Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DockerCLI/cli/command/secret/create.go

108 lines
2.6 KiB
Go
Raw Normal View History

secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
package secret
import (
Switch from x/net/context to context Since go 1.7, "context" is a standard package. Since go 1.9, x/net/context merely provides some types aliased to those in the standard context package. The changes were performed by the following script: for f in $(git ls-files \*.go | grep -v ^vendor/); do sed -i 's|golang.org/x/net/context|context|' $f goimports -w $f for i in 1 2; do awk '/^$/ {e=1; next;} /\t"context"$/ {e=0;} {if (e) {print ""; e=0}; print;}' < $f > $f.new && \ mv $f.new $f goimports -w $f done done [v2: do awk/goimports fixup twice] Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2018-05-03 21:02:44 -04:00
"context"
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
"fmt"
Add `--file` flag for `docker secret create` command This fix tries to address the issue raised in 28581 and 28927 where it is not possible to create a secret from a file (only through STDIN). This fix add a flag `--file` to `docker secret create` so that it is possible to create a secret from a file with: ``` docker secret create --file secret.in secret.name ``` or ``` echo TEST | docker secret create --file - secret.name ``` Related docs has been updated. An integration test has been added to cover the changes. This fix fixes 28581. This fix is related to 28927. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-19 20:41:11 -05:00
"io"
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
Update imports. Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:07:56 -04:00
"github.com/docker/cli/cli"
"github.com/docker/cli/cli/command"
Update cli imports to using local package Also, rename a bunch of variable to not *shadow* the `opts` package name. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-15 08:45:19 -04:00
"github.com/docker/cli/opts"
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
"github.com/docker/docker/api/types/swarm"
replace pkg/system Sequential funcs with moby/sys/sequential Migrating these functions to allow them being shared between moby, docker/cli, and containerd, and to allow using them without importing all of sys / system, which (in containerd) also depends on hcsshim and more. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-27 08:49:24 -04:00
"github.com/moby/sys/sequential"
Replace fmt.Errorf() with errors.Errorf() in the cli Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-03-09 13:23:45 -05:00
"github.com/pkg/errors"
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
"github.com/spf13/cobra"
)
type createOptions struct {
Add --template-driver option for secrets/configs Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-21 13:45:34 -05:00
name string
driver string
templateDriver string
file string
labels opts.ListOpts
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
}
added unit tests for package cli/command/secret Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
2017-04-01 03:07:22 -04:00
func newSecretCreateCommand(dockerCli command.Cli) *cobra.Command {
Update cli imports to using local package Also, rename a bunch of variable to not *shadow* the `opts` package name. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-15 08:45:19 -04:00
options := createOptions{
Fix labels copying value from environment variables This patch fixes a bug where labels use the same behavior as `--env`, resulting in a value to be copied from environment variables with the same name as the label if no value is set (i.e. a simple key, no `=` sign, no value). An earlier pull request addressed similar cases for `docker run`; 2b17f4c8a8caad552025edb05a73db683fb8a5c6, but this did not address the same situation for (e.g.) `docker service create`. Digging in history for this bug, I found that use of the `ValidateEnv` function for labels was added in the original implementation of the labels feature in https://github.com/docker/docker/commit/abb5e9a0777469e64fe2c7ecfa66ea01083d2071#diff-ae476143d40e21ac0918630f7365ed3cR34 However, the design never intended it to expand environment variables, and use of this function was either due to either a "copy/paste" of the equivalent `--env` flags, or a misunderstanding (the name `ValidateEnv` does not communicate that it also expands environment variables), and the existing `ValidateLabel` was designed for _engine_ labels (which required a value to be set). Following the initial implementation, other parts of the code followed the same (incorrect) approach, therefore leading the bug to be introduced in services as well. This patch: - updates the `ValidateLabel` to match the expected validation rules (this function is no longer used since 31dc5c0a9a8bdc11c7ad335aebb753ed527caa5a), and the daemon has its own implementation) - corrects various locations in the code where `ValidateEnv` was used instead of `ValidateLabel`. Before this patch: ```bash export SOME_ENV_VAR=I_AM_SOME_ENV_VAR docker service create --label SOME_ENV_VAR --tty --name test busybox docker service inspect --format '{{json .Spec.Labels}}' test {"SOME_ENV_VAR":"I_AM_SOME_ENV_VAR"} ``` After this patch: ```bash export SOME_ENV_VAR=I_AM_SOME_ENV_VAR docker service create --label SOME_ENV_VAR --tty --name test busybox docker container inspect --format '{{json .Config.Labels}}' test {"SOME_ENV_VAR":""} ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-02-13 10:47:30 -05:00
labels: opts.NewListOpts(opts.ValidateLabel),
support labels for secrets upon creation; review updates Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-11-03 17:01:54 -04:00
}
cmd := &cobra.Command{
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
Use: "create [OPTIONS] SECRET [file|-]",
Add `--file` flag for `docker secret create` command This fix tries to address the issue raised in 28581 and 28927 where it is not possible to create a secret from a file (only through STDIN). This fix add a flag `--file` to `docker secret create` so that it is possible to create a secret from a file with: ``` docker secret create --file secret.in secret.name ``` or ``` echo TEST | docker secret create --file - secret.name ``` Related docs has been updated. An integration test has been added to cover the changes. This fix fixes 28581. This fix is related to 28927. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-19 20:41:11 -05:00
Short: "Create a secret from a file or STDIN as content",
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
Args: cli.RequiresRangeArgs(1, 2),
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
RunE: func(cmd *cobra.Command, args []string) error {
Update cli imports to using local package Also, rename a bunch of variable to not *shadow* the `opts` package name. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-15 08:45:19 -04:00
options.name = args[0]
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
if len(args) == 2 {
options.file = args[1]
}
Plumb contexts through commands This is to prepare for otel support. Signed-off-by: Brian Goff <cpuguy83@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-09 18:27:44 -04:00
return runSecretCreate(cmd.Context(), dockerCli, options)
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
},
}
support labels for secrets upon creation; review updates Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-11-03 17:01:54 -04:00
flags := cmd.Flags()
Update cli imports to using local package Also, rename a bunch of variable to not *shadow* the `opts` package name. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-05-15 08:45:19 -04:00
flags.VarP(&options.labels, "label", "l", "Secret labels")
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
flags.StringVarP(&options.driver, "driver", "d", "", "Secret driver")
flags.SetAnnotation("driver", "version", []string{"1.31"})
Add --template-driver option for secrets/configs Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-21 13:45:34 -05:00
flags.StringVar(&options.templateDriver, "template-driver", "", "Template driver")
Fix annotation on docker secret create --template-driver Signed-off-by: Sune Keller <absukl@almbrand.dk>
2019-03-28 11:18:50 -04:00
flags.SetAnnotation("template-driver", "version", []string{"1.37"})
support labels for secrets upon creation; review updates Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-11-03 17:01:54 -04:00
return cmd
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
}
Plumb contexts through commands This is to prepare for otel support. Signed-off-by: Brian Goff <cpuguy83@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-09 18:27:44 -04:00
func runSecretCreate(ctx context.Context, dockerCli command.Cli, options createOptions) error {
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
client := dockerCli.Client()
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
if options.driver != "" && options.file != "" {
return errors.Errorf("When using secret driver secret data must be empty")
Add `--file` flag for `docker secret create` command This fix tries to address the issue raised in 28581 and 28927 where it is not possible to create a secret from a file (only through STDIN). This fix add a flag `--file` to `docker secret create` so that it is possible to create a secret from a file with: ``` docker secret create --file secret.in secret.name ``` or ``` echo TEST | docker secret create --file - secret.name ``` Related docs has been updated. An integration test has been added to cover the changes. This fix fixes 28581. This fix is related to 28927. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
2016-11-19 20:41:11 -05:00
}
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
secretData, err := readSecretData(dockerCli.In(), options.file)
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
if err != nil {
Replace fmt.Errorf() with errors.Errorf() in the cli Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-03-09 13:23:45 -05:00
return errors.Errorf("Error reading content from %q: %v", options.file, err)
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
}
spec := swarm.SecretSpec{
Annotations: swarm.Annotations{
support labels for secrets upon creation; review updates Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-11-03 17:01:54 -04:00
Name: options.name,
Update vendoring of docker/docker Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2017-06-05 18:23:21 -04:00
Labels: opts.ConvertKVStringsToMap(options.labels.GetAll()),
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
},
Data: secretData,
}
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
if options.driver != "" {
spec.Driver = &swarm.Driver{
Name: options.driver,
}
}
Add --template-driver option for secrets/configs Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2018-02-21 13:45:34 -05:00
if options.templateDriver != "" {
spec.Templating = &swarm.Driver{
Name: options.templateDriver,
}
}
secrets: secret management for swarm Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: use tmpfs for swarm secrets Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> wip: inject secrets from swarm secret store Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: use secret names in cli for service create Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> switch to use mounts instead of volumes Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> vendor: use ehazlett swarmkit Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> secrets: finish secret update Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
2016-10-19 12:22:02 -04:00
r, err := client.SecretCreate(ctx, spec)
if err != nil {
return err
}
fmt.Fprintln(dockerCli.Out(), r.ID)
return nil
}
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
func readSecretData(in io.ReadCloser, file string) ([]byte, error) {
// Read secret value from external driver
if file == "" {
return nil, nil
}
if file != "-" {
var err error
replace pkg/system Sequential funcs with moby/sys/sequential Migrating these functions to allow them being shared between moby, docker/cli, and containerd, and to allow using them without importing all of sys / system, which (in containerd) also depends on hcsshim and more. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-27 08:49:24 -04:00
in, err = sequential.Open(file)
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
if err != nil {
return nil, err
}
defer in.Close()
}
cli/command/secret: remove deprecated io/ioutil Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-25 08:30:27 -05:00
data, err := io.ReadAll(in)
Plugable secret backend This commit extends SwarmKit secret management with pluggable secret backends support. Following previous commits: 1. docker/swarmkit@eebac27434d34708fac993f9f5181d106c5c2fae 2. docker/docker@08f7cf05268782a0dd8e4c41a4cc65fdf78d09f2 Added driver parameter to `docker secret` command. Specifically: 1. `docker secret create [secret_name] --driver [driver_name]` 2. Displaying the driver in ``` $ docker secret ls $ docker secret inspect [secret_name] $ docker secret inspect [secret_name] -pretty ``` Signed-off-by: Liron Levin <liron@twistlock.com>
2017-07-30 07:01:39 -04:00
if err != nil {
return nil, err
}
return data, nil
}