influx/telegraf
1
0
Fork 0
Code Issues Activity
telegraf/plugins/secretstores/docker/docker.go
Daniel Baumann 4978089aab
Adding upstream version 1.34.4. 
Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-24 07:26:29 +02:00

92 lines
2.3 KiB
Go
Raw Blame History

//go:generate ../../../tools/readme_config_includer/generator
package docker
import (
_ "embed"
"errors"
"fmt"
"os"
"path/filepath"
"github.com/influxdata/telegraf"
"github.com/influxdata/telegraf/plugins/secretstores"
)
//go:embed sample.conf
var sampleConfig string
type Docker struct {
ID string `toml:"id"`
Path string `toml:"path"`
Dynamic bool `toml:"dynamic"`
}
func (*Docker) SampleConfig() string {
return sampleConfig
}
// Init initializes all internals of the secret-store
func (d *Docker) Init() error {
if d.ID == "" {
return errors.New("id missing")
}
if d.Path == "" {
// setting the default directory for Docker Secrets
// if no explicit path mentioned in configuration
d.Path = "/run/secrets"
}
if _, err := os.Stat(d.Path); err != nil {
// if there is no /run/secrets directory for default Path value
// this implies that there are no secrets.
// Or for any explicit path definitions for that matter.
return fmt.Errorf("accessing directory %q failed: %w", d.Path, err)
}
return nil
}
func (d *Docker) Get(key string) ([]byte, error) {
secretFile, err := filepath.Abs(filepath.Join(d.Path, key))
if err != nil {
return nil, err
}
if filepath.Dir(secretFile) != d.Path {
return nil, fmt.Errorf("directory traversal detected for key %q", key)
}
value, err := os.ReadFile(secretFile)
if err != nil {
return nil, fmt.Errorf("cannot read the secret's value under the directory: %w", err)
}
return value, nil
}
func (d *Docker) List() ([]string, error) {
secretFiles, err := os.ReadDir(d.Path)
if err != nil {
return nil, fmt.Errorf("cannot read files under the directory: %w", err)
}
secrets := make([]string, 0, len(secretFiles))
for _, entry := range secretFiles {
secrets = append(secrets, entry.Name())
}
return secrets, nil
}
func (*Docker) Set(_, _ string) error {
return errors.New("secret-store does not support creating secrets")
}
// GetResolver returns a function to resolve the given key.
func (d *Docker) GetResolver(key string) (telegraf.ResolveFunc, error) {
resolver := func() ([]byte, bool, error) {
s, err := d.Get(key)
return s, d.Dynamic, err
}
return resolver, nil
}
// Register the secret-store on load.
func init() {
secretstores.Add("docker", func(id string) telegraf.SecretStore {
return &Docker{ID: id}
})
}
View git blame Copy permalink