body
+	Body []*SecretInfoReport
+}
+
+// Secret inspect response
+// swagger:response SecretInspectResponse
+type SwagSecretInspectResponse struct {
+	// in:body
+	Body SecretInfoReport
+}
+
+// No such secret
+// swagger:response NoSuchSecret
+type SwagErrNoSuchSecret struct {
+	// in:body
+	Body struct {
+		errorhandling.ErrorModel
+	}
+}
+
+// Secret in use
+// swagger:response SecretInUse
+type SwagErrSecretInUse struct {
+	// in:body
+	Body struct {
+		errorhandling.ErrorModel
+	}
+}