mirror of https://github.com/docker/cli.git
Test and fix external secrets in stack deploy.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
This commit is contained in:
parent
4a1c23bc26
commit
682d75fa3f
|
@ -31,7 +31,7 @@ func Services(
|
||||||
|
|
||||||
for _, service := range services {
|
for _, service := range services {
|
||||||
|
|
||||||
secrets, err := convertServiceSecrets(client, namespace, service.Secrets)
|
secrets, err := convertServiceSecrets(client, namespace, service.Secrets, config.Secrets)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -181,6 +181,7 @@ func convertServiceSecrets(
|
||||||
client client.SecretAPIClient,
|
client client.SecretAPIClient,
|
||||||
namespace Namespace,
|
namespace Namespace,
|
||||||
secrets []composetypes.ServiceSecretConfig,
|
secrets []composetypes.ServiceSecretConfig,
|
||||||
|
secretSpecs map[string]composetypes.SecretConfig,
|
||||||
) ([]*swarm.SecretReference, error) {
|
) ([]*swarm.SecretReference, error) {
|
||||||
opts := []*types.SecretRequestOption{}
|
opts := []*types.SecretRequestOption{}
|
||||||
for _, secret := range secrets {
|
for _, secret := range secrets {
|
||||||
|
@ -188,8 +189,15 @@ func convertServiceSecrets(
|
||||||
if target == "" {
|
if target == "" {
|
||||||
target = secret.Source
|
target = secret.Source
|
||||||
}
|
}
|
||||||
|
|
||||||
|
source := namespace.Scope(secret.Source)
|
||||||
|
secretSpec := secretSpecs[secret.Source]
|
||||||
|
if secretSpec.External.External {
|
||||||
|
source = secretSpec.External.Name
|
||||||
|
}
|
||||||
|
|
||||||
opts = append(opts, &types.SecretRequestOption{
|
opts = append(opts, &types.SecretRequestOption{
|
||||||
Source: namespace.Scope(secret.Source),
|
Source: source,
|
||||||
Target: target,
|
Target: target,
|
||||||
UID: secret.UID,
|
UID: secret.UID,
|
||||||
GID: secret.GID,
|
GID: secret.GID,
|
||||||
|
|
|
@ -422,8 +422,7 @@ func loadVolumes(source types.Dict) (map[string]types.VolumeConfig, error) {
|
||||||
// TODO: remove duplicate with networks/volumes
|
// TODO: remove duplicate with networks/volumes
|
||||||
func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
|
func loadSecrets(source types.Dict, workingDir string) (map[string]types.SecretConfig, error) {
|
||||||
secrets := make(map[string]types.SecretConfig)
|
secrets := make(map[string]types.SecretConfig)
|
||||||
err := transform(source, &secrets)
|
if err := transform(source, &secrets); err != nil {
|
||||||
if err != nil {
|
|
||||||
return secrets, err
|
return secrets, err
|
||||||
}
|
}
|
||||||
for name, secret := range secrets {
|
for name, secret := range secrets {
|
||||||
|
|
Loading…
Reference in New Issue