uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

container: Allow setting secret target

Browse Source
This commit is contained in:
uumas
2025-06-23 11:58:37 +03:00
parent 60529c18cd
commit 8f29c2815e
3 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/container/meta/argument_specs.yaml
View File

@@ -94,7 +94,7 @@ argument_specs:
default: [] default: []
elements: str elements: str
container_secrets: container_secrets:
description: A list of secrets available to the container in /run/secrets/<secret name> description: A list of secrets available to the container as file or environment variable
type: list type: list
required: false required: false
default: [] default: []
@@ -122,6 +122,13 @@ argument_specs:
- mount - mount
- env - env
default: mount default: mount
target:
description: >
Where the secret will be available inside the container. If type is mount, this is
either a full file path or a filename under /run/secrets. If type is env, this is
the name of the environment variable. Defaults to secret name.
type: str
required: false
container_env: container_env:
description: A dict of environment variables for the container description: A dict of environment variables for the container

9
roles/container/vars/main.yaml
View File

@@ -29,7 +29,14 @@ _container_secrets: >-
| zip( | zip(
container_secrets container_secrets
| map(attribute='type', default='mount') | map(attribute='type', default='mount')
| map('regex_replace', '^', 'type=') | map('regex_replace', '^', 'type='),
container_secrets
| map(attribute='name')
| map('community.general.dict_kv', 'target')
| zip(container_secrets)
| map('combine')
| map(attribute='target')
| map('regex_replace', '^', 'target=')
) )
| map('join', ',') | map('join', ',')
}} }}

24
roles/service/meta/argument_specs.yaml
View File

@@ -114,10 +114,12 @@ argument_specs:
default: "" default: ""
service_container_secrets: service_container_secrets:
description: description:
- A list of secrets available to the service container in /run/secrets/<service name>-<secret name>
- > - >
A dict of secrets and their values (including autogenerated values) is available as `service_podman_secrets` for use A list of secrets available to the service container as file or environment variable
in tepmlates or environment variables. This should only be used if the container doesn't support reading the secret from file - >
A dict of secrets and their values (including autogenerated values) is available as
`service_podman_secrets` for use in templates. This should only be used if the
container doesn't support reading the secret from file or environment variable.
type: list type: list
required: false required: false
default: [] default: []
@@ -129,8 +131,12 @@ argument_specs:
required: true required: true
value: value:
description: description:
- Value of the secret. Defaults to a 128-character random string containing alphanumeric characters. - >
- If the value is not explicitly set, it will not be changed if the secret already exists. Value of the secret. Defaults to a 128-character random string containing
alphanumeric characters.
- >
If the value is not explicitly set, it will not be changed if the secret
already exists.
type: str type: str
required: false required: false
length: length:
@@ -145,6 +151,14 @@ argument_specs:
- mount - mount
- env - env
default: mount default: mount
target:
description: >
Where the secret will be available inside the container. If type is mount, this is
either a full file path or a filename under /run/secrets. If type is env, this is
the name of the environment variable. Defaults to secret name.
type: str
required: false
service_container_env: service_container_env:
description: A dict of environment variables for the service container(s) description: A dict of environment variables for the service container(s)
type: dict type: dict