From 8a96b4acbc97d5c34ff0160ab1a1b585fdd5d156 Mon Sep 17 00:00:00 2001
From: umohnani8 <umohnani@redhat.com>
Date: Fri, 23 Mar 2018 16:38:55 -0400
Subject: Add secrets patch to podman

Adds support for mounting secrets especially on RHEL where the container
can use the host subsription to run yum

Signed-off-by: umohnani8 <umohnani@redhat.com>

Closes: #544
Approved by: rhatdan
---
 libpod/container_internal.go | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'libpod')

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index a338a1776..4bfdfae9d 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -22,6 +22,7 @@ import (
 	"github.com/pkg/errors"
 	crioAnnotations "github.com/projectatomic/libpod/pkg/annotations"
 	"github.com/projectatomic/libpod/pkg/chrootuser"
+	"github.com/projectatomic/libpod/pkg/secrets"
 	"github.com/projectatomic/libpod/pkg/util"
 	"github.com/sirupsen/logrus"
 	"github.com/ulule/deepcopier"
@@ -681,9 +682,27 @@ func (c *Container) makeBindMounts() error {
 		c.state.BindMounts["/run/.containerenv"] = containerenvPath
 	}
 
+	// Add Secret Mounts
+	secretMounts := c.getSecretMounts(secrets.OverrideMountsFile)
+	secretMounts = append(secretMounts, c.getSecretMounts(secrets.DefaultMountsFile)...)
+	for _, mount := range secretMounts {
+		if _, ok := c.state.BindMounts[mount.Destination]; !ok {
+			c.state.BindMounts[mount.Destination] = mount.Source
+		}
+	}
+
 	return nil
 }
 
+// addSecrets mounts the secrets from the override and/or default mounts file
+func (c *Container) getSecretMounts(mountFile string) (secretMounts []spec.Mount) {
+	secretMounts, err := secrets.SecretMounts(mountFile, c.config.MountLabel, c.state.RunDir)
+	if err != nil {
+		logrus.Warn("error mounting secrets, skipping...")
+	}
+	return secretMounts
+}
+
 // writeStringToRundir copies the provided file to the runtimedir
 func (c *Container) writeStringToRundir(destFile, output string) (string, error) {
 	destFileName := filepath.Join(c.state.RunDir, destFile)
-- 
cgit v1.2.3-54-g00ecf