We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Test and fix external secrets in stack deploy.

Signed-off-by: Daniel Nephin <dnephin@docker.com>
Daniel Nephin 8 years ago
parent
6ec84ef76d
commit
b3427e43ed
4 changed files with 29 additions and 14 deletions
Split View Show Diff Stats
  1. 10 2
      cli/compose/convert/service.go
  2. 1 2
      cli/compose/loader/loader.go
  3. 14 10
      integration-cli/docker_cli_stack_test.go
  4. 4 0
      integration-cli/fixtures/deploy/secrets.yaml

+ 10 - 2
cli/compose/convert/service.go
View File 

@@ -31,7 +31,7 @@ func Services(
 
 
 	for _, service := range services {
 
 
-		secrets, err := convertServiceSecrets(client, namespace, service.Secrets)
 
+		secrets, err := convertServiceSecrets(client, namespace, service.Secrets, config.Secrets)
 
 		if err != nil {
 
 			return nil, err
 
 		}
 
@@ -181,6 +181,7 @@ func convertServiceSecrets(
 
 	client client.SecretAPIClient,
 
 	namespace Namespace,
 
 	secrets []composetypes.ServiceSecretConfig,
 
+	secretSpecs map[string]composetypes.SecretConfig,
 
 ) ([]*swarm.SecretReference, error) {
 
 	opts := []*types.SecretRequestOption{}
 
 	for _, secret := range secrets {
 
@@ -188,8 +189,15 @@ func convertServiceSecrets(
 
 		if target == "" {
 
 			target = secret.Source
 
 		}
 
+
 
+		source := namespace.Scope(secret.Source)
 
+		secretSpec := secretSpecs[secret.Source]
 
+		if secretSpec.External.External {
 
+			source = secretSpec.External.Name
 
+		}
 
+
 
 		opts = append(opts, &types.SecretRequestOption{
 
-			Source: namespace.Scope(secret.Source),
 
+			Source: source,
 
 			Target: target,
 
 			UID:    secret.UID,
 
 			GID:    secret.GID,

+ 1 - 2
cli/compose/loader/loader.go
View File 

@@ -422,8 +422,7 @@ func loadVolumes(source types.Dict) (map[string]types.VolumeConfig, error) {
 
 // TODO: remove duplicate with networks/volumes
 
 func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
 
 	secrets := make(map[string]types.SecretConfig)
 
-	err := transform(source, &secrets)
 
-	if err != nil {
 
+	if err := transform(source, &secrets); err != nil {
 
 		return secrets, err
 
 	}
 
 	for name, secret := range secrets {

+ 14 - 10
integration-cli/docker_cli_stack_test.go
View File 

@@ -53,13 +53,13 @@ func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
 
 	out, err := d.Cmd(stackArgs...)
 
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 
-	out, err = d.Cmd([]string{"stack", "ls"}...)
 
+	out, err = d.Cmd("stack", "ls")
 
 	c.Assert(err, checker.IsNil)
 
 	c.Assert(out, check.Equals, "NAME        SERVICES\n"+"testdeploy  2\n")
 
 
-	out, err = d.Cmd([]string{"stack", "rm", testStackName}...)
 
+	out, err = d.Cmd("stack", "rm", testStackName)
 
 	c.Assert(err, checker.IsNil)
 
-	out, err = d.Cmd([]string{"stack", "ls"}...)
 
+	out, err = d.Cmd("stack", "ls")
 
 	c.Assert(err, checker.IsNil)
 
 	c.Assert(out, check.Equals, "NAME  SERVICES\n")
 
 }
 
@@ -67,13 +67,16 @@ func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
 
 func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
 
 	d := s.AddDaemon(c, true, true)
 
 
+	out, err := d.Cmd("secret", "create", "outside", "fixtures/secrets/default")
 
+	c.Assert(err, checker.IsNil, check.Commentf(out))
 
+
 
 	testStackName := "testdeploy"
 
 	stackArgs := []string{
 
 		"stack", "deploy",
 
 		"--compose-file", "fixtures/deploy/secrets.yaml",
 
 		testStackName,
 
 	}
 
-	out, err := d.Cmd(stackArgs...)
 
+	out, err = d.Cmd(stackArgs...)
 
 	c.Assert(err, checker.IsNil, check.Commentf(out))
 
 
 	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", "testdeploy_web")
 
@@ -81,14 +84,15 @@ func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
 
 
 	var refs []swarm.SecretReference
 
 	c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
 
-	c.Assert(refs, checker.HasLen, 2)
 
+	c.Assert(refs, checker.HasLen, 3)
 
 
 	sort.Sort(sortSecrets(refs))
 
-	c.Assert(refs[0].SecretName, checker.Equals, "testdeploy_special")
 
-	c.Assert(refs[0].File.Name, checker.Equals, "special")
 
-	c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_super")
 
-	c.Assert(refs[1].File.Name, checker.Equals, "foo.txt")
 
-	c.Assert(refs[1].File.Mode, checker.Equals, os.FileMode(0400))
 
+	c.Assert(refs[0].SecretName, checker.Equals, "outside")
 
+	c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_special")
 
+	c.Assert(refs[1].File.Name, checker.Equals, "special")
 
+	c.Assert(refs[2].SecretName, checker.Equals, "testdeploy_super")
 
+	c.Assert(refs[2].File.Name, checker.Equals, "foo.txt")
 
+	c.Assert(refs[2].File.Mode, checker.Equals, os.FileMode(0400))
 
 
 	// Deploy again to ensure there are no errors when secret hasn't changed
 
 	out, err = d.Cmd(stackArgs...)

+ 4 - 0
integration-cli/fixtures/deploy/secrets.yaml
View File 

@@ -9,8 +9,12 @@ services:
 
       - source: super
 
         target: foo.txt
 
         mode: 0400
 
+      - star
 
 secrets:
 
   special:
 
     file: fixtures/secrets/default
 
   super:
 
     file: fixtures/secrets/default
 
+  star:
 
+    external:
 
+      name: outside

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5