search

hashicorp / terraform-provider-docker

As part of our introduction to self-service publishing in the Terraform Registry, this copy of the provider has been archived, and ownership has been transferred to active maintainers in the community. Please see the new location on the Terraform Registry: https://registry.terraform.io/providers/kreuzwerker/docker/latest
https://registry.terraform.io/providers/kreuzwerker/docker/latest
Mozilla Public License 2.0
132 stars 91 forks source link

service secret/config file_mode interpreted as decimal instead of octal #247

Open tomalok opened 4 years ago

tomalok commented 4 years ago

Terraform Version

Terraform v0.12.23 provider.docker: version = "~> 2.7" (v2.7.0)

Affected Resource(s)

Please list the resources as a list, for example:

Terraform Configuration Files

resource "docker_service "foo" {
  ...
  task_spec {
    ...
    container_spec {
      secrets {
        secret_id =
          secret_id   = "..."
          secret_name = "foo_pw__1"
          file_name   = "/run/secrets/foo_pw"
          file_uid    = "100"
          file_gid    = "101"
          file_mode   = "0440"
      }
    }
  }
}

Plan Output

                secrets {
                    file_gid    = "101"
                    file_mode   = 440
                    file_name   = "/run/secrets/foo_pw"
                    file_uid    = "100"
                    secret_id   = "..."
                    secret_name = "foo_pw__1"
                }

Expected Behavior

file_mode probably should have remained a string "0440" or have been converted from octal to decimal.

https://docs.docker.com/engine/reference/commandline/service_create/#create-a-service-with-secrets indicates that the secret's and config's mode= value should be a 4-number sequence, and explicitly shows a leading 0.

Actual Behavior

The integer 440 was used as the file_mode value, which corresponds to 0670 octal -- which is not the correct.

It's also interesting to note that file_gid and file_uid get preserved as strings, but file_mode does not.

Temporary Workaround

Using a decimal value (i.e. 288 instead of 0440) does the trick -- but this is counter-intuitive with the firmly-entrenched decades-old tradition of specifying mode in octal.

tomalok commented 4 years ago

@mavogel - the solution to this bug may be similar to #223 - if we can simply pass the string and let the docker engine do the right thing.