1package cluster 2 3import ( 4 apitypes "github.com/docker/docker/api/types" 5 types "github.com/docker/docker/api/types/swarm" 6 "github.com/docker/docker/daemon/cluster/convert" 7 swarmapi "github.com/docker/swarmkit/api" 8 "golang.org/x/net/context" 9) 10 11// GetSecret returns a secret from a managed swarm cluster 12func (c *Cluster) GetSecret(input string) (types.Secret, error) { 13 var secret *swarmapi.Secret 14 15 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 16 s, err := getSecret(ctx, state.controlClient, input) 17 if err != nil { 18 return err 19 } 20 secret = s 21 return nil 22 }); err != nil { 23 return types.Secret{}, err 24 } 25 return convert.SecretFromGRPC(secret), nil 26} 27 28// GetSecrets returns all secrets of a managed swarm cluster. 29func (c *Cluster) GetSecrets(options apitypes.SecretListOptions) ([]types.Secret, error) { 30 c.mu.RLock() 31 defer c.mu.RUnlock() 32 33 state := c.currentNodeState() 34 if !state.IsActiveManager() { 35 return nil, c.errNoManager(state) 36 } 37 38 filters, err := newListSecretsFilters(options.Filters) 39 if err != nil { 40 return nil, err 41 } 42 ctx, cancel := c.getRequestContext() 43 defer cancel() 44 45 r, err := state.controlClient.ListSecrets(ctx, 46 &swarmapi.ListSecretsRequest{Filters: filters}) 47 if err != nil { 48 return nil, err 49 } 50 51 secrets := make([]types.Secret, 0, len(r.Secrets)) 52 53 for _, secret := range r.Secrets { 54 secrets = append(secrets, convert.SecretFromGRPC(secret)) 55 } 56 57 return secrets, nil 58} 59 60// CreateSecret creates a new secret in a managed swarm cluster. 61func (c *Cluster) CreateSecret(s types.SecretSpec) (string, error) { 62 var resp *swarmapi.CreateSecretResponse 63 if err := c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 64 secretSpec := convert.SecretSpecToGRPC(s) 65 66 r, err := state.controlClient.CreateSecret(ctx, 67 &swarmapi.CreateSecretRequest{Spec: &secretSpec}) 68 if err != nil { 69 return err 70 } 71 resp = r 72 return nil 73 }); err != nil { 74 return "", err 75 } 76 return resp.Secret.ID, nil 77} 78 79// RemoveSecret removes a secret from a managed swarm cluster. 80func (c *Cluster) RemoveSecret(input string) error { 81 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 82 secret, err := getSecret(ctx, state.controlClient, input) 83 if err != nil { 84 return err 85 } 86 87 req := &swarmapi.RemoveSecretRequest{ 88 SecretID: secret.ID, 89 } 90 91 _, err = state.controlClient.RemoveSecret(ctx, req) 92 return err 93 }) 94} 95 96// UpdateSecret updates a secret in a managed swarm cluster. 97// Note: this is not exposed to the CLI but is available from the API only 98func (c *Cluster) UpdateSecret(input string, version uint64, spec types.SecretSpec) error { 99 return c.lockedManagerAction(func(ctx context.Context, state nodeState) error { 100 secret, err := getSecret(ctx, state.controlClient, input) 101 if err != nil { 102 return err 103 } 104 105 secretSpec := convert.SecretSpecToGRPC(spec) 106 107 _, err = state.controlClient.UpdateSecret(ctx, 108 &swarmapi.UpdateSecretRequest{ 109 SecretID: secret.ID, 110 SecretVersion: &swarmapi.Version{ 111 Index: version, 112 }, 113 Spec: &secretSpec, 114 }) 115 return err 116 }) 117} 118