From 8b7221363c632481b42d583aeb76eb439776f97b Mon Sep 17 00:00:00 2001
From: Enno Tensing <tenno@suij.in>
Date: Fri, 8 Aug 2025 15:51:53 +0200
Subject: [PATCH] generate: container: Allow one secret to be used multiple
 times

Secret a can now be used more than once, but currently only with the same
secret type.

Signed-off-by: Enno Tensing <tenno@suij.in>
---
 generate/container.py | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/generate/container.py b/generate/container.py
index a1890aa..48bece5 100644
--- a/generate/container.py
+++ b/generate/container.py
@@ -298,7 +298,7 @@ class Secret:
 
     name: str
     secret_type: str
-    target: str
+    target: list
     options: str
 
     @classmethod
@@ -316,26 +316,35 @@ class Secret:
                 continue
             name = key
             secret_type = maybe_or(val[key], "type", "")
-            target = maybe_or(val[key], "target", "")
+            target = maybe(val[key], "target")
+            if isinstance(target, str):
+                target = [target]
+            if not isinstance(target, list):
+                target = []
             options = maybe_or(val[key], "options", "")
             if options is None:
                 options = ""
             secrets.append(
-                cls(name, str(secret_type), str(target), str(options))
+                cls(name, str(secret_type), target, str(options))
             )
 
         return secrets
 
     def command(self) -> str:
         """Option for podman container create."""
-        cmd = (
-            f"--secret {self.name},:"
-            f"type={self.secret_type},"
-            f"target={self.target}"
-        )
-        # Not a password, ruff...
-        if self.secret_type == "mount" and self.options != "":  # noqa: S105
-            cmd = f"{cmd},{self.options}"
+        cmd = ""
+        for target in self.target:
+            cmd += (
+                f"\t--secret {self.name},:"
+                f"type={self.secret_type},"
+                f"target={target}"
+            )
+            # Not a password, ruff...
+            has_option = self.secret_type == "mount"  # noqa: S105
+            has_option = has_option and self.options != ""
+            if has_option:
+                cmd = f"{cmd},{self.options}"
+            cmd += " \\\n"
 
         return cmd
 
@@ -697,7 +706,7 @@ class Container:
         cmd += f"{self.ports.command()}"
         cmd += f"{self.env.command()}"
         for secret in self.secrets:
-            cmd += f"\t{secret.command()} \\\n"
+            cmd += f"{secret.command()}"
         for volume in self.volumes:
             cmd += f"\t{volume.command()} \\\n"
         for capability in self.capabilities: