We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
moby
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

secrets: vendor swarmkit

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

secrets: vendor swarmkit

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
Evan Hazlett 8 lat temu
rodzic
da0ccf8e61
commit
1310dadf4a
1 zmienionych plików z 87 dodań i 0 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 87 0
      vendor/github.com/docker/swarmkit/agent/secrets/secrets.go

+ 87 - 0
vendor/github.com/docker/swarmkit/agent/secrets/secrets.go
Wyświetl plik 

@@ -0,0 +1,87 @@
 
+package secrets
 
+
 
+import (
 
+	"sync"
 
+
 
+	"github.com/docker/swarmkit/agent/exec"
 
+	"github.com/docker/swarmkit/api"
 
+)
 
+
 
+// secrets is a map that keeps all the currenty available secrets to the agent
 
+// mapped by secret ID
 
+type secrets struct {
 
+	mu sync.RWMutex
 
+	m  map[string]*api.Secret
 
+}
 
+
 
+// NewManager returns a place to store secrets.
 
+func NewManager() exec.SecretsManager {
 
+	return &secrets{
 
+		m: make(map[string]*api.Secret),
 
+	}
 
+}
 
+
 
+// Get returns a secret by ID.  If the secret doesn't exist, returns nil.
 
+func (s *secrets) Get(secretID string) *api.Secret {
 
+	s.mu.RLock()
 
+	defer s.mu.RUnlock()
 
+	if s, ok := s.m[secretID]; ok {
 
+		return s
 
+	}
 
+	return nil
 
+}
 
+
 
+// add adds one or more secrets to the secret map
 
+func (s *secrets) Add(secrets ...api.Secret) {
 
+	s.mu.Lock()
 
+	defer s.mu.Unlock()
 
+	for _, secret := range secrets {
 
+		s.m[secret.ID] = secret.Copy()
 
+	}
 
+}
 
+
 
+// remove removes one or more secrets by ID from the secret map.  Succeeds
 
+// whether or not the given IDs are in the map.
 
+func (s *secrets) Remove(secrets []string) {
 
+	s.mu.Lock()
 
+	defer s.mu.Unlock()
 
+	for _, secret := range secrets {
 
+		delete(s.m, secret)
 
+	}
 
+}
 
+
 
+// reset removes all the secrets
 
+func (s *secrets) Reset() {
 
+	s.mu.Lock()
 
+	defer s.mu.Unlock()
 
+	s.m = make(map[string]*api.Secret)
 
+}
 
+
 
+// taskRestrictedSecretsProvider restricts the ids to the task.
 
+type taskRestrictedSecretsProvider struct {
 
+	secrets   exec.SecretGetter
 
+	secretIDs map[string]struct{} // allow list of secret ids
 
+}
 
+
 
+func (sp *taskRestrictedSecretsProvider) Get(secretID string) *api.Secret {
 
+	if _, ok := sp.secretIDs[secretID]; !ok {
 
+		return nil
 
+	}
 
+
 
+	return sp.secrets.Get(secretID)
 
+}
 
+
 
+// Restrict provides a getter that only allows access to the secrets
 
+// referenced by the task.
 
+func Restrict(secrets exec.SecretGetter, t *api.Task) exec.SecretGetter {
 
+	sids := map[string]struct{}{}
 
+
 
+	container := t.Spec.GetContainer()
 
+	if container != nil {
 
+		for _, ref := range container.Secrets {
 
+			sids[ref.SecretID] = struct{}{}
 
+		}
 
+	}
 
+
 
+	return &taskRestrictedSecretsProvider{secrets: secrets, secretIDs: sids}
 
+}

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5