Test and fix external secrets in stack deploy.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This commit is contained in:
Daniel Nephin
parent
6ec84ef76d
commit
b3427e43ed
4 changed files with 29 additions and 14 deletions
|
|
@ -31,7 +31,7 @@ func Services(
|
|||
|
||||
for _, service := range services {
|
||||
|
||||
secrets, err := convertServiceSecrets(client, namespace, service.Secrets)
|
||||
secrets, err := convertServiceSecrets(client, namespace, service.Secrets, config.Secrets)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -181,6 +181,7 @@ func convertServiceSecrets(
|
|||
client client.SecretAPIClient,
|
||||
namespace Namespace,
|
||||
secrets []composetypes.ServiceSecretConfig,
|
||||
secretSpecs map[string]composetypes.SecretConfig,
|
||||
) ([]*swarm.SecretReference, error) {
|
||||
opts := []*types.SecretRequestOption{}
|
||||
for _, secret := range secrets {
|
||||
|
|
@ -188,8 +189,15 @@ func convertServiceSecrets(
|
|||
if target == "" {
|
||||
target = secret.Source
|
||||
}
|
||||
|
||||
source := namespace.Scope(secret.Source)
|
||||
secretSpec := secretSpecs[secret.Source]
|
||||
if secretSpec.External.External {
|
||||
source = secretSpec.External.Name
|
||||
}
|
||||
|
||||
opts = append(opts, &types.SecretRequestOption{
|
||||
Source: namespace.Scope(secret.Source),
|
||||
Source: source,
|
||||
Target: target,
|
||||
UID: secret.UID,
|
||||
GID: secret.GID,
|
||||
|
|
|
|||
|
|
@ -422,8 +422,7 @@ func loadVolumes(source types.Dict) (map[string]types.VolumeConfig, error) {
|
|||
// TODO: remove duplicate with networks/volumes
|
||||
func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
|
||||
secrets := make(map[string]types.SecretConfig)
|
||||
err := transform(source, &secrets)
|
||||
if err != nil {
|
||||
if err := transform(source, &secrets); err != nil {
|
||||
return secrets, err
|
||||
}
|
||||
for name, secret := range secrets {
|
||||
|
|
|
|||
|
|
@ -53,13 +53,13 @@ func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
|
|||
out, err := d.Cmd(stackArgs...)
|
||||
c.Assert(err, checker.IsNil, check.Commentf(out))
|
||||
|
||||
out, err = d.Cmd([]string{"stack", "ls"}...)
|
||||
out, err = d.Cmd("stack", "ls")
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(out, check.Equals, "NAME SERVICES\n"+"testdeploy 2\n")
|
||||
|
||||
out, err = d.Cmd([]string{"stack", "rm", testStackName}...)
|
||||
out, err = d.Cmd("stack", "rm", testStackName)
|
||||
c.Assert(err, checker.IsNil)
|
||||
out, err = d.Cmd([]string{"stack", "ls"}...)
|
||||
out, err = d.Cmd("stack", "ls")
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(out, check.Equals, "NAME SERVICES\n")
|
||||
}
|
||||
|
|
@ -67,13 +67,16 @@ func (s *DockerSwarmSuite) TestStackDeployComposeFile(c *check.C) {
|
|||
func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
|
||||
d := s.AddDaemon(c, true, true)
|
||||
|
||||
out, err := d.Cmd("secret", "create", "outside", "fixtures/secrets/default")
|
||||
c.Assert(err, checker.IsNil, check.Commentf(out))
|
||||
|
||||
testStackName := "testdeploy"
|
||||
stackArgs := []string{
|
||||
"stack", "deploy",
|
||||
"--compose-file", "fixtures/deploy/secrets.yaml",
|
||||
testStackName,
|
||||
}
|
||||
out, err := d.Cmd(stackArgs...)
|
||||
out, err = d.Cmd(stackArgs...)
|
||||
c.Assert(err, checker.IsNil, check.Commentf(out))
|
||||
|
||||
out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", "testdeploy_web")
|
||||
|
|
@ -81,14 +84,15 @@ func (s *DockerSwarmSuite) TestStackDeployWithSecretsTwice(c *check.C) {
|
|||
|
||||
var refs []swarm.SecretReference
|
||||
c.Assert(json.Unmarshal([]byte(out), &refs), checker.IsNil)
|
||||
c.Assert(refs, checker.HasLen, 2)
|
||||
c.Assert(refs, checker.HasLen, 3)
|
||||
|
||||
sort.Sort(sortSecrets(refs))
|
||||
c.Assert(refs[0].SecretName, checker.Equals, "testdeploy_special")
|
||||
c.Assert(refs[0].File.Name, checker.Equals, "special")
|
||||
c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_super")
|
||||
c.Assert(refs[1].File.Name, checker.Equals, "foo.txt")
|
||||
c.Assert(refs[1].File.Mode, checker.Equals, os.FileMode(0400))
|
||||
c.Assert(refs[0].SecretName, checker.Equals, "outside")
|
||||
c.Assert(refs[1].SecretName, checker.Equals, "testdeploy_special")
|
||||
c.Assert(refs[1].File.Name, checker.Equals, "special")
|
||||
c.Assert(refs[2].SecretName, checker.Equals, "testdeploy_super")
|
||||
c.Assert(refs[2].File.Name, checker.Equals, "foo.txt")
|
||||
c.Assert(refs[2].File.Mode, checker.Equals, os.FileMode(0400))
|
||||
|
||||
// Deploy again to ensure there are no errors when secret hasn't changed
|
||||
out, err = d.Cmd(stackArgs...)
|
||||
|
|
|
|||
|
|
@ -9,8 +9,12 @@ services:
|
|||
- source: super
|
||||
target: foo.txt
|
||||
mode: 0400
|
||||
- star
|
||||
secrets:
|
||||
special:
|
||||
file: fixtures/secrets/default
|
||||
super:
|
||||
file: fixtures/secrets/default
|
||||
star:
|
||||
external:
|
||||
name: outside
|
||||
|
|
|
|||
Loading…
Reference in a new issue