use set-defautls to manage secrets default mount target

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
compose-spec · Feb 6, 2024 · 20c0997 · 20c0997
1 parent 2539b8e
commit 20c0997
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 4 deletions.
diff --git a/loader/full-example.yml b/loader/full-example.yml
@@ -26,7 +26,8 @@ services:
       additional_contexts:
         foo: ./bar
       secrets:
-        - secret1
+        - source: secret1
+          target: /run/secrets/secret1
         - source: secret2
           target: my_secret
           uid: '103'
@@ -257,7 +258,8 @@ services:
     restart: always
 
     secrets:
-      - secret1
+      - source: secret1
+        target: /run/secrets/secret1
       - source: secret2
         target: my_secret
         uid: '103'

diff --git a/loader/full-struct_test.go b/loader/full-struct_test.go
@@ -65,6 +65,7 @@ func services(workingDir, homeDir string) types.Services {
 				Secrets: []types.ServiceSecretConfig{
 					{
 						Source: "secret1",
+						Target: "/run/secrets/secret1",
 					},
 					{
 						Source: "secret2",
@@ -396,6 +397,7 @@ func services(workingDir, homeDir string) types.Services {
 			Secrets: []types.ServiceSecretConfig{
 				{
 					Source: "secret1",
+					Target: "/run/secrets/secret1",
 				},
 				{
 					Source: "secret2",
@@ -627,6 +629,7 @@ services:
       target: foo
       secrets:
         - source: secret1
+          target: /run/secrets/secret1
         - source: secret2
           target: my_secret
           uid: "103"
@@ -885,6 +888,7 @@ services:
     restart: always
     secrets:
       - source: secret1
+        target: /run/secrets/secret1
       - source: secret2
         target: my_secret
         uid: "103"
@@ -1180,7 +1184,8 @@ func fullExampleJSON(workingDir, homeDir string) string {
         "target": "foo",
         "secrets": [
           {
-            "source": "secret1"
+            "source": "secret1",
+            "target": "/run/secrets/secret1"
           },
           {
             "source": "secret2",
@@ -1544,7 +1549,8 @@ func fullExampleJSON(workingDir, homeDir string) string {
       "restart": "always",
       "secrets": [
         {
-          "source": "secret1"
+          "source": "secret1",
+          "target": "/run/secrets/secret1"
         },
         {
           "source": "secret2",

diff --git a/loader/loader_test.go b/loader/loader_test.go
@@ -828,6 +828,7 @@ networks:
 				Secrets: []types.ServiceSecretConfig{
 					{
 						Source: "super",
+						Target: "/run/secrets/super",
 						Mode:   uint32Ptr(555),
 					},
 				},
@@ -1842,6 +1843,7 @@ secrets:
 				Secrets: []types.ServiceSecretConfig{
 					{
 						Source: "secret",
+						Target: "/run/secrets/secret",
 					},
 				},
 			},
@@ -1911,6 +1913,7 @@ secrets:
 				Secrets: []types.ServiceSecretConfig{
 					{
 						Source: "secret",
+						Target: "/run/secrets/secret",
 					},
 				},
 			},

diff --git a/transform/defaults.go b/transform/defaults.go
@@ -24,6 +24,7 @@ var defaultValues = map[tree.Path]transformFunc{}
 
 func init() {
 	defaultValues["services.*.build"] = defaultBuildContext
+	defaultValues["services.*.secrets.*"] = defaultSecretMount
 }
 
 // SetDefaultValues transforms a compose model to set default values to missing attributes

diff --git a/transform/secrets.go b/transform/secrets.go
@@ -34,3 +34,16 @@ func transformFileMount(data any, p tree.Path) (any, error) {
 		return nil, fmt.Errorf("%s: unsupported type %T", p, data)
 	}
 }
+
+func defaultSecretMount(data any, p tree.Path) (any, error) {
+	switch v := data.(type) {
+	case map[string]any:
+		source := v["source"]
+		if _, ok := v["target"]; !ok {
+			v["target"] = fmt.Sprintf("/run/secrets/%s", source)
+		}
+		return v, nil
+	default:
+		return nil, fmt.Errorf("%s: unsupported type %T", p, data)
+	}
+}