Follow up changes on secrets patch

Deleted mounts.conf file and moved the secrets mount paths
to a list (default-mounts) in crio.conf

Signed-off-by: umohnani8 <umohnani@redhat.com>
This commit is contained in:
umohnani8 2017-10-12 14:14:42 -04:00
parent 5b41729b6c
commit d1aea31786
8 changed files with 35 additions and 72 deletions

View file

@ -385,22 +385,15 @@ func ensureSaneLogPath(logPath string) error {
}
// addSecretsBindMounts mounts user defined secrets to the container
func addSecretsBindMounts(mountLabel, ctrRunDir, configDefaultMountsPath string, specgen generate.Generator) error {
mountPaths := []string{libkpod.OverrideMountsFile, libkpod.DefaultMountsFile}
// configDefaultMountsPath is used to override the mount file path for testing purposes only when set in the runtime config
if configDefaultMountsPath != "" {
mountPaths = []string{configDefaultMountsPath}
func addSecretsBindMounts(mountLabel, ctrRunDir string, defaultMounts []string, specgen generate.Generator) error {
containerMounts := specgen.Spec().Mounts
mounts, err := secretMounts(defaultMounts, mountLabel, ctrRunDir, containerMounts)
if err != nil {
return err
}
for _, path := range mountPaths {
containerMounts := specgen.Spec().Mounts
mounts, err := secretMounts(mountLabel, path, ctrRunDir, containerMounts)
if err != nil {
return err
}
for _, m := range mounts {
specgen.AddBindMount(m.Source, m.Destination, nil)
for _, m := range mounts {
specgen.AddBindMount(m.Source, m.Destination, nil)
}
}
return nil
}
@ -932,8 +925,10 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
return nil, err
}
if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMountsPath, specgen); err != nil {
return nil, fmt.Errorf("failed to mount secrets: %v", err)
if len(s.config.DefaultMounts) > 0 {
if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMounts, specgen); err != nil {
return nil, fmt.Errorf("failed to mount secrets: %v", err)
}
}
mountPoint, err := s.StorageRuntimeServer().StartContainer(containerID)

View file

@ -1,7 +1,6 @@
package server
import (
"bufio"
"fmt"
"io/ioutil"
"os"
@ -29,25 +28,6 @@ func (s SecretData) SaveTo(dir string) error {
return ioutil.WriteFile(path, s.Data, 0700)
}
// readMountFile returns a list of the host:container paths
func readMountFile(mountFilePath string) ([]string, error) {
var mountPaths []string
file, err := os.Open(mountFilePath)
if err != nil {
logrus.Warnf("file doesn't exist %q", mountFilePath)
return nil, nil
}
defer file.Close()
scanner := bufio.NewScanner(file)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
mountPaths = append(mountPaths, scanner.Text())
}
return mountPaths, nil
}
func readAll(root, prefix string) ([]SecretData, error) {
path := filepath.Join(root, prefix)
@ -120,13 +100,9 @@ func getHostSecretData(hostDir string) ([]SecretData, error) {
// secretMount copies the contents of host directory to container directory
// and returns a list of mounts
func secretMounts(mountLabel, mountFilePath, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
func secretMounts(defaultMountsPaths []string, mountLabel, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
var mounts []rspec.Mount
mountPaths, err := readMountFile(mountFilePath)
if err != nil {
return nil, err
}
for _, path := range mountPaths {
for _, path := range defaultMountsPaths {
hostDir, ctrDir, err := getMountsMap(path)
if err != nil {
return nil, err