kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Use "local" secret paths based on the secretID

Browse source 
This prevents targets with the same basename from colliding.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit is contained in:
Aaron Lehmann 2017-04-28 11:48:52 -07:00
parent 67d282a5c9
commit 37ce91ddd6
4 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
container/container.go
View file

@ -954,8 +954,9 @@ func (container *Container) SecretMountPath() string {
return filepath.Join(container.Root, "secrets") return filepath.Join(container.Root, "secrets")
} }
func (container *Container) getLocalSecretPath(r *swarmtypes.SecretReference) string { // SecretFilePath returns the path to the location of a secret on the host.
return filepath.Join(container.SecretMountPath(), filepath.Base(r.File.Name)) func (container *Container) SecretFilePath(secretRef swarmtypes.SecretReference) string {
return filepath.Join(container.SecretMountPath(), secretRef.SecretID)
} }
func getSecretTargetPath(r *swarmtypes.SecretReference) string { func getSecretTargetPath(r *swarmtypes.SecretReference) string {

10
container/container_unix.go
View file

@ -248,15 +248,15 @@ func (container *Container) IpcMounts() []Mount {
return mounts return mounts
} }
// SecretMounts returns the mount for the secret path // SecretMounts returns the mounts for the secret path.
func (container *Container) SecretMounts() []Mount { func (container *Container) SecretMounts() []Mount {
var mounts []Mount var mounts []Mount
for _, r := range container.SecretReferences { for _, r := range container.SecretReferences {
// secrets are created in the SecretMountPath at a single level if r.File == nil {
// i.e. /var/run/secrets/foo continue
srcPath := container.getLocalSecretPath(r) }
mounts = append(mounts, Mount{ mounts = append(mounts, Mount{
Source: srcPath, Source: container.SecretFilePath(*r),
Destination: getSecretTargetPath(r), Destination: getSecretTargetPath(r),
Writable: false, Writable: false,
}) })

2
container/container_windows.go
View file

@ -47,7 +47,7 @@ func (container *Container) IpcMounts() []Mount {
return nil return nil
} }
// SecretMounts returns the mount for the secret path // SecretMounts returns the mounts for the secret path
func (container *Container) SecretMounts() []Mount { func (container *Container) SecretMounts() []Mount {
return nil return nil
} }

6
daemon/container_operations_unix.go
View file

@ -177,9 +177,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
return fmt.Errorf("secret target type is not a file target") return fmt.Errorf("secret target type is not a file target")
} }
// secrets are created in the SecretMountPath at a single level // secrets are created in the SecretMountPath on the host, at a
// i.e. /var/run/secrets/foo // single level
fPath := filepath.Join(localMountPath, filepath.Base(s.File.Name)) fPath := c.SecretFilePath(*s)
if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil { if err := idtools.MkdirAllAs(filepath.Dir(fPath), 0700, rootUID, rootGID); err != nil {
return errors.Wrap(err, "error creating secret mount path") return errors.Wrap(err, "error creating secret mount path")
} }