Open mavogel opened 3 years ago
github-actions[bot]
commented
3 years ago This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
tomalok
commented
3 years ago To my knowledge this hasn't yet been addressed.
suzuki-shunsuke
commented
3 years ago I could reproduce the problem.
$ terraform version
Terraform v0.14.9
+ provider registry.terraform.io/kreuzwerker/docker v2.11.0terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.11.0"
}
}
}
provider "docker" {
}
resource "docker_service" "foo" {
name = "foo-service"
task_spec {
container_spec {
image = "nginx"
configs {
config_id = docker_config.service_config.id
config_name = docker_config.service_config.name
file_name = "/configs.json"
file_mode = "0440"
}
}
}
}
resource "docker_config" "service_config" {
name = "tftest-full-myconfig"
data = "ewogICJwcmVmaXgiOiAiMTIzIgp9"
}$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# docker_config.service_config will be created
+ resource "docker_config" "service_config" {
+ data = (sensitive value)
+ id = (known after apply)
+ name = "tftest-full-myconfig"
}
# docker_service.foo will be created
+ resource "docker_service" "foo" {
+ id = (known after apply)
+ name = "foo-service"
+ endpoint_spec {
+ mode = (known after apply)
+ ports {
+ name = (known after apply)
+ protocol = (known after apply)
+ publish_mode = (known after apply)
+ published_port = (known after apply)
+ target_port = (known after apply)
}
}
+ labels {
+ label = (known after apply)
+ value = (known after apply)
}
+ mode {
+ global = (known after apply)
+ replicated {
+ replicas = (known after apply)
}
}
+ task_spec {
+ force_update = (known after apply)
+ restart_policy = (known after apply)
+ runtime = (known after apply)
+ container_spec {
+ image = "nginx"
+ isolation = "default"
+ stop_grace_period = (known after apply)
+ configs {
+ config_id = (known after apply)
+ config_name = "tftest-full-myconfig"
+ file_gid = "0"
+ file_mode = 440
+ file_name = "/configs.json"
+ file_uid = "0"
}
+ dns_config {
+ nameservers = (known after apply)
+ options = (known after apply)
+ search = (known after apply)
}
+ healthcheck {
+ interval = (known after apply)
+ retries = (known after apply)
+ start_period = (known after apply)
+ test = (known after apply)
+ timeout = (known after apply)
}
}
+ placement {
+ constraints = (known after apply)
+ max_replicas = (known after apply)
+ prefs = (known after apply)
+ platforms {
+ architecture = (known after apply)
+ os = (known after apply)
}
}
+ resources {
+ limits {
+ memory_bytes = (known after apply)
+ nano_cpus = (known after apply)
+ generic_resources {
+ discrete_resources_spec = (known after apply)
+ named_resources_spec = (known after apply)
}
}
+ reservation {
+ memory_bytes = (known after apply)
+ nano_cpus = (known after apply)
+ generic_resources {
+ discrete_resources_spec = (known after apply)
+ named_resources_spec = (known after apply)
}
}
}
}
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
docker_config.service_config: Creating...
docker_config.service_config: Creation complete after 0s [id=oty559fret6tso86voqzbvn9w]
docker_service.foo: Creating...
docker_service.foo: Creation complete after 9s [id=1gsgmzsl31kv4ti046nz6l7is]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed. + configs {
+ config_id = (known after apply)
+ config_name = "tftest-full-myconfig"
+ file_gid = "0"
+ file_mode = 440
+ file_name = "/configs.json"
+ file_uid = "0"
}$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47da7f8c35a8 nginx:latest "/docker-entrypoint.…" 30 seconds ago Up 29 seconds 80/tcp foo-service.1.bx3u1h8z0c96q3z33qw1sukgy
$ docker exec 47da7f8c35a8 ls -lh /configs.json
-rw-rwx--- 1 root root 21 Mar 30 00:06 /configs.jsonThe permission of /configs.json is not 0440 but -rw-rwx--- (0670).
github-actions[bot]
commented
3 years ago This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
tomalok
commented
3 years ago confirmed that this is still broken with the latest terraform & latest docker provider...
jake@jimini mode % terraform version
Terraform v0.15.4
on darwin_amd64
+ provider registry.terraform.io/kreuzwerker/docker v2.12.2This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned.
This issue was originally opened by @tomalok as https://github.com/hashicorp/terraform-provider-docker/issues/247. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.
Terraform Version
Terraform v0.12.23provider.docker: version = "~> 2.7"(v2.7.0)Affected Resource(s)
Please list the resources as a list, for example:
docker_serviceTerraform Configuration Files
Plan Output
Expected Behavior
file_modeprobably should have remained a string "0440" or have been converted from octal to decimal.https://docs.docker.com/engine/reference/commandline/service_create/#create-a-service-with-secrets indicates that the secret's and config's
mode=value should be a 4-number sequence, and explicitly shows a leading0.Actual Behavior
The integer
440was used as thefile_modevalue, which corresponds to0670octal -- which is not the correct.It's also interesting to note that
file_gidandfile_uidget preserved as strings, butfile_modedoes not.Temporary Workaround
Using a decimal value (i.e.
288instead of0440) does the trick -- but this is counter-intuitive with the firmly-entrenched decades-old tradition of specifying mode in octal.