(p types.Project, s types.ServiceConfig)
| 1131 | } |
| 1132 | |
| 1133 | func buildContainerSecretMounts(p types.Project, s types.ServiceConfig) ([]mount.Mount, error) { |
| 1134 | mounts := map[string]mount.Mount{} |
| 1135 | |
| 1136 | secretsDir := "/run/secrets/" |
| 1137 | for _, secret := range s.Secrets { |
| 1138 | target := secret.Target |
| 1139 | if secret.Target == "" { |
| 1140 | target = secretsDir + secret.Source |
| 1141 | } else if !isAbsTarget(secret.Target) { |
| 1142 | target = secretsDir + secret.Target |
| 1143 | } |
| 1144 | |
| 1145 | definedSecret := p.Secrets[secret.Source] |
| 1146 | if definedSecret.External { |
| 1147 | return nil, fmt.Errorf("unsupported external secret %s", definedSecret.Name) |
| 1148 | } |
| 1149 | |
| 1150 | if definedSecret.Driver != "" { |
| 1151 | return nil, errors.New("Docker Compose does not support secrets.*.driver") //nolint:staticcheck |
| 1152 | } |
| 1153 | if definedSecret.TemplateDriver != "" { |
| 1154 | return nil, errors.New("Docker Compose does not support secrets.*.template_driver") //nolint:staticcheck |
| 1155 | } |
| 1156 | |
| 1157 | if definedSecret.Environment != "" { |
| 1158 | continue |
| 1159 | } |
| 1160 | |
| 1161 | if secret.UID != "" || secret.GID != "" || secret.Mode != nil { |
| 1162 | logrus.Warn("secrets `uid`, `gid` and `mode` are not supported, they will be ignored") |
| 1163 | } |
| 1164 | |
| 1165 | if _, err := os.Stat(definedSecret.File); os.IsNotExist(err) { |
| 1166 | logrus.Warnf("secret file %s does not exist", definedSecret.Name) |
| 1167 | } |
| 1168 | |
| 1169 | mnt, err := buildMount(p, types.ServiceVolumeConfig{ |
| 1170 | Type: types.VolumeTypeBind, |
| 1171 | Source: definedSecret.File, |
| 1172 | Target: target, |
| 1173 | ReadOnly: true, |
| 1174 | Bind: &types.ServiceVolumeBind{ |
| 1175 | CreateHostPath: false, |
| 1176 | }, |
| 1177 | }) |
| 1178 | if err != nil { |
| 1179 | return nil, err |
| 1180 | } |
| 1181 | mounts[target] = mnt |
| 1182 | } |
| 1183 | values := make([]mount.Mount, 0, len(mounts)) |
| 1184 | for _, v := range mounts { |
| 1185 | values = append(values, v) |
| 1186 | } |
| 1187 | return values, nil |
| 1188 | } |
| 1189 | |
| 1190 | func isAbsTarget(p string) bool { |
no test coverage detected