Add new type __docker_secret

cdist/conf/type/__docker_secret/explorer/secret-exists

@@ -0,0 +1,25 @@
+#!/bin/sh -e
+#
+# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+if docker secret ls | grep -q " ${__object_id:?} "; then
+	echo yes
+else
+	echo no
+fi

cdist/conf/type/__docker_secret/gencode-remote

@@ -0,0 +1,65 @@
+#!/bin/sh -e
+#
+# 2018 Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+
+secret="${__object_id:?}"
+secret_exists=$(cat "${__object:?}/explorer/secret-exists")
+state=$(cat "${__object:?}/parameter/state")
+
+case "${state}" in
+	absent)
+		if [ "${secret_exists}" != "yes" ]; then
+			exit 0
+		fi
+
+		echo "docker secret rm ${secret}"
+	;;
+	present)
+		if [ "${secret_exists}" = "yes" ]; then
+			exit 0
+		fi
+
+		source=$(cat "${__object}/parameter/source")
+
+		if [ -z "${source}" ]; then
+			exit 0
+		fi
+
+		if [ "${source}" = "-" ]; then
+			source="${__object}/stdin"
+		fi
+
+		cat <<-EOF
+		source_file="\$(mktemp cdist.XXXXXXXXXX)"
+
+		base64 -d > "\${source_file}" << eof
+		$(base64 "${source}")
+		eof
+
+		docker secret create "${secret}" "\${source_file}"
+
+		rm "\${source_file}"
+		EOF
+	;;
+	*)
+		echo "Unsupported state: ${state}" >&2
+
+		exit 1
+	;;
+esac

cdist/conf/type/__docker_secret/man.rst

@@ -0,0 +1,54 @@
+cdist-type__docker_secret(7)
+============================
+
+NAME
+----
+
+cdist-type__docker_secret - Manage Docker secrets
+
+DESCRIPTION
+-----------
+
+This type manages Docker secrets.
+
+OPTIONAL PARAMETERS
+-------------------
+
+source
+    Path to the source file. If it is '-' (dash), read standard input.
+
+state
+    'present' or 'absent', defaults to 'present' where:
+
+    present
+        if the secret does not exist, it is created
+    absent
+        the secret is removed
+
+CAVEATS
+-------
+
+Since Docker secrets cannot be updated once created, this type takes no action
+if the specified secret already exists.
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # Creates "foo" secret from "bar" source file
+    __docker_secret foo --source bar
+
+
+AUTHORS
+-------
+
+Ľubomír Kučera <lubomir.kucera.jr at gmail.com>
+
+COPYING
+-------
+
+Copyright \(C) 2018 Ľubomír Kučera. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.

cdist/conf/type/__docker_secret/parameter/default/state

@@ -0,0 +1 @@
+present

cdist/conf/type/__docker_secret/parameter/optional

@@ -0,0 +1,2 @@
+source
+state