Comments (11)
Okay. There's community interested in this one and an old PR.
I'm going to file this 'help wanted' and put it in the Icebox, but if any of you want to pick up where the previous author left off, let me know and I'll put it 'In Progress'
from container-structure-test.
I'm actually happy to have a go at this, but wanted to check if you'd thought about how you might do this?
Use case for us is we have an auditd container that contains some audisp plugins we'd like to test, which needs some extra privileges in order to run successfully.
I'm wondering whether we could add a dockerRunOpts
top-level field to test yaml
? that might allow you to set global docker run options. Something the below. We wouldn't need to support all the options really, since some of them are constructued by the driver at runtime.
type dockerRunOpts struct {
Mounts []docker.Mount
// by default drop all capabilites
Capabilites []string
Privileged bool
}
and the yaml might look like:
dockerRunOpts:
mounts:
- source: /tmp/beans
destination /tmp/cheese
readWrite: false
privileged: false
capabilities:
- SYS_ADMIN
We'd then need to pass the capabilities
to the docker.HostConfig
and the mounts to the docker.Config
.
from container-structure-test.
Hey @mogthesprog, thanks for filing. I think I'm ok with with the general design here, seems like there's enough desire for run options here to warrant taking a stab at it. The one change I think we'll have to make to the UX is probably embedding the driver
flag into the yaml
, so that it's a little more explicit when you specify a dockerRunOpts
field that it'll be used with the docker
driver, or that it will be ignored if you specify a different driver.
As far as fields in the dockerRunOpts
, I'd say the 3 you have in there right now are fine, we might want to consider adding support for networking options as well.
from container-structure-test.
so maybe something like this? also means if we end up supporting a different container driver then it's a little more generic.
containerRunOpts:
driver: docker
mounts:
- source: /tmp/beans
destination: /tmp/cheese
readWrite: false
privileged: false
capabilities:
- SYS_ADMIN
from container-structure-test.
I think the driver should be outside the containerRunOpts
field. if the user wants to specify the tar
driver for example, there won't be any run options. other than that, seems fine
from container-structure-test.
ah great. That's the bit i was missing. I've had a quick stab this evening, i'll hopefully have something put together over the next few days, will keep you posted.
from container-structure-test.
+1 for this feature.
I'm currently using docker-py to make sure we have the correct libraries installed after mounting a volume containing scripts. This seems like a more robust solution.
from container-structure-test.
+1 for this feature
from container-structure-test.
+1
from container-structure-test.
If your Entrypoint is /bin/bash, you can pass arguments as docker run -it container something.sh argument argument argument
from container-structure-test.
+1
If possible this feature should change docker run user parameter too.
I mean the equivalent of running:
docker run --user 405:100 alpine whoami
This should be very useful when testing commands required to be run as unprivileged user.
from container-structure-test.
Related Issues (20)
- Testing the existence of a directory is very slow
- Release process: use github actions and release to bazel central registry HOT 1
- container-structure-test behaves differently on two identical machines HOT 2
- Add Expected Log validation HOT 3
- How to use container_structure_test with oci_image on MacOS
- No Release asset checksums (sha256) since Release v1.11.0
- Add platform parameter to support testing multi-platform images
- Multiple outputs (i.e. `text` and `json`) HOT 1
- New Testcontainers driver HOT 3
- Env var expansion feature in commandTests output assertions
- Add support to containerRunOptions for --cap-drop
- Security Policy violation SECURITY.md HOT 112
- Update documentation regarding Bazel and Docker TCP connections
- Binaries for v1.16.1? HOT 2
- Unable use v1.16.1 with bzlmod
- How to mount a config file? HOT 1
- Hash for linux_i386 is missing
- Add Darwin ARM64 package type HOT 7
- Add ability to document container in markdown HOT 1
- Add a metadata test to test the base image used in the image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from container-structure-test.