secrets.go 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. package store
  2. import (
  3. "strings"
  4. "github.com/docker/swarmkit/api"
  5. memdb "github.com/hashicorp/go-memdb"
  6. )
  7. const tableSecret = "secret"
  8. func init() {
  9. register(ObjectStoreConfig{
  10. Table: &memdb.TableSchema{
  11. Name: tableSecret,
  12. Indexes: map[string]*memdb.IndexSchema{
  13. indexID: {
  14. Name: indexID,
  15. Unique: true,
  16. Indexer: api.SecretIndexerByID{},
  17. },
  18. indexName: {
  19. Name: indexName,
  20. Unique: true,
  21. Indexer: api.SecretIndexerByName{},
  22. },
  23. indexCustom: {
  24. Name: indexCustom,
  25. Indexer: api.SecretCustomIndexer{},
  26. AllowMissing: true,
  27. },
  28. },
  29. },
  30. Save: func(tx ReadTx, snapshot *api.StoreSnapshot) error {
  31. var err error
  32. snapshot.Secrets, err = FindSecrets(tx, All)
  33. return err
  34. },
  35. Restore: func(tx Tx, snapshot *api.StoreSnapshot) error {
  36. secrets, err := FindSecrets(tx, All)
  37. if err != nil {
  38. return err
  39. }
  40. for _, s := range secrets {
  41. if err := DeleteSecret(tx, s.ID); err != nil {
  42. return err
  43. }
  44. }
  45. for _, s := range snapshot.Secrets {
  46. if err := CreateSecret(tx, s); err != nil {
  47. return err
  48. }
  49. }
  50. return nil
  51. },
  52. ApplyStoreAction: func(tx Tx, sa api.StoreAction) error {
  53. switch v := sa.Target.(type) {
  54. case *api.StoreAction_Secret:
  55. obj := v.Secret
  56. switch sa.Action {
  57. case api.StoreActionKindCreate:
  58. return CreateSecret(tx, obj)
  59. case api.StoreActionKindUpdate:
  60. return UpdateSecret(tx, obj)
  61. case api.StoreActionKindRemove:
  62. return DeleteSecret(tx, obj.ID)
  63. }
  64. }
  65. return errUnknownStoreAction
  66. },
  67. })
  68. }
  69. // CreateSecret adds a new secret to the store.
  70. // Returns ErrExist if the ID is already taken.
  71. func CreateSecret(tx Tx, s *api.Secret) error {
  72. // Ensure the name is not already in use.
  73. if tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)) != nil {
  74. return ErrNameConflict
  75. }
  76. return tx.create(tableSecret, s)
  77. }
  78. // UpdateSecret updates an existing secret in the store.
  79. // Returns ErrNotExist if the secret doesn't exist.
  80. func UpdateSecret(tx Tx, s *api.Secret) error {
  81. // Ensure the name is either not in use or already used by this same Secret.
  82. if existing := tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)); existing != nil {
  83. if existing.GetID() != s.ID {
  84. return ErrNameConflict
  85. }
  86. }
  87. return tx.update(tableSecret, s)
  88. }
  89. // DeleteSecret removes a secret from the store.
  90. // Returns ErrNotExist if the secret doesn't exist.
  91. func DeleteSecret(tx Tx, id string) error {
  92. return tx.delete(tableSecret, id)
  93. }
  94. // GetSecret looks up a secret by ID.
  95. // Returns nil if the secret doesn't exist.
  96. func GetSecret(tx ReadTx, id string) *api.Secret {
  97. n := tx.get(tableSecret, id)
  98. if n == nil {
  99. return nil
  100. }
  101. return n.(*api.Secret)
  102. }
  103. // FindSecrets selects a set of secrets and returns them.
  104. func FindSecrets(tx ReadTx, by By) ([]*api.Secret, error) {
  105. checkType := func(by By) error {
  106. switch by.(type) {
  107. case byName, byNamePrefix, byIDPrefix, byCustom, byCustomPrefix:
  108. return nil
  109. default:
  110. return ErrInvalidFindBy
  111. }
  112. }
  113. secretList := []*api.Secret{}
  114. appendResult := func(o api.StoreObject) {
  115. secretList = append(secretList, o.(*api.Secret))
  116. }
  117. err := tx.find(tableSecret, by, checkType, appendResult)
  118. return secretList, err
  119. }