mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
api: Remove SecretRequestOption type
This type is only used by CLI code. It duplicates SecretReference in the types/swarm package. Change the CLI code to use that type instead. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit is contained in:
parent
b5bd023de6
commit
e7c39f4d5d
5 changed files with 53 additions and 74 deletions
|
@ -4,7 +4,6 @@ import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
|
||||||
|
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
"github.com/docker/docker/api/types/filters"
|
"github.com/docker/docker/api/types/filters"
|
||||||
|
@ -364,15 +363,6 @@ type PluginInstallOptions struct {
|
||||||
Args []string
|
Args []string
|
||||||
}
|
}
|
||||||
|
|
||||||
// SecretRequestOption is a type for requesting secrets
|
|
||||||
type SecretRequestOption struct {
|
|
||||||
Source string
|
|
||||||
Target string
|
|
||||||
UID string
|
|
||||||
GID string
|
|
||||||
Mode os.FileMode
|
|
||||||
}
|
|
||||||
|
|
||||||
// SwarmUnlockKeyResponse contains the response for Engine API:
|
// SwarmUnlockKeyResponse contains the response for Engine API:
|
||||||
// GET /swarm/unlockkey
|
// GET /swarm/unlockkey
|
||||||
type SwarmUnlockKeyResponse struct {
|
type SwarmUnlockKeyResponse struct {
|
||||||
|
|
|
@ -10,27 +10,19 @@ import (
|
||||||
"golang.org/x/net/context"
|
"golang.org/x/net/context"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ParseSecrets retrieves the secrets from the requested names and converts
|
// ParseSecrets retrieves the secrets with the requested names and fills
|
||||||
// them to secret references to use with the spec
|
// secret IDs into the secret references.
|
||||||
func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*types.SecretRequestOption) ([]*swarmtypes.SecretReference, error) {
|
func ParseSecrets(client client.SecretAPIClient, requestedSecrets []*swarmtypes.SecretReference) ([]*swarmtypes.SecretReference, error) {
|
||||||
secretRefs := make(map[string]*swarmtypes.SecretReference)
|
secretRefs := make(map[string]*swarmtypes.SecretReference)
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
for _, secret := range requestedSecrets {
|
for _, secret := range requestedSecrets {
|
||||||
if _, exists := secretRefs[secret.Target]; exists {
|
if _, exists := secretRefs[secret.File.Name]; exists {
|
||||||
return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.Source)
|
return nil, fmt.Errorf("duplicate secret target for %s not allowed", secret.SecretName)
|
||||||
}
|
}
|
||||||
secretRef := &swarmtypes.SecretReference{
|
secretRef := new(swarmtypes.SecretReference)
|
||||||
File: &swarmtypes.SecretReferenceFileTarget{
|
*secretRef = *secret
|
||||||
Name: secret.Target,
|
secretRefs[secret.File.Name] = secretRef
|
||||||
UID: secret.UID,
|
|
||||||
GID: secret.GID,
|
|
||||||
Mode: secret.Mode,
|
|
||||||
},
|
|
||||||
SecretName: secret.Source,
|
|
||||||
}
|
|
||||||
|
|
||||||
secretRefs[secret.Target] = secretRef
|
|
||||||
}
|
}
|
||||||
|
|
||||||
args := filters.NewArgs()
|
args := filters.NewArgs()
|
||||||
|
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
servicecli "github.com/docker/docker/cli/command/service"
|
servicecli "github.com/docker/docker/cli/command/service"
|
||||||
|
@ -196,7 +195,7 @@ func convertServiceSecrets(
|
||||||
secrets []composetypes.ServiceSecretConfig,
|
secrets []composetypes.ServiceSecretConfig,
|
||||||
secretSpecs map[string]composetypes.SecretConfig,
|
secretSpecs map[string]composetypes.SecretConfig,
|
||||||
) ([]*swarm.SecretReference, error) {
|
) ([]*swarm.SecretReference, error) {
|
||||||
opts := []*types.SecretRequestOption{}
|
refs := []*swarm.SecretReference{}
|
||||||
for _, secret := range secrets {
|
for _, secret := range secrets {
|
||||||
target := secret.Target
|
target := secret.Target
|
||||||
if target == "" {
|
if target == "" {
|
||||||
|
@ -222,16 +221,18 @@ func convertServiceSecrets(
|
