Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] respect target option in mount type secret #12287

Closed
mskarbek opened this issue Nov 12, 2021 · 7 comments · Fixed by #12294
Closed

[RFE] respect target option in mount type secret #12287

mskarbek opened this issue Nov 12, 2021 · 7 comments · Fixed by #12294
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@mskarbek
Copy link

mskarbek commented Nov 12, 2021
edited

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Description

podman run -it --secret token,type=env,target=TOKEN ubi8/ubi:latest bash is currently a valid command.
podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash ends with error:

Error: target option is invalid for mounted secrets: error parsing secret

I would like to be able to specify target option in mount type as file name. The above command should produce file /run/secrets/TOKEN in that instance.

Use case:
Multiple containers of the same image, each configured individually with their secrets but with a common internal script/unit file. I have a unit file that always looks in the same place, but each container gets their individual secret.

Edit:
This should also include mount-env (#12284) when/if implemented.
@openshift-ci openshift-ci bot added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 12, 2021
@mskarbek mskarbek changed the title [RFE] respect target optint in mount type secret [RFE] respect target option in mount type secret Nov 12, 2021
@rhatdan
Copy link
Member

rhatdan commented Nov 13, 2021

@ashley-cui PTAL

@rhatdan
Copy link
Member

rhatdan commented Nov 13, 2021

@flouthoc PTAL

@rhatdan
Copy link
Member

rhatdan commented Nov 13, 2021

@mskarbek interested in opening a PR to allow this?

@mskarbek
Copy link
Author

@rhatdan is there a documentation describing code structure, or maybe recording of a codding session that shows of code structure during implementation of some feature? I have written little to no Go code, but I'll gladly learn something new.

@flouthoc flouthoc mentioned this issue Nov 15, 2021
Merged
@flouthoc
Copy link
Collaborator

@mskarbek I think this is a good RFE and needs a small patch. @rhatdan @ashley-cui PTAL

@mskarbek
Copy link
Author

mskarbek commented Nov 21, 2021
edited

Can this be backported to 3.4.2-rhel branch/included in 3.4 release in RHEL?

@mheon
Copy link
Member

mheon commented Nov 21, 2021

I recommend you open a BZ if you want a backport.

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

secret: honor custom target= for secrets with type=mount for ctr. flouthoc/podman
4 participants
@mskarbek @rhatdan @mheon @flouthoc