From f4dd2188f140ab795f3bd9e26d4ab41e95a88b15 Mon Sep 17 00:00:00 2001
From: Manuel Vogel <mavogel@posteo.de>
Date: Wed, 18 Dec 2019 19:04:01 +0100
Subject: [PATCH] feat: make UID, GID, & mode for secrets and configs
 configurable (#231)

Closes #216
* feat(service): makes uid, gid and file mode configurable
* docs(service): updates config and secret configuration
---
 docker/resource_docker_service.go       | 38 +++++++++++++++++++++++++
 docker/resource_docker_service_funcs.go | 14 +++++----
 docker/resource_docker_service_test.go  |  5 +++-
 docker/structures_service.go            | 14 +++++++++
 website/docs/r/service.html.markdown    |  9 ++++++
 5 files changed, 73 insertions(+), 7 deletions(-)

diff --git a/docker/resource_docker_service.go b/docker/resource_docker_service.go
index 5ba55bf5..28c0cbb4 100644
--- a/docker/resource_docker_service.go
+++ b/docker/resource_docker_service.go
@@ -423,6 +423,25 @@ func resourceDockerService() *schema.Resource {
 													Description: "Represents the final filename in the filesystem",
 													Required:    true,
 												},
+												"file_uid": {
+													Type:        schema.TypeString,
+													Description: "Represents the file UID",
+													Optional:    true,
+													Default:     "0",
+												},
+												"file_gid": {
+													Type:        schema.TypeString,
+													Description: "Represents the file GID",
+													Optional:    true,
+													Default:     "0",
+												},
+												"file_mode": {
+													Type:         schema.TypeInt,
+													Description:  "Represents represents the FileMode of the file",
+													Optional:     true,
+													Default:      0444,
+													ValidateFunc: validateIntegerGeqThan(0),
+												},
 											},
 										},
 									},
@@ -447,6 +466,25 @@ func resourceDockerService() *schema.Resource {
 													Description: "Represents the final filename in the filesystem",
 													Required:    true,
 												},
+												"file_uid": {
+													Type:        schema.TypeString,
+													Description: "Represents the file UID",
+													Optional:    true,
+													Default:     "0",
+												},
+												"file_gid": {
+													Type:        schema.TypeString,
+													Description: "Represents the file GID",
+													Optional:    true,
+													Default:     "0",
+												},
+												"file_mode": {
+													Type:         schema.TypeInt,
+													Description:  "Represents represents the FileMode of the file",
+													Optional:     true,
+													Default:      0444,
+													ValidateFunc: validateIntegerGeqThan(0),
+												},
 											},
 										},
 									},
diff --git a/docker/resource_docker_service_funcs.go b/docker/resource_docker_service_funcs.go
index d5a3a948..eef8d456 100644
--- a/docker/resource_docker_service_funcs.go
+++ b/docker/resource_docker_service_funcs.go
@@ -893,13 +893,14 @@ func createContainerSpec(v interface{}) (*swarm.ContainerSpec, error) {
 
 				for _, rawSecret := range value.(*schema.Set).List() {
 					rawSecret := rawSecret.(map[string]interface{})
+					rawFilemode := rawSecret["file_mode"].(int)
 					secret := swarm.SecretReference{
 						SecretID: rawSecret["secret_id"].(string),
 						File: &swarm.SecretReferenceFileTarget{
 							Name: rawSecret["file_name"].(string),
-							UID:  "0",
-							GID:  "0",
-							Mode: os.FileMode(0444),
+							UID:  rawSecret["file_uid"].(string),
+							GID:  rawSecret["file_gid"].(string),
+							Mode: os.FileMode(uint32(rawFilemode)),
 						},
 					}
 					if value, ok := rawSecret["secret_name"]; ok {
@@ -914,13 +915,14 @@ func createContainerSpec(v interface{}) (*swarm.ContainerSpec, error) {
 
