diff options
| author | Brian Goff <cpuguy83@gmail.com> | 2018-01-17 10:49:58 -0500 |
|---|---|---|
| committer | Brian Goff <cpuguy83@gmail.com> | 2018-02-16 11:25:14 -0500 |
| commit | c02171802b788fb2d4d48bebcee2a57c8eabeeaa (patch) | |
| tree | 2b69ab319520c703af208aff39f6cc4c2b8518d3 /container/container_windows.go | |
| parent | 8e8f5f4457d8e1b02031576dbc18c903be4bcfb6 (diff) | |
| download | docker-c02171802b788fb2d4d48bebcee2a57c8eabeeaa.tar.gz | |
Merge configs/secrets in unix implementation
On unix, merge secrets/configs handling. This is important because
configs can contain secrets (via templating) and potentially a config
could just simply have secret information "by accident" from the user.
This just make sure that configs are as secure as secrets and de-dups a
lot of code.
Generally this makes everything simpler and configs more secure.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Diffstat (limited to 'container/container_windows.go')
| -rw-r--r-- | container/container_windows.go | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/container/container_windows.go b/container/container_windows.go index 44b646a1ad..b5bdb5bc34 100644 --- a/container/container_windows.go +++ b/container/container_windows.go @@ -7,6 +7,7 @@ import ( "github.com/docker/docker/api/types" containertypes "github.com/docker/docker/api/types/container" + swarmtypes "github.com/docker/docker/api/types/swarm" "github.com/docker/docker/pkg/system" ) @@ -102,23 +103,20 @@ func (container *Container) CreateConfigSymlinks() error { } // ConfigMounts returns the mount for configs. -// All configs are stored in a single mount on Windows. Target symlinks are -// created for each config, pointing to the files in this mount. -func (container *Container) ConfigMounts() ([]Mount, error) { +// TODO: Right now Windows doesn't really have a "secure" storage for secrets, +// however some configs may contain secrets. Once secure storage is worked out, +// configs and secret handling should be merged. +func (container *Container) ConfigMounts() []Mount { var mounts []Mount if len(container.ConfigReferences) > 0 { - src, err := container.ConfigsDirPath() - if err != nil { - return nil, err - } mounts = append(mounts, Mount{ - Source: src, + Source: container.ConfigsDirPath(), Destination: containerInternalConfigsDirPath, Writable: false, }) } - return mounts, nil + return mounts } // DetachAndUnmount unmounts all volumes. @@ -204,3 +202,12 @@ func (container *Container) GetMountPoints() []types.MountPoint { } return mountPoints } + +func (container *Container) ConfigsDirPath() string { + return filepath.Join(container.Root, "configs") +} + +// ConfigFilePath returns the path to the on-disk location of a config. +func (container *Container) ConfigFilePath(configRef swarmtypes.ConfigReference) string { + return filepath.Join(container.ConfigsDirPath(), configRef.ConfigID) +} |