terraform-provider-docker
terraform-provider-docker copied to clipboard
hashicorp
service secret/config file_mode interpreted as decimal instead of octal
Terraform Version
Terraform v0.12.23
provider.docker: version = "~> 2.7" (v2.7.0)
Affected Resource(s)
Please list the resources as a list, for example:
-
docker_service
Terraform Configuration Files
resource "docker_service "foo" {
...
task_spec {
...
container_spec {
secrets {
secret_id =
secret_id = "..."
secret_name = "foo_pw__1"
file_name = "/run/secrets/foo_pw"
file_uid = "100"
file_gid = "101"
file_mode = "0440"
}
}
}
}
Plan Output
secrets {
file_gid = "101"
file_mode = 440
file_name = "/run/secrets/foo_pw"
file_uid = "100"
secret_id = "..."
secret_name = "foo_pw__1"
}
Expected Behavior
file_mode probably should have remained a string "0440" or have been converted from octal to decimal.
https://docs.docker.com/engine/reference/commandline/service_create/#create-a-service-with-secrets indicates that the secret's and config's mode= value should be a 4-number sequence, and explicitly shows a leading 0.
Actual Behavior
The integer 440 was used as the file_mode value, which corresponds to 0670 octal -- which is not the correct.
It's also interesting to note that file_gid and file_uid get preserved as strings, but file_mode does not.
Temporary Workaround
Using a decimal value (i.e. 288 instead of 0440) does the trick -- but this is counter-intuitive with the firmly-entrenched decades-old tradition of specifying mode in octal.
@mavogel - the solution to this bug may be similar to #223 - if we can simply pass the string and let the docker engine do the right thing.