From e929baf91adcd6ef14dd4adffb3acbadd64781b7 Mon Sep 17 00:00:00 2001
From: Clayton Coleman <ccoleman@redhat.com>
Date: Sat, 3 Oct 2015 16:38:49 -0400
Subject: [PATCH] Support stdinOnce, which allows run-once STDIN injection

This allows containers to wait for input before startup by listening
on STDIN, and after STDIN is closed, continue running. Matches the
Docker syntax.
---
 api/swagger-spec/v1.json                            |  6 +++++-
 api/swagger-spec/v1beta1.json                       |  6 +++++-
 pkg/api/deep_copy_generated.go                      |  1 +
 pkg/api/types.go                                    |  5 +++--
 pkg/api/v1/conversion_generated.go                  |  2 ++
 pkg/api/v1/deep_copy_generated.go                   |  1 +
 pkg/api/v1/types.go                                 | 11 ++++++++++-
 pkg/api/v1/types_swagger_doc_generated.go           |  3 ++-
 pkg/apis/extensions/deep_copy_generated.go          |  1 +
 pkg/apis/extensions/v1beta1/conversion_generated.go |  2 ++
 pkg/apis/extensions/v1beta1/deep_copy_generated.go  |  1 +
 pkg/kubelet/dockertools/manager.go                  |  1 +
 12 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/api/swagger-spec/v1.json b/api/swagger-spec/v1.json
index fcc70ea0331..b66820ccb1f 100644
--- a/api/swagger-spec/v1.json
+++ b/api/swagger-spec/v1.json
@@ -12986,7 +12986,11 @@
      },
      "stdin": {
       "type": "boolean",
-      "description": "Whether this container should allocate a buffer for stdin in the container runtime. Default is false."
+      "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false."
+     },
+     "stdinOnce": {
+      "type": "boolean",
+      "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false"
      },
      "tty": {
       "type": "boolean",
diff --git a/api/swagger-spec/v1beta1.json b/api/swagger-spec/v1beta1.json
index 4f529718ce9..30bc5fcb6b1 100644
--- a/api/swagger-spec/v1beta1.json
+++ b/api/swagger-spec/v1beta1.json
@@ -3537,7 +3537,11 @@
      },
      "stdin": {
       "type": "boolean",
-      "description": "Whether this container should allocate a buffer for stdin in the container runtime. Default is false."
+      "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false."
+     },
+     "stdinOnce": {
+      "type": "boolean",
+      "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false"
      },
      "tty": {
       "type": "boolean",
diff --git a/pkg/api/deep_copy_generated.go b/pkg/api/deep_copy_generated.go
index 8b73d005346..e35bd074d02 100644
--- a/pkg/api/deep_copy_generated.go
+++ b/pkg/api/deep_copy_generated.go
@@ -238,6 +238,7 @@ func deepCopy_api_Container(in Container, out *Container, c *conversion.Cloner)
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/api/types.go b/pkg/api/types.go
index 35aadf2f5a4..0446bbf9342 100644
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@@ -794,8 +794,9 @@ type Container struct {
 
 	// Variables for interactive containers, these have very specialized use-cases (e.g. debugging)
 	// and shouldn't be used for general purpose containers.
-	Stdin bool `json:"stdin,omitempty"`
-	TTY   bool `json:"tty,omitempty"`
+	Stdin     bool `json:"stdin,omitempty"`
+	StdinOnce bool `json:"stdinOnce,omitempty"`
+	TTY       bool `json:"tty,omitempty"`
 }
 
 // Handler defines a specific action that should be taken
diff --git a/pkg/api/v1/conversion_generated.go b/pkg/api/v1/conversion_generated.go
index 0e9e777d8d2..ac37f67f695 100644
--- a/pkg/api/v1/conversion_generated.go
+++ b/pkg/api/v1/conversion_generated.go
@@ -292,6 +292,7 @@ func autoconvert_api_Container_To_v1_Container(in *api.Container, out *Container
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
@@ -3305,6 +3306,7 @@ func autoconvert_v1_Container_To_api_Container(in *Container, out *api.Container
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/api/v1/deep_copy_generated.go b/pkg/api/v1/deep_copy_generated.go
index 87cbcf4b71c..357bbefd307 100644
--- a/pkg/api/v1/deep_copy_generated.go
+++ b/pkg/api/v1/deep_copy_generated.go
@@ -274,6 +274,7 @@ func deepCopy_v1_Container(in Container, out *Container, c *conversion.Cloner) e
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go
index 13f4618b7b8..c38b1388982 100644
--- a/pkg/api/v1/types.go
+++ b/pkg/api/v1/types.go
@@ -976,9 +976,18 @@ type Container struct {
 	// Variables for interactive containers, these have very specialized use-cases (e.g. debugging)
 	// and shouldn't be used for general purpose containers.
 
