Project

General

Profile

Actions

Feature #18689

open

support secret_environment

Added by Peter Amstutz about 2 years ago. Updated 27 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Crunch
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

Add API and crunch-run support for secret_environment.

https://dev.arvados.org/projects/arvados/wiki/Container_secret_mounts#Secret-environment

On the API side:

  • Migration to add secret_environment and secret_environment_md5 to the database schema
  • Setting secret_environment updates secret_environment_md5
  • Endpoint to request secret_environment
  • On container completion/failure, wipe the value of secret_environment
  • Compare secret_environment_md5 in container reuse decisions.
  • Tests

On the crunch-run side:

  • Check the new secret_environment endpoint
  • Merge the secret environment with the regular environment when invoking the container

When in doubt, look at how secret_mounts are handled.


Related issues

Related to Arvados - Bug #18690: secret files get included in output collection when using tmp collection mount as output directoryResolvedTom Clegg02/11/2022Actions
Actions

Also available in: Atom PDF