Follow up changes on secrets patch
Deleted mounts.conf file and moved the secrets mount paths to a list (default-mounts) in crio.conf Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
parent
5b41729b6c
commit
d1aea31786
8 changed files with 35 additions and 72 deletions
|
@ -385,22 +385,15 @@ func ensureSaneLogPath(logPath string) error {
|
|||
}
|
||||
|
||||
// addSecretsBindMounts mounts user defined secrets to the container
|
||||
func addSecretsBindMounts(mountLabel, ctrRunDir, configDefaultMountsPath string, specgen generate.Generator) error {
|
||||
mountPaths := []string{libkpod.OverrideMountsFile, libkpod.DefaultMountsFile}
|
||||
// configDefaultMountsPath is used to override the mount file path for testing purposes only when set in the runtime config
|
||||
if configDefaultMountsPath != "" {
|
||||
mountPaths = []string{configDefaultMountsPath}
|
||||
func addSecretsBindMounts(mountLabel, ctrRunDir string, defaultMounts []string, specgen generate.Generator) error {
|
||||
containerMounts := specgen.Spec().Mounts
|
||||
mounts, err := secretMounts(defaultMounts, mountLabel, ctrRunDir, containerMounts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, path := range mountPaths {
|
||||
containerMounts := specgen.Spec().Mounts
|
||||
mounts, err := secretMounts(mountLabel, path, ctrRunDir, containerMounts)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, m := range mounts {
|
||||
specgen.AddBindMount(m.Source, m.Destination, nil)
|
||||
for _, m := range mounts {
|
||||
specgen.AddBindMount(m.Source, m.Destination, nil)
|
||||
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -932,8 +925,10 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMountsPath, specgen); err != nil {
|
||||
return nil, fmt.Errorf("failed to mount secrets: %v", err)
|
||||
if len(s.config.DefaultMounts) > 0 {
|
||||
if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMounts, specgen); err != nil {
|
||||
return nil, fmt.Errorf("failed to mount secrets: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
mountPoint, err := s.StorageRuntimeServer().StartContainer(containerID)
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
|
@ -29,25 +28,6 @@ func (s SecretData) SaveTo(dir string) error {
|
|||
return ioutil.WriteFile(path, s.Data, 0700)
|
||||
}
|
||||
|
||||
// readMountFile returns a list of the host:container paths
|
||||
func readMountFile(mountFilePath string) ([]string, error) {
|
||||
var mountPaths []string
|
||||
file, err := os.Open(mountFilePath)
|
||||
if err != nil {
|
||||
logrus.Warnf("file doesn't exist %q", mountFilePath)
|
||||
return nil, nil
|
||||
}
|
||||
defer file.Close()
|
||||
|
||||
scanner := bufio.NewScanner(file)
|
||||
scanner.Split(bufio.ScanLines)
|
||||
for scanner.Scan() {
|
||||
mountPaths = append(mountPaths, scanner.Text())
|
||||
}
|
||||
|
||||
return mountPaths, nil
|
||||
}
|
||||
|
||||
func readAll(root, prefix string) ([]SecretData, error) {
|
||||
path := filepath.Join(root, prefix)
|
||||
|
||||
|
@ -120,13 +100,9 @@ func getHostSecretData(hostDir string) ([]SecretData, error) {
|
|||
|
||||
// secretMount copies the contents of host directory to container directory
|
||||
// and returns a list of mounts
|
||||
func secretMounts(mountLabel, mountFilePath, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
|
||||
func secretMounts(defaultMountsPaths []string, mountLabel, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
|
||||
var mounts []rspec.Mount
|
||||
mountPaths, err := readMountFile(mountFilePath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, path := range mountPaths {
|
||||
for _, path := range defaultMountsPaths {
|
||||
hostDir, ctrDir, err := getMountsMap(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue