upstream/terraform-provider-docker
1
0
Fork 0
mirror of https://github.com/kreuzwerker/terraform-provider-docker.git synced 2026-01-05 22:39:36 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: make UID, GID, & mode for secrets and configs configurable (#231)

Browse source 
Closes #216 
* feat(service): makes uid, gid and file mode configurable
* docs(service): updates config and secret configuration
This commit is contained in:
Manuel Vogel 2019-12-18 19:04:01 +01:00 committed by GitHub
parent 546c6aeef1
commit f4dd2188f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 73 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
docker/resource_docker_service.go
View file

@ -423,6 +423,25 @@ func resourceDockerService() *schema.Resource {
Description: "Represents the final filename in the filesystem",
Required: true,
},
"file_uid": {
Type: schema.TypeString,
Description: "Represents the file UID",
Optional: true,
Default: "0",
},
"file_gid": {
Type: schema.TypeString,
Description: "Represents the file GID",
Optional: true,
Default: "0",
},
"file_mode": {
Type: schema.TypeInt,
Description: "Represents represents the FileMode of the file",
Optional: true,
Default: 0444,
ValidateFunc: validateIntegerGeqThan(0),
},
},
},
},
@ -447,6 +466,25 @@ func resourceDockerService() *schema.Resource {
Description: "Represents the final filename in the filesystem",
Required: true,
},
"file_uid": {
Type: schema.TypeString,
Description: "Represents the file UID",
Optional: true,
Default: "0",
},
"file_gid": {
Type: schema.TypeString,
Description: "Represents the file GID",
Optional: true,
Default: "0",
},
"file_mode": {
Type: schema.TypeInt,
Description: "Represents represents the FileMode of the file",
Optional: true,
Default: 0444,
ValidateFunc: validateIntegerGeqThan(0),
},
},
},
},

14
docker/resource_docker_service_funcs.go
View file

@ -893,13 +893,14 @@ func createContainerSpec(v interface{}) (*swarm.ContainerSpec, error) {
for _, rawSecret := range value.(*schema.Set).List() {
rawSecret := rawSecret.(map[string]interface{})
rawFilemode := rawSecret["file_mode"].(int)
secret := swarm.SecretReference{
SecretID: rawSecret["secret_id"].(string),
File: &swarm.SecretReferenceFileTarget{
Name: rawSecret["file_name"].(string),
UID: "0",
GID: "0",
Mode: os.FileMode(0444),
UID: rawSecret["file_uid"].(string),
GID: rawSecret["file_gid"].(string),
Mode: os.FileMode(uint32(rawFilemode)),
},
}
if value, ok := rawSecret["secret_name"]; ok {
@ -914,13 +915,14 @@ func createContainerSpec(v interface{}) (*swarm.ContainerSpec, error) {
for _, rawConfig := range value.(*schema.Set).List() {
rawConfig := rawConfig.(map[string]interface{})
rawFilemode := rawConfig["file_mode"].(int)
config := swarm.ConfigReference{
ConfigID: rawConfig["config_id"].(string),
File: &swarm.ConfigReferenceFileTarget{
Name: rawConfig["file_name"].(string),
UID: "0",
GID: "0",
Mode: os.FileMode(0444),
UID: rawConfig["file_uid"].(string),
GID: rawConfig["file_gid"].(string),
Mode: os.FileMode(uint32(rawFilemode)),
},
}
if value, ok := rawConfig["config_name"]; ok {

5
docker/resource_docker_service_test.go
View file

@ -306,7 +306,10 @@ func TestAccDockerService_fullSpec(t *testing.T) {
secrets {
secret_id = "${docker_secret.service_secret.id}"
secret_name = "${docker_secret.service_secret.name}"
file_name = "/secrets.json"
file_name = "/secrets.json"
file_uid = "0"
file_gid = "0"
file_mode = 0777
}
configs {

14
docker/structures_service.go
View file

@ -315,6 +315,13 @@ func flattenServiceSecrets(in []*swarm.SecretReference) *schema.Set {
}
if v.File != nil {
m["file_name"] = v.File.Name
if len(v.File.UID) > 0 {
m["file_uid"] = v.File.UID
}
if len(v.File.GID) > 0 {
m["file_gid"] = v.File.GID
}
m["file_mode"] = int(v.File.Mode)
}
out[i] = m
}
@ -335,6 +342,13 @@ func flattenServiceConfigs(in []*swarm.ConfigReference) *schema.Set {
}
if v.File != nil {
m["file_name"] = v.File.Name
if len(v.File.UID) > 0 {
m["file_uid"] = v.File.UID
}
if len(v.File.GID) > 0 {
m["file_gid"] = v.File.GID
}
m["file_mode"] = int(v.File.Mode)
}
out[i] = m
}

9
website/docs/r/service.html.markdown
View file

@ -147,6 +147,9 @@ resource "docker_service" "foo" {
secret_id = "${docker_secret.service_secret.id}"
secret_name = "${docker_secret.service_secret.name}"
file_name = "/secrets.json"
file_uid = "0"
file_gid = "0"
file_mode = 0777
},
]
@ -410,6 +413,9 @@ the extra mount mappings for the container. Each `secrets` block is a reference
* `secret_id` - (Required, string) ConfigID represents the ID of the specific secret.
* `secret_name` - (Optional, string) The name of the secret that this references, but internally it is just provided for lookup/display purposes
* `file_name` - (Required, string) Represents the final filename in the filesystem. The specific target file that the secret data is written within the docker container, e.g. `/root/secret/secret.json`
* `file_uid` - (Optional, string) Represents the file UID. Defaults: `0`
* `file_gid` - (Optional, string) Represents the file GID. Defaults: `0`
* `file_mode` - (Optional, int) Represents the FileMode of the file. Defaults: `0444`
<a id="configs-1"></a>
### Configs
@ -420,6 +426,9 @@ the extra mount mappings for the container. Each `configs` is a reference to a s
* `config_id` - (Required, string) ConfigID represents the ID of the specific config.
* `config_name` - (Optional, string) The name of the config that this references, but internally it is just provided for lookup/display purposes
* `file_name` - (Required, string) Represents the final filename in the filesystem. The specific target file that the config data is written within the docker container, e.g. `/root/config/config.json`
* `file_uid` - (Optional, string) Represents the file UID. Defaults: `0`
* `file_gid` - (Optional, string) Represents the file GID. Defaults: `0`
* `file_mode` - (Optional, int) Represents the FileMode of the file. Defaults: `0444`
<!-- end task-container-spec -->