github.com/jwhonce/docker@v0.6.7-0.20190327063223-da823cf3a5a3/daemon/cluster/secrets.go (about) 1 package cluster // import "github.com/docker/docker/daemon/cluster" 2 3 import ( 4 "context" 5 6 apitypes "github.com/docker/docker/api/types" 7 types "github.com/docker/docker/api/types/swarm" 8 "github.com/docker/docker/daemon/cluster/convert" 9 swarmapi "github.com/docker/swarmkit/api" 10 ) 11 12 // GetSecret returns a secret from a managed swarm cluster 13 func (c *Cluster) GetSecret(input string) (types.Secret, error) { 14 var secret *swarmapi.Secret 15 16 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 17 s, err := getSecret(ctx, state.controlClient, input) 18 if err != nil { 19 return err 20 } 21 secret = s 22 return nil 23 }); err != nil { 24 return types.Secret{}, err 25 } 26 return convert.SecretFromGRPC(secret), nil 27 } 28 29 // GetSecrets returns all secrets of a managed swarm cluster. 30 func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret, error) { 31 c.mu.RLock() 32 defer c.mu.RUnlock() 33 34 state := c.currentNodeState() 35 if !state.IsActiveManager() { 36 return nil, c.errNoManager(state) 37 } 38 39 filters, err := newListSecretsFilters(options.Filters) 40 if err != nil { 41 return nil, err 42 } 43 ctx, cancel := c.getRequestContext() 44 defer cancel() 45 46 r, err := state.controlClient.ListSecrets(ctx, 47 &swarmapi.ListSecretsRequest{Filters: filters}) 48 if err != nil { 49 return nil, err 50 } 51 52 secrets := make([]types.Secret, 0, len(r.Secrets)) 53 54 for _, secret := range r.Secrets { 55 secrets = append(secrets, convert.SecretFromGRPC(secret)) 56 } 57 58 return secrets, nil 59 } 60 61 // CreateSecret creates a new secret in a managed swarm cluster. 62 func (c *Cluster) CreateSecret(s types.SecretSpec) (string, error) { 63 var resp *swarmapi.CreateSecretResponse 64 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 65 secretSpec := convert.SecretSpecToGRPC(s) 66 67 r, err := state.controlClient.CreateSecret(ctx, 68 &swarmapi.CreateSecretRequest{Spec: &secretSpec}) 69 if err != nil { 70 return err 71 } 72 resp = r 73 return nil 74 }); err != nil { 75 return "", err 76 } 77 return resp.Secret.ID, nil 78 } 79 80 // RemoveSecret removes a secret from a managed swarm cluster. 81 func (c *Cluster) RemoveSecret(input string) error { 82 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 83 secret, err := getSecret(ctx, state.controlClient, input) 84 if err != nil { 85 return err 86 } 87 88 req := &swarmapi.RemoveSecretRequest{ 89 SecretID: secret.ID, 90 } 91 92 _, err = state.controlClient.RemoveSecret(ctx, req) 93 return err 94 }) 95 } 96 97 // UpdateSecret updates a secret in a managed swarm cluster. 98 // Note: this is not exposed to the CLI but is available from the API only 99 func (c *Cluster) UpdateSecret(input string, version uint64, spec types.SecretSpec) error { 100 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 101 secret, err := getSecret(ctx, state.controlClient, input) 102 if err != nil { 103 return err 104 } 105 106 secretSpec := convert.SecretSpecToGRPC(spec) 107 108 _, err = state.controlClient.UpdateSecret(ctx, 109 &swarmapi.UpdateSecretRequest{ 110 SecretID: secret.ID, 111 SecretVersion: &swarmapi.Version{ 112 Index: version, 113 }, 114 Spec: &secretSpec, 115 }) 116 return err 117 }) 118 }