From 957b83cd51ba4373f7da89441d70199781efa212 Mon Sep 17 00:00:00 2001 From: Shubhanil Bag Date: Thu, 28 Mar 2019 22:55:09 +0530 Subject: [PATCH] Added file based secrets support (#404) * Added file based secrets support (cherry picked from commit f1d4bbb553dddc4d541caa769c759fef08545f2b) * Fixed service account credential source (cherry picked from commit c6946cc46c1621fa1bd0731ba0084788c4ad546d) * Fix file based secrets (cherry picked from commit edbcc70085a5389b88833435c1b59225912ab5cb) --- frameworks/kafka/universe/marathon.json.mustache | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/frameworks/kafka/universe/marathon.json.mustache b/frameworks/kafka/universe/marathon.json.mustache index 271c68c4..32dc6c9c 100644 --- a/frameworks/kafka/universe/marathon.json.mustache +++ b/frameworks/kafka/universe/marathon.json.mustache @@ -15,6 +15,15 @@ "DCOS_SERVICE_SCHEME": "http" }, {{#service.service_account_secret}} + "container": { + "type": "MESOS", + "volumes": [ + { + "containerPath": "secrets/service-account.json", + "secret": "serviceCredential" + } + ] + }, "secrets": { "serviceCredential": { "source": "{{service.service_account_secret}}" @@ -68,8 +77,8 @@ "BROKER_PORT": "{{brokers.port}}", {{#service.service_account_secret}} - "DCOS_SERVICE_ACCOUNT_CREDENTIAL": { "secret": "serviceCredential" }, - "MESOS_MODULES": "{\"libraries\":[{\"file\":\"libmesos-bundle\/lib\/mesos\/libdcos_security.so\",\"modules\":[{\"name\": \"com_mesosphere_dcos_ClassicRPCAuthenticatee\"},{\"name\":\"com_mesosphere_dcos_http_Authenticatee\",\"parameters\":[{\"key\":\"jwt_exp_timeout\",\"value\":\"5mins\"},{\"key\":\"preemptive_refresh_duration\",\"value\":\"30mins\"}]}]}]}", + "DCOS_SERVICE_ACCOUNT_CREDENTIAL": "secrets/service-account.json", + "MESOS_MODULES": "{\"libraries\":[{\"file\":\"libmesos-bundle\/lib\/mesos\/libdcos_security.so\",\"modules\":[{\"name\": \"com_mesosphere_dcos_ClassicRPCAuthenticatee\", \"parameters\":[{\"key\":\"service_account_credential\",\"value\":\"file://secrets/service-account.json\"}]},{\"name\":\"com_mesosphere_dcos_http_Authenticatee\",\"parameters\":[{\"key\":\"service_account_credential\",\"value\":\"file://secrets/service-account.json\"},{\"key\":\"jwt_exp_timeout\",\"value\":\"5mins\"},{\"key\":\"preemptive_refresh_duration\",\"value\":\"30mins\"}]}]}]}", "MESOS_AUTHENTICATEE": "com_mesosphere_dcos_ClassicRPCAuthenticatee", "MESOS_HTTP_AUTHENTICATEE": "com_mesosphere_dcos_http_Authenticatee", {{/service.service_account_secret}}