Open mavogel opened 3 years ago
This issue is stale because it has been open 60 days with no activity.
Remove stale
label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned
.
To my knowledge this hasn't yet been addressed.
I could reproduce the problem.
$ terraform version
Terraform v0.14.9
+ provider registry.terraform.io/kreuzwerker/docker v2.11.0
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "2.11.0"
}
}
}
provider "docker" {
}
resource "docker_service" "foo" {
name = "foo-service"
task_spec {
container_spec {
image = "nginx"
configs {
config_id = docker_config.service_config.id
config_name = docker_config.service_config.name
file_name = "/configs.json"
file_mode = "0440"
}
}
}
}
resource "docker_config" "service_config" {
name = "tftest-full-myconfig"
data = "ewogICJwcmVmaXgiOiAiMTIzIgp9"
}
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# docker_config.service_config will be created
+ resource "docker_config" "service_config" {
+ data = (sensitive value)
+ id = (known after apply)
+ name = "tftest-full-myconfig"
}
# docker_service.foo will be created
+ resource "docker_service" "foo" {
+ id = (known after apply)
+ name = "foo-service"
+ endpoint_spec {
+ mode = (known after apply)
+ ports {
+ name = (known after apply)
+ protocol = (known after apply)
+ publish_mode = (known after apply)
+ published_port = (known after apply)
+ target_port = (known after apply)
}
}
+ labels {
+ label = (known after apply)
+ value = (known after apply)
}
+ mode {
+ global = (known after apply)
+ replicated {
+ replicas = (known after apply)
}
}
+ task_spec {
+ force_update = (known after apply)
+ restart_policy = (known after apply)
+ runtime = (known after apply)
+ container_spec {
+ image = "nginx"
+ isolation = "default"
+ stop_grace_period = (known after apply)
+ configs {
+ config_id = (known after apply)
+ config_name = "tftest-full-myconfig"
+ file_gid = "0"
+ file_mode = 440
+ file_name = "/configs.json"
+ file_uid = "0"
}
+ dns_config {
+ nameservers = (known after apply)
+ options = (known after apply)
+ search = (known after apply)
}
+ healthcheck {
+ interval = (known after apply)
+ retries = (known after apply)
+ start_period = (known after apply)
+ test = (known after apply)
+ timeout = (known after apply)
}
}
+ placement {
+ constraints = (known after apply)
+ max_replicas = (known after apply)
+ prefs = (known after apply)
+ platforms {
+ architecture = (known after apply)
+ os = (known after apply)
}
}
+ resources {
+ limits {
+ memory_bytes = (known after apply)
+ nano_cpus = (known after apply)
+ generic_resources {
+ discrete_resources_spec = (known after apply)
+ named_resources_spec = (known after apply)
}
}
+ reservation {
+ memory_bytes = (known after apply)
+ nano_cpus = (known after apply)
+ generic_resources {
+ discrete_resources_spec = (known after apply)
+ named_resources_spec = (known after apply)
}
}
}
}
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
docker_config.service_config: Creating...
docker_config.service_config: Creation complete after 0s [id=oty559fret6tso86voqzbvn9w]
docker_service.foo: Creating...
docker_service.foo: Creation complete after 9s [id=1gsgmzsl31kv4ti046nz6l7is]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
+ configs {
+ config_id = (known after apply)
+ config_name = "tftest-full-myconfig"
+ file_gid = "0"
+ file_mode = 440
+ file_name = "/configs.json"
+ file_uid = "0"
}
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47da7f8c35a8 nginx:latest "/docker-entrypoint.…" 30 seconds ago Up 29 seconds 80/tcp foo-service.1.bx3u1h8z0c96q3z33qw1sukgy
$ docker exec 47da7f8c35a8 ls -lh /configs.json
-rw-rwx--- 1 root root 21 Mar 30 00:06 /configs.json
The permission of /configs.json
is not 0440
but -rw-rwx---
(0670).
This issue is stale because it has been open 60 days with no activity.
Remove stale
label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned
.
confirmed that this is still broken with the latest terraform & latest docker provider...
jake@jimini mode % terraform version
Terraform v0.15.4
on darwin_amd64
+ provider registry.terraform.io/kreuzwerker/docker v2.12.2
This issue is stale because it has been open 60 days with no activity.
Remove stale
label or comment or this will be closed in 7 days.
If you don't want this issue to be closed, please set the label pinned
.
This issue was originally opened by @tomalok as https://github.com/hashicorp/terraform-provider-docker/issues/247. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.
Terraform Version
Terraform v0.12.23
provider.docker: version = "~> 2.7"
(v2.7.0)Affected Resource(s)
Please list the resources as a list, for example:
docker_service
Terraform Configuration Files
Plan Output
Expected Behavior
file_mode
probably should have remained a string "0440" or have been converted from octal to decimal.https://docs.docker.com/engine/reference/commandline/service_create/#create-a-service-with-secrets indicates that the secret's and config's
mode=
value should be a 4-number sequence, and explicitly shows a leading0
.Actual Behavior
The integer
440
was used as thefile_mode
value, which corresponds to0670
octal -- which is not the correct.It's also interesting to note that
file_gid
andfile_uid
get preserved as strings, butfile_mode
does not.Temporary Workaround
Using a decimal value (i.e.
288
instead of0440
) does the trick -- but this is counter-intuitive with the firmly-entrenched decades-old tradition of specifying mode in octal.