tyler.durden
/
compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5769 from docker/5766-fix-secopt-extend 

Preserve security_opt values in extends
This commit is contained in:
Joffrey F 2018-03-08 18:20:56 -08:00 committed by GitHub
parent 85670e208b 7e3bbef436
commit 867ad1550b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
compose/config/config.py
View File

@ -1040,6 +1040,7 @@ def merge_service_dicts(base, override, version):
md.merge_sequence('links', ServiceLink.parse) md.merge_sequence('links', ServiceLink.parse)
md.merge_sequence('secrets', types.ServiceSecret.parse) md.merge_sequence('secrets', types.ServiceSecret.parse)
md.merge_sequence('configs', types.ServiceConfig.parse) md.merge_sequence('configs', types.ServiceConfig.parse)
md.merge_sequence('security_opt', types.SecurityOpt.parse)
md.merge_mapping('extra_hosts', parse_extra_hosts) md.merge_mapping('extra_hosts', parse_extra_hosts)
for field in ['volumes', 'devices']: for field in ['volumes', 'devices']:
@ -1047,7 +1048,7 @@ def merge_service_dicts(base, override, version):
for field in [ for field in [
'cap_add', 'cap_drop', 'expose', 'external_links', 'cap_add', 'cap_drop', 'expose', 'external_links',
'security_opt', 'volumes_from', 'device_cgroup_rules', 'volumes_from', 'device_cgroup_rules',
]: ]:
md.merge_field(field, merge_unique_items_lists, default=[]) md.merge_field(field, merge_unique_items_lists, default=[])

6
compose/config/types.py
View File

@ -464,6 +464,8 @@ def normalize_port_dict(port):
class SecurityOpt(namedtuple('_SecurityOpt', 'value src_file')): class SecurityOpt(namedtuple('_SecurityOpt', 'value src_file')):
@classmethod @classmethod
def parse(cls, value): def parse(cls, value):
if not isinstance(value, six.string_types):
return value
# based on https://github.com/docker/cli/blob/9de1b162f/cli/command/container/opts.go#L673-L697 # based on https://github.com/docker/cli/blob/9de1b162f/cli/command/container/opts.go#L673-L697
con = value.split('=', 2) con = value.split('=', 2)
if len(con) == 1 and con[0] != 'no-new-privileges': if len(con) == 1 and con[0] != 'no-new-privileges':
@ -486,3 +488,7 @@ class SecurityOpt(namedtuple('_SecurityOpt', 'value src_file')):
if self.src_file is not None: if self.src_file is not None:
return 'seccomp:{}'.format(self.src_file) return 'seccomp:{}'.format(self.src_file)
return self.value return self.value
@property
def merge_field(self):
return self.value

23
tests/unit/config/config_test.py
View File

@ -4508,6 +4508,29 @@ class ExtendsTest(unittest.TestCase):
for svc in services: for svc in services:
assert svc['ports'] == [types.ServicePort('80', None, None, None, None)] assert svc['ports'] == [types.ServicePort('80', None, None, None, None)]
def test_extends_with_security_opt(self):
tmpdir = py.test.ensuretemp('test_extends_with_ports')
self.addCleanup(tmpdir.remove)
tmpdir.join('docker-compose.yml').write("""
version: '2'
services:
a:
image: nginx
security_opt:
- apparmor:unconfined
- seccomp:unconfined
b:
extends:
service: a
""")
services = load_from_filename(str(tmpdir.join('docker-compose.yml')))
assert len(services) == 2
for svc in services:
assert types.SecurityOpt.parse('apparmor:unconfined') in svc['security_opt']
assert types.SecurityOpt.parse('seccomp:unconfined') in svc['security_opt']
@pytest.mark.xfail(IS_WINDOWS_PLATFORM, reason='paths use slash') @pytest.mark.xfail(IS_WINDOWS_PLATFORM, reason='paths use slash')
class ExpandPathTest(unittest.TestCase): class ExpandPathTest(unittest.TestCase):