From f8fb28e651563495d1f38457d4e596ce567f50b3 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 11 Jan 2024 19:30:13 +0100 Subject: [PATCH] More docker backend test remove more undocumented (#3156) remove Sysctls and IpcMode --- pipeline/backend/docker/convert.go | 4 -- pipeline/backend/docker/convert_test.go | 68 +++++++++++++++++++- pipeline/backend/types/step.go | 2 - pipeline/frontend/yaml/compiler/convert.go | 3 - pipeline/frontend/yaml/linter/linter.go | 6 -- pipeline/frontend/yaml/linter/linter_test.go | 4 -- pipeline/frontend/yaml/types/container.go | 2 - 7 files changed, 67 insertions(+), 22 deletions(-) diff --git a/pipeline/backend/docker/convert.go b/pipeline/backend/docker/convert.go index b67e1693b..46ab26ced 100644 --- a/pipeline/backend/docker/convert.go +++ b/pipeline/backend/docker/convert.go @@ -79,15 +79,11 @@ func toHostConfig(step *types.Step) *container.HostConfig { }, Privileged: step.Privileged, ShmSize: step.ShmSize, - Sysctls: step.Sysctls, } if len(step.NetworkMode) != 0 { config.NetworkMode = container.NetworkMode(step.NetworkMode) } - if len(step.IpcMode) != 0 { - config.IpcMode = container.IpcMode(step.IpcMode) - } if len(step.DNS) != 0 { config.DNS = step.DNS } diff --git a/pipeline/backend/docker/convert_test.go b/pipeline/backend/docker/convert_test.go index 91e039719..a6e77fdd0 100644 --- a/pipeline/backend/docker/convert_test.go +++ b/pipeline/backend/docker/convert_test.go @@ -114,9 +114,75 @@ func TestToConfigSmall(t *testing.T) { "wp_uuid": "09238932", }, Env: []string{ - "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==", + "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" + + "5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU9" + + "GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1JE" + + "CnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0Cg==", "HOME=/root", "SHELL=/bin/sh", }, }, conf) } + +func TestToConfigFull(t *testing.T) { + engine := docker{info: types.Info{OSType: "linux/riscv64"}} + + conf := engine.toConfig(&backend.Step{ + Name: "test", + UUID: "09238932", + Type: backend.StepTypeCommands, + Image: "golang:1.2.3", + Pull: true, + Detached: true, + Privileged: true, + WorkingDir: "/src/abc", + Environment: map[string]string{"TAGS": "sqlite"}, + Commands: []string{"go test", "go vet ./..."}, + ExtraHosts: []backend.HostAlias{{Name: "t", IP: "1.2.3.4"}}, + Volumes: []string{"/cache:/cache"}, + Tmpfs: []string{"/tmp"}, + Devices: []string{"/dev/sdc"}, + Networks: []backend.Conn{{Name: "extra-net", Aliases: []string{"extra.net"}}}, + DNS: []string{"9.9.9.9", "8.8.8.8"}, + DNSSearch: nil, + MemSwapLimit: 12, + MemLimit: 13, + ShmSize: 14, + CPUQuota: 15, + CPUShares: 16, + OnFailure: true, + OnSuccess: true, + Failure: "fail", + AuthConfig: backend.Auth{Username: "user", Password: "123456", Email: "user@example.com"}, + NetworkMode: "bridge", + Ports: []uint16{21, 22}, + }) + + assert.NotNil(t, conf) + sort.Strings(conf.Env) + assert.EqualValues(t, &container.Config{ + Image: "golang:1.2.3", + WorkingDir: "/src/abc", + AttachStdout: true, + AttachStderr: true, + Cmd: []string{"echo $CI_SCRIPT | base64 -d | /bin/sh -e"}, + Entrypoint: []string{"/bin/sh", "-c"}, + Labels: map[string]string{ + "wp_step": "test", + "wp_uuid": "09238932", + }, + Env: []string{ + "CI_SCRIPT=CmlmIFsgLW4gIiRDSV9ORVRSQ19NQUNISU5FIiBdOyB0aGVuCmNhdCA8PEVPRiA+ICRIT01FLy5uZXRyYwptYWNoaW" + + "5lICRDSV9ORVRSQ19NQUNISU5FCmxvZ2luICRDSV9ORVRSQ19VU0VSTkFNRQpwYXNzd29yZCAkQ0lfTkVUUkNfUEFTU1dPUkQKRU" + + "9GCmNobW9kIDA2MDAgJEhPTUUvLm5ldHJjCmZpCnVuc2V0IENJX05FVFJDX1VTRVJOQU1FCnVuc2V0IENJX05FVFJDX1BBU1NXT1" + + "JECnVuc2V0IENJX1NDUklQVAoKZWNobyArICdnbyB0ZXN0JwpnbyB0ZXN0CgplY2hvICsgJ2dvIHZldCAuLy4uLicKZ28gdmV0IC" + + "4vLi4uCg==", + "HOME=/root", + "SHELL=/bin/sh", + "TAGS=sqlite", + }, + Volumes: