Add test and implementation for secret added after container has been created

The issue is that if a secret is added to the compose file, then it will not notice that containers have diverged since last run, because secrets are not part of the config_hash, which determines if the configuration of a service is the same or not. Signed-off-by: Henke Adolfsson <catears13@gmail.com>
2019-03-02 15:02:47 +01:00 · 2019-03-02 15:02:47 +01:00 · 76d0406fab
parent a1f3cb6d89
commit 76d0406fab
2 changed files with 43 additions and 0 deletions
--- a/compose/service.py
+++ b/compose/service.py
@ -685,6 +685,7 @@ class Service(object):
            'links': self.get_link_names(),
            'net': self.network_mode.id,
            'networks': self.networks,
+            'secrets': self.secrets,
            'volumes_from': [
                (v.source.name, v.mode)
                for v in self.volumes_from if isinstance(v.source, Service)
--- a/tests/integration/project_test.py
+++ b/tests/integration/project_test.py
@ -1496,6 +1496,48 @@ class ProjectTest(DockerClientTestCase):
        output = container.logs()
        assert output == b"This is the secret\n"

+    @v3_only()
+    def test_project_up_with_added_secrets(self):
+        node = create_host_file(self.client, os.path.abspath('tests/fixtures/secrets/default'))
+
+        config_data = build_config(
+            version=V3_1,
+            services=[{
+                'name': 'web',
+                'image': 'busybox:latest',
+                'command': 'cat /run/secrets/special',
+                # 'secrets': [
+                #     types.ServiceSecret.parse({'source': 'super', 'target': 'special'}),
+                # ],
+                'environment': ['constraint:node=={}'.format(node if node is not None else '*')]
+            }],
+            secrets={
+                'super': {
+                    'file': os.path.abspath('tests/fixtures/secrets/default'),
+                },
+            },
+        )
+
+        project = Project.from_config(
+            client=self.client,
+            name='composetest',
+            config_data=config_data,
+        )
+        project.up()
+        project.stop()
+        project.services[0].secrets = [
+            types.ServiceSecret.parse({'source': 'super', 'target': 'special'})
+        ]
+        project.up()
+        project.stop()
+
+        containers = project.containers(stopped=True)
+        assert len(containers) == 1
+        container, = containers
+
+        output = container.logs()
+        assert output == b"This is the secret\n"
+
    @v2_only()
    def test_initialize_volumes_invalid_volume_driver(self):
        vol_name = '{0:x}'.format(random.getrandbits(32))