 				for _, rawConfig := range value.(*schema.Set).List() {
 					rawConfig := rawConfig.(map[string]interface{})
+					rawFilemode := rawConfig["file_mode"].(int)
 					config := swarm.ConfigReference{
 						ConfigID: rawConfig["config_id"].(string),
 						File: &swarm.ConfigReferenceFileTarget{
 							Name: rawConfig["file_name"].(string),
-							UID:  "0",
-							GID:  "0",
-							Mode: os.FileMode(0444),
+							UID:  rawConfig["file_uid"].(string),
+							GID:  rawConfig["file_gid"].(string),
+							Mode: os.FileMode(uint32(rawFilemode)),
 						},
 					}
 					if value, ok := rawConfig["config_name"]; ok {
diff --git a/docker/resource_docker_service_test.go b/docker/resource_docker_service_test.go
index 75a0b4e7..07e3dea0 100644
--- a/docker/resource_docker_service_test.go
+++ b/docker/resource_docker_service_test.go
@@ -306,7 +306,10 @@ func TestAccDockerService_fullSpec(t *testing.T) {
 							secrets {
 								secret_id   = "${docker_secret.service_secret.id}"
 								secret_name = "${docker_secret.service_secret.name}"
-								file_name = "/secrets.json"
+								file_name   = "/secrets.json"
+								file_uid    = "0"
+								file_gid    = "0"
+								file_mode   = 0777
 							}
 
 							configs {
diff --git a/docker/structures_service.go b/docker/structures_service.go
index 18485f8b..788bae69 100644
--- a/docker/structures_service.go
+++ b/docker/structures_service.go
@@ -315,6 +315,13 @@ func flattenServiceSecrets(in []*swarm.SecretReference) *schema.Set {
 		}
 		if v.File != nil {
 			m["file_name"] = v.File.Name
+			if len(v.File.UID) > 0 {
+				m["file_uid"] = v.File.UID
+			}
+			if len(v.File.GID) > 0 {
+				m["file_gid"] = v.File.GID
+			}
+			m["file_mode"] = int(v.File.Mode)
 		}
 		out[i] = m
 	}
@@ -335,6 +342,13 @@ func flattenServiceConfigs(in []*swarm.ConfigReference) *schema.Set {
 		}
 		if v.File != nil {
 			m["file_name"] = v.File.Name
+			if len(v.File.UID) > 0 {
+				m["file_uid"] = v.File.UID
+			}
+			if len(v.File.GID) > 0 {
+				m["file_gid"] = v.File.GID
+			}
+			m["file_mode"] = int(v.File.Mode)
 		}
 		out[i] = m
 	}
diff --git a/website/docs/r/service.html.markdown b/website/docs/r/service.html.markdown
index 01e3be18..83c32b0f 100644
--- a/website/docs/r/service.html.markdown
+++ b/website/docs/r/service.html.markdown
@@ -147,6 +147,9 @@ resource "docker_service" "foo" {
           secret_id   = "${docker_secret.service_secret.id}"
           secret_name = "${docker_secret.service_secret.name}"
           file_name   = "/secrets.json"
+          file_uid    = "0"
+					file_gid    = "0"
+					file_mode   = 0777
         },
       ]
 
@@ -410,6 +413,9 @@ the extra mount mappings for the container. Each `secrets` block is a reference
 * `secret_id` - (Required, string) ConfigID represents the ID of the specific secret.
 * `secret_name` - (Optional, string) The name of the secret that this references, but internally it is just provided for lookup/display purposes
 * `file_name` - (Required, string) Represents the final filename in the filesystem. The specific target file that the secret data is written within the docker container, e.g. `/root/secret/secret.json`
+* `file_uid` - (Optional, string) Represents the file UID. Defaults: `0`
+* `file_gid` - (Optional, string) Represents the file GID. Defaults: `0`
+* `file_mode` - (Optional, int) Represents the FileMode of the file. Defaults: `0444`
 
 <a id="configs-1"></a>
 ### Configs
@@ -420,6 +426,9 @@ the extra mount mappings for the container. Each `configs` is a reference to a s
 * `config_id` - (Required, string) ConfigID represents the ID of the specific config.
 * `config_name` - (Optional, string) The name of the config that this references, but internally it is just provided for lookup/display purposes
 * `file_name` - (Required, string) Represents the final filename in the filesystem. The specific target file that the config data is written within the docker container, e.g. `/root/config/config.json`
+* `file_uid` - (Optional, string) Represents the file UID. Defaults: `0`
+* `file_gid` - (Optional, string) Represents the file GID. Defaults: `0`
+* `file_mode` - (Optional, int) Represents the FileMode of the file. Defaults: `0444`
 
 <!-- end task-container-spec -->