-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable configs.file's on remote docker hosts #11871
base: main
Are you sure you want to change the base?
Enable configs.file's on remote docker hosts #11871
Conversation
Copy configs.file's and secrets.file's instead of bind-mounting them to make it possible to use file configs when working with remote docker hosts (like setting DOCKER_HOST to a ssh address or setting docker context) Includes support for config.files and secrets.files as directories. Note that file.Content as source of secrets is denied elsewhere with the error "validating docker-compose.yml: secrets.content_secret Additional property content is not allowed" implements: docker#11867
6638c2f
to
d9dd161
Compare
file := project.Secrets[config.Source] | ||
var tarArchive bytes.Buffer | ||
var err error | ||
switch { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: not handling file.Content as this seems to be rejected some other place, causing the printout "validating docker-compose.yml: secrets.content_secret Additional property content is not allowed"
} | ||
|
||
func makeTarFileEntryParams(config types.FileReferenceConfig) (mode int64, uid, gid int, err error) { | ||
mode = 0o444 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❓ should the default mode be different for secrets compared to configs?
err = fs.WalkDir(subdir, ".", func(filePath string, d fs.DirEntry, err error) error { | ||
header := &tar.Header{ | ||
Name: filepath.Join(config.Target, filePath), | ||
Mode: mode, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
❓ Should directories have the same mode as files? Or should they perhaps have the exec bit set for the owner/group/other to access them?
@ndeloof left you a few questions in the review |
any ETA? |
See discussion in #11867 - it might take some time to decide how to proceed. |
What I did
Copy configs.file's instead of bind-mounting them to make it possible to use file configs when working with remote docker hosts (like setting DOCKER_HOST to a ssh address or setting docker context)
Related issue
implements: #11867
(not mandatory) A picture of a cute animal, if possible in relation to what you did
![image](https://private-user-images.githubusercontent.com/5228/335535821-cca3c22d-f89f-4b6c-a5ac-6fbf2d2cc386.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk5OTQzOTEsIm5iZiI6MTcxOTk5NDA5MSwicGF0aCI6Ii81MjI4LzMzNTUzNTgyMS1jY2EzYzIyZC1mODlmLTRiNmMtYTVhYy02ZmJmMmQyY2MzODYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcwMyUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MDNUMDgwODExWiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9OGRiOTRiYTE0ZjJmMWU5MmJmZjhmMzkzZGUzMzZhMjhlOGNmZjM1MDg5Njc0NWVhMzI3YWJmN2FhY2Y4YWUyZiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.HV8Vcx_nObplVpEdZZ67w6JSFogXgu5Ittr-fFo8Dqo)