Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Incorrect warning about secrets from environment variable being ignored #12010

Closed
qhaas opened this issue Jul 23, 2024 · 1 comment · Fixed by #12232
Closed

[BUG] Incorrect warning about secrets from environment variable being ignored #12010

qhaas opened this issue Jul 23, 2024 · 1 comment · Fixed by #12232
Labels
area/secrets kind/bug

Comments

@qhaas
Copy link

qhaas commented Jul 23, 2024

Description

While it is known that file secrets cannot have their ownership / permissions set via service level secrets, it appears that environment secrets can, yet the warning about said ownership / permissions being ignored is displayed.

Steps To Reproduce

  1. Set a secret from an environment variable and attempt to modify its uid, gid, and mode via service-level secrets
$ cat compose.yml 
services:
  my-service:
    image: busybox:stable
    command: ls -ln /run/secrets/my-secret
    secrets:
      - source: my-secret
        uid: "10"
        gid: "20"
        mode: 0754
secrets:
  my-secret:
    environment: MY_SECRET
  1. Run docker compose and display the uid, gid, and mode of the secret, noting the incorrect warning about them not being set
$ MY_SECRET=success docker compose run --rm my-service
WARN[0000] secrets `uid`, `gid` and `mode` are not supported, they will be ignored 
-rwxr-xr--    1 10       20               7 Jul 23 20:40 /run/secrets/my-secret

Compose Version

Docker Compose version v2.29.0

Docker Environment

Client: Docker Engine - Community
 Version:    27.1.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 42
 Server Version: 27.1.0
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.14.0-427.26.1.el9_4.x86_64
 Operating System: Red Hat Enterprise Linux 9.4 (Plow)
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 30.83GiB
 Name: REDACTED
 ID: 0608251b-f670-49b2-8b9e-8e9327933d84
 Docker Root Dir: /home/docker
 Debug Mode: false
 Username: REDACTED
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

No response
@polarathene
Copy link

This also applies to configs top-level element with content and environment sources: docker/docs#20514

This was referenced Jul 31, 2024
Closed
Closed
@ndeloof ndeloof mentioned this issue Oct 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/secrets kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

don't warn about uid/gid not being supported while ... they are ndeloof/compose
4 participants
@ndeloof @polarathene @jhrotko @qhaas