Secret create - add ignore option to allow noop

Signed-off-by: Ygal Blum <ygal.blum@gmail.com>

vendor/github.com/containers/common/pkg/cgroups/memory_linux.go

@@ -3,9 +3,7 @@
 package cgroups
 
 import (
-	"fmt"
 	"path/filepath"
-	"strconv"
 
 	"github.com/opencontainers/cgroups"
 	"github.com/opencontainers/cgroups/fs"
@@ -57,31 +55,44 @@ func (c *linuxMemHandler) Stat(ctr *CgroupControl, m *cgroups.Stats) error {
 	if ctr.cgroup2 {
 		memoryRoot = filepath.Join(cgroupRoot, ctr.config.Path)
 		limitFilename = "memory.max"
-		if memUsage.Usage.Usage, err = readFileByKeyAsUint64(filepath.Join(memoryRoot, "memory.stat"), "anon"); err != nil {
+
+		// Read memory.current
+		current, err := readFileAsUint64(filepath.Join(memoryRoot, "memory.current"))
+		if err != nil {
 			return err
 		}
+
+		// Read inactive_file from memory.stat
+		inactiveFile, err := readFileByKeyAsUint64(filepath.Join(memoryRoot, "memory.stat"), "inactive_file")
+		if err != nil {
+			return err
+		}
+
+		// Docker calculation: memory.current - memory.stat['inactive_file']
+		memUsage.Usage.Usage = 0
+		if inactiveFile < current {
+			memUsage.Usage.Usage = current - inactiveFile
+		}
 	} else {
 		memoryRoot = ctr.getCgroupv1Path(Memory)
 		limitFilename = "memory.limit_in_bytes"
 
-		path := filepath.Join(memoryRoot, "memory.stat")
-		values, err := readCgroupMapPath(path)
+		// Read memory.usage_in_bytes
+		usageInBytes, err := readFileAsUint64(filepath.Join(memoryRoot, "memory.usage_in_bytes"))
 		if err != nil {
 			return err
 		}
 
-		// cgroup v1 does not have a single "anon" field, but we can calculate it
-		// from total_active_anon and total_inactive_anon
+		// Read total_inactive_file from memory.stat
+		totalInactiveFile, err := readFileByKeyAsUint64(filepath.Join(memoryRoot, "memory.stat"), "total_inactive_file")
+		if err != nil {
+			return err
+		}
+
+		// Docker calculation: memory.usage_in_bytes - memory.stat['total_inactive_file']
 		memUsage.Usage.Usage = 0
-		for _, key := range []string{"total_active_anon", "total_inactive_anon"} {
-			if _, found := values[key]; !found {
-				continue
-			}
-			res, err := strconv.ParseUint(values[key][0], 10, 64)
-			if err != nil {
-				return fmt.Errorf("parse %s from %s: %w", key, path, err)
-			}
-			memUsage.Usage.Usage += res
+		if totalInactiveFile < usageInBytes {
+			memUsage.Usage.Usage = usageInBytes - totalInactiveFile
 		}
 	}
 

vendor/github.com/containers/common/pkg/secrets/secrets.go

@@ -48,6 +48,9 @@ var errAmbiguous = errors.New("secret is ambiguous")
 // errDataSize indicates that the secret data is too large or too small
 var errDataSize = errors.New("secret data must be larger than 0 and less than 512000 bytes")
 
+// errIgnoreIfExistsAndReplace indicates that ignoreIfExists and replace cannot be used together.
+var errIgnoreIfExistsAndReplace = errors.New("ignoreIfExists and replace cannot be used together")
+
 // secretsFile is the name of the file that the secrets database will be stored in
 var secretsFile = "secrets.json"
 
@@ -114,6 +117,8 @@ type StoreOptions struct {
 	Labels map[string]string
 	// Replace existing secret
 	Replace bool
+	// Ignore if already exists
+	IgnoreIfExists bool
 }
 
 // NewManager creates a new secrets manager
@@ -169,6 +174,11 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 	if len(data) == 0 || len(data) >= maxSecretSize {
 		return "", errDataSize
 	}
+
+	if options.IgnoreIfExists && options.Replace {
+		return "", errIgnoreIfExistsAndReplace
+	}
+
 	var secr *Secret
 	s.lockfile.Lock()
 	defer s.lockfile.Unlock()
@@ -179,13 +189,16 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, opti
 	}
 
 	if exist {
-		if !options.Replace {
+		if !options.Replace && !options.IgnoreIfExists {
 			return "", fmt.Errorf("%s: %w", name, errSecretNameInUse)
 		}
 		secr, err = s.lookupSecret(name)
 		if err != nil {
 			return "", err
 		}
+		if options.IgnoreIfExists {
+			return secr.ID, nil
+		}
 		secr.UpdatedAt = time.Now()
 	} else {
 		secr = new(Secret)