Give extended privileges to the container
Depends-On: Ifdeb97e92ac6d7b21aa91641c38c8af62d9d8d56 Change-Id: I250fa8aacc388d62266fca0f99141ca84c2ef85b Implements: blueprint support-zun-create-privileged
This commit is contained in:
Feng Shengqin
@@ -31,7 +31,7 @@ if not LOG.handlers:
|
|||||||
HEADER_NAME = "OpenStack-API-Version"
|
HEADER_NAME = "OpenStack-API-Version"
|
||||||
SERVICE_TYPE = "container"
|
SERVICE_TYPE = "container"
|
||||||
MIN_API_VERSION = '1.1'
|
MIN_API_VERSION = '1.1'
|
||||||
MAX_API_VERSION = '1.20'
|
MAX_API_VERSION = '1.21'
|
||||||
DEFAULT_API_VERSION = MAX_API_VERSION
|
DEFAULT_API_VERSION = MAX_API_VERSION
|
||||||
|
|
||||||
_SUBSTITUTIONS = {}
|
_SUBSTITUTIONS = {}
|
||||||
|
|||||||
@@ -179,6 +179,12 @@ class CreateContainer(command.ShowOne):
|
|||||||
action='store_true',
|
action='store_true',
|
||||||
default=False,
|
default=False,
|
||||||
help='The flag of healing non-existent container in docker')
|
help='The flag of healing non-existent container in docker')
|
||||||
|
parser.add_argument(
|
||||||
|
'--privileged',
|
||||||
|
dest='privileged',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help='Give extended privileges to this container')
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
def take_action(self, parsed_args):
|
def take_action(self, parsed_args):
|
||||||
@@ -202,6 +208,8 @@ class CreateContainer(command.ShowOne):
|
|||||||
zun_utils.check_restart_policy(parsed_args.restart)
|
zun_utils.check_restart_policy(parsed_args.restart)
|
||||||
if parsed_args.interactive:
|
if parsed_args.interactive:
|
||||||
opts['interactive'] = True
|
opts['interactive'] = True
|
||||||
|
if parsed_args.privileged:
|
||||||
|
opts['privileged'] = True
|
||||||
opts['hints'] = zun_utils.format_args(parsed_args.hint)
|
opts['hints'] = zun_utils.format_args(parsed_args.hint)
|
||||||
opts['nets'] = zun_utils.parse_nets(parsed_args.net)
|
opts['nets'] = zun_utils.parse_nets(parsed_args.net)
|
||||||
opts['mounts'] = zun_utils.parse_mounts(parsed_args.mount)
|
opts['mounts'] = zun_utils.parse_mounts(parsed_args.mount)
|
||||||
@@ -797,6 +805,12 @@ class RunContainer(command.ShowOne):
|
|||||||
action='store_true',
|
action='store_true',
|
||||||
default=False,
|
default=False,
|
||||||
help='The flag of healing non-existent container in docker')
|
help='The flag of healing non-existent container in docker')
|
||||||
|
parser.add_argument(
|
||||||
|
'--privileged',
|
||||||
|
dest='privileged',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help='Give extended privileges to this container')
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
def take_action(self, parsed_args):
|
def take_action(self, parsed_args):
|
||||||
@@ -820,6 +834,8 @@ class RunContainer(command.ShowOne):
|
|||||||
zun_utils.check_restart_policy(parsed_args.restart)
|
zun_utils.check_restart_policy(parsed_args.restart)
|
||||||
if parsed_args.interactive:
|
if parsed_args.interactive:
|
||||||
opts['interactive'] = True
|
opts['interactive'] = True
|
||||||
|
if parsed_args.privileged:
|
||||||
|
opts['privileged'] = True
|
||||||
opts['hints'] = zun_utils.format_args(parsed_args.hint)
|
opts['hints'] = zun_utils.format_args(parsed_args.hint)
|
||||||
opts['nets'] = zun_utils.parse_nets(parsed_args.net)
|
