epic/play-with-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

provisioner: augment Networks config from caller when -unsafe (#411)

Browse Source 
Currently container instances are hard-coded to join a single network,
the network associated with the session.

This change allows the caller of CreateInstance to specify which
additional networks should be joined. This is useful, for example, when
a container instance requires access to additional "backend" services
that may be running.

There are security implications associated with this change, hence the
additional networks are only joined when a new -unsafe flag is
specified. It is hoped the name is a sufficient indicator that thought
needs to go into using it.
This commit is contained in:
Paul Jolly
2020-09-04 13:46:31 +01:00
committed by GitHub
parent 78e9689249
commit 681de41e0a
4 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pwd/instance_test.go
View File

@@ -152,6 +152,15 @@ func TestInstanceNew_WithNotAllowedImage(t *testing.T) {
assert.Nil(t, err)
// Switch to unsafe mode in order to test custom networks below
//
// TODO: move config away from being a global in order that we don't
// have to hack setting the context in this way.
config.Unsafe = true
defer func() {
config.Unsafe = false
}()
expectedInstance := types.Instance{
Name: fmt.Sprintf("%s_aaaabbbbcccc", session.Id[:8]),
Hostname: "node1",
@@ -172,14 +181,14 @@ func TestInstanceNew_WithNotAllowedImage(t *testing.T) {
CACert: nil,
Privileged: true,
Envs: []string{"HELLO=WORLD"},
Networks: []string{session.Id},
Networks: []string{session.Id, "arpanet"},
}
_d.On("ContainerCreate", expectedContainerOpts).Return(nil)
_d.On("ContainerIPs", expectedInstance.Name).Return(map[string]string{session.Id: "10.0.0.1"}, nil)
_s.On("InstancePut", mock.AnythingOfType("*types.Instance")).Return(nil)
_e.M.On("Emit", event.INSTANCE_NEW, "aaaabbbbcccc", []interface{}{"aaaabbbb_aaaabbbbcccc", "10.0.0.1", "node1", "ip10-0-0-1-aaaabbbbcccc"}).Return()
instance, err := p.InstanceNew(session, types.InstanceConfig{ImageName: "redis", Envs: []string{"HELLO=WORLD"}})
instance, err := p.InstanceNew(session, types.InstanceConfig{ImageName: "redis", Envs: []string{"HELLO=WORLD"}, Networks: []string{"arpanet"}})
assert.Nil(t, err)
assert.Equal(t, expectedInstance, *instance)