From b1b79b574372b6c98227ab8a3afbd8bfe839baee Mon Sep 17 00:00:00 2001 From: Manuel Vogel Date: Thu, 11 Oct 2018 10:55:18 +0200 Subject: [PATCH] Adds pid and namespace mode (#96) * adds `pid` and `userns` mode for containers. Closes #88 and #17 * updates CHANGELOG --- CHANGELOG.md | 1 + docker/resource_docker_container.go | 11 +++++++++++ docker/resource_docker_container_funcs.go | 7 +++++++ docker/resource_docker_container_test.go | 10 ++++++++++ website/docs/r/container.html.markdown | 2 ++ 5 files changed, 31 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 94c2d9fc..0da54a3f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ IMPROVEMENTS * Add support for running tests on Windows [GH-54] and ([#90](https://github.com/terraform-providers/terraform-provider-docker/pull/90)) +* Add options for PID and user namespace mode [GH-88] and ([#96](https://github.com/terraform-providers/terraform-provider-docker/pull/96)) BUG FIXES * Fixes issue with internal and external ports on containers [GH-8] and ([#89](https://github.com/terraform-providers/terraform-provider-docker/pull/90)) diff --git a/docker/resource_docker_container.go b/docker/resource_docker_container.go index cab013ab..27993327 100644 --- a/docker/resource_docker_container.go +++ b/docker/resource_docker_container.go @@ -411,6 +411,17 @@ func resourceDockerContainer() *schema.Resource { Set: schema.HashString, }, + "pid_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "userns_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "upload": &schema.Schema{ Type: schema.TypeSet, Optional: true, diff --git a/docker/resource_docker_container_funcs.go b/docker/resource_docker_container_funcs.go index 250325d8..f62e62c5 100644 --- a/docker/resource_docker_container_funcs.go +++ b/docker/resource_docker_container_funcs.go @@ -190,6 +190,13 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err hostConfig.NetworkMode = container.NetworkMode(v.(string)) } + if v, ok := d.GetOk("userns_mode"); ok { + hostConfig.UsernsMode = container.UsernsMode(v.(string)) + } + if v, ok := d.GetOk("pid_mode"); ok { + hostConfig.PidMode = container.PidMode(v.(string)) + } + var retContainer container.ContainerCreateCreatedBody if retContainer, err = client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, d.Get("name").(string)); err != nil { diff --git a/docker/resource_docker_container_test.go b/docker/resource_docker_container_test.go index 5099429b..09c80265 100644 --- a/docker/resource_docker_container_test.go +++ b/docker/resource_docker_container_test.go @@ -249,6 +249,13 @@ func TestAccDockerContainer_customized(t *testing.T) { return fmt.Errorf("Container doesn't have a correct nofile soft limit") } + if c.HostConfig.PidMode != "host" { + return fmt.Errorf("Container doesn't have a correct pid mode") + } + if c.HostConfig.UsernsMode != "testuser:231072:65536" { + return fmt.Errorf("Container doesn't have a correct userns mode") + } + return nil } @@ -593,6 +600,9 @@ resource "docker_container" "foo" { hard = 262144 soft = 200000 } + + pid_mode = "host" + userns_mode = "testuser:231072:65536" } resource "docker_network" "test_network" { diff --git a/website/docs/r/container.html.markdown b/website/docs/r/container.html.markdown index ccd3abcc..5f564dad 100644 --- a/website/docs/r/container.html.markdown +++ b/website/docs/r/container.html.markdown @@ -92,6 +92,8 @@ data is stored in them. See [the docker documentation][linkdoc] for more details * `upload` - (Optional, block) See [File Upload](#upload) below for details. * `ulimit` - (Optional, block) See [Ulimits](#ulimits) below for details. +* `pid_mode` - (Optional, string) The PID (Process) Namespace mode for the container. Either `container:` or `host`. +* `userns_mode` - (Optional, string) Sets the usernamespace mode for the container when usernamespace remapping option is enabled. ### Capabilities