move secretopt to opts pkg
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
This commit is contained in:
parent
e0e65b9a3b
commit
c00138748d
|
@ -4,6 +4,7 @@ import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
|
"os"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
"github.com/docker/docker/api/types/filters"
|
"github.com/docker/docker/api/types/filters"
|
||||||
|
@ -339,3 +340,12 @@ type PluginInstallOptions struct {
|
||||||
AcceptPermissionsFunc func(PluginPrivileges) (bool, error)
|
AcceptPermissionsFunc func(PluginPrivileges) (bool, error)
|
||||||
Args []string
|
Args []string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SecretRequestOptions is a type for requesting secrets
|
||||||
|
type SecretRequestOptions struct {
|
||||||
|
Source string
|
||||||
|
Target string
|
||||||
|
UID string
|
||||||
|
GID string
|
||||||
|
Mode os.FileMode
|
||||||
|
}
|
||||||
|
|
|
@ -28,3 +28,12 @@ type SecretReference struct {
|
||||||
SecretName string
|
SecretName string
|
||||||
Target SecretReferenceFileTarget
|
Target SecretReferenceFileTarget
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SecretRequestSpec is a type for requesting secrets
|
||||||
|
type SecretRequestSpec struct {
|
||||||
|
Source string
|
||||||
|
Target string
|
||||||
|
UID string
|
||||||
|
GID string
|
||||||
|
Mode os.FileMode
|
||||||
|
}
|
||||||
|
|
|
@ -432,7 +432,7 @@ type serviceOptions struct {
|
||||||
logDriver logDriverOptions
|
logDriver logDriverOptions
|
||||||
|
|
||||||
healthcheck healthCheckOptions
|
healthcheck healthCheckOptions
|
||||||
secrets SecretOpt
|
secrets opts.SecretOpt
|
||||||
}
|
}
|
||||||
|
|
||||||
func newServiceOptions() *serviceOptions {
|
func newServiceOptions() *serviceOptions {
|
||||||
|
|
|
@ -12,25 +12,25 @@ import (
|
||||||
|
|
||||||
// parseSecrets retrieves the secrets from the requested names and converts
|
// parseSecrets retrieves the secrets from the requested names and converts
|
||||||
// them to secret references to use with the spec
|
// them to secret references to use with the spec
|
||||||
func parseSecrets(client client.APIClient, requestedSecrets []*SecretRequestSpec) ([]*swarmtypes.SecretReference, error) {
|
func parseSecrets(client client.APIClient, requestedSecrets []*types.SecretRequestOptions) ([]*swarmtypes.SecretReference, error) {
|
||||||
secretRefs := make(map[string]*swarmtypes.SecretReference)
|
secretRefs := make(map[string]*swarmtypes.SecretReference)
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
for _, secret := range requestedSecrets {
|
for _, secret := range requestedSecrets {
|
||||||
secretRef := &swarmtypes.SecretReference{
|
secretRef := &swarmtypes.SecretReference{
|
||||||
SecretName: secret.source,
|
SecretName: secret.Source,
|
||||||
Target: swarmtypes.SecretReferenceFileTarget{
|
Target: swarmtypes.SecretReferenceFileTarget{
|
||||||
Name: secret.target,
|
Name: secret.Target,
|
||||||
UID: secret.uid,
|
UID: secret.UID,
|
||||||
GID: secret.gid,
|
GID: secret.GID,
|
||||||
Mode: secret.mode,
|
Mode: secret.Mode,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, exists := secretRefs[secret.target]; exists {
|
if _, exists := secretRefs[secret.Target]; exists {
|
||||||
return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.source)
|
return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.Source)
|
||||||
}
|
}
|
||||||
secretRefs[secret.target] = secretRef
|
secretRefs[secret.Target] = secretRef
|
||||||
}
|
}
|
||||||
|
|
||||||
args := filters.NewArgs()
|
args := filters.NewArgs()
|
||||||
|
|
|
