mirror of https://github.com/docker/docker-py.git
Privileged option is part of host config, not config
This commit is contained in:
Peter Yu
parent
35d3a3c977
commit
e361f4c1cd
|
|
@ -125,7 +125,7 @@ class Client(requests.Session):
|
||||||
def _container_config(self, image, command, hostname=None, user=None,
|
def _container_config(self, image, command, hostname=None, user=None,
|
||||||
detach=False, stdin_open=False, tty=False,
|
detach=False, stdin_open=False, tty=False,
|
||||||
mem_limit=0, ports=None, environment=None, dns=None,
|
mem_limit=0, ports=None, environment=None, dns=None,
|
||||||
volumes=None, volumes_from=None, privileged=False):
|
volumes=None, volumes_from=None):
|
||||||
if isinstance(command, six.string_types):
|
if isinstance(command, six.string_types):
|
||||||
command = shlex.split(str(command))
|
command = shlex.split(str(command))
|
||||||
if isinstance(environment, dict):
|
if isinstance(environment, dict):
|
||||||
|
|
@ -160,7 +160,6 @@ class Client(requests.Session):
|
||||||
'Image': image,
|
'Image': image,
|
||||||
'Volumes': volumes,
|
'Volumes': volumes,
|
||||||
'VolumesFrom': volumes_from,
|
'VolumesFrom': volumes_from,
|
||||||
'Privileged': privileged,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
def _post_json(self, url, data, **kwargs):
|
def _post_json(self, url, data, **kwargs):
|
||||||
|
|
@ -321,12 +320,11 @@ class Client(requests.Session):
|
||||||
def create_container(self, image, command=None, hostname=None, user=None,
|
def create_container(self, image, command=None, hostname=None, user=None,
|
||||||
detach=False, stdin_open=False, tty=False,
|
detach=False, stdin_open=False, tty=False,
|
||||||
mem_limit=0, ports=None, environment=None, dns=None,
|
mem_limit=0, ports=None, environment=None, dns=None,
|
||||||
volumes=None, volumes_from=None, privileged=False,
|
volumes=None, volumes_from=None, name=None):
|
||||||
name=None):
|
|
||||||
|
|
||||||
config = self._container_config(
|
config = self._container_config(
|
||||||
image, command, hostname, user, detach, stdin_open, tty, mem_limit,
|
image, command, hostname, user, detach, stdin_open, tty, mem_limit,
|
||||||
ports, environment, dns, volumes, volumes_from, privileged
|
ports, environment, dns, volumes, volumes_from
|
||||||
)
|
)
|
||||||
return self.create_container_from_config(config, name)
|
return self.create_container_from_config(config, name)
|
||||||
|
|
||||||
|
|
@ -582,7 +580,7 @@ class Client(requests.Session):
|
||||||
True)
|
True)
|
||||||
|
|
||||||
def start(self, container, binds=None, port_bindings=None, lxc_conf=None,
|
def start(self, container, binds=None, port_bindings=None, lxc_conf=None,
|
||||||
publish_all_ports=False, links=None):
|
publish_all_ports=False, links=None, privileged=False):
|
||||||
if isinstance(container, dict):
|
if isinstance(container, dict):
|
||||||
container = container.get('Id')
|
container = container.get('Id')
|
||||||
|
|
||||||
|
|
@ -613,6 +611,8 @@ class Client(requests.Session):
|
||||||
|
|
||||||
start_config['Links'] = formatted_links
|
start_config['Links'] = formatted_links
|
||||||
|
|
||||||
|
start_config['Privileged'] = privileged
|
||||||
|
|
||||||
url = self._url("/containers/{0}/start".format(container))
|
url = self._url("/containers/{0}/start".format(container))
|
||||||
res = self._post_json(url, data=start_config)
|
res = self._post_json(url, data=start_config)
|
||||||
self._raise_for_status(res)
|
self._raise_for_status(res)
|
||||||
|
|
|
||||||
|
|
@ -162,17 +162,6 @@ class TestCreateContainerWithBinds(BaseTestCase):
|
||||||
self.assertIn(filename, logs)
|
self.assertIn(filename, logs)
|
||||||
|
|
||||||
|
|
||||||
class TestCreateContainerPrivileged(BaseTestCase):
|
|
||||||
def runTest(self):
|
|
||||||
res = self.client.create_container('busybox', 'true', privileged=True)
|
|
||||||
inspect = self.client.inspect_container(res['Id'])
|
|
||||||
self.assertIn('Config', inspect)
