github.com/moby/docker@v26.1.3+incompatible/daemon/cluster/secrets.go (about) 1 package cluster // import "github.com/docker/docker/daemon/cluster" 2 3 import ( 4 "context" 5 6 apitypes "github.com/docker/docker/api/types" 7 types "github.com/docker/docker/api/types/swarm" 8 "github.com/docker/docker/daemon/cluster/convert" 9 swarmapi "github.com/moby/swarmkit/v2/api" 10 "google.golang.org/grpc" 11 ) 12 13 // GetSecret returns a secret from a managed swarm cluster 14 func (c *Cluster) GetSecret(input string) (types.Secret, error) { 15 var secret *swarmapi.Secret 16 17 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 18 s, err := getSecret(ctx, state.controlClient, input) 19 if err != nil { 20 return err 21 } 22 secret = s 23 return nil 24 }); err != nil { 25 return types.Secret{}, err 26 } 27 return convert.SecretFromGRPC(secret), nil 28 } 29 30 // GetSecrets returns all secrets of a managed swarm cluster. 31 func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret, error) { 32 c.mu.RLock() 33 defer c.mu.RUnlock() 34 35 state := c.currentNodeState() 36 if !state.IsActiveManager() { 37 return nil, c.errNoManager(state) 38 } 39 40 filters, err := newListSecretsFilters(options.Filters) 41 if err != nil { 42 return nil, err 43 } 44 45 ctx := context.TODO() 46 ctx, cancel := c.getRequestContext(ctx) 47 defer cancel() 48 49 r, err := state.controlClient.ListSecrets(ctx, 50 &swarmapi.ListSecretsRequest{Filters: filters}, 51 grpc.MaxCallRecvMsgSize(defaultRecvSizeForListResponse), 52 ) 53 if err != nil { 54 return nil, err 55 } 56 57 secrets := make([]types.Secret, 0, len(r.Secrets)) 58 59 for _, secret := range r.Secrets { 60 secrets = append(secrets, convert.SecretFromGRPC(secret)) 61 } 62 63 return secrets, nil 64 } 65 66 // CreateSecret creates a new secret in a managed swarm cluster. 67 func (c *Cluster) CreateSecret(s types.SecretSpec) (string, error) { 68 var resp *swarmapi.CreateSecretResponse 69 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 70 secretSpec := convert.SecretSpecToGRPC(s) 71 72 r, err := state.controlClient.CreateSecret(ctx, 73 &swarmapi.CreateSecretRequest{Spec: &secretSpec}) 74 if err != nil { 75 return err 76 } 77 resp = r 78 return nil 79 }); err != nil { 80 return "", err 81 } 82 return resp.Secret.ID, nil 83 } 84 85 // RemoveSecret removes a secret from a managed swarm cluster. 86 func (c *Cluster) RemoveSecret(input string) error { 87 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 88 secret, err := getSecret(ctx, state.controlClient, input) 89 if err != nil { 90 return err 91 } 92 93 req := &swarmapi.RemoveSecretRequest{ 94 SecretID: secret.ID, 95 } 96 97 _, err = state.controlClient.RemoveSecret(ctx, req) 98 return err 99 }) 100 } 101 102 // UpdateSecret updates a secret in a managed swarm cluster. 103 // Note: this is not exposed to the CLI but is available from the API only 104 func (c *Cluster) UpdateSecret(input string, version uint64, spec types.SecretSpec) error { 105 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 106 secret, err := getSecret(ctx, state.controlClient, input) 107 if err != nil { 108 return err 109 } 110 111 secretSpec := convert.SecretSpecToGRPC(spec) 112 113 _, err = state.controlClient.UpdateSecret(ctx, 114 &swarmapi.UpdateSecretRequest{ 115 SecretID: secret.ID, 116 SecretVersion: &swarmapi.Version{ 117 Index: version, 118 }, 119 Spec: &secretSpec, 120 }) 121 return err 122 }) 123 }