summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/generate/systemd.go2
-rw-r--r--docs/source/markdown/podman-generate-systemd.1.md2
-rw-r--r--libpod/oci_conmon_exec_linux.go13
-rw-r--r--pkg/systemd/generate/containers.go2
-rw-r--r--test/e2e/exec_test.go30
5 files changed, 47 insertions, 2 deletions
diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go
index 5461f1f6a..b76a71f0d 100644
--- a/cmd/podman/generate/systemd.go
+++ b/cmd/podman/generate/systemd.go
@@ -50,7 +50,7 @@ func init() {
timeFlagName := "time"
flags.UintVarP(&systemdTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Stop timeout override")
_ = systemdCmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone)
- flags.BoolVarP(&systemdOptions.New, "new", "", false, "Create a new container instead of starting an existing one")
+ flags.BoolVarP(&systemdOptions.New, "new", "", false, "Create a new container or pod instead of starting an existing one")
flags.BoolVarP(&systemdOptions.NoHeader, "no-header", "", false, "Skip header generation")
containerPrefixFlagName := "container-prefix"
diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md
index 357120381..8393aec11 100644
--- a/docs/source/markdown/podman-generate-systemd.1.md
+++ b/docs/source/markdown/podman-generate-systemd.1.md
@@ -32,6 +32,8 @@ Use the name of the container for the start, stop, and description in the unit f
Using this flag will yield unit files that do not expect containers and pods to exist. Instead, new containers and pods are created based on their configuration files. The unit files are created best effort and may need to be further edited; please review the generated files carefully before using them in production.
+Note that `--new` only works on containers and pods created directly via Podman (i.e., `podman [container] {create,run}` or `podman pod create`). It does not work on containers or pods created via the REST API or via `podman play kube`.
+
#### **--no-header**
Do not generate the header including meta data such as the Podman version and the timestamp.
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index c4bae9b78..5a7677b04 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -684,6 +684,19 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio
pspec.Env = append(pspec.Env, env...)
}
+ // Add secret envs if they exist
+ manager, err := c.runtime.SecretsManager()
+ if err != nil {
+ return nil, err
+ }
+ for name, secr := range c.config.EnvSecrets {
+ _, data, err := manager.LookupSecretData(secr.Name)
+ if err != nil {
+ return nil, err
+ }
+ pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data)))
+ }
+
if options.Cwd != "" {
pspec.Cwd = options.Cwd
}
diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go
index 931f13972..188926115 100644
--- a/pkg/systemd/generate/containers.go
+++ b/pkg/systemd/generate/containers.go
@@ -155,7 +155,7 @@ func generateContainerInfo(ctr *libpod.Container, options entities.GenerateSyste
if config.CreateCommand != nil {
createCommand = config.CreateCommand
} else if options.New {
- return nil, errors.Errorf("cannot use --new on container %q: no create command found", ctr.ID())
+ return nil, errors.Errorf("cannot use --new on container %q: no create command found: only works on containers created directly with podman but not via REST API", ctr.ID())
}
nameOrID, serviceName := containerServiceName(ctr, options)
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go
index 02680e739..65d60b24d 100644
--- a/test/e2e/exec_test.go
+++ b/test/e2e/exec_test.go
@@ -2,7 +2,9 @@ package integration
import (
"fmt"
+ "io/ioutil"
"os"
+ "path/filepath"
"strings"
. "github.com/containers/podman/v3/test/utils"
@@ -540,4 +542,32 @@ RUN useradd -u 1000 auser`, fedoraMinimal)
stop.WaitWithDefaultTimeout()
Expect(stop).Should(Exit(0))
})
+
+ It("podman exec with env var secret", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"run", "-t", "-i", "-d", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "top"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"exec", "secr", "printenv", "mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring(secretsString))
+
+ session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+
+ session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "printenv", "mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.OutputToString()).To(Not(ContainSubstring(secretsString)))
+ })
})