kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity
30573 commits 10 branches 356 tags 299 MiB
Commit graph

14 commits

Author SHA1 Message Date
Daniel Nephin
9419e7df2b Implement secret types for compose file. 
Signed-off-by: Daniel Nephin <dnephin@docker.com>
 2017-01-26 11:33:15 -05:00
Sebastiaan van Stijn
e91953407c
Update order of '--secret-rm' and '--secret-add' 
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).

This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.

Before this change, the `rm` was always performed "last", so the secret
was always removed:

    $ echo "foo" | docker secret create foo -f -
    foo

    $ docker service create --name myservice --secret foo nginx:alpine
    62xjcr9sr0c2hvepdzqrn3ssn

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
    null

After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;

    $ echo "foo" | docker secret create foo -f -
    1bllmvw3a1yaq3eixqw3f7bjl

    $ docker service create --name myservice --secret foo nginx:alpine
    lr6s3uoggli1x0hab78glpcxo

    $ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
    myservice

    $ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .

    [
      {
        "File": {
          "Name": "foo2",
          "UID": "0",
          "GID": "0",
          "Mode": 292
        },
        "SecretID": "tn9qiblgnuuut11eufquw5dev",
        "SecretName": "foo"
      }
    ]

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2016-12-31 14:55:29 +01:00
Evan Hazlett
bebd472e40 do not force target type for secret references 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

use secret store interface instead of embedded secret data into container

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-17 15:49:02 -05:00
Evan Hazlett
5b2230a38b SecretRequestOptions -> SecretRequestOption 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:45 -05:00
Evan Hazlett
583c013a87 support labels for secrets upon creation; review updates 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:45 -05:00
Evan Hazlett
b2e4c7f3b5 review updates 
- use Filters instead of Filter for secret list
- UID, GID -> string
- getSecrets -> getSecretsByName
- updated test case for secrets with better source
- use golang.org/x/context instead of context
- for grpc conversion allocate with make
- check for nil with task.Spec.GetContainer()

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:45 -05:00
Evan Hazlett
c00138748d move secretopt to opts pkg 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:45 -05:00
Evan Hazlett
2adbdcdf5a secrets: use explicit format when using secrets 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:44 -05:00
Evan Hazlett
88dea0e06e update to support new target in swarmkit 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:44 -05:00
Evan Hazlett
dce2afbd81 simplify secret lookup on service create 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:44 -05:00
Evan Hazlett
111e497dc6 support the same secret with different targets on service create 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:44 -05:00
Evan Hazlett
189f89301e more review updates 
- use /secrets for swarm secret create route
- do not specify omitempty for secret and secret reference
- simplify lookup for secret ids
- do not use pointer for secret grpc conversion

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:43 -05:00
Evan Hazlett
857e60c2f9 review changes 
- fix lint issues
- use errors pkg for wrapping errors
- cleanup on error when setting up secrets mount
- fix erroneous import
- remove unneeded switch for secret reference mode
- return single mount for secrets instead of slice

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:43 -05:00
Evan Hazlett
3716ec25b4 secrets: secret management for swarm 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

wip: use tmpfs for swarm secrets

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

wip: inject secrets from swarm secret store

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

secrets: use secret names in cli for service create

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

switch to use mounts instead of volumes

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

vendor: use ehazlett swarmkit

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

secrets: finish secret update

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2016-11-09 14:27:43 -05:00