From 84113adef32f16eca6a3c0395e48ad3bfca50af9 Mon Sep 17 00:00:00 2001
From: Christophe Mehay <cmehay@student.42.fr>
Date: Mon, 12 Jun 2017 20:58:31 +0200
Subject: [PATCH] Wip - Add secret support

---
 .pre-commit-config.yaml            | 38 +++++++++++++-------------
 Makefile                           |  5 ++++
 docker-compose.v3.yml              | 32 ++++++++++++++++++++++
 docker-compose.yml                 |  6 ++--
 docs/templates.rst                 |  2 ++
 pyentrypoint/entrypoint.py         |  2 ++
 pyentrypoint/secrets.py            | 44 ++++++++++++++++++++++++++++++
 secret1_file                       |  1 +
 secret2_file                       |  1 +
 tests/configs/secret.yml           |  6 ++++
 tests/secret_test.py               | 28 +++++++++++++++++++
 tests/test_template_secret.yml.tpl |  4 +++
 12 files changed, 148 insertions(+), 21 deletions(-)
 create mode 100644 docker-compose.v3.yml
 create mode 100644 pyentrypoint/secrets.py
 create mode 100644 secret1_file
 create mode 100644 secret2_file
 create mode 100644 tests/configs/secret.yml
 create mode 100644 tests/secret_test.py
 create mode 100644 tests/test_template_secret.yml.tpl

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index f830571..7383574 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,19 +1,19 @@
-- repo: git://github.com/pre-commit/pre-commit-hooks
-  sha: 'v0.6.0'
-  hooks:
-    - id: check-added-large-files
-    - id: check-docstring-first
-    - id: check-merge-conflict
-    - id: check-yaml
-    - id: end-of-file-fixer
-    - id: flake8
-      args:
-          - --exclude=__init__.py,docs/conf.py
-    - id: autopep8-wrapper
-    - id: requirements-txt-fixer
-    - id: trailing-whitespace
-- repo: git://github.com/asottile/reorder_python_imports
-  sha: 3d86483455ab5bd06cc1069fdd5ac57be5463f10
-  hooks:
-    - id: reorder-python-imports
-      language_version: 'python2.7'
+-   repo: git://github.com/pre-commit/pre-commit-hooks
+    sha: 78818b90cd694c29333ba54d38f9e60b6359ccfc
+    hooks:
+    -   id: check-added-large-files
+    -   id: check-docstring-first
+    -   id: check-merge-conflict
+    -   id: check-yaml
+    -   id: end-of-file-fixer
+    -   id: flake8
+        args:
+        - --exclude=__init__.py,docs/conf.py
+    -   id: autopep8-wrapper
+    -   id: requirements-txt-fixer
+    -   id: trailing-whitespace
+-   repo: git://github.com/asottile/reorder_python_imports
+    sha: 2bff31275b3a2fef7d75989ae60e57f1a8616ed6
+    hooks:
+    -   id: reorder-python-imports
+        language_version: python2.7
diff --git a/Makefile b/Makefile
index 7e1fadc..0f9467d 100644
--- a/Makefile
+++ b/Makefile
@@ -2,21 +2,26 @@
 
 build:
 	@docker-compose build
+	@docker-compose -f docker-compose.v3.yml build
 
 clean:
 	docker-compose down --remove-orphans
+	@docker-compose -f docker-compose.v3.yml down --remove-orphans
 
 test: build test-python2 test-python3 clean
 
 test-python2:
 	@docker-compose run --rm testpython2
+	@docker-compose -f docker-compose.v3.yml run --rm testpython2
 
 test-python3:
 	@docker-compose run --rm testpython3
+	@docker-compose -f docker-compose.v3.yml run --rm testpython3
 
 
 test_debug: build
 	@docker-compose up --force-recreate testpython2_debug testpython3_debug
+	@docker-compose -f docker-compose.v3.yml up --force-recreate testpython2_debug testpython3_debug
 
 publish:
 	@python setup.py register && python setup.py sdist upload
diff --git a/docker-compose.v3.yml b/docker-compose.v3.yml
new file mode 100644
index 0000000..a08ee8f
--- /dev/null
+++ b/docker-compose.v3.yml
@@ -0,0 +1,32 @@
+version: '3.1'
+
+services:
+    testpython3:
+        build:
+            context: .
+            dockerfile: Dockerfile-test.py3
+        command: ["py.test", "--verbose", "-rw", "-m", "v3", "."]
+
+    testpython2:
+        build:
+            context: .
+            dockerfile: Dockerfile-test.py2
+        command: ["py.test", "--verbose", "-rw", "-m", "v3", "."]
+
+    testpython3_debug:
+        build:
+            context: .
+            dockerfile: Dockerfile-test.py3
+        command: ["py.test", "--verbose", "-s", "-rw", "-m", "v3", "."]
+
+    testpython2_debug:
+        build:
+            context: .
+            dockerfile: Dockerfile-test.py2
+        command: ["py.test", "--verbose", "-s", "-rw", "-m", "v3", "."]
+
+secrets:
+    secret1:
+        file: ./secret1_file
+    secret2:
+        file: ./secret2_file
diff --git a/docker-compose.yml b/docker-compose.yml
index d3fcf13..b5214f2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,7 @@ testpython3:
         - test2
         - test3
         - test4
+    command: ["py.test", "--verbose", "-rw", "-m", "not v3", "."]
     extends:
         file: common.yml
         service: environ
@@ -24,6 +25,7 @@ testpython2:
         - test2
         - test3
         - test4
+    command: ["py.test", "--verbose", "-rw", "-m", "not v3", "."]
     extends:
         file: common.yml
         service: environ
@@ -39,7 +41,7 @@ testpython3_debug:
         - test2
         - test3
         - test4
-    command: ["py.test", "--verbose", "-s", "-rw", "."]
+    command: ["py.test", "--verbose", "-s", "-rw", "-m", "not v3", "."]
     extends:
         file: common.yml
         service: environ
@@ -55,7 +57,7 @@ testpython2_debug:
         - test2
         - test3
         - test4
-    command: ["py.test", "--verbose", "-s", "-rw", "."]
+    command: ["py.test", "--verbose", "-s", "-rw", "-m", "not v3", "."]
     extends:
         file: common.yml
         service: environ
diff --git a/docs/templates.rst b/docs/templates.rst
index 62722cb..7353088 100644
--- a/docs/templates.rst
+++ b/docs/templates.rst
@@ -53,6 +53,8 @@ You have 4 available objects in your templates.
 -  ``containers``
 -  ``environ``
 
