Details

    • Type: Task
    • Status: Resolved
    • Priority: Medium
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: metronome
    • Labels:
      None

      Description

      Newly added to Metronome (targeting version 0.6.0+) is the ability to have File Based Secrets.    An early version of Metronome (Version 0.4.2) provided the ability to have Environment based secrets however UI support for that was not provided.   This task needs the ability to configured the following in the UI:

      1. secret definition in the job
      2. use of a defined secret as an env var for the job
      3. use of a defined secret as a file based secret in the job.

       

      note: It is important to note that metronome does NOT allow for a secret definition without it being used (as an env var secret or FBS)

      Metronome's documentation (on master) provides a really good overview of the feature from an API standpoint:  https://github.com/dcos/metronome/blob/master/docs/docs/secrets.md

       

      Env Based Secret Schema

       

      {
        "id": "job-env-secret",
        "description": "job example with env based secrets",
        "labels": {},
        "run": {
          "cpus": 0.01,
          "mem": 32,
          "disk": 0,
          "cmd": "echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env; sleep 5",
          "env": {
            "SECRET_ENV": {
              "secret": "secret1"
            }
          },
          "secrets": {
            "secret1": {
              "source": "/mysecret"
            }
          }
        }
      }

       

       

      File Based Secret Schema

       

      {
        "id": "job-fbs",
        "description": "job example with file based secrets",
        "run": {
          "cpus": 0.01,
          "mem": 32,
          "disk": 0,
          "cmd": "echo $MESOS_SANDBOX/mnt/test; sleep 5",
          "secrets": {
            "secret1": {
              "source": "/mysecret"
            }
          },
          "volumes": [
               {
                 "containerPath": "/mnt/test",
                 "secret": "secret1"
               }
          ],
          "ucr": {
            "image": { "id": "ubuntu"}
          }
        }
      }

       

       

      Required new elements:

      run.secrets with all of it's secrets

      run.volumes[x].secret  is a new option in volumes which must match a defined secret

      run.env.SECRET_ENV

       

      Acceptance criteria

      • Accept secrets
      • Accept file based secrets
      • Accept env based secrets
      • handle validation errors appropriately

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ken Ken Sipe
              Team:
              Frontend Team
              Watchers:
              Automation Bot, Julian Gieseke, Ken Sipe
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: