fix types of long-syntax secrets: uid/gid should output strings, service secrets lists

2024-08-04 15:20:41 +00:00 · 2024-08-04 15:20:41 +00:00 · 5a5ed5202f
commit 5a5ed5202f
parent f2dc1d0996
3 changed files with 31 additions and 20 deletions
--- a/src/haskell/testdata/Arion/NixSpec/arion-context-compose.json
+++ b/src/haskell/testdata/Arion/NixSpec/arion-context-compose.json
@ -22,15 +22,15 @@
            "ports": [
                "8080:80"
            ],
-            "secrets": {
-                "foo": {
-                    "gid": 123,
+            "secrets": [
+                {
+                    "gid": "123",
                    "mode": "0440",
-                    "source": "web_cache_redis_secret",
-                    "target": "/run/secrets/web_cache_redis_secret",
-                    "uid": 123
+                    "source": "foo",
+                    "target": "/run/secrets/foo",
+                    "uid": "123"
                }
-            },
+            ],
            "sysctls": {},
            "volumes": []
        }
--- a/src/haskell/testdata/Arion/NixSpec/arion-context-compose.nix
+++ b/src/haskell/testdata/Arion/NixSpec/arion-context-compose.nix
@ -6,15 +6,15 @@
    ports = [
      "8080:80"
    ];
-    secrets = {
-      foo = {
-        source = "web_cache_redis_secret";
-        target = "/run/secrets/web_cache_redis_secret";
-        uid = 123;
-        gid = 123;
+    secrets = [
+      {
+        source = "foo";
+        target = "/run/secrets/foo";
+        uid = "123";
+        gid = "123";
        mode = "0440";
-      };
-    };
+      }
+    ];
  };
  secrets.foo.environment = "FOO";
 }
--- a/src/nix/modules/service/docker-compose-service.nix
+++ b/src/nix/modules/service/docker-compose-service.nix
@ -31,12 +31,12 @@ let
        description = serviceRef "secrets";
      };
      uid = mkOption {
-        type = nullOr (either str int);
+        type = nullOr str;
        default = null;
        description = serviceRef "secrets";
      };
      gid = mkOption {
-        type = nullOr (either str int);
+        type = nullOr str;
        default = null;
        description = serviceRef "secrets";
      };
@ -128,7 +128,7 @@ in
            '';
          };
          secrets = mkOption {
-            type = nullOr (either (listOf str) (attrsOf serviceSecretType));
+            type = nullOr (listOf (either str serviceSecretType));
            default = null;
            description = ''
              Build-time secrets exposed to the service.
@ -138,7 +138,7 @@ in
      });
    };
    service.secrets = mkOption {
-      type = either (listOf str) (attrsOf serviceSecretType);
+      type = nullOr (listOf (either str serviceSecretType));
      default = [];
      description = ''
        Run-time secrets exposed to the service.
@ -451,7 +451,18 @@ in
  } // lib.optionalAttrs (config.service.extra_hosts != []) {
    inherit (config.service) extra_hosts;
  } // lib.optionalAttrs (config.service.secrets != []) {
-    inherit (config.service) secrets;
+    secrets = lib.lists.map (s: {
+    } // lib.optionalAttrs (s.source != null) {
+      inherit (s) source;
+    } // lib.optionalAttrs (s.target != null) {
+      inherit (s) target;
+    } // lib.optionalAttrs (s.uid != null) {
+      inherit (s) uid;
+    } // lib.optionalAttrs (s.gid != null) {
+      inherit (s) gid;
+    } // lib.optionalAttrs (s.mode != null) {
+      inherit (s) mode;
+    }) config.service.secrets;
  } // lib.optionalAttrs (config.service.hostname != null) {
    inherit (config.service) hostname;
  } // lib.optionalAttrs (config.service.dns != []) {