community.docker

mirror of https://github.com/ansible-collections/community.docker.git synced 2025-12-16 03:52:05 +00:00

History

András Maróy b481fa4801 Add support for rotating docker secrets (#293 ) * Add parameters for rolling updates to `docker_secret` * Extract `remove_secrets` to its own function in `docker_secret` * Store existing secrets in a list instead of a single secret With this change `docker_secret` now supports the case where we store multiple versions of a secret with the `_v123` postfix. `absent` state implicitly handles removing these this way. * When using `rolling_versions` don't automatically remove current secret To make rolling updates actually work instead of failing on trying to remove a secret that is attached to a service, use the `versions_to_keep` parameter to remove old versions of the secret after creating the new one. This way the secret with the new data is created with a different name and can be attached to the service by its ID without having to delete the previous one first which would fail if it is already attached to a service. * Add version numbers to newly created secrets Attach the incremental version number to the secret name as a `_v123` postfix where `123` is replaced with an incremental counter starting from 1. A label with the numeric version is also attached to the secret to ease calculating the new version number upon change with the name `ansible_version`. * Return `secret_name` for docker secrets as well * Add integration test for rolling secrets * Update `docker_secret` documentation as per review comments * Correctly return `docker_secret` version number as int * Use template string for naming `docker_secrets` instead of concatenation * Return the correct secret name on deletion failure * Simplify `docker_secret` creation * Add missing comma for `docker_secret` schema * Only remove old docker secrets if `rolling_versions` is set * Add check in `docker_secret` version parsing to handle NaNs * Add newly created `docker_secret` to internal secret list to avoid additional deletions * Add changelog fragment for `docker_secret` `rolling_versions` feature * Update changelogs/fragments/270-rolling-secrets.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>	2022-02-12 08:29:49 +01:00
..
main.yml	Add headers to ci tests (#954 )	2020-10-30 07:05:51 +01:00
test_secrets.yml	Add support for rotating docker secrets (#293 )	2022-02-12 08:29:49 +01:00

Add support for rotating docker secrets (#293 )

* Add parameters for rolling updates to `docker_secret`

* Extract `remove_secrets` to its own function in `docker_secret`

* Store existing secrets in a list instead of a single secret

With this change `docker_secret` now supports the case where we store
multiple versions of a secret with the `_v123` postfix.

`absent` state implicitly handles removing these this way.

* When using `rolling_versions` don't automatically remove current secret

To make rolling updates actually work instead of failing on trying to
remove a secret that is attached to a service, use the
`versions_to_keep` parameter to remove old versions of the secret after
creating the new one. This way the secret with the new data is created
with a different name and can be attached to the service by its ID
without having to delete the previous one first which would fail if it
is already attached to a service.

* Add version numbers to newly created secrets

Attach the incremental version number to the secret name as a `_v123`
postfix where `123` is replaced with an incremental counter starting
from 1.
A label with the numeric version is also attached to the secret to ease
calculating the new version number upon change with the name
`ansible_version`.

* Return `secret_name` for docker secrets as well

* Add integration test for rolling secrets

* Update `docker_secret` documentation as per review comments

* Correctly return `docker_secret` version number as int

* Use template string for naming `docker_secrets` instead of concatenation

* Return the correct secret name on deletion failure

* Simplify `docker_secret` creation

* Add missing comma for `docker_secret` schema

* Only remove old docker secrets if `rolling_versions` is set

* Add check in `docker_secret` version parsing to handle NaNs

* Add newly created `docker_secret` to internal secret list to avoid additional deletions

* Add changelog fragment for `docker_secret` `rolling_versions` feature

* Update changelogs/fragments/270-rolling-secrets.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>

2022-02-12 08:29:49 +01:00

main.yml

Add headers to ci tests (#954 )

2020-10-30 07:05:51 +01:00

test_secrets.yml

Add support for rotating docker secrets (#293 )

2022-02-12 08:29:49 +01:00