update to support new target in swarmkit
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
This commit is contained in:
Evan Hazlett
parent
76b33fdb99
commit
88dea0e06e
6 changed files with 59 additions and 36 deletions
|
|
@ -6,7 +6,7 @@ type ContainerSecret struct {
|
|||
Name string
|
||||
Target string
|
||||
Data []byte
|
||||
Uid int
|
||||
Gid int
|
||||
UID int
|
||||
GID int
|
||||
Mode os.FileMode
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
package swarm
|
||||
|
||||
import "os"
|
||||
|
||||
// Secret represents a secret.
|
||||
type Secret struct {
|
||||
ID string
|
||||
|
|
@ -14,17 +16,15 @@ type SecretSpec struct {
|
|||
Data []byte
|
||||
}
|
||||
|
||||
type SecretReferenceMode int
|
||||
|
||||
const (
|
||||
SecretReferenceSystem SecretReferenceMode = 0
|
||||
SecretReferenceFile SecretReferenceMode = 1
|
||||
SecretReferenceEnv SecretReferenceMode = 2
|
||||
)
|
||||
type SecretReferenceFileTarget struct {
|
||||
Name string
|
||||
UID string
|
||||
GID string
|
||||
Mode os.FileMode
|
||||
}
|
||||
|
||||
type SecretReference struct {
|
||||
SecretID string
|
||||
Mode SecretReferenceMode
|
||||
Target string
|
||||
SecretName string
|
||||
Target SecretReferenceFileTarget
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,8 +54,13 @@ func parseSecrets(client client.APIClient, requestedSecrets []string) ([]*swarmt
|
|||
|
||||
secretRef := &swarmtypes.SecretReference{
|
||||
SecretName: n,
|
||||
Mode: swarmtypes.SecretReferenceFile,
|
||||
Target: t,
|
||||
// TODO (ehazlett): parse these from cli request
|
||||
Target: swarmtypes.SecretReferenceFileTarget{
|
||||
Name: t,
|
||||
UID: "0",
|
||||
GID: "0",
|
||||
Mode: 0444,
|
||||
},
|
||||
}
|
||||
|
||||
if _, exists := secretRefs[t]; exists {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
container "github.com/docker/docker/api/types/container"
|
||||
mounttypes "github.com/docker/docker/api/types/mount"
|
||||
types "github.com/docker/docker/api/types/swarm"
|
||||
|
|
@ -79,15 +80,17 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) types.ContainerSpec {
|
|||
func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretReference {
|
||||
refs := []*swarmapi.SecretReference{}
|
||||
for _, s := range sr {
|
||||
mode := swarmapi.SecretReference_FILE
|
||||
if s.Mode == types.SecretReferenceSystem {
|
||||
mode = swarmapi.SecretReference_SYSTEM
|
||||
}
|
||||
refs = append(refs, &swarmapi.SecretReference{
|
||||
SecretID: s.SecretID,
|
||||
SecretName: s.SecretName,
|
||||
Target: s.Target,
|
||||
Mode: mode,
|
||||
Target: &swarmapi.SecretReference_File{
|
||||
File: &swarmapi.SecretReference_FileTarget{
|
||||
Name: s.Target.Name,
|
||||
UID: s.Target.UID,
|
||||
GID: s.Target.GID,
|
||||
Mode: s.Target.Mode,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -96,18 +99,21 @@ func secretReferencesToGRPC(sr []*types.SecretReference) []*swarmapi.SecretRefer
|
|||
func secretReferencesFromGRPC(sr []*swarmapi.SecretReference) []*types.SecretReference {
|
||||
refs := []*types.SecretReference{}
|
||||
for _, s := range sr {
|
||||
var mode types.SecretReferenceMode
|
||||
switch s.Mode {
|
||||
case swarmapi.SecretReference_SYSTEM:
|
||||
mode = types.SecretReferenceSystem
|
||||
default:
|
||||
mode = types.SecretReferenceFile
|
||||
target := s.GetFile()
|
||||
if target == nil {
|
||||
// not a file target
|
||||
logrus.Warnf("secret target not a file: secret=%s", s.SecretID)
|
||||
continue
|
||||
}
|
||||
refs = append(refs, &types.SecretReference{
|
||||
SecretID: s.SecretID,
|
||||
SecretName: s.SecretName,
|
||||
Target: s.Target,
|
||||
Mode: mode,
|
||||
Target: types.SecretReferenceFileTarget{
|
||||
Name: target.Name,
|
||||
UID: target.UID,
|
||||
GID: target.GID,
|
||||
Mode: target.Mode,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"strconv"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
|
@ -227,18 +228,29 @@ func (c *containerAdapter) create(ctx context.Context) error {
|
|||
}
|
||||
|
||||
name := sec.Spec.Annotations.Name
|
||||
target := s.Target
|
||||
if target == "" {
|
||||
target = name
|
||||
target := s.GetFile()
|
||||
if target == nil {
|
||||
logrus.Warnf("secret target was not a file: secret=%s", s.SecretID)
|
||||
continue
|
||||
}
|
||||
// convert uid / gid string to int
|
||||
uid, err := strconv.Atoi(target.UID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
gid, err := strconv.Atoi(target.GID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
secrets = append(secrets, &containertypes.ContainerSecret{
|
||||
Name: name,
|
||||
Target: target,
|
||||
Target: target.Name,
|
||||
Data: sec.Spec.Data,
|
||||
// TODO (ehazlett): enable configurable uid, gid, mode
|
||||
Uid: 0,
|
||||
Gid: 0,
|
||||
Mode: 0444,
|
||||
UID: uid,
|
||||
GID: gid,
|
||||
Mode: target.Mode,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
|
|||
return errors.Wrap(err, "error injecting secret")
|
||||
}
|
||||
|
||||
if err := os.Chown(fPath, s.Uid, s.Gid); err != nil {
|
||||
if err := os.Chown(fPath, s.UID, s.GID); err != nil {
|
||||
return errors.Wrap(err, "error setting ownership for secret")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue