generate: container: Allow one secret to be used multiple times

Secret a can now be used more than once, but currently only with the same secret type. Signed-off-by: Enno Tensing <tenno@suij.in>
2025-08-08 15:51:53 +02:00 · 2025-08-08 15:51:53 +02:00 · 8b7221363c
commit 8b7221363c
parent 486a38440f
1 changed files with 21 additions and 12 deletions
--- a/generate/container.py
+++ b/generate/container.py
@ -298,7 +298,7 @@ class Secret:

    name: str
    secret_type: str
-    target: str
+    target: list
    options: str

    @classmethod
@ -316,26 +316,35 @@ class Secret:
                continue
            name = key
            secret_type = maybe_or(val[key], "type", "")
-            target = maybe_or(val[key], "target", "")
+            target = maybe(val[key], "target")
+            if isinstance(target, str):
+                target = [target]
+            if not isinstance(target, list):
+                target = []
            options = maybe_or(val[key], "options", "")
            if options is None:
                options = ""
            secrets.append(
-                cls(name, str(secret_type), str(target), str(options))
+                cls(name, str(secret_type), target, str(options))
            )

        return secrets

    def command(self) -> str:
        """Option for podman container create."""
-        cmd = (
-            f"--secret {self.name},:"
-            f"type={self.secret_type},"
-            f"target={self.target}"
-        )
-        # Not a password, ruff...
-        if self.secret_type == "mount" and self.options != "":  # noqa: S105
-            cmd = f"{cmd},{self.options}"
+        cmd = ""
+        for target in self.target:
+            cmd += (
+                f"\t--secret {self.name},:"
+                f"type={self.secret_type},"
+                f"target={target}"
+            )
+            # Not a password, ruff...
+            has_option = self.secret_type == "mount"  # noqa: S105
+            has_option = has_option and self.options != ""
+            if has_option:
+                cmd = f"{cmd},{self.options}"
+            cmd += " \\\n"

        return cmd

@ -697,7 +706,7 @@ class Container:
        cmd += f"{self.ports.command()}"
        cmd += f"{self.env.command()}"
        for secret in self.secrets:
-            cmd += f"\t{secret.command()} \\\n"
+            cmd += f"{secret.command()}"
        for volume in self.volumes:
            cmd += f"\t{volume.command()} \\\n"
        for capability in self.capabilities: