From dfab22cd9fd36aaf163161f481b99d3cce5cfb2e Mon Sep 17 00:00:00 2001
From: Alex Dadgar <alex.dadgar@gmail.com>
Date: Wed, 31 Aug 2016 13:56:11 -0700
Subject: [PATCH] environment variables

---
 client/allocdir/alloc_dir_unix.go        | 10 ++++++++--
 client/driver/docker.go                  |  1 +
 client/driver/driver.go                  |  1 +
 client/driver/env/env.go                 | 18 ++++++++++++++++++
 client/driver/executor/executor_linux.go |  1 +
 5 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/client/allocdir/alloc_dir_unix.go b/client/allocdir/alloc_dir_unix.go
index 339e59d5d..0807505c4 100644
--- a/client/allocdir/alloc_dir_unix.go
+++ b/client/allocdir/alloc_dir_unix.go
@@ -14,11 +14,17 @@ import (
 )
 
 var (
-	//Path inside container for mounted directory shared across tasks in a task group.
+	// SharedAllocContainerPath is the path inside container for mounted
+	// directory shared across tasks in a task group.
 	SharedAllocContainerPath = filepath.Join("/", SharedAllocName)
 
-	//Path inside container for mounted directory for local storage.
+	// TaskLocalContainer is the path inside a container for mounted directory
+	// for local storage.
 	TaskLocalContainerPath = filepath.Join("/", TaskLocal)
+
+	// TaskSecretsContainerPath is the path inside a container for mounted
+	// secrets directory
+	TaskSecretsContainerPath = filepath.Join("/", TaskSecrets)
 )
 
 func (d *AllocDir) linkOrCopy(src, dst string, perm os.FileMode) error {
diff --git a/client/driver/docker.go b/client/driver/docker.go
index 6c1390aa1..c2fdc92c2 100644
--- a/client/driver/docker.go
+++ b/client/driver/docker.go
@@ -381,6 +381,7 @@ func (d *DockerDriver) createContainer(ctx *ExecContext, task *structs.Task,
 	// Set environment variables.
 	d.taskEnv.SetAllocDir(allocdir.SharedAllocContainerPath)
 	d.taskEnv.SetTaskLocalDir(allocdir.TaskLocalContainerPath)
+	d.taskEnv.SetTaskLocalDir(allocdir.TaskSecretsContainerPath)
 
 	config := &docker.Config{
 		Image:     driverConfig.ImageName,
diff --git a/client/driver/driver.go b/client/driver/driver.go
index 112626585..82fc0b142 100644
--- a/client/driver/driver.go
+++ b/client/driver/driver.go
@@ -156,6 +156,7 @@ func GetTaskEnv(allocDir *allocdir.AllocDir, node *structs.Node,
 		}
 
 		env.SetTaskLocalDir(filepath.Join(taskdir, allocdir.TaskLocal))
+		env.SetSecretDir(filepath.Join(taskdir, allocdir.TaskSecrets))
 	}
 
 	if task.Resources != nil {
diff --git a/client/driver/env/env.go b/client/driver/env/env.go
index 1ac9b7510..e2ff660b8 100644
--- a/client/driver/env/env.go
+++ b/client/driver/env/env.go
@@ -21,6 +21,10 @@ const (
 	// removed.
 	TaskLocalDir = "NOMAD_TASK_DIR"
 
+	// SecretDir is the environment variable with the path to the tasks secret
+	// directory where it can store sensitive data.
+	SecretDir = "NOMAD_SECRET_DIR"
+
 	// MemLimit is the environment variable with the tasks memory limit in MBs.
 	MemLimit = "NOMAD_MEMORY_LIMIT"
 
@@ -79,6 +83,7 @@ type TaskEnvironment struct {
 	JobMeta       map[string]string
 	AllocDir      string
 	TaskDir       string
+	SecretDir     string
 	CpuLimit      int
 	MemLimit      int
 	TaskName      string
@@ -153,6 +158,9 @@ func (t *TaskEnvironment) Build() *TaskEnvironment {
 	if t.TaskDir != "" {
 		t.TaskEnv[TaskLocalDir] = t.TaskDir
 	}
+	if t.SecretDir != "" {
+		t.TaskEnv[SecretDir] = t.SecretDir
+	}
 
 	// Build the resource limits
 	if t.MemLimit != 0 {
@@ -249,6 +257,16 @@ func (t *TaskEnvironment) ClearTaskLocalDir() *TaskEnvironment {
 	return t
 }
 
+func (t *TaskEnvironment) SetSecretDir(dir string) *TaskEnvironment {
+	t.SecretDir = dir
+	return t
+}
+
+func (t *TaskEnvironment) ClearSecretDir() *TaskEnvironment {
+	t.SecretDir = ""
+	return t
+}
+
 func (t *TaskEnvironment) SetMemLimit(limit int) *TaskEnvironment {
 	t.MemLimit = limit
 	return t
diff --git a/client/driver/executor/executor_linux.go b/client/driver/executor/executor_linux.go
index c673555cc..8925c0339 100644
--- a/client/driver/executor/executor_linux.go
+++ b/client/driver/executor/executor_linux.go
@@ -240,6 +240,7 @@ func (e *UniversalExecutor) configureChroot() error {
 	e.ctx.TaskEnv.
 		SetAllocDir(filepath.Join("/", allocdir.SharedAllocName)).
 		SetTaskLocalDir(filepath.Join("/", allocdir.TaskLocal)).
+		SetSecretDir(filepath.Join("/", allocdir.TaskSecrets)).
 		Build()
 
 	if e.cmd.SysProcAttr == nil {