@ -413,7 +413,7 @@ func updateEnvironment(flags *pflag.FlagSet, field *[]string) {
|
||||||
|
|
||||||
func getUpdatedSecrets(apiClient client.APIClient, flags *pflag.FlagSet, secrets []*swarm.SecretReference) ([]*swarm.SecretReference, error) {
|
func getUpdatedSecrets(apiClient client.APIClient, flags *pflag.FlagSet, secrets []*swarm.SecretReference) ([]*swarm.SecretReference, error) {
|
||||||
if flags.Changed(flagSecretAdd) {
|
if flags.Changed(flagSecretAdd) {
|
||||||
values := flags.Lookup(flagSecretAdd).Value.(*SecretOpt).Value()
|
values := flags.Lookup(flagSecretAdd).Value.(*opts.SecretOpt).Value()
|
||||||
|
|
||||||
addSecrets, err := parseSecrets(apiClient, values)
|
addSecrets, err := parseSecrets(apiClient, values)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -0,0 +1,95 @@
|
||||||
|
package opts
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/csv"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/docker/docker/api/types"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SecretOpt is a Value type for parsing secrets
|
||||||
|
type SecretOpt struct {
|
||||||
|
values []*types.SecretRequestOptions
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set a new secret value
|
||||||
|
func (o *SecretOpt) Set(value string) error {
|
||||||
|
csvReader := csv.NewReader(strings.NewReader(value))
|
||||||
|
fields, err := csvReader.Read()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
options := &types.SecretRequestOptions{
|
||||||
|
Source: "",
|
||||||
|
Target: "",
|
||||||
|
UID: "0",
|
||||||
|
GID: "0",
|
||||||
|
Mode: 0444,
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, field := range fields {
|
||||||
|
parts := strings.SplitN(field, "=", 2)
|
||||||
|
key := strings.ToLower(parts[0])
|
||||||
|
|
||||||
|
if len(parts) != 2 {
|
||||||
|
return fmt.Errorf("invalid field '%s' must be a key=value pair", field)
|
||||||
|
}
|
||||||
|
|
||||||
|
value := parts[1]
|
||||||
|
switch key {
|
||||||
|
case "source":
|
||||||
|
options.Source = value
|
||||||
|
case "target":
|
||||||
|
tDir, _ := filepath.Split(value)
|
||||||
|
if tDir != "" {
|
||||||
|
return fmt.Errorf("target must not be a path")
|
||||||
|
}
|
||||||
|
options.Target = value
|
||||||
|
case "uid":
|
||||||
|
options.UID = value
|
||||||
|
case "gid":
|
||||||
|
options.GID = value
|
||||||
|
case "mode":
|
||||||
|
m, err := strconv.ParseUint(value, 0, 32)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid mode specified: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
options.Mode = os.FileMode(m)
|
||||||
|
default:
|
||||||
|
return fmt.Errorf("invalid field in secret request: %s", key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if options.Source == "" {
|
||||||
|
return fmt.Errorf("source is required")
|
||||||
|
}
|
||||||
|
|
||||||
|
o.values = append(o.values, options)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Type returns the type of this option
|
||||||
|
func (o *SecretOpt) Type() string {
|
||||||
|
return "secret"
|
||||||
|
}
|
||||||
|
|
||||||
|
// String returns a string repr of this option
|
||||||
|
func (o *SecretOpt) String() string {
|
||||||
|
secrets := []string{}
|
||||||
|
for _, secret := range o.values {
|
||||||
|
repr := fmt.Sprintf("%s -> %s", secret.Source, secret.Target)
|
||||||
|
secrets = append(secrets, repr)
|
||||||
|
}
|
||||||
|
return strings.Join(secrets, ", ")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Value returns the secret requests
|
||||||
|
func (o *SecretOpt) Value() []*types.SecretRequestOptions {
|
||||||
|
return o.values
|
||||||
|
}
|
Loading…
Reference in New Issue