||||||
mode = uint32Ptr(0444)
|
mode = uint32Ptr(0444)
|
||||||
}
|
}
|
||||||
|
|
||||||
opts = append(opts, &types.SecretRequestOption{
|
refs = append(refs, &swarm.SecretReference{
|
||||||
Source: source,
|
File: &swarm.SecretReferenceFileTarget{
|
||||||
Target: target,
|
Name: target,
|
||||||
UID: uid,
|
UID: uid,
|
||||||
GID: gid,
|
GID: gid,
|
||||||
Mode: os.FileMode(*mode),
|
Mode: os.FileMode(*mode),
|
||||||
|
},
|
||||||
|
SecretName: source,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
return servicecli.ParseSecrets(client, opts)
|
return servicecli.ParseSecrets(client, refs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func uint32Ptr(value uint32) *uint32 {
|
func uint32Ptr(value uint32) *uint32 {
|
||||||
|
|
|
@ -8,12 +8,12 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/docker/docker/api/types"
|
swarmtypes "github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SecretOpt is a Value type for parsing secrets
|
// SecretOpt is a Value type for parsing secrets
|
||||||
type SecretOpt struct {
|
type SecretOpt struct {
|
||||||
values []*types.SecretRequestOption
|
values []*swarmtypes.SecretReference
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set a new secret value
|
// Set a new secret value
|
||||||
|
@ -24,18 +24,18 @@ func (o *SecretOpt) Set(value string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
options := &types.SecretRequestOption{
|
options := &swarmtypes.SecretReference{
|
||||||
Source: "",
|
File: &swarmtypes.SecretReferenceFileTarget{
|
||||||
Target: "",
|
|
||||||
UID: "0",
|
UID: "0",
|
||||||
GID: "0",
|
GID: "0",
|
||||||
Mode: 0444,
|
Mode: 0444,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// support a simple syntax of --secret foo
|
// support a simple syntax of --secret foo
|
||||||
if len(fields) == 1 {
|
if len(fields) == 1 {
|
||||||
options.Source = fields[0]
|
options.File.Name = fields[0]
|
||||||
options.Target = fields[0]
|
options.SecretName = fields[0]
|
||||||
o.values = append(o.values, options)
|
o.values = append(o.values, options)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -51,34 +51,30 @@ func (o *SecretOpt) Set(value string) error {
|
||||||
value := parts[1]
|
value := parts[1]
|
||||||
switch key {
|
switch key {
|
||||||
case "source", "src":
|
case "source", "src":
|
||||||
options.Source = value
|
options.SecretName = value
|
||||||
case "target":
|
case "target":
|
||||||
tDir, _ := filepath.Split(value)
|
tDir, _ := filepath.Split(value)
|
||||||
if tDir != "" {
|
if tDir != "" {
|
||||||
return fmt.Errorf("target must not be a path")
|
return fmt.Errorf("target must not be a path")
|
||||||
}
|
}
|
||||||
options.Target = value
|
options.File.Name = value
|
||||||
case "uid":
|
case "uid":
|
||||||
options.UID = value
|
options.File.UID = value
|
||||||
case "gid":
|
case "gid":
|
||||||
options.GID = value
|
options.File.GID = value
|
||||||
case "mode":
|
case "mode":
|
||||||
m, err := strconv.ParseUint(value, 0, 32)
|
m, err := strconv.ParseUint(value, 0, 32)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("invalid mode specified: %v", err)
|
return fmt.Errorf("invalid mode specified: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
options.Mode = os.FileMode(m)
|
options.File.Mode = os.FileMode(m)
|
||||||
default:
|
default:
|
||||||
if len(fields) == 1 && value == "" {
|
|
||||||
|
|
||||||
} else {
|
|
||||||
return fmt.Errorf("invalid field in secret request: %s", key)
|
return fmt.Errorf("invalid field in secret request: %s", key)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if options.Source == "" {
|
if options.SecretName == "" {
|
||||||
return fmt.Errorf("source is required")
|
return fmt.Errorf("source is required")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,13 +91,13 @@ func (o *SecretOpt) Type() string {
|
||||||
func (o *SecretOpt) String() string {
|
func (o *SecretOpt) String() string {
|
||||||
secrets := []string{}
|
secrets := []string{}
