michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Normalize Docker Secret file paths to support both formats

Browse Source 
- Handle paths like /redis_password and convert to /run/secrets/redis_password
- Docker Swarm may set *_FILE variables with just the secret name
- Add file permission debugging to diagnose read issues
- Should fix issue where REDIS_PASSWORD_FILE points to /redis_password instead of /run/secrets/redis_password
This commit is contained in:
Michael Schiemer
2025-11-03 00:57:20 +01:00
parent b070767d0a
commit 4be249a57b
2 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Framework/Config/DockerSecretsResolver.php
View File

@@ -44,6 +44,15 @@ final readonly class DockerSecretsResolver
} }
try { try {
// Normalize file path: if path doesn't start with /run/secrets, prepend it
// This handles Docker Swarm secrets which may only provide the secret name
// Example: /redis_password -> /run/secrets/redis_password
if (!str_starts_with($filePath, '/run/secrets/') && str_starts_with($filePath, '/')) {
// Path starts with / but not /run/secrets/, likely a secret name
$secretName = ltrim($filePath, '/');
$filePath = '/run/secrets/' . $secretName;
}
$file = FilePath::create($filePath); $file = FilePath::create($filePath);
if (!$file->exists() || !$file->isReadable()) { if (!$file->exists() || !$file->isReadable()) {

7
src/Framework/Core/AppBootstrapper.php
View File

@@ -104,10 +104,15 @@ final readonly class AppBootstrapper
error_log("Expected file path: $expectedFile"); error_log("Expected file path: $expectedFile");
error_log("File exists: " . (file_exists($expectedFile) ? 'YES' : 'NO')); error_log("File exists: " . (file_exists($expectedFile) ? 'YES' : 'NO'));
error_log("File readable: " . (is_readable($expectedFile) ? 'YES' : 'NO')); error_log("File readable: " . (is_readable($expectedFile) ? 'YES' : 'NO'));
if (file_exists($expectedFile) && is_readable($expectedFile)) { if (file_exists($expectedFile)) {
error_log("File permissions: " . substr(sprintf('%o', fileperms($expectedFile)), -4));
error_log("File owner: " . fileowner($expectedFile));
error_log("Current process user: " . getmyuid());
if (is_readable($expectedFile)) {
$content = file_get_contents($expectedFile); $content = file_get_contents($expectedFile);
error_log("File content length: " . strlen($content ?? '')); error_log("File content length: " . strlen($content ?? ''));
} }
}
error_log("------------------------------------"); error_log("------------------------------------");
// Make Environment available throughout the application // Make Environment available throughout the application