map[string]struct{}{ + "/cache": {}, + }, + }, conf) +} diff --git a/pipeline/backend/types/step.go b/pipeline/backend/types/step.go index f24fabed8..a2f8f37a3 100644 --- a/pipeline/backend/types/step.go +++ b/pipeline/backend/types/step.go @@ -45,8 +45,6 @@ type Step struct { Failure string `json:"failure,omitempty"` AuthConfig Auth `json:"auth_config,omitempty"` NetworkMode string `json:"network_mode,omitempty"` - IpcMode string `json:"ipc_mode,omitempty"` - Sysctls map[string]string `json:"sysctls,omitempty"` Ports []uint16 `json:"ports,omitempty"` BackendOptions BackendOptions `json:"backend_options,omitempty"` } diff --git a/pipeline/frontend/yaml/compiler/convert.go b/pipeline/frontend/yaml/compiler/convert.go index 1656930d2..4044eb9f1 100644 --- a/pipeline/frontend/yaml/compiler/convert.go +++ b/pipeline/frontend/yaml/compiler/convert.go @@ -39,7 +39,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe workspace = fmt.Sprintf("%s_default:%s", c.prefix, c.base) privileged = container.Privileged networkMode = container.NetworkMode - ipcMode = container.IpcMode // network = container.Network ) @@ -191,7 +190,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe MemSwapLimit: memSwapLimit, MemLimit: memLimit, ShmSize: shmSize, - Sysctls: container.Sysctls, CPUQuota: cpuQuota, CPUShares: cpuShares, CPUSet: cpuSet, @@ -200,7 +198,6 @@ func (c *Compiler) createProcess(container *yaml_types.Container, stepType backe OnFailure: onFailure, Failure: failure, NetworkMode: networkMode, - IpcMode: ipcMode, Ports: ports, BackendOptions: backendOptions, }, nil diff --git a/pipeline/frontend/yaml/linter/linter.go b/pipeline/frontend/yaml/linter/linter.go index a7d4a202e..6da6f5fcd 100644 --- a/pipeline/frontend/yaml/linter/linter.go +++ b/pipeline/frontend/yaml/linter/linter.go @@ -169,12 +169,6 @@ func (l *Linter) lintTrusted(config *WorkflowConfig, c *types.Container, area st if len(c.NetworkMode) != 0 { err = "Insufficient privileges to use network_mode" } - if len(c.IpcMode) != 0 { - err = "Insufficient privileges to use ipc_mode" - } - if len(c.Sysctls) != 0 { - err = "Insufficient privileges to use sysctls" - } if c.Networks.Networks != nil && len(c.Networks.Networks) != 0 { err = "Insufficient privileges to use networks" } diff --git a/pipeline/frontend/yaml/linter/linter_test.go b/pipeline/frontend/yaml/linter/linter_test.go index 580825c5a..1deef4c85 100644 --- a/pipeline/frontend/yaml/linter/linter_test.go +++ b/pipeline/frontend/yaml/linter/linter_test.go @@ -152,10 +152,6 @@ func TestLintErrors(t *testing.T) { from: "steps: { build: { image: golang, network_mode: 'container:name' } }", want: "Insufficient privileges to use network_mode", }, - { - from: "steps: { build: { image: golang, sysctls: [ net.core.somaxconn=1024 ] } }", - want: "Insufficient privileges to use sysctls", - }, } for _, test := range testdata { diff --git a/pipeline/frontend/yaml/types/container.go b/pipeline/frontend/yaml/types/container.go index b53457747..c1fb71778 100644 --- a/pipeline/frontend/yaml/types/container.go +++ b/pipeline/frontend/yaml/types/container.go @@ -61,13 +61,11 @@ type ( DNSSearch base.StringOrSlice `yaml:"dns_search,omitempty"` DNS base.StringOrSlice `yaml:"dns,omitempty"` ExtraHosts []string `yaml:"extra_hosts,omitempty"` - IpcMode string `yaml:"ipc_mode,omitempty"` MemLimit base.MemStringOrInt `yaml:"mem_limit,omitempty"` MemSwapLimit base.MemStringOrInt `yaml:"memswap_limit,omitempty"` NetworkMode string `yaml:"network_mode,omitempty"` Networks Networks `yaml:"networks,omitempty"` ShmSize base.MemStringOrInt `yaml:"shm_size,omitempty"` - Sysctls base.SliceOrMap `yaml:"sysctls,omitempty"` Tmpfs []string `yaml:"tmpfs,omitempty"` } )