Skip to content

Commit 30f8960

Browse files
andoksandoks
committed
Add support for configs.file's and secrets.file's on remote docker hosts
Copy configs.file's and secrets.file's instead of bind-mounting them to make it possible to use file configs when working with remote docker hosts (like setting DOCKER_HOST to a ssh address or setting docker context) Includes support for config.files and secrets.files as directories. Note that file.Content as source of secrets is denied elsewhere with the error "validating docker-compose.yml: secrets.content_secret Additional property content is not allowed" implements: docker#11867
1 parent 517f87a commit 30f8960

File tree

2 files changed

+156
-176
lines changed

2 files changed

+156
-176
lines changed

pkg/compose/create.go

-128
Original file line numberDiff line numberDiff line change
@@ -941,137 +941,9 @@ func fillBindMounts(p types.Project, s types.ServiceConfig, m map[string]mount.M
941941
m[bindMount.Target] = bindMount
942942
}
943943

944-
secrets, err := buildContainerSecretMounts(p, s)
945-
if err != nil {
946-
return nil, err
947-
}
948-
for _, s := range secrets {
949-
if _, found := m[s.Target]; found {
950-
continue
951-
}
952-
m[s.Target] = s
953-
}
954-
955-
configs, err := buildContainerConfigMounts(p, s)
956-
if err != nil {
957-
return nil, err
958-
}
959-
for _, c := range configs {
960-
if _, found := m[c.Target]; found {
961-
continue
962-
}
963-
m[c.Target] = c
964-
}
965944
return m, nil
966945
}
967946

968-
func buildContainerConfigMounts(p types.Project, s types.ServiceConfig) ([]mount.Mount, error) {
969-
var mounts = map[string]mount.Mount{}
970-
971-
configsBaseDir := "/"
972-
for _, config := range s.Configs {
973-
target := config.Target
974-
if config.Target == "" {
975-
target = configsBaseDir + config.Source
976-
} else if !isAbsTarget(config.Target) {
977-
target = configsBaseDir + config.Target
978-
}
979-
980-
definedConfig := p.Configs[config.Source]
981-
if definedConfig.External {
982-
return nil, fmt.Errorf("unsupported external config %s", definedConfig.Name)
983-
}
984-
985-
if definedConfig.Driver != "" {
986-
return nil, errors.New("Docker Compose does not support configs.*.driver")
987-
}
988-
if definedConfig.TemplateDriver != "" {
989-
return nil, errors.New("Docker Compose does not support configs.*.template_driver")
990-
}
991-
992-
if definedConfig.Environment != "" || definedConfig.Content != "" {
993-
continue
994-
}
995-
996-
if config.UID != "" || config.GID != "" || config.Mode != nil {
997-
logrus.Warn("config `uid`, `gid` and `mode` are not supported, they will be ignored")
998-
}
999-
1000-
bindMount, err := buildMount(p, types.ServiceVolumeConfig{
1001-
Type: types.VolumeTypeBind,
1002-
Source: definedConfig.File,
1003-
Target: target,
1004-
ReadOnly: true,
1005-
})
1006-
if err != nil {
1007-
return nil, err
1008-
}
1009-
mounts[target] = bindMount
1010-
}
1011-
values := make([]mount.Mount, 0, len(mounts))
1012-
for _, v := range mounts {
1013-
values = append(values, v)
1014-
}
1015-
return values, nil
1016-
}
1017-
1018-
func buildContainerSecretMounts(p types.Project, s types.ServiceConfig) ([]mount.Mount, error) {
1019-
var mounts = map[string]mount.Mount{}
1020-
1021-
secretsDir := "/run/secrets/"
1022-
for _, secret := range s.Secrets {
1023-
target := secret.Target
1024-
if secret.Target == "" {
1025-
target = secretsDir + secret.Source
1026-
} else if !isAbsTarget(secret.Target) {
1027-
target = secretsDir + secret.Target
1028-
}
1029-
1030-
definedSecret := p.Secrets[secret.Source]
1031-
if definedSecret.External {
1032-
return nil, fmt.Errorf("unsupported external secret %s", definedSecret.Name)
1033-
}
1034-
1035-
if definedSecret.Driver != "" {
1036-
return nil, errors.New("Docker Compose does not support secrets.*.driver")
1037-
}
1038-
if definedSecret.TemplateDriver != "" {
1039-
return nil, errors.New("Docker Compose does not support secrets.*.template_driver")
1040-
}
1041-
1042-
if definedSecret.Environment != "" {
1043-
continue
1044-
}
1045-
1046-
if secret.UID != "" || secret.GID != "" || secret.Mode != nil {
1047-
logrus.Warn("secrets `uid`, `gid` and `mode` are not supported, they will be ignored")
1048-
}
1049-
1050-
if _, err := os.Stat(definedSecret.File); os.IsNotExist(err) {
1051-
logrus.Warnf("secret file %s does not exist", definedSecret.Name)
1052-
}
1053-
1054-
mnt, err := buildMount(p, types.ServiceVolumeConfig{
1055-
Type: types.VolumeTypeBind,
1056-
Source: definedSecret.File,
1057-
Target: target,
1058-
ReadOnly: true,
1059-
Bind: &types.ServiceVolumeBind{
1060-
CreateHostPath: false,
1061-
},
1062-
})
1063-
if err != nil {
1064-
return nil, err
1065-
}
1066-
mounts[target] = mnt
1067-
}
1068-
values := make([]mount.Mount, 0, len(mounts))
1069-
for _, v := range mounts {
1070-
values = append(values, v)
1071-
}
1072-
return values, nil
1073-
}
1074-
1075947
func isAbsTarget(p string) bool {
1076948
return isUnixAbs(p) || isWindowsAbs(p)
1077949
}

0 commit comments

Comments
 (0)