summaryrefslogtreecommitdiff
path: root/pkg/domain
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-02-09 17:51:08 +0100
committerGitHub <noreply@github.com>2021-02-09 17:51:08 +0100
commitf98605e0e4f25c148b27cc617976357ff5b9d96e (patch)
tree6ffd63474853fcc7c2056964984e1fb88c3c0314 /pkg/domain
parent9da4169e312bb822a0fbae8e18a0eb7c7eff6e64 (diff)
parent832a69b0bee6ec289521fbd59ddd480372493ee3 (diff)
downloadpodman-f98605e0e4f25c148b27cc617976357ff5b9d96e.tar.gz
podman-f98605e0e4f25c148b27cc617976357ff5b9d96e.tar.bz2
podman-f98605e0e4f25c148b27cc617976357ff5b9d96e.zip
Merge pull request #9125 from ashley-cui/secretswiring
Implement Secrets
Diffstat (limited to 'pkg/domain')
-rw-r--r--pkg/domain/entities/engine_container.go4
-rw-r--r--pkg/domain/entities/secrets.go104
-rw-r--r--pkg/domain/infra/abi/secrets.go138
-rw-r--r--pkg/domain/infra/tunnel/secrets.go82
4 files changed, 328 insertions, 0 deletions
diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index 2c97d7baf..d43b422a3 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -82,6 +82,10 @@ type ContainerEngine interface {
PodTop(ctx context.Context, options PodTopOptions) (*StringSliceReport, error)
PodUnpause(ctx context.Context, namesOrIds []string, options PodunpauseOptions) ([]*PodUnpauseReport, error)
SetupRootless(ctx context.Context, cmd *cobra.Command) error
+ SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error)
+ SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error)
+ SecretList(ctx context.Context) ([]*SecretInfoReport, error)
+ SecretRm(ctx context.Context, nameOrID []string, opts SecretRmOptions) ([]*SecretRmReport, error)
Shutdown(ctx context.Context)
SystemDf(ctx context.Context, options SystemDfOptions) (*SystemDfReport, error)
Unshare(ctx context.Context, args []string) error
diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go
new file mode 100644
index 000000000..3cad4c099
--- /dev/null
+++ b/pkg/domain/entities/secrets.go
@@ -0,0 +1,104 @@
+package entities
+
+import (
+ "time"
+
+ "github.com/containers/podman/v2/pkg/errorhandling"
+)
+
+type SecretCreateReport struct {
+ ID string
+}
+
+type SecretCreateOptions struct {
+ Driver string
+}
+
+type SecretListRequest struct {
+ Filters map[string]string
+}
+
+type SecretListReport struct {
+ ID string
+ Name string
+ Driver string
+ CreatedAt string
+ UpdatedAt string
+}
+
+type SecretRmOptions struct {
+ All bool
+}
+
+type SecretRmReport struct {
+ ID string
+ Err error
+}
+
+type SecretInfoReport struct {
+ ID string
+ CreatedAt time.Time
+ UpdatedAt time.Time
+ Spec SecretSpec
+}
+
+type SecretSpec struct {
+ Name string
+ Driver SecretDriverSpec
+}
+
+type SecretDriverSpec struct {
+ Name string
+ Options map[string]string
+}
+
+// swagger:model SecretCreate
+type SecretCreateRequest struct {
+ // User-defined name of the secret.
+ Name string
+ // Base64-url-safe-encoded (RFC 4648) data to store as secret.
