When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Both libaries provide similar functionality. We're currently using
Google Shlex in more places, so prefering that one for now, but we
could decide to switch to mattn/go-shellwords in future if that
library is considered better (it looks to be more actively maintained,
but that may be related to it providing "more features").
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is not currently used by the CLI, but can be used by
docker compose to bring parity on this feature with the
compose v2.4 schema.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
67ebcd6dcf added an exception for
the "host-gateway" magic value to the validation rules, but didn't
add thise value to any of the tests.
This patch adds the magic value to tests, to verify the validation
is skipped for this magic value.
Note that validation on the client side is "optional" and mostly
done to provide a more user-friendly error message for regular
values (IP-addresses).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before this change, this would cause a panic:
docker run -it --rm -v 1:/1 alpine
panic: runtime error: index out of range
goroutine 1 [running]:
github.com/docker/cli/cli/compose/loader.isFilePath(0xc42027e058, 0x1, 0x557dcb978c20)
...
After this change, a correct error is returned:
docker run -it --rm -v 1:/1 alpine
docker: Error response from daemon: create 1: volume name is too short, names should be at least two alphanumeric characters.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Added transforms for when merging compose overrides to preserve the
functionality that was broken by bumping mergo to v1.3.8
This includes:
- Special transform for ulimits so single overrides both soft/hard and
the reverse
- Special transform for service network configs so the override replaces
all aliases
Signed-off-by: Nick Adcock <nick.adcock@docker.com>
```
cli/compose/template/template_test.go:279:31: Using the variable on range scope `tc` in function literal (scopelint)
actual := ExtractVariables(tc.dict, defaultPattern)
^
cli/compose/template/template_test.go:280:41: Using the variable on range scope `tc` in function literal (scopelint)
assert.Check(t, is.DeepEqual(actual, tc.expected))
^
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
cli/compose/loader/merge.go:64:41: Using a reference for the variable on range scope `overrideService` (scopelint)
if err := mergo.Merge(&baseService, &overrideService, mergo.WithAppendSlice, mergo.WithOverride, mergo.WithTransformers(specials)); err != nil {
^
cli/compose/loader/loader_test.go:1587:28: Using the variable on range scope `testcase` in function literal (scopelint)
config, err := loadYAML(testcase.yaml)
^
cli/compose/loader/loader_test.go:1590:58: Using the variable on range scope `testcase` in function literal (scopelint)
assert.Check(t, is.DeepEqual(config.Services[0].Init, testcase.init))
^
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was intending to run all tests, but didn't, which was
caught by golangci-lint;
cli/compose/loader/windows_path_test.go:46:17: SA4010: this result of append is never used, except maybe in other appends (staticcheck)
tests := append(isabstests, winisabstests...)
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is currently just a copy of the v3.8 schema, in preparation
of new features to be added in the new schema.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When deploying a stack using a relative path as bind-mount
source in the compose file, the CLI converts the relative
path to an absolute path, relative to the location of the
docker-compose file.
This causes a problem when deploying a stack that uses
an absolute Windows path, because a non-Windows client will
fail to detect that the path (e.g. `C:\somedir`) is an absolute
path (and not a relative directory named `C:\`).
The existing code did already take Windows clients deploying
a Linux stack into account (by checking if the path had a leading
slash). This patch adds the reverse, and adds detection for Windows
absolute paths on non-Windows clients.
The code used to detect Windows absolute paths is copied from the
Golang filepath package;
1d0e94b1e1/src/path/filepath/path_windows.go (L12-L65)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This maps the `--template-driver` flag on secret and config creation.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Due to a typo, substitution would not work if the given
environment-variable was set.
Given the following docker compose file;
```yaml
version: "3.7"
services:
app:
image: nginx:${version:-latest}
```
Deploying a stack with `$version` set would ignore the `$version`
environment variable, and use the default value instead;
```bash
version=alpine docker stack deploy -c docker-compose.yml foobar
Creating network foobar_default
Creating service foobar_app
docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
rskkjxe6sm0w foobar_app replicated 1/1 nginx:latest
```
This patch also fixes "soft default" not detecting empty environment variables,
only non-set environment variables.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
… as it is possible to do it when interpolating. It also fixes when
there is 2 variables on the same *value* (in the composefile, on the
same line)
Finaly, renaming the default, used in cli, pattern to `defaultPattern`
to not be shadowed unintentionally.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
It allows to get easily all the variables defined in a
composefile (the `map[string]interface{}` representation that
`loader.ParseYAML` returns at least) and their default value too.
This commit also does some small function extract on substitution
funcs to reduce a tiny bit duplication.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
This should make it easier for people to write custom composefile
parser without duplicating too much code. It takes the default
transformers and any additional number of transformer for any
types. That way it's possible to transform a `cli/compose` map into a
custom type that would use some of `cli/compose` types and its own.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Even though those fields are not supported by `docker stack deploy`
they are defined in versions `3.x` of compose schema, so the `compose`
package should be able to marshal/unmarshal them.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
- Add the possibility to skip interpolation
- Add the possibility to skip schema validation
- Allow customizing the substitution function, to add special cases.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
> Run an init inside the container that forwards signals and reaps
processes
This is supported on `run` and now on Swarm services too, so it's also
possible to have in on a composefile :).
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
That field is automaticaly populated with any `x-*` field in the yaml.
And marshalling the compose config struct put them back into place.
This make it possible to get those extra fields without re-inventing
the wheel (i.e. reimplementing 80% of the `cli/compose/*` packages.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
As for top-level key, any 3rd-level key which starts with `x-` will be
ignored by compose. This allows for users to:
* include additional metadata in their compose files
* create YAML anchor objects that can be re-used in other parts of the config
This matches a similar feature in the swagger spec definition:
https://swagger.io/specification/#specificationExtensions
This means a composefile like the following is valid
```
verison: "3.7"
services:
foo:
image: foo/bar
x-foo: bar
network:
bar:
x-bar: baz
```
It concerns services, volumes, networks, configs and secrets.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Since go 1.7, "context" is a standard package. Since go 1.9,
x/net/context merely provides some types aliased to those in
the standard context package.
The changes were performed by the following script:
for f in $(git ls-files \*.go | grep -v ^vendor/); do
sed -i 's|golang.org/x/net/context|context|' $f
goimports -w $f
for i in 1 2; do
awk '/^$/ {e=1; next;}
/\t"context"$/ {e=0;}
{if (e) {print ""; e=0}; print;}' < $f > $f.new && \
mv $f.new $f
goimports -w $f
done
done
[v2: do awk/goimports fixup twice]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
… and other cases too. Updating mergo fixes the bugs (but introduced a
slight behaviour change that had to be fixed too)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Some of them are skipped for now (because the feature is not supported
or needs more work), some of them are fixed.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Fix tests that failed when using cmp.Compare()
internal/test/testutil/assert
InDelta
Fix DeepEqual with kube metav1.Time
Convert some ErrorContains to assert
Signed-off-by: Daniel Nephin <dnephin@docker.com>
- Add `Version` to `types.Config`
- Add a new `Services` types (that is just `[]ServiceConfig`) and add
`MarshalYAML` method on it.
- Clean other top-level custom marshaling as `Services` is the only one
required.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
To ensure we are loading the composefile the same wether we are pointing
to swarm or kubernetes, we need to share the loading code between both.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Services do not support custom "pid"-modes (e.g. `--pid=host`), but this
option was ignored silently when deploying a stack.
This patch adds `pid` to the list of unsupported options so that a warning
is printed;
With this patch applied:
$ docker stack deploy -c docker-compose.yml foobar
Ignoring unsupported options: pid
Creating network foobar_default
Creating service foobar_test
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>