|
|
||||||
# Since Nov 2013, the Privileged flag is no longer part of the
|
|
||||||
# container's config exposed via the API (safety concerns?).
|
|
||||||
#
|
|
||||||
# self.assertEqual(inspect['Config']['Privileged'], True)
|
|
||||||
|
|
||||||
|
|
||||||
class TestCreateContainerWithName(BaseTestCase):
|
class TestCreateContainerWithName(BaseTestCase):
|
||||||
def runTest(self):
|
def runTest(self):
|
||||||
res = self.client.create_container('busybox', 'true', name='foobar')
|
res = self.client.create_container('busybox', 'true', name='foobar')
|
||||||
|
|
@ -219,6 +208,28 @@ class TestStartContainerWithDictInsteadOfId(BaseTestCase):
|
||||||
self.assertEqual(inspect['State']['ExitCode'], 0)
|
self.assertEqual(inspect['State']['ExitCode'], 0)
|
||||||
|
|
||||||
|
|
||||||
|
class TestStartContainerPrivileged(BaseTestCase):
|
||||||
|
def runTest(self):
|
||||||
|
res = self.client.create_container('busybox', 'true')
|
||||||
|
self.assertIn('Id', res)
|
||||||
|
self.tmp_containers.append(res['Id'])
|
||||||
|
self.client.start(res['Id'], privileged=True)
|
||||||
|
inspect = self.client.inspect_container(res['Id'])
|
||||||
|
self.assertIn('Config', inspect)
|
||||||
|
self.assertIn('ID', inspect)
|
||||||
|
self.assertTrue(inspect['ID'].startswith(res['Id']))
|
||||||
|
self.assertIn('Image', inspect)
|
||||||
|
self.assertIn('State', inspect)
|
||||||
|
self.assertIn('Running', inspect['State'])
|
||||||
|
if not inspect['State']['Running']:
|
||||||
|
self.assertIn('ExitCode', inspect['State'])
|
||||||
|
self.assertEqual(inspect['State']['ExitCode'], 0)
|
||||||
|
# Since Nov 2013, the Privileged flag is no longer part of the
|
||||||
|
# container's config exposed via the API (safety concerns?).
|
||||||
|
#
|
||||||
|
# self.assertEqual(inspect['Config']['Privileged'], True)
|
||||||
|
|
||||||
|
|
||||||
class TestWait(BaseTestCase):
|
class TestWait(BaseTestCase):
|
||||||
def runTest(self):
|
def runTest(self):
|
||||||
res = self.client.create_container('busybox', ['sleep', '10'])
|
res = self.client.create_container('busybox', ['sleep', '10'])
|
||||||
|
|
|
||||||
116
tests/test.py
116
tests/test.py
|
|
@ -179,8 +179,8 @@ class DockerClientTest(unittest.TestCase):
|
||||||
json.loads('''
|
json.loads('''
|
||||||
{"Tty": false, "Image": "busybox", "Cmd": ["true"],
|
{"Tty": false, "Image": "busybox", "Cmd": ["true"],
|
||||||
"AttachStdin": false, "Memory": 0,
|
"AttachStdin": false, "Memory": 0,
|
||||||
"AttachStderr": true, "Privileged": false,
|
"AttachStderr": true, "AttachStdout": true,
|
||||||
"AttachStdout": true, "OpenStdin": false}'''))
|
"OpenStdin": false}'''))
|
||||||
self.assertEqual(args[1]['headers'],
|
self.assertEqual(args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'})
|
{'Content-Type': 'application/json'})
|
||||||
|
|
||||||
|
|
@ -202,26 +202,8 @@ class DockerClientTest(unittest.TestCase):
|
||||||
{"Tty": false, "Image": "busybox",
|
{"Tty": false, "Image": "busybox",
|
||||||
"Cmd": ["ls", "/mnt"], "AttachStdin": false,
|
"Cmd": ["ls", "/mnt"], "AttachStdin": false,
|
||||||
"Volumes": {"/mnt": {}}, "Memory": 0,
|
"Volumes": {"/mnt": {}}, "Memory": 0,
|
||||||
"AttachStderr": true, "Privileged": false,
|
"AttachStderr": true, "AttachStdout": true,
|
||||||
"AttachStdout": true, "OpenStdin": false}'''))
|
"OpenStdin": false}'''))
|
||||||
self.assertEqual(args[1]['headers'],
|
|
||||||
{'Content-Type': 'application/json'})
|
|
||||||
|
|
||||||
def test_create_container_privileged(self):
|
|
||||||
try:
|
|
||||||
self.client.create_container('busybox', 'true', privileged=True)
|
|
||||||
except Exception as e:
|
|
||||||
self.fail('Command should not raise exception: {0}'.format(e))
|
|
||||||
|
|
||||||
args = fake_request.call_args
|
|
||||||
self.assertEqual(args[0][0],
|
|
||||||
'unix://var/run/docker.sock/v1.6/containers/create')
|
|
||||||
self.assertEqual(json.loads(args[1]['data']),
|
|
||||||
json.loads('''
|
|
||||||
{"Tty": false, "Image": "busybox", "Cmd": ["true"],
|
|
||||||