+ Data string
+ // Driver represents a driver (default "file")
+ Driver SecretDriverSpec
+}
+
+// Secret create response
+// swagger:response SecretCreateResponse
+type SwagSecretCreateResponse struct {
+ // in:body
+ Body struct {
+ SecretCreateReport
+ }
+}
+
+// Secret list response
+// swagger:response SecretListResponse
+type SwagSecretListResponse struct {
+ // in:body
+ Body []*SecretInfoReport
+}
+
+// Secret inspect response
+// swagger:response SecretInspectResponse
+type SwagSecretInspectResponse struct {
+ // in:body
+ Body SecretInfoReport
+}
+
+// No such secret
+// swagger:response NoSuchSecret
+type SwagErrNoSuchSecret struct {
+ // in:body
+ Body struct {
+ errorhandling.ErrorModel
+ }
+}
+
+// Secret in use
+// swagger:response SecretInUse
+type SwagErrSecretInUse struct {
+ // in:body
+ Body struct {
+ errorhandling.ErrorModel
+ }
+}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
new file mode 100644
index 000000000..b1fe60e01
--- /dev/null
+++ b/pkg/domain/infra/abi/secrets.go
@@ -0,0 +1,138 @@
+package abi
+
+import (
+ "context"
+ "io"
+ "io/ioutil"
+ "path/filepath"
+
+ "github.com/containers/common/pkg/secrets"
+ "github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/pkg/errors"
+)
+
+func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) {
+ data, _ := ioutil.ReadAll(reader)
+ secretsPath := ic.Libpod.GetSecretsStorageDir()
+ manager, err := secrets.NewManager(secretsPath)
+ if err != nil {
+ return nil, err
+ }
+ driverOptions := make(map[string]string)
+
+ if options.Driver == "" {
+ options.Driver = "file"
+ }
+ if options.Driver == "file" {
+ driverOptions["path"] = filepath.Join(secretsPath, "filedriver")
+ }
+ secretID, err := manager.Store(name, data, options.Driver, driverOptions)
+ if err != nil {
+ return nil, err
+ }
+ return &entities.SecretCreateReport{
+ ID: secretID,
+ }, nil
+}
+
+func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string) ([]*entities.SecretInfoReport, []error, error) {
+ secretsPath := ic.Libpod.GetSecretsStorageDir()
+ manager, err := secrets.NewManager(secretsPath)
+ if err != nil {
+ return nil, nil, err
+ }
+ errs := make([]error, 0, len(nameOrIDs))
+ reports := make([]*entities.SecretInfoReport, 0, len(nameOrIDs))
+ for _, nameOrID := range nameOrIDs {
+ secret, err := manager.Lookup(nameOrID)
+ if err != nil {
+ if errors.Cause(err).Error() == "no such secret" {
+ errs = append(errs, err)
+ continue
+ } else {
+ return nil, nil, errors.Wrapf(err, "error inspecting secret %s", nameOrID)
+ }
+ }
+ report := &entities.SecretInfoReport{
+ ID: secret.ID,
+ CreatedAt: secret.CreatedAt,
+ UpdatedAt: secret.CreatedAt,
+ Spec: entities.SecretSpec{
+ Name: secret.Name,
+ Driver: entities.SecretDriverSpec{
+ Name: secret.Driver,
+ },
+ },
+ }
+ reports = append(reports, report)
+
+ }
+
+ return reports, errs, nil
+}
+
+func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) {
+ secretsPath := ic.Libpod.GetSecretsStorageDir()
+ manager, err := secrets.NewManager(secretsPath)
+ if err != nil {
+ return nil, err
+ }
+ secretList, err := manager.List()
+ if err != nil {
+ return nil, err
+ }
+ report := make([]*entities.SecretInfoReport, 0, len(secretList))
+ for _, secret := range secretList {
+ reportItem := entities.SecretInfoReport{
+ ID: secret.ID,
+ CreatedAt: secret.CreatedAt,
+ UpdatedAt: secret.CreatedAt,
+ Spec: entities.SecretSpec{
+ Name: secret.Name,
+ Driver: entities.SecretDriverSpec{
+ Name: secret.Driver,
+ Options: secret.DriverOptions,
+ },
+ },
+ }
+ report = append(report, &reportItem)
+ }
+ return report, nil
+}
+
+func (ic *ContainerEngine) SecretRm(ctx context.Context, nameOrIDs []string, options entities.SecretRmOptions) ([]*entities.SecretRmReport, error) {
+ var (
+ err error
+ toRemove []string
+ reports = []*entities.SecretRmReport{}
+ )
+ secretsPath := ic.Libpod.GetSecretsStorageDir()
+ manager, err := secrets.NewManager(secretsPath)
+ if err != nil {
+ return nil, err
+ }
+ toRemove = nameOrIDs
+ if options.All {
+ allSecrs, err := manager.List()
+ if err != nil {
+ return nil, err
+ }
+ for _, secr := range allSecrs {
+ toRemove = append(toRemove, secr.ID)
+ }
+ }
+ for _, nameOrID := range toRemove {
+ deletedID, err := manager.Delete(nameOrID)
+ if err == nil || errors.Cause(err).Error() == "no such secret" {
+ reports = append(reports, &entities.SecretRmReport{
+ Err: err,
+ ID: deletedID,
+ })
+ continue
+ } else {
+ return nil, err
+ }
+ }
+
+ return reports, nil
+}
diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go
new file mode 100644
index 000000000..f7c0f7d13
--- /dev/null
+++ b/pkg/domain/infra/tunnel/secrets.go
@@ -0,0 +1,82 @@
+package tunnel
+
+import (
+ "context"
+ "io"
+
+ "github.com/containers/podman/v2/pkg/bindings/secrets"
+ "github.com/containers/podman/v2/pkg/domain/entities"
+ "github.com/containers/podman/v2/pkg/errorhandling"
+ "github.com/pkg/errors"
+)
+
+func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) {
+ opts := new(secrets.CreateOptions).WithDriver(options.Driver).WithName(name)
+ created, _ := secrets.Create(ic.ClientCtx, reader, opts)
+ return created, nil
+}
+
+func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string) ([]*entities.SecretInfoReport, []error, error) {
+ allInspect := make([]*entities.SecretInfoReport, 0, len(nameOrIDs))
+ errs := make([]error, 0, len(nameOrIDs))
+ for _, name := range nameOrIDs {
+ inspected, err := secrets.Inspect(ic.ClientCtx, name, nil)
+ if err != nil {
+ errModel, ok := err.(errorhandling.ErrorModel)
+ if !ok {
+ return nil, nil, err
+ }
+ if errModel.ResponseCode == 404 {
+ errs = append(errs, errors.Errorf("no such secret %q", name))
+ continue
+ }
+ return nil, nil, err
+ }
+ allInspect = append(allInspect, inspected)
+ }
+ return allInspect, errs, nil
+}
+
+func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) {
+ secrs, _ := secrets.List(ic.ClientCtx, nil)
+ return secrs, nil
+}
+
+func (ic *ContainerEngine) SecretRm(ctx context.Context, nameOrIDs []string, options entities.SecretRmOptions) ([]*entities.SecretRmReport, error) {
+ allRm := make([]*entities.SecretRmReport, 0, len(nameOrIDs))
+ if options.All {
+ allSecrets, err := secrets.List(ic.ClientCtx, nil)
+ if err != nil {
+ return nil, err
+ }
+ for _, secret := range allSecrets {
+ allRm = append(allRm, &entities.SecretRmReport{
+ Err: secrets.Remove(ic.ClientCtx, secret.ID),
+ ID: secret.ID,
+ })
+ }
+ return allRm, nil
+ }
+ for _, name := range nameOrIDs {
+ secret, err := secrets.Inspect(ic.ClientCtx, name, nil)
+ if err != nil {
+ errModel, ok := err.(errorhandling.ErrorModel)
+ if !ok {
+ return nil, err
+ }
+ if errModel.ResponseCode == 404 {
+ allRm = append(allRm, &entities.SecretRmReport{
+ Err: errors.Errorf("no secret with name or id %q: no such secret ", name),
+ ID: "",
+ })
+ continue
+ }
+ }
+ allRm = append(allRm, &entities.SecretRmReport{
+ Err: secrets.Remove(ic.ClientCtx, name),
+ ID: secret.ID,
+ })
+
+ }
+ return allRm, nil
+}