Allow using Configs as CredentialSpecs #2771
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Gonna rework this PR with Configs instead of secrets, but otherwise it's exactly the same. |
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
a66aa6f
to
d118b04
Compare
dperny
changed the title
|
Changed this PR from Secrets to Configs, because the information in a CredentialSpec isn't secret. |
wk8
approved these changes
Nov 2, 2018
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
d118b04
to
757a237
Compare
anshulpundir
approved these changes
Jan 3, 2019
| // container, but is used for some other purpose by the container runtime. | ||
| // | ||
| // Currently, RuntimeTarget has no fields; it's just a placeholder. | ||
| message RuntimeTarget {} |
There was a problem hiding this comment.
Whats the motivation to use a struct and not a bool? Please add that to the comments.
There was a problem hiding this comment.
Struct because it's part of oneof target in the ConfigReference, where it is contrast with FileTarget. Additionally, if we want to put more information in this field in the future, we can do so; if we use a boolean, we'll have a bad API if we ever need to add info.
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
757a237
to
6025954
Compare
|
Rebased, gonna see if CI goes green |
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
6025954
to
54f3d5e
Compare
Adds support for passing a config ID as the CredentialSpec source. Also lays the groundwork for future uses of secrets and configs in places other than mounted into the container. Signed-off-by: Drew Erny <drew.erny@docker.com>
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
54f3d5e
to
5432b8a
Compare
|
Continuous disintegration |
Signed-off-by: Drew Erny <drew.erny@docker.com>
dperny
force-pushed
the
gmsa-support-with-secretreference
branch
from
a638d4f
to
be26111
Compare
Codecov Report
@@ Coverage Diff @@
## master #2771 +/- ##
==========================================
+ Coverage 61.92% 61.98% +0.06%
==========================================
Files 137 137
Lines 22144 22144
==========================================
+ Hits 13712 13726 +14
+ Misses 6956 6940 -16
- Partials 1476 1478 +2 |
|
This is the first time this PR has gone green @anshulpundir |
This was referenced Feb 1, 2019
thaJeztah
reviewed
Feb 1, 2019
This was referenced Sep 25, 2019
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Oct 9, 2019
…v18.09) full diff: moby/swarmkit@142a737...5c86095 - moby/swarmkit#2892 [18.09 backport] Remove hardcoded IPAM config subnet value for ingress network - backport of moby/swarmkit#2890 Remove hardcoded IPAM config subnet value for ingress network - fixes [ENGORC-2651](https://docker.atlassian.net/browse/ENGORC-2651) - moby/swarmkit#2836 [18.09 backport] Switch to go 1.11 - backport of moby/swarmkit#2752 Switch to go 1.11 - moby/swarmkit#2901 [18.09 backport] Bump to golang 1.12.9 - backport of moby/swarmkit#2880 Bump to golang 1.12.9 - moby/swarmkit#2900 [18.09 backport] Fix update out of sequence and increase max recv gRPC message size for nodes and secrets - backport of moby/swarmkit#2762 Increased wait time on test utils WaitForCluster and WatchTaskCreate - backport of moby/swarmkit#2771 Allow using Configs as CredentialSpecs - **second commit only** (attempt to fix weirdly broken tests) - backport of moby/swarmkit#2808 Fix flaky tests - backport of moby/swarmkit#2866 Swap gometalinter for golangci-lint - backport of moby/swarmkit#2869 Increase max recv gRPC message size to initialize connection broker - related / similar to moby#38103 / docker-archive#102 cluster: set bigger grpc limit for array requests - related / similar to moby#39306 Increase max recv gRPC message size for nodes and secrets - fixes moby/swarmkit#2733 Error generated when messages size is too big - backport of moby/swarmkit#2870 Fix update out of sequence Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Oct 23, 2019
…v18.09) full diff: moby/swarmkit@142a737...5c86095 - moby/swarmkit#2892 [18.09 backport] Remove hardcoded IPAM config subnet value for ingress network - backport of moby/swarmkit#2890 Remove hardcoded IPAM config subnet value for ingress network - fixes [ENGORC-2651](https://docker.atlassian.net/browse/ENGORC-2651) - moby/swarmkit#2836 [18.09 backport] Switch to go 1.11 - backport of moby/swarmkit#2752 Switch to go 1.11 - moby/swarmkit#2901 [18.09 backport] Bump to golang 1.12.9 - backport of moby/swarmkit#2880 Bump to golang 1.12.9 - moby/swarmkit#2900 [18.09 backport] Fix update out of sequence and increase max recv gRPC message size for nodes and secrets - backport of moby/swarmkit#2762 Increased wait time on test utils WaitForCluster and WatchTaskCreate - backport of moby/swarmkit#2771 Allow using Configs as CredentialSpecs - **second commit only** (attempt to fix weirdly broken tests) - backport of moby/swarmkit#2808 Fix flaky tests - backport of moby/swarmkit#2866 Swap gometalinter for golangci-lint - backport of moby/swarmkit#2869 Increase max recv gRPC message size to initialize connection broker - related / similar to moby/moby#38103 / docker-archive/engine#102 cluster: set bigger grpc limit for array requests - related / similar to moby/moby#39306 Increase max recv gRPC message size for nodes and secrets - fixes moby/swarmkit#2733 Error generated when messages size is too big - backport of moby/swarmkit#2870 Fix update out of sequence Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: e06f07ef337ab890f211397d6b408b75a2512dc5 Component: engine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Adds support for passing a secret ID as the CredentialSpec source. Also lays the groundwork for future uses of Secrets in places other than mounted into the container.
- How I did it
Added a new Target type for Secrets. In addition to the existing FileTarget, there is now a RuntimeTarget, which allows using Secrets for the container runtime, but not mounting them into the container. This allows us to send down a Secret to use as a CredentialSpec. Additionally, the same RuntimeTarget could be used, for example, to pass registry credentials, with future work."
Will require an accompanying change in the engine to work.
- How to test it
Includes automated unit tests.
- Description for the changelog
Support distributing Secrets to use as CredentialSpecs.