5 files changed, 109 insertions, 6 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index c3d00d293..64d1956eb 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -277,7 +277,7 @@ func DefineCreateFlags(cmd *cobra.Command, cf *ContainerCLIOpts) {
 	createFlags.StringSliceVar(
 		&cf.GroupAdd,
 		groupAddFlagName, []string{},
-		"Add additional groups to the primary container process. 'keep-groups' allows container processes to use suplementary groups.",
+		"Add additional groups to the primary container process. 'keep-groups' allows container processes to use supplementary groups.",
 	)
 	_ = cmd.RegisterFlagCompletionFunc(groupAddFlagName, completion.AutocompleteNone)
 
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index ca36d751e..77ac781a5 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -302,6 +302,11 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, cgroup
 					staticIP := net.ParseIP(ep.IPAddress)
 					netInfo.StaticIP = &staticIP
 				}
+				// if IPAMConfig.IPv4Address is provided
+				if ep.IPAMConfig != nil && ep.IPAMConfig.IPv4Address != "" {
+					staticIP := net.ParseIP(ep.IPAMConfig.IPv4Address)
+					netInfo.StaticIP = &staticIP
+				}
 				// If MAC address is provided
 				if len(ep.MacAddress) > 0 {
 					staticMac, err := net.ParseMAC(ep.MacAddress)
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index 7896ddfc1..5dc2ec864 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -639,12 +639,16 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
 		}
 		s.RestartPolicy = splitRestart[0]
 	}
+
+	s.Secrets, s.EnvSecrets, err = parseSecrets(c.Secrets)
+	if err != nil {
+		return err
+	}
 	s.Remove = c.Rm
 	s.StopTimeout = &c.StopTimeout
 	s.Timeout = c.Timeout
 	s.Timezone = c.Timezone
 	s.Umask = c.Umask
-	s.Secrets = c.Secrets
 	s.PidFile = c.PidFile
 	s.Volatile = c.Rm
 
@@ -773,3 +777,70 @@ func parseThrottleIOPsDevices(iopsDevices []string) (map[string]specs.LinuxThrot
 	}
 	return td, nil
 }
+
+func parseSecrets(secrets []string) ([]string, map[string]string, error) {
+	secretParseError := errors.New("error parsing secret")
+	var mount []string
+	envs := make(map[string]string)
+	for _, val := range secrets {
+		source := ""
+		secretType := ""
+		target := ""
+		split := strings.Split(val, ",")
+
+		// --secret mysecret
+		if len(split) == 1 {
+			source = val
+			mount = append(mount, source)
+			continue
+		}
+		// --secret mysecret,opt=opt
+		if !strings.Contains(split[0], "=") {
+			source = split[0]
+			split = split[1:]
+		}
+		// TODO: implement other secret options
+		for _, val := range split {
+			kv := strings.SplitN(val, "=", 2)
+			if len(kv) < 2 {
+				return nil, nil, errors.Wrapf(secretParseError, "option %s must be in form option=value", val)
+			}
+			switch kv[0] {
+			case "source":
+				source = kv[1]
+			case "type":
+				if secretType != "" {
+					return nil, nil, errors.Wrap(secretParseError, "cannot set more tha one secret type")
+				}
+				if kv[1] != "mount" && kv[1] != "env" {
+					return nil, nil, errors.Wrapf(secretParseError, "type %s is invalid", kv[1])
+				}
+				secretType = kv[1]
+			case "target":
+				target = kv[1]
+			default:
+				return nil, nil, errors.Wrapf(secretParseError, "option %s invalid", val)
+			}
+		}
+
+		if secretType == "" {
+			secretType = "mount"
+		}
+		if source == "" {
+			return nil, nil, errors.Wrapf(secretParseError, "no source found %s", val)
+		}
+		if secretType == "mount" {
+			if target != "" {
+				return nil, nil, errors.Wrapf(secretParseError, "target option is invalid for mounted secrets")
+			}
+			mount = append(mount, source)
+		}
+		if secretType == "env" {
+			if target == "" {
+				target = source
+			}
+			envs[target] = source
+		}
+	}
+	return mount, envs, nil
+}
diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go
index 8d62dc12f..dcd1eca82 100644
--- a/cmd/podman/containers/start.go
+++ b/cmd/podman/containers/start.go
@@ -3,6 +3,7 @@ package containers
 import (
 	"fmt"
 	"os"
+	"strings"
 
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
@@ -42,7 +43,9 @@ var (
 )
 
 var (
-	startOptions entities.ContainerStartOptions
+	startOptions = entities.ContainerStartOptions{
+		Filters: make(map[string][]string),
+	}
 )
 
 func startFlags(cmd *cobra.Command) {
@@ -56,6 +59,8 @@ func startFlags(cmd *cobra.Command) {
 
 	flags.BoolVarP(&startOptions.Interactive, "interactive", "i", false, "Keep STDIN open even if not attached")
 	flags.BoolVar(&startOptions.SigProxy, "sig-proxy", false, "Proxy received signals to the process (default true if attaching, false otherwise)")
+	flags.StringSliceVarP(&filters, "filter", "f", []string{}, "Filter output based on conditions given")
+	_ = cmd.RegisterFlagCompletionFunc("filter", common.AutocompletePsFilters)
 
 	flags.BoolVar(&startOptions.All, "all", false, "Start all containers regardless of their state or configuration")
 
@@ -116,7 +121,18 @@ func start(cmd *cobra.Command, args []string) error {
 		startOptions.Stdout = os.Stdout
 	}
 
-	responses, err := registry.ContainerEngine().ContainerStart(registry.GetContext(), args, startOptions)
+	var containers []string = args
+	if len(filters) > 0 {
+		for _, f := range filters {
+			split := strings.SplitN(f, "=", 2)
+			if len(split) == 1 {
+				return errors.Errorf("invalid filter %q", f)
+			}
+			startOptions.Filters[split[0]] = append(startOptions.Filters[split[0]], split[1])
+		}
+	}
+
+	responses, err := registry.ContainerEngine().ContainerStart(registry.GetContext(), containers, startOptions)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/secrets/create.go b/cmd/podman/secrets/create.go
index 7374b682b..4204f30b4 100644
--- a/cmd/podman/secrets/create.go
+++ b/cmd/podman/secrets/create.go
@@ -2,15 +2,16 @@ package secrets
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"os"
+	"strings"
 
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/podman/v3/cmd/podman/common"
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/pkg/domain/entities"
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
@@ -29,6 +30,7 @@ var (
 
 var (
 	createOpts = entities.SecretCreateOptions{}
+	env        = false
 )
 
 func init() {
@@ -43,6 +45,9 @@ func init() {
 	driverFlagName := "driver"
 	flags.StringVar(&createOpts.Driver, driverFlagName, "file", "Specify secret driver")
 	_ = createCmd.RegisterFlagCompletionFunc(driverFlagName, completion.AutocompleteNone)
+
+	envFlagName := "env"
+	flags.BoolVar(&env, envFlagName, false, "Read secret data from environment variable")
 }
 
 func create(cmd *cobra.Command, args []string) error {
@@ -52,7 +57,13 @@ func create(cmd *cobra.Command, args []string) error {
 	path := args[1]
 
 	var reader io.Reader
-	if path == "-" || path == "/dev/stdin" {
+	if env {
+		envValue := os.Getenv(path)
+		if envValue == "" {
+			return errors.Errorf("cannot create store secret data: environment variable %s is not set", path)
+		}
+		reader = strings.NewReader(envValue)
+	} else if path == "-" || path == "/dev/stdin" {
 		stat, err := os.Stdin.Stat()
 		if err != nil {
 			return err