Add API documentation for plugable secret backends

[thaJeztah]

Documents the API changes introduced in

0304c98 (#34157) and 08f7cf0 (#34123)

- What I did

- How I did it

- How to verify it

run make swagger-docs and visit http://localhost:9000 to view the docs

ping @liron-l @cpuguy83 @vdemeester PTAL

[tophj-ibm]

janky failure looks related.

09:58:42 - The swagger spec at "api/swagger.yaml" is invalid against swagger specification 2.0. see errors :
09:58:42 - "Data" is present in required but not defined as property in definition "Driver"
09:58:42 - /secrets/{id}.Spec.Driver.Data in body is required

Q: I haven't looked at the swagger.yaml before, but I'm guessing Data is supposed to Options here, which is based off

moby/api/types/swarm/common.go

Line 23 in 0304c98

// Driver represents a driver (network, logging).

right?

[thaJeztah]

oh, hm, looks like I may have copy/pasted the Data yes thanks, I'll check

[thaJeztah]

Don't think Data / Options is required here, so I'll remove

[thaJeztah]

ping @liron-l @cpuguy83 @vdemeester PTAL

[liron-l]

Consider
description: "key/value map of driver specific options." (same as DriverConfig.Options)

[liron-l]

diver-specific -> driver-specific (here and below)

[thaJeztah]

Good catch :)

[liron-l]

LGTM @thaJeztah, left some minor comments inline.

[thaJeztah]

@liron-l thanks, I updated.

Question: do you know;

• What are the name restrictions on Secrets drivers? (e.g., only a-zA-Z0-9_.-)
• Is there a maximum length?
• Are Secrets driver names case-sensitive?
• If none of the above; can we add such validation? (We've been bitten by people relying on no restrictions being there, and once we wanted to add validation, it was a breaking change)

TL;DR I'd like to document what are acceptable values for the Name field :)

[liron-l]

Thanks @thaJeztah.
Technically, the restrictions should be on the secrets plugin name, since the driver name is only a reference to the name of the plugin. Also, we should enforce that the specified secret's plugin exist as part of the docker secret create flow (and then we don't need additional name validation).

Finally, if we do add such restrictions on the name, I know that plguins names need to have versioning support (:).
@cpuguy83 does this makes sense?

[thaJeztah]

Ah, right, yes, these are managed plugins (installed through docker plugin install)? (sorry, I may be slow, ha!) in that case, we should probably be covered here (can add some information in future)

[liron-l]

Yes, @thaJeztah, secret plugins are managed plugins. We will add dedicated documentation and examples after all relevant commits are merged.
docker/cli#366
moby/swarmkit#2326

[dnephin]

This formatting seems wrong. I think there's a key missing here on the newline?

[thaJeztah]

oh, this is odd, yes, definitely should be fixed 👍

[dnephin]

Hmm, we should probably have two different types then. One without this field. Since this already exited we can wait for another PR

[thaJeztah]

Yes; while working on these changes in the Swagger, I found other types that are reused and don't make sense

I think this is an "omitempty" (so in practice it's not there), but yes, probably should have a separate type

[thaJeztah]

FWIW I changed this from an array to just string; I guess this was because in go it's a []byte

[thaJeztah]

@dnephin updated PTAL

[dnephin]

LGTM

[vdemeester]

LGTM 🐸