908 - Adding configs/secrets to service inspect pretty#1006
908 - Adding configs/secrets to service inspect pretty#1006vdemeester merged 3 commits intodocker:masterfrom
Conversation
essamhassan
force-pushed
the
908_show_secrets_configs_srv_inspect
branch
from
055fdf1 to
3fbaa46
Compare
essamhassan
changed the title
essamhassan
changed the title
|
Thank you for working on this! I gave this a quick try, and think we can make some changes; here's what I tried: I created a service that uses the same secret (or config) twice, but using different target-directories in the container (also added two mounts using the same volume, and a network); $ docker service create \
--label foo=bar \
--label bar=baz \
--config src=my_config,target=/foo/config \
--config src=my_config,target=/bar/config \
--secret src=my_secret,target=/foo/secret \
--secret src=my_secret,target=/bar/secret \
--mount type=volume,src=foobar,target=/bax \
--mount type=volume,src=foobar,target=/baz \
--network testnet \
--name testie \
nginx:alpineInspecting that service with Which accurate, that probably doesn't show all the information that's useful. In JSON format, it becomes clear that the same secret is used in different locations inside the container (and possibly other differences, such as UID/GID and Mode): {
"Secrets": [
{
"File": {
"Name": "/foo/secret",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "w6is539aq4tscf2dbxnb56ui0",
"SecretName": "my_secret"
},
{
"File": {
"Name": "/bar/secret",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "w6is539aq4tscf2dbxnb56ui0",
"SecretName": "my_secret"
}
]
}Looking at how we present mounts (which can have the same situation: bind-mount a single host location to multiple locations inside the container); cli/cli/command/formatter/service.go Lines 94 to 99 in e98e95e The mounts of the service above would output; For networks (in "pretty" mode), I see we're not printing the What do you think? |
|
I also noticed that |
|
thank you for reviewing the pr
|
cli/command/service/inspect_test.go
Outdated
| func TestPrettyPrintWithConfigsAndSecrets(t *testing.T) { | ||
| s := formatServiceInspect(t, formatter.NewServiceFormat("pretty"), time.Now()) | ||
|
|
||
| if !strings.Contains(s, "Configs:") { |
There was a problem hiding this comment.
You can use gotestyourself Contains assertion here:
assert.Check(t, is.Contains(s, "Configs:"), "Pretty print missing configs")
assert.Check(t, is.Contains(s, "Secrets:"), "Pretty print missing secrets")There was a problem hiding this comment.
Wondering if we should use the .golden files for this @vdemeester ?
There was a problem hiding this comment.
Yes, most likely we could use golden package for it 👼
Can be done in a follow-up though 😉
Could you elaborate a bit on this? Open to suggestions, just not sure what you mean exactly with matching the json output. My interpretation is that (so far) the |
|
@thaJeztah I got you and I agree with that. I'm working on the changes and will push them asap. |
|
Thanks! |
essamhassan
force-pushed
the
908_show_secrets_configs_srv_inspect
branch
2 times, most recently
from
aba4952 to
48f4e2f
Compare
|
@thaJeztah changes pushed |
|
Looking good: |
|
So, one thing (bear with me) I'm thinking while looking at the output: should we group "attached" objects, and move |
|
Makes sense but I'd say if we are going to follow the same order as in the json output they should be after Mounts ID: x2l4mdjijqncfeebbq7zmz5tr
Name: testie
Service Mode: Replicated
Replicas: 1
Placement:
UpdateConfig:
Parallelism: 1
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Update order: stop-first
RollbackConfig:
Parallelism: 1
On failure: pause
Monitoring Period: 5s
Max failure ratio: 0
Rollback order: stop-first
ContainerSpec:
Image: nginx:alpine@sha256:3a44395131c5a9704417d19ab4c8d6cb104013659f5babb2f1c632e789588196
Labels:
bar=baz
foo=bar
Mounts:
Target = /bax
Source = foobar
ReadOnly = false
Type = volume
Target = /baz
Source = foobar
ReadOnly = false
Type = volume
Configs:
Target: /bar/config
Source: my_config
Target: /foo/config
Source: my_config
Secrets:
Target: /foo/secret
Source: my_secret
Target: /bar/secret
Source: my_secret
Resources:
Networks: testnet
Endpoint Mode: vip |
|
Ah! Definitely ok with me to move after mounts |
essamhassan
force-pushed
the
908_show_secrets_configs_srv_inspect
branch
from
48f4e2f to
8238644
Compare
Signed-off-by: Essam A. Hassan <es.hassan187@gmail.com>
Signed-off-by: Essam A. Hassan <es.hassan187@gmail.com>
Signed-off-by: Essam A. Hassan <es.hassan187@gmail.com>
|
@thaJeztah changes pushed |
thaJeztah
left a comment
thaJeztah
left a comment
There was a problem hiding this comment.
LGTM, thank you!
ping @vdemeester @silvin-lubecki PTAL
5 participants
Signed-off-by: Essam A. Hassan es.hassan187@gmail.com
- What I did
Resolving #908 showing info about configs/secrets in docker service inspect --pretty version
- How I did it
1- methods to get configs and secrets
2- adding configs/secrets to the template if they exists
- How to verify it
docker config create configtest.confdocker secret create secrettest.confdocker service create -d \ --config source=foo.conf,target=/foo.conf,uid=123,gid=456 \ --secret source=secret.conf,target=/secret.conf,uid=234,gid=567 \ --replicas 1 \ --name myservice \ nginx:alpineOutput should be
ID: v6hlue5d5g0yhethbsxwsuvgp #other id Name: myservice Configs: Target: /foo.conf Source: foo.conf Secrets: Target: /secret.conf Source: secret.conf Service Mode: Replicated Replicas: 1 Placement: UpdateConfig: Parallelism: 1 On failure: pause Monitoring Period: 5s Max failure ratio: 0 Update order: stop-first RollbackConfig: Parallelism: 1 On failure: pause Monitoring Period: 5s Max failure ratio: 0 Rollback order: stop-first ContainerSpec: Image: nginx:alpine@sha256:89f15d9cbad18d54fe49acc79b24199a05b4b1c48294ce4516393bdd2bc714b2 Resources: Endpoint Mode: vip- Description for the changelog
adding configs/secrets to service inspect pretty
- A picture of a cute animal (not mandatory but encouraged)
Very important cat!