opts['nets'] = zun_utils.parse_nets(parsed_args.net)
|
||||||
opts['mounts'] = zun_utils.parse_mounts(parsed_args.mount)
|
opts['mounts'] = zun_utils.parse_mounts(parsed_args.mount)
|
||||||
|
|||||||
@@ -246,7 +246,7 @@ class ShellTest(utils.TestCase):
|
|||||||
project_domain_id='', project_domain_name='',
|
project_domain_id='', project_domain_name='',
|
||||||
user_domain_id='', user_domain_name='', profile=None,
|
user_domain_id='', user_domain_name='', profile=None,
|
||||||
endpoint_override=None, insecure=False, cacert=None,
|
endpoint_override=None, insecure=False, cacert=None,
|
||||||
version=api_versions.APIVersion('1.20'))
|
version=api_versions.APIVersion('1.21'))
|
||||||
|
|
||||||
def test_main_option_region(self):
|
def test_main_option_region(self):
|
||||||
self.make_env()
|
self.make_env()
|
||||||
@@ -274,7 +274,7 @@ class ShellTest(utils.TestCase):
|
|||||||
project_domain_id='', project_domain_name='',
|
project_domain_id='', project_domain_name='',
|
||||||
user_domain_id='', user_domain_name='', profile=None,
|
user_domain_id='', user_domain_name='', profile=None,
|
||||||
endpoint_override=None, insecure=False, cacert=None,
|
endpoint_override=None, insecure=False, cacert=None,
|
||||||
version=api_versions.APIVersion('1.20'))
|
version=api_versions.APIVersion('1.21'))
|
||||||
|
|
||||||
@mock.patch('zunclient.client.Client')
|
@mock.patch('zunclient.client.Client')
|
||||||
def test_main_endpoint_internal(self, mock_client):
|
def test_main_endpoint_internal(self, mock_client):
|
||||||
@@ -288,7 +288,7 @@ class ShellTest(utils.TestCase):
|
|||||||
project_domain_id='', project_domain_name='',
|
project_domain_id='', project_domain_name='',
|
||||||
user_domain_id='', user_domain_name='', profile=None,
|
user_domain_id='', user_domain_name='', profile=None,
|
||||||
endpoint_override=None, insecure=False, cacert=None,
|
endpoint_override=None, insecure=False, cacert=None,
|
||||||
version=api_versions.APIVersion('1.20'))
|
version=api_versions.APIVersion('1.21'))
|
||||||
|
|
||||||
|
|
||||||
class ShellTestKeystoneV3(ShellTest):
|
class ShellTestKeystoneV3(ShellTest):
|
||||||
@@ -320,4 +320,4 @@ class ShellTestKeystoneV3(ShellTest):
|
|||||||
user_domain_id='', user_domain_name='Default',
|
user_domain_id='', user_domain_name='Default',
|
||||||
endpoint_override=None, insecure=False, profile=None,
|
endpoint_override=None, insecure=False, profile=None,
|
||||||
cacert=None,
|
cacert=None,
|
||||||
version=api_versions.APIVersion('1.20'))
|
version=api_versions.APIVersion('1.21'))
|
||||||
|
|||||||
@@ -36,7 +36,8 @@ CONTAINER1 = {'id': '1234',
|
|||||||
'runtime': 'runc',
|
'runtime': 'runc',
|
||||||
'hostname': 'testhost',
|
'hostname': 'testhost',
|
||||||
'disk': '20',
|
'disk': '20',
|
||||||
'auto_heal': False
|
'auto_heal': False,
|
||||||
|
'privileged': False,
|
||||||
}
|
}
|
||||||
|
|
||||||
CONTAINER2 = {'id': '1235',
|
CONTAINER2 = {'id': '1235',
|
||||||
@@ -56,7 +57,8 @@ CONTAINER2 = {'id': '1235',
|
|||||||
'auto_remove': False,
|
'auto_remove': False,
|
||||||
'runtime': 'runc',
|
'runtime': 'runc',
|
||||||
'hostname': 'testhost',
|
'hostname': 'testhost',
|
||||||
'auto_heal': False
|
'auto_heal': False,
|
||||||
|
'privileged': True,
|
||||||
}
|
}
|
||||||
|
|
||||||
