Skip to content

Commit

Permalink
adding in docker secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
Dave Try committed Sep 4, 2017
1 parent be2ec7f commit 42000df
Show file tree
Hide file tree
Showing 3 changed files with 110 additions and 0 deletions.
35 changes: 35 additions & 0 deletions lib/puppet/parser/functions/docker_secrets_flags.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
require 'shellwords'

module Puppet::Parser::Functions
# Transforms a hash into a string of docker swarm init flags
newfunction(:docker_secrets_flags, :type => :rvalue) do |args|
opts = args[0] || {}
flags = []

if opts['ensure'].to_s == 'present'
flags << 'create'
end

if opts['secret_name'].to_s != 'undef'
flags << "'#{opts['secret_name']}'"
end

if opts['secret_path'].to_s != 'undef'
flags << "'#{opts['secret_path']}'"
end

multi_flags = lambda { |values, format|
filtered = [values].flatten.compact
filtered.map { |val| sprintf(format + " \\\n", val) }
}
[
['-l %s', 'label']
].each do |(format, key)|
values = opts[key]
new_flags = multi_flags.call(values, format)
flags.concat(new_flags)
end

flags.flatten.join(" ")
end
end
45 changes: 45 additions & 0 deletions manifests/secrets.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
define docker::secrets (

$ensure = 'present',
$label = [],
$secret_name = undef,
$secret_path = undef,
){
include docker::params

$docker_command = "${docker::params::docker_command} secret"
validate_re($ensure, '^(present|absent)$')
validate_string($docker_command)
validate_string($secret_name)
validate_string($secret_path)
validate_array($label)



if $ensure == 'present'{
$docker_secrets_flags = docker_secrets_flags ({
ensure => $ensure,
label => $label,
secret_name => $secret_name,
secret_path => $secret_path,
})

$exec_secret = "${docker_command} ${docker_secrets_flags}"
$unless_secret = "${docker_command} inspect ${secret_name}"

exec { 'docker secret create':
command => $exec_secret,
unless => $unless_secret,
path => ['/bin', '/usr/bin'],
}
}

if $ensure == 'absent'{

exec { 'docker secret rm':
command => "${docker_command} rm ${secret_name}",
onlyif => "${docker_command} inspect ${secret_name}",
path => ['/bin', '/usr/bin'],
}
}
}
30 changes: 30 additions & 0 deletions spec/defines/secrets_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
require 'spec_helper'

describe 'docker::secrets', :type => :define do
let(:title) { 'test_secret' }
let(:facts) { {
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:lsbdistid => 'Debian',
:lsbdistcodename => 'jessie',
:kernelrelease => '3.2.0-4-amd64',
:operatingsystemmajrelease => '8',
} }

context 'with secret_name => test_secret and secret_path => /root/secret.txt and label => test' do
let(:params) { {
'secret_name' => 'test_secret',
'secret_path' => '/root/secret.txt',
'label' => ['test'],
} }
it { should contain_exec('docker secret create').with_command(/docker secret create/) }
end

context 'with ensure => absent and secret_name => test_secret' do
let(:params) { {
'ensure' => 'absent',
'secret_name' => 'test_secret'} }
it { should contain_exec('docker secret rm').with_command(/docker secret rm/) }
end

end

0 comments on commit 42000df

Please sign in to comment.