Follow up changes on secrets patch

Deleted mounts.conf file and moved the secrets mount paths to a list (default-mounts) in crio.conf Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-12 14:14:42 -04:00 · 2017-10-12 14:14:42 -04:00 · d1aea31786
commit d1aea31786
parent 5b41729b6c
8 changed files with 35 additions and 72 deletions
--- a/server/container_create.go
+++ b/server/container_create.go
@ -385,22 +385,15 @@ func ensureSaneLogPath(logPath string) error {
 }

 // addSecretsBindMounts mounts user defined secrets to the container
-func addSecretsBindMounts(mountLabel, ctrRunDir, configDefaultMountsPath string, specgen generate.Generator) error {
-	mountPaths := []string{libkpod.OverrideMountsFile, libkpod.DefaultMountsFile}
-	// configDefaultMountsPath is used to override the mount file path for testing purposes only when set in the runtime config
-	if configDefaultMountsPath != "" {
-		mountPaths = []string{configDefaultMountsPath}
+func addSecretsBindMounts(mountLabel, ctrRunDir string, defaultMounts []string, specgen generate.Generator) error {
+	containerMounts := specgen.Spec().Mounts
+	mounts, err := secretMounts(defaultMounts, mountLabel, ctrRunDir, containerMounts)
+	if err != nil {
+		return err
 	}
-	for _, path := range mountPaths {
-		containerMounts := specgen.Spec().Mounts
-		mounts, err := secretMounts(mountLabel, path, ctrRunDir, containerMounts)
-		if err != nil {
-			return err
-		}
-		for _, m := range mounts {
-			specgen.AddBindMount(m.Source, m.Destination, nil)
+	for _, m := range mounts {
+		specgen.AddBindMount(m.Source, m.Destination, nil)

-		}
 	}
 	return nil
 }
@ -932,8 +925,10 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		return nil, err
 	}

-	if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMountsPath, specgen); err != nil {
-		return nil, fmt.Errorf("failed to mount secrets: %v", err)
+	if len(s.config.DefaultMounts) > 0 {
+		if err = addSecretsBindMounts(mountLabel, containerInfo.RunDir, s.config.DefaultMounts, specgen); err != nil {
+			return nil, fmt.Errorf("failed to mount secrets: %v", err)
+		}
 	}

 	mountPoint, err := s.StorageRuntimeServer().StartContainer(containerID)
--- a/server/secrets.go
+++ b/server/secrets.go
@ -1,7 +1,6 @@
 package server

 import (
-	"bufio"
 	"fmt"
 	"io/ioutil"
 	"os"
@ -29,25 +28,6 @@ func (s SecretData) SaveTo(dir string) error {
 	return ioutil.WriteFile(path, s.Data, 0700)
 }

-// readMountFile returns a list of the host:container paths
-func readMountFile(mountFilePath string) ([]string, error) {
-	var mountPaths []string
-	file, err := os.Open(mountFilePath)
-	if err != nil {
-		logrus.Warnf("file doesn't exist %q", mountFilePath)
-		return nil, nil
-	}
-	defer file.Close()
-
-	scanner := bufio.NewScanner(file)
-	scanner.Split(bufio.ScanLines)
-	for scanner.Scan() {
-		mountPaths = append(mountPaths, scanner.Text())
-	}
-
-	return mountPaths, nil
-}
-
 func readAll(root, prefix string) ([]SecretData, error) {
 	path := filepath.Join(root, prefix)

@ -120,13 +100,9 @@ func getHostSecretData(hostDir string) ([]SecretData, error) {

 // secretMount copies the contents of host directory to container directory
 // and returns a list of mounts
-func secretMounts(mountLabel, mountFilePath, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
+func secretMounts(defaultMountsPaths []string, mountLabel, containerWorkingDir string, runtimeMounts []rspec.Mount) ([]rspec.Mount, error) {
 	var mounts []rspec.Mount
-	mountPaths, err := readMountFile(mountFilePath)
-	if err != nil {
-		return nil, err
-	}
-	for _, path := range mountPaths {
+	for _, path := range defaultMountsPaths {
 		hostDir, ctrDir, err := getMountsMap(path)
 		if err != nil {
 			return nil, err