forked from moby/swarmkit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secrets.go
122 lines (109 loc) · 3.1 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package store
import (
"strings"
"github.com/docker/swarmkit/api"
memdb "github.com/hashicorp/go-memdb"
)
const tableSecret = "secret"
func init() {
register(ObjectStoreConfig{
Table: &memdb.TableSchema{
Name: tableSecret,
Indexes: map[string]*memdb.IndexSchema{
indexID: {
Name: indexID,
Unique: true,
Indexer: api.SecretIndexerByID{},
},
indexName: {
Name: indexName,
Unique: true,
Indexer: api.SecretIndexerByName{},
},
indexCustom: {
Name: indexCustom,
Indexer: api.SecretCustomIndexer{},
AllowMissing: true,
},
},
},
Save: func(tx ReadTx, snapshot *api.StoreSnapshot) error {
var err error
snapshot.Secrets, err = FindSecrets(tx, All)
return err
},
Restore: func(tx Tx, snapshot *api.StoreSnapshot) error {
toStoreObj := make([]api.StoreObject, len(snapshot.Secrets))
for i, x := range snapshot.Secrets {
toStoreObj[i] = x
}
return RestoreTable(tx, tableSecret, toStoreObj)
},
ApplyStoreAction: func(tx Tx, sa api.StoreAction) error {
switch v := sa.Target.(type) {
case *api.StoreAction_Secret:
obj := v.Secret
switch sa.Action {
case api.StoreActionKindCreate:
return CreateSecret(tx, obj)
case api.StoreActionKindUpdate:
return UpdateSecret(tx, obj)
case api.StoreActionKindRemove:
return DeleteSecret(tx, obj.ID)
}
}
return errUnknownStoreAction
},
})
}
// CreateSecret adds a new secret to the store.
// Returns ErrExist if the ID is already taken.
func CreateSecret(tx Tx, s *api.Secret) error {
// Ensure the name is not already in use.
if tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)) != nil {
return ErrNameConflict
}
return tx.create(tableSecret, s)
}
// UpdateSecret updates an existing secret in the store.
// Returns ErrNotExist if the secret doesn't exist.
func UpdateSecret(tx Tx, s *api.Secret) error {
// Ensure the name is either not in use or already used by this same Secret.
if existing := tx.lookup(tableSecret, indexName, strings.ToLower(s.Spec.Annotations.Name)); existing != nil {
if existing.GetID() != s.ID {
return ErrNameConflict
}
}
return tx.update(tableSecret, s)
}
// DeleteSecret removes a secret from the store.
// Returns ErrNotExist if the secret doesn't exist.
func DeleteSecret(tx Tx, id string) error {
return tx.delete(tableSecret, id)
}
// GetSecret looks up a secret by ID.
// Returns nil if the secret doesn't exist.
func GetSecret(tx ReadTx, id string) *api.Secret {
n := tx.get(tableSecret, id)
if n == nil {
return nil
}
return n.(*api.Secret)
}
// FindSecrets selects a set of secrets and returns them.
func FindSecrets(tx ReadTx, by By) ([]*api.Secret, error) {
checkType := func(by By) error {
switch by.(type) {
case byName, byNamePrefix, byIDPrefix, byCustom, byCustomPrefix:
return nil
default:
return ErrInvalidFindBy
}
}
secretList := []*api.Secret{}
appendResult := func(o api.StoreObject) {
secretList = append(secretList, o.(*api.Secret))
}
err := tx.find(tableSecret, by, checkType, appendResult)
return secretList, err
}