feat: Add implementaion of capabilities in docker servic (#727)

* feat: Add implementaion of capabilities in docker service * fix: linting --------- Co-authored-by: Maya Ozer <mayaozer@Mayas-MacBook-Air.local> Co-authored-by: Martin <Junkern@users.noreply.github.com>
2025-12-18 23:06:10 -05:00 · 2025-05-24 10:15:55 +03:00 · 2025-05-24 10:15:55 +03:00 · 773483ba57
commit 773483ba57
parent 22b9c433b5
3 changed files with 32 additions and 0 deletions
--- a/docs/resources/service.md
+++ b/docs/resources/service.md
@ -361,6 +361,8 @@ Required:
 Optional:

 - `args` (List of String) Arguments to the command
+- `cap_add` (List of String) A list of linux capabilities to add.
+- `cap_drop` (List of String) A list of linux capabilities to drop.
 - `command` (List of String) The command/entrypoint to be run in the image. According to the [docker cli](https://github.com/docker/cli/blob/v20.10.7/cli/command/service/opts.go#L705) the override of the entrypoint is also passed to the `command` property and there is no `entrypoint` attribute in the `ContainerSpec` of the service.
 - `configs` (Block Set) References to zero or more configs that will be exposed to the service (see [below for nested schema](#nestedblock--task_spec--container_spec--configs))
 - `dir` (String) The working directory for commands to run in
--- a/internal/provider/resource_docker_service.go
+++ b/internal/provider/resource_docker_service.go
@ -505,6 +505,18 @@ func resourceDockerService() *schema.Resource {
 										Optional:    true,
 										ForceNew:    true,
 									},
+									"cap_add": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Elem:        &schema.Schema{Type: schema.TypeString},
+										Description: "List of Linux capabilities to add to the container",
+									},
+									"cap_drop": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Elem:        &schema.Schema{Type: schema.TypeString},
+										Description: "List of Linux capabilities to drop from the container",
+									},
 								},
 							},
 						},
--- a/internal/provider/resource_docker_service_structures.go
+++ b/internal/provider/resource_docker_service_structures.go
@ -177,6 +177,12 @@ func flattenContainerSpec(in *swarm.ContainerSpec) []interface{} {
 	if len(in.Sysctls) > 0 {
 		m["sysctl"] = in.Sysctls
 	}
+	if len(in.CapabilityAdd) > 0 {
+		m["cap_add"] = in.CapabilityAdd
+	}
+	if len(in.CapabilityDrop) > 0 {
+		m["cap_drop"] = in.CapabilityDrop
+	}
 	out = append(out, m)
 	return out
 }
@ -948,6 +954,18 @@ func createContainerSpec(v interface{}) (*swarm.ContainerSpec, error) {
 			if value, ok := rawContainerSpec["sysctl"]; ok {
 				containerSpec.Sysctls = mapTypeMapValsToString(value.(map[string]interface{}))
 			}
+			if value, ok := rawContainerSpec["cap_add"]; ok {
+				for _, cap := range value.([]interface{}) {
+					containerSpec.CapabilityAdd = append(containerSpec.CapabilityAdd, cap.(string))
+				}
+			}
+
+			if value, ok := rawContainerSpec["cap_drop"]; ok {
+				for _, cap := range value.([]interface{}) {
+					containerSpec.CapabilityDrop = append(containerSpec.CapabilityDrop, cap.(string))
+				}
+			}
+
 		}
 	}