From 76d0406fab3ee17bcd71afd98e05a5e6f2731ff4 Mon Sep 17 00:00:00 2001 From: Henke Adolfsson Date: Sat, 2 Mar 2019 15:02:47 +0100 Subject: [PATCH] Add test and implementation for secret added after container has been created The issue is that if a secret is added to the compose file, then it will not notice that containers have diverged since last run, because secrets are not part of the config_hash, which determines if the configuration of a service is the same or not. Signed-off-by: Henke Adolfsson --- compose/service.py | 1 + tests/integration/project_test.py | 42 +++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/compose/service.py b/compose/service.py index 0aaf3cf37..e989d4877 100644 --- a/compose/service.py +++ b/compose/service.py @@ -685,6 +685,7 @@ class Service(object): 'links': self.get_link_names(), 'net': self.network_mode.id, 'networks': self.networks, + 'secrets': self.secrets, 'volumes_from': [ (v.source.name, v.mode) for v in self.volumes_from if isinstance(v.source, Service) diff --git a/tests/integration/project_test.py b/tests/integration/project_test.py index 57f3b7074..c6949cdc9 100644 --- a/tests/integration/project_test.py +++ b/tests/integration/project_test.py @@ -1496,6 +1496,48 @@ class ProjectTest(DockerClientTestCase): output = container.logs() assert output == b"This is the secret\n" + @v3_only() + def test_project_up_with_added_secrets(self): + node = create_host_file(self.client, os.path.abspath('tests/fixtures/secrets/default')) + + config_data = build_config( + version=V3_1, + services=[{ + 'name': 'web', + 'image': 'busybox:latest', + 'command': 'cat /run/secrets/special', + # 'secrets': [ + # types.ServiceSecret.parse({'source': 'super', 'target': 'special'}), + # ], + 'environment': ['constraint:node=={}'.format(node if node is not None else '*')] + }], + secrets={ + 'super': { + 'file': os.path.abspath('tests/fixtures/secrets/default'), + }, + }, + ) + + project = Project.from_config( + client=self.client, + name='composetest', + config_data=config_data, + ) + project.up() + project.stop() + project.services[0].secrets = [ + types.ServiceSecret.parse({'source': 'super', 'target': 'special'}) + ] + project.up() + project.stop() + + containers = project.containers(stopped=True) + assert len(containers) == 1 + container, = containers + + output = container.logs() + assert output == b"This is the secret\n" + @v2_only() def test_initialize_volumes_invalid_volume_driver(self): vol_name = '{0:x}'.format(random.getrandbits(32))