"AttachStdin": false, "Memory": 0,
|
|
||||||
"AttachStderr": true, "Privileged": true,
|
|
||||||
"AttachStdout": true, "OpenStdin": false}'''))
|
|
||||||
self.assertEqual(args[1]['headers'],
|
self.assertEqual(args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'})
|
{'Content-Type': 'application/json'})
|
||||||
|
|
||||||
|
|
@ -239,8 +221,8 @@ class DockerClientTest(unittest.TestCase):
|
||||||
json.loads('''
|
json.loads('''
|
||||||
{"Tty": false, "Image": "busybox", "Cmd": ["true"],
|
{"Tty": false, "Image": "busybox", "Cmd": ["true"],
|
||||||
"AttachStdin": false, "Memory": 0,
|
"AttachStdin": false, "Memory": 0,
|
||||||
"AttachStderr": true, "Privileged": false,
|
"AttachStderr": true, "AttachStdout": true,
|
||||||
"AttachStdout": true, "OpenStdin": false}'''))
|
"OpenStdin": false}'''))
|
||||||
self.assertEqual(args[1]['headers'],
|
self.assertEqual(args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'})
|
{'Content-Type': 'application/json'})
|
||||||
self.assertEqual(args[1]['params'], {'name': 'marisa-kirisame'})
|
self.assertEqual(args[1]['params'], {'name': 'marisa-kirisame'})
|
||||||
|
|
@ -250,12 +232,22 @@ class DockerClientTest(unittest.TestCase):
|
||||||
self.client.start(fake_api.FAKE_CONTAINER_ID)
|
self.client.start(fake_api.FAKE_CONTAINER_ID)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.fail('Command should not raise exception: {0}'.format(e))
|
self.fail('Command should not raise exception: {0}'.format(e))
|
||||||
|
args = fake_request.call_args
|
||||||
fake_request.assert_called_with(
|
self.assertEqual(
|
||||||
'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start',
|
args[0][0],
|
||||||
data='{"PublishAllPorts": false}',
|
'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start'
|
||||||
headers={'Content-Type': 'application/json'},
|
)
|
||||||
timeout=docker.client.DEFAULT_TIMEOUT_SECONDS
|
self.assertEqual(
|
||||||
|
json.loads(args[1]['data']),
|
||||||
|
{"PublishAllPorts": False, "Privileged": False}
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['headers'],
|
||||||
|
{'Content-Type': 'application/json'}
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['timeout'],
|
||||||
|
docker.client.DEFAULT_TIMEOUT_SECONDS
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_start_container_with_lxc_conf(self):
|
def test_start_container_with_lxc_conf(self):
|
||||||
|
|
@ -274,12 +266,16 @@ class DockerClientTest(unittest.TestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
json.loads(args[1]['data']),
|
json.loads(args[1]['data']),
|
||||||
{"LxcConf": [{"Value": "lxc.conf.value", "Key": "lxc.conf.k"}],
|
{"LxcConf": [{"Value": "lxc.conf.value", "Key": "lxc.conf.k"}],
|
||||||
"PublishAllPorts": False}
|
"PublishAllPorts": False, "Privileged": False}
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
args[1]['headers'],
|
args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'}
|
{'Content-Type': 'application/json'}
|
||||||
)
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['timeout'],
|
||||||
|
docker.client.DEFAULT_TIMEOUT_SECONDS
|
||||||
|
)
|
||||||
|
|
||||||
def test_start_container_with_lxc_conf_compat(self):
|
def test_start_container_with_lxc_conf_compat(self):
|
||||||
try:
|
try:
|
||||||
|
|
@ -296,12 +292,17 @@ class DockerClientTest(unittest.TestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
json.loads(args[1]['data']),
|
json.loads(args[1]['data']),
|
||||||
{
|
{
|
||||||
"LxcConf": [{"Value": "lxc.conf.value", "Key": "lxc.conf.k"}],
|
"LxcConf": [{"Key": "lxc.conf.k", "Value": "lxc.conf.value"}],
|
||||||
"PublishAllPorts": False
|
"PublishAllPorts": False,
|
||||||
|
"Privileged": False,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
self.assertEqual(args[1]['headers'],
|
self.assertEqual(args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'})
|
{'Content-Type': 'application/json'})
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['timeout'],
|
||||||
|
docker.client.DEFAULT_TIMEOUT_SECONDS
|
||||||
|
)
|
||||||
|
|
||||||
