read secret config from config file if no user data.

feat: read secret config from config file if the user hasn't entered
explicit config values

feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values

fix: show driver options in `podman secret inspect`

Signed-off-by: Tino Rusch <tino.rusch@gmail.com>

1 files changed, 21 insertions, 5 deletions

diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 1e1cbc70f..fa28a9b51 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -17,15 +17,30 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
 	if err != nil {
 		return nil, err
 	}
-	driverOptions := make(map[string]string)
 
+	// set defaults from config for the case they are not set by an upper layer
+	// (-> i.e. tests that talk directly to the api)
+	cfg, err := ic.Libpod.GetConfig()
+	if err != nil {
+		return nil, err
+	}
 	if options.Driver == "" {
-		options.Driver = "file"
+		options.Driver = cfg.Secrets.Driver
+	}
+	if len(options.Opts) == 0 {
+		options.Opts = cfg.Secrets.Opts
+	}
+	if options.Opts == nil {
+		options.Opts = make(map[string]string)
 	}
+
 	if options.Driver == "file" {
-		driverOptions["path"] = filepath.Join(secretsPath, "filedriver")
+		if _, ok := options.Opts["path"]; !ok {
+			options.Opts["path"] = filepath.Join(secretsPath, "filedriver")
+		}
 	}
-	secretID, err := manager.Store(name, data, options.Driver, driverOptions)
+
+	secretID, err := manager.Store(name, data, options.Driver, options.Opts)
 	if err != nil {
 		return nil, err
 	}
@@ -58,7 +73,8 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
 			Spec: entities.SecretSpec{
 				Name: secret.Name,
 				Driver: entities.SecretDriverSpec{
-					Name: secret.Driver,
+					Name:    secret.Driver,
+					Options: secret.DriverOptions,
 				},
 			},
 		}