|
||||||
for _, secret := range o.values {
|
for _, secret := range o.values {
|
||||||
repr := fmt.Sprintf("%s -> %s", secret.Source, secret.Target)
|
repr := fmt.Sprintf("%s -> %s", secret.SecretName, secret.File.Name)
|
||||||
secrets = append(secrets, repr)
|
secrets = append(secrets, repr)
|
||||||
}
|
}
|
||||||
return strings.Join(secrets, ", ")
|
return strings.Join(secrets, ", ")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Value returns the secret requests
|
// Value returns the secret requests
|
||||||
func (o *SecretOpt) Value() []*types.SecretRequestOption {
|
func (o *SecretOpt) Value() []*swarmtypes.SecretReference {
|
||||||
return o.values
|
return o.values
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,10 +16,10 @@ func TestSecretOptionsSimple(t *testing.T) {
|
||||||
reqs := opt.Value()
|
reqs := opt.Value()
|
||||||
assert.Equal(t, len(reqs), 1)
|
assert.Equal(t, len(reqs), 1)
|
||||||
req := reqs[0]
|
req := reqs[0]
|
||||||
assert.Equal(t, req.Source, "app-secret")
|
assert.Equal(t, req.SecretName, "app-secret")
|
||||||
assert.Equal(t, req.Target, "app-secret")
|
assert.Equal(t, req.File.Name, "app-secret")
|
||||||
assert.Equal(t, req.UID, "0")
|
assert.Equal(t, req.File.UID, "0")
|
||||||
assert.Equal(t, req.GID, "0")
|
assert.Equal(t, req.File.GID, "0")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSecretOptionsSourceTarget(t *testing.T) {
|
func TestSecretOptionsSourceTarget(t *testing.T) {
|
||||||
|
@ -31,8 +31,8 @@ func TestSecretOptionsSourceTarget(t *testing.T) {
|
||||||
reqs := opt.Value()
|
reqs := opt.Value()
|
||||||
assert.Equal(t, len(reqs), 1)
|
assert.Equal(t, len(reqs), 1)
|
||||||
req := reqs[0]
|
req := reqs[0]
|
||||||
assert.Equal(t, req.Source, "foo")
|
assert.Equal(t, req.SecretName, "foo")
|
||||||
assert.Equal(t, req.Target, "testing")
|
assert.Equal(t, req.File.Name, "testing")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSecretOptionsShorthand(t *testing.T) {
|
func TestSecretOptionsShorthand(t *testing.T) {
|
||||||
|
@ -44,7 +44,7 @@ func TestSecretOptionsShorthand(t *testing.T) {
|
||||||
reqs := opt.Value()
|
reqs := opt.Value()
|
||||||
assert.Equal(t, len(reqs), 1)
|
assert.Equal(t, len(reqs), 1)
|
||||||
req := reqs[0]
|
req := reqs[0]
|
||||||
assert.Equal(t, req.Source, "foo")
|
assert.Equal(t, req.SecretName, "foo")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSecretOptionsCustomUidGid(t *testing.T) {
|
func TestSecretOptionsCustomUidGid(t *testing.T) {
|
||||||
|
@ -56,10 +56,10 @@ func TestSecretOptionsCustomUidGid(t *testing.T) {
|
||||||
reqs := opt.Value()
|
reqs := opt.Value()
|
||||||
assert.Equal(t, len(reqs), 1)
|
assert.Equal(t, len(reqs), 1)
|
||||||
req := reqs[0]
|
req := reqs[0]
|
||||||
assert.Equal(t, req.Source, "foo")
|
assert.Equal(t, req.SecretName, "foo")
|
||||||
assert.Equal(t, req.Target, "testing")
|
assert.Equal(t, req.File.Name, "testing")
|
||||||
assert.Equal(t, req.UID, "1000")
|
assert.Equal(t, req.File.UID, "1000")
|
||||||
assert.Equal(t, req.GID, "1001")
|
assert.Equal(t, req.File.GID, "1001")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestSecretOptionsCustomMode(t *testing.T) {
|
func TestSecretOptionsCustomMode(t *testing.T) {
|
||||||
|
@ -71,9 +71,9 @@ func TestSecretOptionsCustomMode(t *testing.T) {
|
||||||
reqs := opt.Value()
|
reqs := opt.Value()
|
||||||
assert.Equal(t, len(reqs), 1)
|
assert.Equal(t, len(reqs), 1)
|
||||||
req := reqs[0]
|
req := reqs[0]
|
||||||
assert.Equal(t, req.Source, "foo")
|
assert.Equal(t, req.SecretName, "foo")
|
||||||
assert.Equal(t, req.Target, "testing")
|
assert.Equal(t, req.File.Name, "testing")
|
||||||
assert.Equal(t, req.UID, "1000")
|
assert.Equal(t, req.File.UID, "1000")
|
||||||
assert.Equal(t, req.GID, "1001")
|
assert.Equal(t, req.File.GID, "1001")
|
||||||
assert.Equal(t, req.Mode, os.FileMode(0444))
|
assert.Equal(t, req.File.Mode, os.FileMode(0444))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue