Apache
/
jclouds
mirror of https://github.com/apache/jclouds.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use non-privileged mode for compute

This commit is contained in:
Zack Shoylev 2016-03-18 16:10:55 -05:00
parent f3ee898c13
commit 760995a46e
3 changed files with 47 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
apis/docker/src/main/java/org/jclouds/docker/compute/options/DockerTemplateOptions.java
View File

@ -94,6 +94,7 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
protected Map<Integer, Integer> portBindings = ImmutableMap.of();
protected String networkMode;
protected Map<String, String> extraHosts = ImmutableMap.of();
protected boolean privileged;
protected Config.Builder configBuilder;
@ -128,6 +129,8 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
if (!extraHosts.isEmpty()) {
eTo.extraHosts(extraHosts);
}
eTo.privileged(privileged);
eTo.configBuilder(configBuilder);
}
}
@ -149,6 +152,7 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
equal(this.env, that.env) &&
equal(this.portBindings, that.portBindings) &&
equal(this.extraHosts, that.extraHosts) &&
equal(this.privileged, that.privileged) &&
buildersEqual(this.configBuilder, that.configBuilder);
}
@ -281,6 +285,18 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
return this;
}
/**
* By default, Docker containers are unprivileged and cannot execute privileged operations or access certain
* host devices.
*
* @param privileged Whether the container should run in privileged mode or not
* @return this instance
*/
public DockerTemplateOptions privileged(boolean privileged) {
this.privileged = privileged;
return this;
}
/**
* This method sets Config.Builder configuration object, which can be used as
* a replacement for all the other settings from this class. Some values in
@ -320,6 +336,8 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
public Map<String, String> getExtraHosts() { return extraHosts; }
public boolean getPrivileged() { return privileged; }
public Config.Builder getConfigBuilder() { return configBuilder; }
public static class Builder {
@ -444,6 +462,14 @@ public class DockerTemplateOptions extends TemplateOptions implements Cloneable
return options.extraHosts(extraHosts);
}
/**
* @see DockerTemplateOptions#privileged(boolean)
*/
public static DockerTemplateOptions privileged(boolean privileged) {
DockerTemplateOptions options = new DockerTemplateOptions();
return options.privileged(privileged);
}
public static DockerTemplateOptions configBuilder(Config.Builder configBuilder) {
DockerTemplateOptions options = new DockerTemplateOptions();
return options.configBuilder(configBuilder);

2
apis/docker/src/main/java/org/jclouds/docker/compute/strategy/DockerComputeServiceAdapter.java
View File

@ -109,7 +109,7 @@ public class DockerComputeServiceAdapter implements
HostConfig.Builder hostConfigBuilder = HostConfig.builder()
.publishAllPorts(true)
.privileged(true);
.privileged( templateOptions.getPrivileged() );
if (!templateOptions.getPortBindings().isEmpty()) {
Map<String, List<Map<String, String>>> portBindings = Maps.newHashMap();

12
apis/docker/src/test/java/org/jclouds/docker/compute/options/DockerTemplateOptionsTest.java
View File

@ -94,6 +94,18 @@ public class DockerTemplateOptionsTest {
assertEquals(options.as(DockerTemplateOptions.class).getNetworkMode(), "host");
}
@Test
public void testPrivilegedDefaultFalse() {
TemplateOptions options = DockerTemplateOptions.Builder.memory(2);
assertEquals(options.as(DockerTemplateOptions.class).getPrivileged(), false);
}
@Test
public void testPrivileged() {
TemplateOptions options = DockerTemplateOptions.Builder.privileged(true);
assertEquals(options.as(DockerTemplateOptions.class).getPrivileged(), true);
}
@Test
public void testConfigBuilder() {
Builder builder = Config.builder().memory(1024)