DockerCLI/opts
Sebastiaan van Stijn 190c64b415
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.

The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.

This patch updates how we handle `--cap-add` / `--cap-drop` when  _creating_ as
well as _updating_, with the following rules/assumptions applied:

- both existing (service spec) and new (values passed through flags or in
  the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
  into account when normalizing capabilities. Combining "ALL" capabilities
  and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
  a capability is both set to be "dropped" and to be "added", it is removed
  from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
  delegated to the daemon/server.

When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-09-08 14:38:35 +02:00
..
capabilities.go Service cap-add/cap-drop: improve handling of combinations and special "ALL" value 2020-09-08 14:38:35 +02:00
capabilities_test.go Service cap-add/cap-drop: improve handling of combinations and special "ALL" value 2020-09-08 14:38:35 +02:00
config.go Default config/secret target to source name 2020-01-09 13:38:19 +00:00
config_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
duration.go Move duration opts into an opts package 2017-05-16 17:49:40 +02:00
duration_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
env.go opts: simplify ValidateEnv to use os.LookupEnv 2020-08-28 18:31:41 +02:00
env_test.go opts: simplify ValidateEnv to use os.LookupEnv 2020-08-28 18:31:41 +02:00
envfile.go import environment variables that are present 2018-07-02 07:37:12 +02:00
envfile_test.go Tweak validation messages 2019-03-19 03:17:02 +01:00
file.go Tweak validation messages 2019-03-19 03:17:02 +01:00
gpus.go container: --gpus support 2019-03-21 20:14:25 +00:00
gpus_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
hosts.go opts: use constants instead of vars for defaults and un-export them 2020-04-10 16:22:21 +02:00
hosts_test.go Add "host-gateway" to tests for extra_hosts / --add-host 2020-04-15 09:52:55 +02:00
hosts_unix.go opts: use constants instead of vars for defaults and un-export them 2020-04-10 16:22:21 +02:00
hosts_windows.go opts: use constants instead of vars for defaults and un-export them 2020-04-10 16:22:21 +02:00
ip.go Convert dockerd to use cobra and pflag 2017-05-15 11:57:19 +02:00
ip_test.go golint: trust 2017-05-15 11:57:15 +02:00
mount.go support --mount type=bind,bind-nonrecursive,... 2019-01-10 12:07:46 +09:00
mount_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
network.go Add ip and ip6 to advanced network syntax 2019-04-03 17:03:34 +02:00
network_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
opts.go Tweak validation messages 2019-03-19 03:17:02 +01:00
opts_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
parse.go ReadKVEnvStrings/ReadKVStrings return nil if empty, and add tests 2020-06-26 16:07:13 +02:00
parse_test.go ReadKVEnvStrings/ReadKVStrings return nil if empty, and add tests 2020-06-26 16:07:13 +02:00
port.go opts: fix formatting of comments 2020-01-16 12:48:09 +01:00
port_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
quotedstring.go Add unconvert linter 2017-06-14 16:54:27 -07:00
quotedstring_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
runtime.go Clean some stuff from runconfig that are cli only… 2017-05-15 11:57:20 +02:00
secret.go Default config/secret target to source name 2020-01-09 13:38:19 +00:00
secret_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-23 00:28:55 +01:00
throttledevice.go opts/throttledevice.go:51:5: SA4003: unsigned values are never < 0 (staticcheck) 2019-10-31 19:21:55 +01:00
ulimit.go Clean some stuff from runconfig that are cli only… 2017-05-15 11:57:20 +02:00
ulimit_test.go opts/ulimit_test.go:11:13: composites: `*github.com/docker/cli/vendor/github.com/docker/go-units.Ulimit` composite literal uses unkeyed fields (govet) 2019-10-31 19:22:15 +01:00
weightdevice.go Add gosimple lint 2017-06-14 16:55:08 -07:00