def test_start_container_with_binds(self):
|
def test_start_container_with_binds(self):
|
||||||
try:
|
try:
|
||||||
|
|
@ -316,7 +317,9 @@ class DockerClientTest(unittest.TestCase):
|
||||||
self.assertEqual(args[0][0], 'unix://var/run/docker.sock/v1.6/'
|
self.assertEqual(args[0][0], 'unix://var/run/docker.sock/v1.6/'
|
||||||
'containers/3cc2351ab11b/start')
|
'containers/3cc2351ab11b/start')
|
||||||
self.assertEqual(json.loads(args[1]['data']),
|
self.assertEqual(json.loads(args[1]['data']),
|
||||||
{"Binds": ["/tmp:/mnt"], "PublishAllPorts": False})
|
{"Binds": ["/tmp:/mnt"],
|
||||||
|
"PublishAllPorts": False,
|
||||||
|
"Privileged": False})
|
||||||
self.assertEqual(args[1]['headers'],
|
self.assertEqual(args[1]['headers'],
|
||||||
{'Content-Type': 'application/json'})
|
{'Content-Type': 'application/json'})
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
|
|
@ -341,7 +344,8 @@ class DockerClientTest(unittest.TestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
json.loads(args[1]['data']),
|
json.loads(args[1]['data']),
|
||||||
{"PublishAllPorts": False, "Links": ["path:alias"]}
|
{"PublishAllPorts": False, "Privileged": False,
|
||||||
|
"Links": ["path:alias"]}
|
||||||
)
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
args[1]['headers'],
|
args[1]['headers'],
|
||||||
|
|
@ -371,6 +375,7 @@ class DockerClientTest(unittest.TestCase):
|
||||||
json.loads(args[1]['data']),
|
json.loads(args[1]['data']),
|
||||||
{
|
{
|
||||||
"PublishAllPorts": False,
|
"PublishAllPorts": False,
|
||||||
|
"Privileged": False,
|
||||||
"Links": ["path2:alias2", "path1:alias1"]
|
"Links": ["path2:alias2", "path1:alias1"]
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
@ -379,16 +384,47 @@ class DockerClientTest(unittest.TestCase):
|
||||||
{'Content-Type': 'application/json'}
|
{'Content-Type': 'application/json'}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_start_container_privileged(self):
|
||||||
|
try:
|
||||||
|
self.client.start(fake_api.FAKE_CONTAINER_ID, privileged=True)
|
||||||
|
except Exception as e:
|
||||||
|
self.fail('Command should not raise exception: {0}'.format(e))
|
||||||
|
|
||||||
|
args = fake_request.call_args
|
||||||
|
self.assertEqual(
|
||||||
|
args[0][0],
|
||||||
|
'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start'
|
||||||
|
)
|
||||||
|
self.assertEqual(json.loads(args[1]['data']),
|
||||||
|
{"PublishAllPorts": False, "Privileged": True})
|
||||||
|
self.assertEqual(args[1]['headers'],
|
||||||
|
{'Content-Type': 'application/json'})
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['timeout'],
|
||||||
|
docker.client.DEFAULT_TIMEOUT_SECONDS
|
||||||
|
)
|
||||||
|
|
||||||
def test_start_container_with_dict_instead_of_id(self):
|
def test_start_container_with_dict_instead_of_id(self):
|
||||||
try:
|
try:
|
||||||
self.client.start({'Id': fake_api.FAKE_CONTAINER_ID})
|
self.client.start({'Id': fake_api.FAKE_CONTAINER_ID})
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self.fail('Command should not raise exception: {0}'.format(e))
|
self.fail('Command should not raise exception: {0}'.format(e))
|
||||||
fake_request.assert_called_with(
|
args = fake_request.call_args
|
||||||
'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start',
|
self.assertEqual(
|
||||||
data='{"PublishAllPorts": false}',
|
args[0][0],
|
||||||
headers={'Content-Type': 'application/json'},
|
'unix://var/run/docker.sock/v1.6/containers/3cc2351ab11b/start'
|
||||||
timeout=docker.client.DEFAULT_TIMEOUT_SECONDS
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
json.loads(args[1]['data']),
|
||||||
|
{"PublishAllPorts": False, "Privileged": False}
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['headers'],
|
||||||
|
{'Content-Type': 'application/json'}
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
args[1]['timeout'],
|
||||||
|
docker.client.DEFAULT_TIMEOUT_SECONDS
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_wait(self):
|
def test_wait(self):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue