opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-02 01:09:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10221 from ashley-cui/envsec

Browse Source 
Add support for environment variable secrets
This commit is contained in:
OpenShift Merge Robot
2021-05-07 05:34:26 -04:00
committed by GitHub
parent 41ac68d197 2634cb234f
commit 141ba94f97
13 changed files with 293 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libpod/container_internal_linux.go
View File

@ -29,6 +29,7 @@ import (
"github.com/containers/common/pkg/apparmor"
"github.com/containers/common/pkg/chown"
"github.com/containers/common/pkg/config"
"github.com/containers/common/pkg/secrets"
"github.com/containers/common/pkg/subscriptions"
"github.com/containers/common/pkg/umask"
"github.com/containers/podman/v3/libpod/define"
@ -757,6 +758,19 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, g.Config); err != nil {
return nil, errors.Wrapf(err, "error setting up OCI Hooks")
}
if len(c.config.EnvSecrets) > 0 {
manager, err := secrets.NewManager(c.runtime.GetSecretsStorageDir())
if err != nil {
return nil, err
}
for name, secr := range c.config.EnvSecrets {
_, data, err := manager.LookupSecretData(secr.Name)
if err != nil {
return nil, err
}
g.AddProcessEnv(name, string(data))
}
}
return g.Config, nil
}