From 42354a7e624d1ef1f59d13beef59c73a6ed866b4 Mon Sep 17 00:00:00 2001 From: Matthew Burtless Date: Thu, 15 Aug 2019 11:23:39 -0400 Subject: [PATCH] Add support for sysctls (#172) --- docker/resource_docker_container.go | 6 +++ docker/resource_docker_container_funcs.go | 4 ++ docker/resource_docker_container_test.go | 49 +++++++++++++++++++++++ website/docs/r/container.html.markdown | 2 +- 4 files changed, 60 insertions(+), 1 deletion(-) diff --git a/docker/resource_docker_container.go b/docker/resource_docker_container.go index c260e70f..cb1433ea 100644 --- a/docker/resource_docker_container.go +++ b/docker/resource_docker_container.go @@ -712,6 +712,12 @@ func resourceDockerContainer() *schema.Resource { }, }, }, + + "sysctls": { + Type: schema.TypeMap, + Optional: true, + ForceNew: true, + }, }, } } diff --git a/docker/resource_docker_container_funcs.go b/docker/resource_docker_container_funcs.go index b742f09d..e1b0edc5 100644 --- a/docker/resource_docker_container_funcs.go +++ b/docker/resource_docker_container_funcs.go @@ -304,6 +304,10 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err hostConfig.PidMode = container.PidMode(v.(string)) } + if v, ok := d.GetOk("sysctls"); ok { + hostConfig.Sysctls = mapTypeMapValsToString(v.(map[string]interface{})) + } + var retContainer container.ContainerCreateCreatedBody if retContainer, err = client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, d.Get("name").(string)); err != nil { diff --git a/docker/resource_docker_container_test.go b/docker/resource_docker_container_test.go index 179dbdac..bf8c28df 100644 --- a/docker/resource_docker_container_test.go +++ b/docker/resource_docker_container_test.go @@ -264,6 +264,40 @@ func TestAccDockerContainer_tmpfs(t *testing.T) { }) } +func TestAccDockerContainer_sysctls(t *testing.T) { + var c types.ContainerJSON + + testCheck := func(*terraform.State) error { + if len(c.HostConfig.Sysctls) != 1 { + return fmt.Errorf("Incorrect number of sysctls: expected 1, got %d", len(c.HostConfig.Sysctls)) + } + + if ctl, ok := c.HostConfig.Sysctls["net.ipv4.ip_forward"]; ok { + if ctl != "1" { + return fmt.Errorf("Bad value for sysctl net.ipv4.ip_forward: expected 1, got %s", ctl) + } + } else { + return fmt.Errorf("net.ipv4.ip_forward not found in Sysctls") + } + + return nil + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDockerContainerSysctlsConfig, + Check: resource.ComposeTestCheckFunc( + testAccContainerRunning("docker_container.foo", &c), + testCheck, + ), + }, + }, + }) +} + func TestAccDockerContainer_customized(t *testing.T) { var c types.ContainerJSON @@ -1696,3 +1730,18 @@ attach = true must_run = false } ` + +const testAccDockerContainerSysctlsConfig = ` +resource "docker_image" "foo" { + name = "nginx:latest" +} + +resource "docker_container" "foo" { + name = "tf-test" + image = "${docker_image.foo.latest}" + + sysctls = { + "net.ipv4.ip_forward" = "1" + } +} +` diff --git a/website/docs/r/container.html.markdown b/website/docs/r/container.html.markdown index 91d81b3d..8a3ad813 100644 --- a/website/docs/r/container.html.markdown +++ b/website/docs/r/container.html.markdown @@ -105,7 +105,7 @@ data is stored in them. See [the docker documentation][linkdoc] for more details * `pid_mode` - (Optional, string) The PID (Process) Namespace mode for the container. Either `container:` or `host`. * `userns_mode` - (Optional, string) Sets the usernamespace mode for the container when usernamespace remapping option is enabled. * `healthcheck` - (Optional, block) See [Healthcheck](#healthcheck) below for details. - +* `sysctls` - (Optional, map) A map of kernel parameters (sysctls) to set in the container. ### Capabilities