Enable configs.file's on remote docker hosts

Copy configs.file's instead of bind-mounting them to make it possible to
use file configs when working with remote docker hosts (like setting
DOCKER_HOST to a ssh address or setting docker context)

implements: #11867

pkg/compose/create.go

@@ -835,130 +835,9 @@ func fillBindMounts(p types.Project, s types.ServiceConfig, m map[string]mount.M
 		m[bindMount.Target] = bindMount
 	}
 
-	secrets, err := buildContainerSecretMounts(p, s)
-	if err != nil {
-		return nil, err
-	}
-	for _, s := range secrets {
-		if _, found := m[s.Target]; found {
-			continue
-		}
-		m[s.Target] = s
-	}
-
-	configs, err := buildContainerConfigMounts(p, s)
-	if err != nil {
-		return nil, err
-	}
-	for _, c := range configs {
-		if _, found := m[c.Target]; found {
-			continue
-		}
-		m[c.Target] = c
-	}
 	return m, nil
 }
 
-func buildContainerConfigMounts(p types.Project, s types.ServiceConfig) ([]mount.Mount, error) {
-	var mounts = map[string]mount.Mount{}
-
-	configsBaseDir := "/"
-	for _, config := range s.Configs {
-		target := config.Target
-		if config.Target == "" {
-			target = configsBaseDir + config.Source
-		} else if !isAbsTarget(config.Target) {
-			target = configsBaseDir + config.Target
-		}
-
-		if config.UID != "" || config.GID != "" || config.Mode != nil {
-			logrus.Warn("config `uid`, `gid` and `mode` are not supported, they will be ignored")
-		}
-
-		definedConfig := p.Configs[config.Source]
-		if definedConfig.External {
-			return nil, fmt.Errorf("unsupported external config %s", definedConfig.Name)
-		}
-
-		if definedConfig.Driver != "" {
-			return nil, errors.New("Docker Compose does not support configs.*.driver")
-		}
-		if definedConfig.TemplateDriver != "" {
-			return nil, errors.New("Docker Compose does not support configs.*.template_driver")
-		}
-
-		if definedConfig.Environment != "" || definedConfig.Content != "" {
-			continue
-		}
-
-		bindMount, err := buildMount(p, types.ServiceVolumeConfig{
-			Type:     types.VolumeTypeBind,
-			Source:   definedConfig.File,
-			Target:   target,
-			ReadOnly: true,
-		})
-		if err != nil {
-			return nil, err
-		}
-		mounts[target] = bindMount
-	}
-	values := make([]mount.Mount, 0, len(mounts))
-	for _, v := range mounts {
-		values = append(values, v)
-	}
-	return values, nil
-}
-
-func buildContainerSecretMounts(p types.Project, s types.ServiceConfig) ([]mount.Mount, error) {
-	var mounts = map[string]mount.Mount{}
-
-	secretsDir := "/run/secrets/"
-	for _, secret := range s.Secrets {
-		target := secret.Target
-		if secret.Target == "" {
-			target = secretsDir + secret.Source
-		} else if !isAbsTarget(secret.Target) {
-			target = secretsDir + secret.Target
-		}
-
-		if secret.UID != "" || secret.GID != "" || secret.Mode != nil {
-			logrus.Warn("secrets `uid`, `gid` and `mode` are not supported, they will be ignored")
-		}
-
-		definedSecret := p.Secrets[secret.Source]
-		if definedSecret.External {
-			return nil, fmt.Errorf("unsupported external secret %s", definedSecret.Name)
-		}
-
-		if definedSecret.Driver != "" {
-			return nil, errors.New("Docker Compose does not support secrets.*.driver")
-		}
-		if definedSecret.TemplateDriver != "" {
-			return nil, errors.New("Docker Compose does not support secrets.*.template_driver")
-		}
-
-		if definedSecret.Environment != "" {
-			continue
-		}
-
-		mnt, err := buildMount(p, types.ServiceVolumeConfig{
-			Type:     types.VolumeTypeBind,
-			Source:   definedSecret.File,
-			Target:   target,
-			ReadOnly: true,
-		})
-		if err != nil {
-			return nil, err
-		}
-		mounts[target] = mnt
-	}
-	values := make([]mount.Mount, 0, len(mounts))
-	for _, v := range mounts {
-		values = append(values, v)
-	}
-	return values, nil
-}
-
 func isAbsTarget(p string) bool {
 	return isUnixAbs(p) || isWindowsAbs(p)
 }

pkg/compose/secrets.go

@@ -21,6 +21,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"os"
 	"strconv"
 	"time"
 
@@ -31,7 +32,25 @@ import (
 func (s *composeService) injectSecrets(ctx context.Context, project *types.Project, service types.ServiceConfig, id string) error {
 	for _, config := range service.Secrets {
 		file := project.Secrets[config.Source]
-		if file.Environment == "" {
+		var content = file.Content
+
+		switch {
+		case file.File != "":
+			buf, err := os.ReadFile(file.File)
+			if err != nil {
+				return fmt.Errorf("failed reading configuration file %v, error was: %w", file.File, err)
+			}
+			content = string(buf)
+
+		case file.Environment != "":
+			env, ok := project.Environment[file.Environment]
+			if !ok {
+				return fmt.Errorf("environment variable %q required by file %q is not set", file.Environment, file.Name)
+			}
+			content = env
+		}
+
+		if content == "" {
 			continue
 		}
 
@@ -41,11 +60,7 @@ func (s *composeService) injectSecrets(ctx context.Context, project *types.Proje
 			config.Target = "/run/secrets/" + config.Target
 		}
 
-		env, ok := project.Environment[file.Environment]
-		if !ok {
-			return fmt.Errorf("environment variable %q required by file %q is not set", file.Environment, file.Name)
-		}
-		b, err := createTar(env, types.FileReferenceConfig(config))
+		b, err := createTar(content, types.FileReferenceConfig(config))
 		if err != nil {
 			return err
 		}
@@ -64,13 +79,24 @@ func (s *composeService) injectConfigs(ctx context.Context, project *types.Proje
 	for _, config := range service.Configs {
 		file := project.Configs[config.Source]
 		content := file.Content
-		if file.Environment != "" {
+		switch {
+		case file.File != "":
+			fmt.Sprintf("test")
+			var err error
+			fileContent, err := os.ReadFile(file.File)
+			if err != nil {
+				return fmt.Errorf("failed to read config file %v, error was: %w", file.File, err)
+			}
+			content = string(fileContent)
+
+		case file.Environment != "":
 			env, ok := project.Environment[file.Environment]
 			if !ok {
 				return fmt.Errorf("environment variable %q required by file %q is not set", file.Environment, file.Name)
 			}
 			content = env
 		}
+
 		if content == "" {
 			continue
 		}