docker
/
docker-py
mirror of https://github.com/docker/docker-py.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for secrets in ContainerSpec 

Signed-off-by: Joffrey F <joffrey@docker.com>
This commit is contained in:
Joffrey F 2017-02-10 14:51:15 -08:00
parent 52bae3ca2c
commit d1038c422b
4 changed files with 43 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docker/models/services.py
View File

@ -109,6 +109,8 @@ class ServiceCollection(Collection):
the service to. Default: ``None``.
resources (Resources): Resource limits and reservations.
restart_policy (RestartPolicy): Restart policy for containers.
secrets (list of :py:class:`docker.types.SecretReference`): List
of secrets accessible to containers for this service.
stop_grace_period (int): Amount of time to wait for
containers to terminate before forcefully killing them.
update_config (UpdateConfig): Specification for the update strategy
@ -179,6 +181,7 @@ CONTAINER_SPEC_KWARGS = [
'labels',
'mounts',
'stop_grace_period',
'secrets',
]
# kwargs to copy straight over to TaskTemplate

2
docker/types/__init__.py
View File

@ -4,6 +4,6 @@ from .healthcheck import Healthcheck
from .networks import EndpointConfig, IPAMConfig, IPAMPool, NetworkingConfig
from .services import (
ContainerSpec, DriverConfig, EndpointSpec, Mount, Resources, RestartPolicy,
ServiceMode, TaskTemplate, UpdateConfig
SecretReference, ServiceMode, TaskTemplate, UpdateConfig
)
from .swarm import SwarmSpec, SwarmExternalCA

40
docker/types/services.py
View File

@ -2,7 +2,7 @@ import six
from .. import errors
from ..constants import IS_WINDOWS_PLATFORM
from ..utils import format_environment, split_command
from ..utils import check_resource, format_environment, split_command
class TaskTemplate(dict):
@ -79,9 +79,12 @@ class ContainerSpec(dict):
:py:class:`~docker.types.Mount` class for details.
stop_grace_period (int): Amount of time to wait for the container to
terminate before forcefully killing it.
secrets (list of py:class:`SecretReference`): List of secrets to be
made available inside the containers.
"""
def __init__(self, image, command=None, args=None, env=None, workdir=None,
user=None, labels=None, mounts=None, stop_grace_period=None):
user=None, labels=None, mounts=None, stop_grace_period=None,
secrets=None):
self['Image'] = image
if isinstance(command, six.string_types):
@ -109,6 +112,11 @@ class ContainerSpec(dict):
if stop_grace_period is not None:
self['StopGracePeriod'] = stop_grace_period
if secrets is not None:
if not isinstance(secrets, list):
raise TypeError('secrets must be a list')
self['Secrets'] = secrets
class Mount(dict):
"""
@ -410,3 +418,31 @@ class ServiceMode(dict):
if self.mode != 'replicated':
return None
return self['replicated'].get('Replicas')
class SecretReference(dict):
"""
Secret reference to be used as part of a :py:class:`ContainerSpec`.
Describes how a secret is made accessible inside the service's
containers.
Args:
secret_id (string): Secret's ID
secret_name (string): Secret's name as defined at its creation.
filename (string): Name of the file containing the secret. Defaults
to the secret's name if not specified.
uid (string): UID of the secret file's owner. Default: 0
gid (string): GID of the secret file's group. Default: 0
mode (int): File access mode inside the container. Default: 0o444
"""
@check_resource
def __init__(self, secret_id, secret_name, filename=None, uid=None,
gid=None, mode=0o444):
self['SecretName'] = secret_name
self['SecretID'] = secret_id
self['File'] = {
'Name': filename or secret_name,
'UID': uid or '0',
'GID': gid or '0',
'Mode': mode
}

2
docker/utils/decorators.py
View File

@ -16,7 +16,7 @@ def check_resource(f):
resource_id = resource_id.get('Id', resource_id.get('ID'))
if not resource_id:
raise errors.NullResource(
'image or container param is undefined'
'Resource ID was not provided'
)
return f(self, resource_id, *args, **kwargs)
return wrapped