+``links`` and ``containers`` are not supported by docker network or docker-compose v2.
+
 config
 ^^^^^^
 
diff --git a/pyentrypoint/entrypoint.py b/pyentrypoint/entrypoint.py
index 7a096a8..67b85e0 100644
--- a/pyentrypoint/entrypoint.py
+++ b/pyentrypoint/entrypoint.py
@@ -20,6 +20,7 @@ from .constants import ENTRYPOINT_FILE
 from .docker_links import DockerLinks
 from .logs import Logs
 from .runner import Runner
+from .secrets import Secrets
 
 __all__ = ['Entrypoint', 'main']
 
@@ -91,6 +92,7 @@ class Entrypoint(object):
                                     environ=os.environ,
                                     json=json,
                                     yaml=yaml,
+                                    secrets=Secrets(),
                                     containers=DockerLinks().to_containers()))
 
     def run_pre_conf_cmds(self):
diff --git a/pyentrypoint/secrets.py b/pyentrypoint/secrets.py
new file mode 100644
index 0000000..7e9fae9
--- /dev/null
+++ b/pyentrypoint/secrets.py
@@ -0,0 +1,44 @@
+"""
+    Get secrets in containers
+"""
+from __future__ import absolute_import
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import os
+
+
+class Secrets(object):
+    "Secret loader"
+
+    secret_dir = '/run/secrets'
+    secret_files = ()
+
+    def __init__(self):
+        self._idx = 0
+        if os.path.exists(self.secret_dir):
+            self.secret_files = os.listdir(self.secret_dir)
+
+    def __len__(self):
+        return len(self.secret_files)
+
+    def __getitem__(self, key):
+        if key not in self.secret_files:
+            raise KeyError
+        return self._read_file(key)
+
+    def __iter__(self):
+        return self
+
+    def __next__(self):
+        idx = self._idx
+        self._idx += 1
+        try:
+            self.secret_files[idx]
+        except IndexError:
+            raise StopIteration
+        return self._read_file(file=self.secret_files[idx])
+
+    def _read_file(self, file):
+        with open(os.path.join(self.secret_dir, file), 'r') as s:
+            return s.read()
diff --git a/secret1_file b/secret1_file
new file mode 100644
index 0000000..371f218
--- /dev/null
+++ b/secret1_file
@@ -0,0 +1 @@
+SECRET1
diff --git a/secret2_file b/secret2_file
new file mode 100644
index 0000000..8ab27a3
--- /dev/null
+++ b/secret2_file
@@ -0,0 +1 @@
+SECRET2
diff --git a/tests/configs/secret.yml b/tests/configs/secret.yml
new file mode 100644
index 0000000..6d3078c
--- /dev/null
+++ b/tests/configs/secret.yml
@@ -0,0 +1,6 @@
+config_files:
+    - /tmp/test_template.yml
+    - /tmp/test_template2.yml.tpl
+    - /tmp/test_template2.yml.tpl: /tmp/test_template3.yml
+
+debug: true
diff --git a/tests/secret_test.py b/tests/secret_test.py
new file mode 100644
index 0000000..94d6dd2
--- /dev/null
+++ b/tests/secret_test.py
@@ -0,0 +1,28 @@
+# Tests using pytest
+from __future__ import absolute_import
+from __future__ import unicode_literals
+
+import pytest
+from yaml import load
+from yaml import Loader
+
+from pyentrypoint import Entrypoint
+
+
+@pytest.mark.v3
+def test_secret_templates():
+    test_confs = ['configs/secret.yml']
+    for test_conf in test_confs:
+        entry = Entrypoint(conf='configs/secret.yml')
+
+        conf = entry.config
+
+        entry.apply_conf()
+
+        for _, config_file in conf.get_templates():
+            with open(config_file, mode='r') as r:
+                test = load(stream=r, Loader=Loader)
+
+            # test secrets
+            assert test['SECRET']['secret1'] == 'SECRET1'
+            assert test['SECRET']['secret2'] == 'SECRET2'
diff --git a/tests/test_template_secret.yml.tpl b/tests/test_template_secret.yml.tpl
new file mode 100644
index 0000000..64a3403
--- /dev/null
+++ b/tests/test_template_secret.yml.tpl
@@ -0,0 +1,4 @@
+SECRET:
+{% for key, secret in secrets,items() %}
+    '{{key}}': '{{secret}}'
+{% endfor %}