NETWORK1 = {'net_id': '99e90853-e1fd-4c57-a116-9e335deaa592',
|
NETWORK1 = {'net_id': '99e90853-e1fd-4c57-a116-9e335deaa592',
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ CREATION_ATTRIBUTES = ['name', 'image', 'command', 'cpu', 'memory',
|
|||||||
'restart_policy', 'interactive', 'image_driver',
|
'restart_policy', 'interactive', 'image_driver',
|
||||||
'security_groups', 'hints', 'nets', 'auto_remove',
|
'security_groups', 'hints', 'nets', 'auto_remove',
|
||||||
'runtime', 'hostname', 'mounts', 'disk',
|
'runtime', 'hostname', 'mounts', 'disk',
|
||||||
'availability_zone', 'auto_heal']
|
'availability_zone', 'auto_heal', 'privileged']
|
||||||
|
|
||||||
|
|
||||||
class Container(base.Resource):
|
class Container(base.Resource):
|
||||||
|
|||||||
@@ -148,6 +148,11 @@ def _show_container(container):
|
|||||||
action='store_true',
|
action='store_true',
|
||||||
default=False,
|
default=False,
|
||||||
help='The flag of healing non-existent container in docker.')
|
help='The flag of healing non-existent container in docker.')
|
||||||
|
@utils.arg('--privileged',
|
||||||
|
dest='privileged',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help='Give extended privileges to this container')
|
||||||
def do_create(cs, args):
|
def do_create(cs, args):
|
||||||
"""Create a container."""
|
"""Create a container."""
|
||||||
opts = {}
|
opts = {}
|
||||||
@@ -177,6 +182,8 @@ def do_create(cs, args):
|
|||||||
opts['restart_policy'] = zun_utils.check_restart_policy(args.restart)
|
opts['restart_policy'] = zun_utils.check_restart_policy(args.restart)
|
||||||
if args.interactive:
|
if args.interactive:
|
||||||
opts['interactive'] = True
|
opts['interactive'] = True
|
||||||
|
if args.privileged:
|
||||||
|
opts['privileged'] = True
|
||||||
opts = zun_utils.remove_null_parms(**opts)
|
opts = zun_utils.remove_null_parms(**opts)
|
||||||
_show_container(cs.containers.create(**opts))
|
_show_container(cs.containers.create(**opts))
|
||||||
|
|
||||||
@@ -635,6 +642,11 @@ def do_kill(cs, args):
|
|||||||
action='store_true',
|
action='store_true',
|
||||||
default=False,
|
default=False,
|
||||||
help='The flag of healing non-existent container in docker.')
|
help='The flag of healing non-existent container in docker.')
|
||||||
|
@utils.arg('--privileged',
|
||||||
|
dest='privileged',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help='Give extended privileges to this container')
|
||||||
def do_run(cs, args):
|
def do_run(cs, args):
|
||||||
"""Run a command in a new container."""
|
"""Run a command in a new container."""
|
||||||
opts = {}
|
opts = {}
|
||||||
@@ -664,6 +676,8 @@ def do_run(cs, args):
|
|||||||
opts['restart_policy'] = zun_utils.check_restart_policy(args.restart)
|
opts['restart_policy'] = zun_utils.check_restart_policy(args.restart)
|
||||||
if args.interactive:
|
if args.interactive:
|
||||||
opts['interactive'] = True
|
opts['interactive'] = True
|
||||||
|
if args.privileged:
|
||||||
|
opts['privileged'] = True
|
||||||
opts = zun_utils.remove_null_parms(**opts)
|
opts = zun_utils.remove_null_parms(**opts)
|
||||||
container = cs.containers.run(**opts)
|
container = cs.containers.run(**opts)
|
||||||
_show_container(container)
|
_show_container(container)
|
||||||
|
|||||||
Reference in New Issue
Block a user