This issue was originally opened by @tomalok as hashicorp/terraform-provider-docker#247. It was migrated here as a result of the community provider takeover from @kreuzwerker. The original body of the issue is below.

Terraform Version

Terraform v0.12.23
provider.docker: version = "~> 2.7" (v2.7.0)

Affected Resource(s)

Please list the resources as a list, for example:

• docker_service

Terraform Configuration Files

resource "docker_service "foo" {
  ...
  task_spec {
    ...
    container_spec {
      secrets {
        secret_id =
          secret_id   = "..."
          secret_name = "foo_pw__1"
          file_name   = "/run/secrets/foo_pw"
          file_uid    = "100"
          file_gid    = "101"
          file_mode   = "0440"
      }
    }
  }
}

Plan Output

                secrets {
                    file_gid    = "101"
                    file_mode   = 440
                    file_name   = "/run/secrets/foo_pw"
                    file_uid    = "100"
                    secret_id   = "..."
                    secret_name = "foo_pw__1"
                }

Expected Behavior

file_mode probably should have remained a string "0440" or have been converted from octal to decimal.

https://docs.docker.com/engine/reference/commandline/service_create/#create-a-service-with-secrets indicates that the secret's and config's mode= value should be a 4-number sequence, and explicitly shows a leading 0.

Actual Behavior

The integer 440 was used as the file_mode value, which corresponds to 0670 octal -- which is not the correct.

It's also interesting to note that file_gid and file_uid get preserved as strings, but file_mode does not.

Temporary Workaround

Using a decimal value (i.e. 288 instead of 0440) does the trick -- but this is counter-intuitive with the firmly-entrenched decades-old tradition of specifying mode in octal.