-	// Whether this container should allocate a buffer for stdin in the container runtime.
+	// Whether this container should allocate a buffer for stdin in the container runtime. If this
+	// is not set, reads from stdin in the container will always result in EOF.
 	// Default is false.
 	Stdin bool `json:"stdin,omitempty"`
+	// Whether the container runtime should close the stdin channel after it has been opened by
+	// a single attach. When stdin is true the stdin stream will remain open across multiple attach
+	// sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+	// first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+	// at which time stdin is closed and remains closed until the container is restarted. If this
+	// flag is false, a container processes that reads from stdin will never receive an EOF.
+	// Default is false
+	StdinOnce bool `json:"stdinOnce,omitempty"`
 	// Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
 	// Default is false.
 	TTY bool `json:"tty,omitempty"`
diff --git a/pkg/api/v1/types_swagger_doc_generated.go b/pkg/api/v1/types_swagger_doc_generated.go
index 4f25221a79a..238ebc369be 100644
--- a/pkg/api/v1/types_swagger_doc_generated.go
+++ b/pkg/api/v1/types_swagger_doc_generated.go
@@ -132,7 +132,8 @@ var map_Container = map[string]string{
 	"terminationMessagePath": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.",
 	"imagePullPolicy":        "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: http://releases.k8s.io/HEAD/docs/user-guide/images.md#updating-images",
 	"securityContext":        "Security options the pod should run with. More info: http://releases.k8s.io/HEAD/docs/design/security_context.md",
-	"stdin":                  "Whether this container should allocate a buffer for stdin in the container runtime. Default is false.",
+	"stdin":                  "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.",
+	"stdinOnce":              "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false",
 	"tty":                    "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.",
 }
 
diff --git a/pkg/apis/extensions/deep_copy_generated.go b/pkg/apis/extensions/deep_copy_generated.go
index 7cf48baebf2..1716049c2b7 100644
--- a/pkg/apis/extensions/deep_copy_generated.go
+++ b/pkg/apis/extensions/deep_copy_generated.go
@@ -175,6 +175,7 @@ func deepCopy_api_Container(in api.Container, out *api.Container, c *conversion.
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/apis/extensions/v1beta1/conversion_generated.go b/pkg/apis/extensions/v1beta1/conversion_generated.go
index 1661f9f94be..a7e2868e194 100644
--- a/pkg/apis/extensions/v1beta1/conversion_generated.go
+++ b/pkg/apis/extensions/v1beta1/conversion_generated.go
@@ -205,6 +205,7 @@ func autoconvert_api_Container_To_v1_Container(in *api.Container, out *v1.Contai
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
@@ -1255,6 +1256,7 @@ func autoconvert_v1_Container_To_api_Container(in *v1.Container, out *api.Contai
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/apis/extensions/v1beta1/deep_copy_generated.go b/pkg/apis/extensions/v1beta1/deep_copy_generated.go
index bc2b769244a..51f28684578 100644
--- a/pkg/apis/extensions/v1beta1/deep_copy_generated.go
+++ b/pkg/apis/extensions/v1beta1/deep_copy_generated.go
@@ -213,6 +213,7 @@ func deepCopy_v1_Container(in v1.Container, out *v1.Container, c *conversion.Clo
 		out.SecurityContext = nil
 	}
 	out.Stdin = in.Stdin
+	out.StdinOnce = in.StdinOnce
 	out.TTY = in.TTY
 	return nil
 }
diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go
index 0a0a6dfb849..4bda04ff19d 100644
--- a/pkg/kubelet/dockertools/manager.go
+++ b/pkg/kubelet/dockertools/manager.go
@@ -760,6 +760,7 @@ func (dm *DockerManager) runContainer(
 			Labels:     labels,
 			// Interactive containers:
 			OpenStdin: container.Stdin,
+			StdinOnce: container.StdinOnce,
 			Tty:       container.TTY,
 		},
 	}