moby: secrets: validation on "length" not working
Stumbled upon this while trying to trigger an error;
$ echo| docker secret create empty
slhlh25ruhac1rauto7nshgdg
or
echo "" | docker secret create empty2
gfy974zqmdeosuxekm4ja6sci
Does not produce an error, whereas;
$ docker secret create empty3
^D
Error response from daemon: rpc error: code = 3 desc = secret data must be larger than 0 and less than 512000 bytes
Difference between those two is that the first example produces this API call;
DEBU[36601] Calling POST /v1.26/secrets/create
DEBU[36601] form data: {"Data":"Cg==","Name":"empty"}
and the last example produces;
DEBU[36676] Calling POST /v1.26/secrets/create
DEBU[36676] form data: {"Name":"empty3"}
Validation should work here, to prevent people from accidentally creating (and using) an empty value, e.g.;
$ echo $MY_SECRET_THAT_WAS_NOT_SET | docker secret create empty4
rduz246w7tn2bstrw7v2qn54y
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 32 (32 by maintainers)
I say this is the best path forward. /cc @aaronlehmann @aluzzardi @cyli @ehazlett
Let’s move forward with this fast so we can get the changes in for RC3 /cc @ehazlett
Alternative:
/cc @diogomonica @aaronlehmann @thaJeztah
It’s not weird at all.
echowithout-nalways adds a newline. If you use-nit should behave as expected.I’m not in favor of disallowing whitespace-only secrets. I think we should let people store arbitrary data in a secret. If we start putting more restrictions on what a secret has to look like, people will hit corner cases when they try to store things that don’t pass our validation.