mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Add CredentialSpec from configs support
Signed-off-by: Drew Erny <drew.erny@docker.com>
This commit is contained in:
parent
e7a9a7cdbc
commit
04995fa7c7
2 changed files with 19 additions and 0 deletions
|
@ -651,6 +651,8 @@ func (c *containerConfig) applyPrivileges(hc *enginecontainer.HostConfig) {
|
|||
hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=file://"+credentials.GetFile())
|
||||
case *api.Privileges_CredentialSpec_Registry:
|
||||
hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=registry://"+credentials.GetRegistry())
|
||||
case *api.Privileges_CredentialSpec_Config:
|
||||
hc.SecurityOpt = append(hc.SecurityOpt, "credentialspec=config://"+credentials.GetConfig())
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -288,6 +288,23 @@ func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.S
|
|||
if cs, err = readCredentialSpecRegistry(c.ID, csValue); err != nil {
|
||||
return err
|
||||
}
|
||||
} else if match, csValue = getCredentialSpec("config://", splitsOpt[1]); match {
|
||||
if csValue == "" {
|
||||
return fmt.Errorf("no value supplied for config:// credential spec security option")
|
||||
}
|
||||
|
||||
// if the container does not have a DependencyStore, then we
|
||||
// return an error
|
||||
if c.DependencyStore == nil {
|
||||
return fmt.Errorf("cannot use config:// credential spec security option if not swarmkit managed")
|
||||
}
|
||||
csConfig, err := c.DependencyStore.Configs().Get(csValue)
|
||||
if err != nil {
|
||||
return fmt.Errorf("error getting value from config store: %v", err)
|
||||
}
|
||||
// stuff the resulting secret data into a string to use as the
|
||||
// CredentialSpec
|
||||
cs = string(csConfig.Spec.Data)
|
||||
} else {
|
||||
return fmt.Errorf("invalid credential spec security option - value must be prefixed file:// or registry:// followed by a value")
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue