mirror of https://github.com/docker/cli.git
190c64b415
When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
|
||
|---|---|---|
| .. | ||
| capabilities.go | ||
| capabilities_test.go | ||
| config.go | ||
| config_test.go | ||
| duration.go | ||
| duration_test.go | ||
| env.go | ||
| env_test.go | ||
| envfile.go | ||
| envfile_test.go | ||
| file.go | ||
| gpus.go | ||
| gpus_test.go | ||
| hosts.go | ||
| hosts_test.go | ||
| hosts_unix.go | ||
| hosts_windows.go | ||
| ip.go | ||
| ip_test.go | ||
| mount.go | ||
| mount_test.go | ||
| network.go | ||
| network_test.go | ||
| opts.go | ||
| opts_test.go | ||
| parse.go | ||
| parse_test.go | ||
| port.go | ||
| port_test.go | ||
| quotedstring.go | ||
| quotedstring_test.go | ||
| runtime.go | ||
| secret.go | ||
| secret_test.go | ||
| throttledevice.go | ||
| ulimit.go | ||
| ulimit_test.go | ||
| weightdevice.go | ||