Add filtering functionality to http api secrets list

Filtering is missing in both compat API and libpod API, while docker
has filtering functinality. This commit enables filtering option using
name and id in both libpod and http API.

Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>

5 files changed, 48 insertions, 16 deletions

diff --git a/pkg/domain/entities/engine_container.go b/pkg/domain/entities/engine_container.go
index bd011d309..d03e2f719 100644
--- a/pkg/domain/entities/engine_container.go
+++ b/pkg/domain/entities/engine_container.go
@@ -85,7 +85,7 @@ type ContainerEngine interface {
 	SetupRootless(ctx context.Context, noMoveProcess bool) error
 	SecretCreate(ctx context.Context, name string, reader io.Reader, options SecretCreateOptions) (*SecretCreateReport, error)
 	SecretInspect(ctx context.Context, nameOrIDs []string) ([]*SecretInfoReport, []error, error)
-	SecretList(ctx context.Context) ([]*SecretInfoReport, error)
+	SecretList(ctx context.Context, opts SecretListRequest) ([]*SecretInfoReport, error)
 	SecretRm(ctx context.Context, nameOrID []string, opts SecretRmOptions) ([]*SecretRmReport, error)
 	Shutdown(ctx context.Context)
 	SystemDf(ctx context.Context, options SystemDfOptions) (*SystemDfReport, error)
diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go
index 56a1465b7..55b470d7b 100644
--- a/pkg/domain/entities/secrets.go
+++ b/pkg/domain/entities/secrets.go
@@ -16,7 +16,7 @@ type SecretCreateOptions struct {
 }
 
 type SecretListRequest struct {
-	Filters map[string]string
+	Filters map[string][]string
 }
 
 type SecretListReport struct {
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 0bdb4ce60..2bf8eaae3 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/containers/podman/v3/pkg/domain/entities"
+	"github.com/containers/podman/v3/pkg/domain/utils"
 	"github.com/pkg/errors"
 )
 
@@ -84,7 +85,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
 	return reports, errs, nil
 }
 
-func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) {
+func (ic *ContainerEngine) SecretList(ctx context.Context, opts entities.SecretListRequest) ([]*entities.SecretInfoReport, error) {
 	manager, err := ic.Libpod.SecretsManager()
 	if err != nil {
 		return nil, err
@@ -95,19 +96,25 @@ func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretIn
 	}
 	report := make([]*entities.SecretInfoReport, 0, len(secretList))
 	for _, secret := range secretList {
-		reportItem := entities.SecretInfoReport{
-			ID:        secret.ID,
-			CreatedAt: secret.CreatedAt,
-			UpdatedAt: secret.CreatedAt,
-			Spec: entities.SecretSpec{
-				Name: secret.Name,
-				Driver: entities.SecretDriverSpec{
-					Name:    secret.Driver,
-					Options: secret.DriverOptions,
+		result, err := utils.IfPassesSecretsFilter(secret, opts.Filters)
+		if err != nil {
+			return nil, err
+		}
+		if result {
+			reportItem := entities.SecretInfoReport{
+				ID:        secret.ID,
+				CreatedAt: secret.CreatedAt,
+				UpdatedAt: secret.CreatedAt,
+				Spec: entities.SecretSpec{
+					Name: secret.Name,
+					Driver: entities.SecretDriverSpec{
+						Name:    secret.Driver,
+						Options: secret.DriverOptions,
+					},
 				},
-			},
+			}
+			report = append(report, &reportItem)
 		}
-		report = append(report, &reportItem)
 	}
 	return report, nil
 }
diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go
index ecbb80931..6337c7fbe 100644
--- a/pkg/domain/infra/tunnel/secrets.go
+++ b/pkg/domain/infra/tunnel/secrets.go
@@ -43,8 +43,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
 	return allInspect, errs, nil
 }
 
-func (ic *ContainerEngine) SecretList(ctx context.Context) ([]*entities.SecretInfoReport, error) {
-	secrs, _ := secrets.List(ic.ClientCtx, nil)
+func (ic *ContainerEngine) SecretList(ctx context.Context, opts entities.SecretListRequest) ([]*entities.SecretInfoReport, error) {
+	options := new(secrets.ListOptions).WithFilters(opts.Filters)
+	secrs, _ := secrets.List(ic.ClientCtx, options)
 	return secrs, nil
 }
 
diff --git a/pkg/domain/utils/secrets_filters.go b/pkg/domain/utils/secrets_filters.go
new file mode 100644
index 000000000..3ff7c7530
--- /dev/null
+++ b/pkg/domain/utils/secrets_filters.go
@@ -0,0 +1,24 @@
+package utils
+
+import (
+	"strings"
+
+	"github.com/containers/common/pkg/secrets"
+	"github.com/containers/podman/v3/pkg/util"
+	"github.com/pkg/errors"
+)
+
+func IfPassesSecretsFilter(s secrets.Secret, filters map[string][]string) (bool, error) {
+	result := true
+	for key, filterValues := range filters {
+		switch strings.ToLower(key) {
+		case "name":
+			result = util.StringMatchRegexSlice(s.Name, filterValues)
+		case "id":
+			result = util.StringMatchRegexSlice(s.ID, filterValues)
+		default:
+			return false, errors.Errorf("invalid filter %q", key)
+		}
+	}
+	return result, nil
+}