From e361f4c1cd224e27103d5aa84ef9e30a047b0b14 Mon Sep 17 00:00:00 2001 From: Peter Yu Date: Mon, 18 Nov 2013 19:10:36 +0000 Subject: [PATCH] Privileged option is part of host config, not config --- docker/client.py | 12 ++-- tests/integration_test.py | 33 +++++++---- tests/test.py | 116 +++++++++++++++++++++++++------------- 3 files changed, 104 insertions(+), 57 deletions(-) diff --git a/docker/client.py b/docker/client.py index 2c6431a6..b5f92b50 100644 --- a/docker/client.py +++ b/docker/client.py @@ -125,7 +125,7 @@ class Client(requests.Session): def _container_config(self, image, command, hostname=None, user=None, detach=False, stdin_open=False, tty=False, mem_limit=0, ports=None, environment=None, dns=None, - volumes=None, volumes_from=None, privileged=False): + volumes=None, volumes_from=None): if isinstance(command, six.string_types): command = shlex.split(str(command)) if isinstance(environment, dict): @@ -160,7 +160,6 @@ class Client(requests.Session): 'Image': image, 'Volumes': volumes, 'VolumesFrom': volumes_from, - 'Privileged': privileged, } def _post_json(self, url, data, **kwargs): @@ -321,12 +320,11 @@ class Client(requests.Session): def create_container(self, image, command=None, hostname=None, user=None, detach=False, stdin_open=False, tty=False, mem_limit=0, ports=None, environment=None, dns=None, - volumes=None, volumes_from=None, privileged=False, - name=None): + volumes=None, volumes_from=None, name=None): config = self._container_config( image, command, hostname, user, detach, stdin_open, tty, mem_limit, - ports, environment, dns, volumes, volumes_from, privileged + ports, environment, dns, volumes, volumes_from ) return self.create_container_from_config(config, name) @@ -582,7 +580,7 @@ class Client(requests.Session): True) def start(self, container, binds=None, port_bindings=None, lxc_conf=None, - publish_all_ports=False, links=None): + publish_all_ports=False, links=None, privileged=False): if isinstance(container, dict): container = container.get('Id') @@ -613,6 +611,8 @@ class Client(requests.Session): start_config['Links'] = formatted_links + start_config['Privileged'] = privileged + url = self._url("/containers/{0}/start".format(container)) res = self._post_json(url, data=start_config) self._raise_for_status(res) diff --git a/tests/integration_test.py b/tests/integration_test.py index 3692c451..c81cbaa2 100644 --- a/tests/integration_test.py +++ b/tests/integration_test.py @@ -162,17 +162,6 @@ class TestCreateContainerWithBinds(BaseTestCase): self.assertIn(filename, logs) -class TestCreateContainerPrivileged(BaseTestCase): - def runTest(self): - res = self.client.create_container('busybox', 'true', privileged=True) - inspect = self.client.inspect_container(res['Id']) - self.assertIn('Config', inspect) - # Since Nov 2013, the Privileged flag is no longer part of the - # container's config exposed via the API (safety concerns?). - # - # self.assertEqual(inspect['Config']['Privileged'], True) - - class TestCreateContainerWithName(BaseTestCase): def runTest(self): res = self.client.create_container('busybox', 'true', name='foobar') @@ -219,6 +208,28 @@ class TestStartContainerWithDictInsteadOfId(BaseTestCase): self.assertEqual(inspect['State']['ExitCode'], 0) +class TestStartContainerPrivileged(BaseTestCase): + def runTest(self): + res = self.client.create_container('busybox', 'true') + self.assertIn('Id', res) + self.tmp_containers.append(res['Id']) + self.client.start(res['Id'], privileged=True) + inspect = self.client.inspect_container(res['Id']) + self.assertIn('Config', inspect) + self.assertIn('ID', inspect) + self.assertTrue(inspect['ID'].startswith(res['Id'])) + self.assertIn('Image', inspect) + self.assertIn('State', inspect) + self.assertIn('Running', inspect['State']) + if not inspect['State']['Running']: + self.assertIn('ExitCode', inspect['State']) + self.assertEqual(inspect['State']['ExitCode'], 0) + # Since Nov 2013, the Privileged flag is no longer part of the + # container's config exposed via the API (safety concerns?). + # + # self.assertEqual(inspect['Config']['Privileged'], True) + + class TestWait(BaseTestCase): def runTest(self): res = self.client.create_container('busybox', ['sleep', '10']) diff --git a/tests/test.py b/tests/test.py index f1d42462..e49097ea 100644 --- a/tests/test.py +++ b/tests/test.py @@ -179,8 +179,8 @@ class DockerClientTest(unittest.TestCase): json.loads(''' {"Tty": false, "Image": "busybox", "Cmd": ["true"], "AttachStdin": false, "Memory": 0, - "AttachStderr": true, "Privileged": false, - "AttachStdout": true, "OpenStdin": false}''')) + "AttachStderr": true, "AttachStdout": true, + "OpenStdin": false}''')) self.assertEqual(args[1]['headers'], {'Content-Type': 'application/json'}) @@ -202,26 +202,8 @@ class DockerClientTest(unittest.TestCase): {"Tty": false, "Image": "busybox", "Cmd": ["ls", "/mnt"], "AttachStdin": false, "Volumes": {"/mnt": {}}, "Memory": 0, - "AttachStderr": true, "Privileged": false, - "AttachStdout": true, "OpenStdin": false}''')) - self.assertEqual(args[1]['headers'], - {'Content-Type': 'application/json'}) - - def test_create_container_privileged(self): - try: - self.client.create_container('busybox', 'true', privileged=True) - except Exception as e: - self.fail('Command should not raise exception: {0}'.format(e)) - - args = fake_request.call_args - self.assertEqual(args[0][0], - 'unix://var/run/docker.sock/v1.6/containers/create') - self.assertEqual(json.loads(args[1]['data']), - json.loads(''' - {"Tty": false, "Image": "busybox", "Cmd": ["true"], - "AttachStdin": false, "Memory": 0, - "AttachStderr": true, "Privileged": true, - "AttachStdout": true, "OpenStdin": false}''')) + "AttachStderr": true, "AttachStdout": true, + "OpenStdin": false}''')) self.assertEqual(args[1]['headers'], {'Content-Type': 'application/json'}) @@ -239,8 +221,8 @@ class DockerClientTest(unittest.TestCase): json.loads(''' {"Tty": false, "Image": "busybox", "Cmd": ["true"], "AttachStdin": false, "Memory": 0, - "AttachStderr": true, "Privileged": false, - "AttachStdout": true, "OpenStdin": false}''')) + "AttachStderr": true, "AttachStdout": true, + "OpenStdin": false}''')) self.assertEqual(args[1]['headers'], {'Content-Type': 'application/json'}) self.assertEqual(args[1]['params'], {'name': 'marisa-kirisame'}) @@ -250,12 +232,22 @@ class DockerClientTest(unittest.TestCase): self.client.start(fake_api.FAKE_CONTAINER_ID) except Exception as e: self.fail('Command should not raise exception: {0}'.format(e)) - - fake_request.assert_called_with( - 'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start', - data='{"PublishAllPorts": false}', - headers={'Content-Type': 'application/json'}, - timeout=docker.client.DEFAULT_TIMEOUT_SECONDS + args = fake_request.call_args + self.assertEqual( + args[0][0], + 'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start' + ) + self.assertEqual( + json.loads(args[1]['data']), + {"PublishAllPorts": False, "Privileged": False} + ) + self.assertEqual( + args[1]['headers'], + {'Content-Type': 'application/json'} + ) + self.assertEqual( + args[1]['timeout'], + docker.client.DEFAULT_TIMEOUT_SECONDS ) def test_start_container_with_lxc_conf(self): @@ -274,12 +266,16 @@ class DockerClientTest(unittest.TestCase): self.assertEqual( json.loads(args[1]['data']), {"LxcConf": [{"Value": "lxc.conf.value", "Key": "lxc.conf.k"}], - "PublishAllPorts": False} + "PublishAllPorts": False, "Privileged": False} ) self.assertEqual( args[1]['headers'], {'Content-Type': 'application/json'} ) + self.assertEqual( + args[1]['timeout'], + docker.client.DEFAULT_TIMEOUT_SECONDS + ) def test_start_container_with_lxc_conf_compat(self): try: @@ -296,12 +292,17 @@ class DockerClientTest(unittest.TestCase): self.assertEqual( json.loads(args[1]['data']), { - "LxcConf": [{"Value": "lxc.conf.value", "Key": "lxc.conf.k"}], - "PublishAllPorts": False + "LxcConf": [{"Key": "lxc.conf.k", "Value": "lxc.conf.value"}], + "PublishAllPorts": False, + "Privileged": False, } ) self.assertEqual(args[1]['headers'], {'Content-Type': 'application/json'}) + self.assertEqual( + args[1]['timeout'], + docker.client.DEFAULT_TIMEOUT_SECONDS + ) def test_start_container_with_binds(self): try: @@ -316,7 +317,9 @@ class DockerClientTest(unittest.TestCase): self.assertEqual(args[0][0], 'unix://var/run/docker.sock/v1.6/' 'containers/3cc2351ab11b/start') self.assertEqual(json.loads(args[1]['data']), - {"Binds": ["/tmp:/mnt"], "PublishAllPorts": False}) + {"Binds": ["/tmp:/mnt"], + "PublishAllPorts": False, + "Privileged": False}) self.assertEqual(args[1]['headers'], {'Content-Type': 'application/json'}) self.assertEqual( @@ -341,7 +344,8 @@ class DockerClientTest(unittest.TestCase): ) self.assertEqual( json.loads(args[1]['data']), - {"PublishAllPorts": False, "Links": ["path:alias"]} + {"PublishAllPorts": False, "Privileged": False, + "Links": ["path:alias"]} ) self.assertEqual( args[1]['headers'], @@ -371,6 +375,7 @@ class DockerClientTest(unittest.TestCase): json.loads(args[1]['data']), { "PublishAllPorts": False, + "Privileged": False, "Links": ["path2:alias2", "path1:alias1"] } ) @@ -379,16 +384,47 @@ class DockerClientTest(unittest.TestCase): {'Content-Type': 'application/json'} ) + def test_start_container_privileged(self): + try: + self.client.start(fake_api.FAKE_CONTAINER_ID, privileged=True) + except Exception as e: + self.fail('Command should not raise exception: {0}'.format(e)) + + args = fake_request.call_args + self.assertEqual( + args[0][0], + 'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start' + ) + self.assertEqual(json.loads(args[1]['data']), + {"PublishAllPorts": False, "Privileged": True}) + self.assertEqual(args[1]['headers'], + {'Content-Type': 'application/json'}) + self.assertEqual( + args[1]['timeout'], + docker.client.DEFAULT_TIMEOUT_SECONDS + ) + def test_start_container_with_dict_instead_of_id(self): try: self.client.start({'Id': fake_api.FAKE_CONTAINER_ID}) except Exception as e: self.fail('Command should not raise exception: {0}'.format(e)) - fake_request.assert_called_with( - 'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start', - data='{"PublishAllPorts": false}', - headers={'Content-Type': 'application/json'}, - timeout=docker.client.DEFAULT_TIMEOUT_SECONDS + args = fake_request.call_args + self.assertEqual( + args[0][0], + 'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start' + ) + self.assertEqual( + json.loads(args[1]['data']), + {"PublishAllPorts": False, "Privileged": False} + ) + self.assertEqual( + args[1]['headers'], + {'Content-Type': 'application/json'} + ) + self.assertEqual( + args[1]['timeout'], + docker.client.DEFAULT_TIMEOUT_SECONDS ) def test_wait(self):