use allow_runtimes for consistency

Other allow lists use allow_ prefix (e.g. allow_caps, allow_privileged).

drivers/docker/config.go

@@ -252,8 +252,8 @@ var (
 			hclspec.NewLiteral(`"nvidia"`),
 		),
 		// list of docker runtimes allowed to be used
-		"allowed_runtimes": hclspec.NewDefault(
-			hclspec.NewAttr("allowed_runtimes", "list(string)", false),
+		"allow_runtimes": hclspec.NewDefault(
+			hclspec.NewAttr("allow_runtimes", "list(string)", false),
 			hclspec.NewLiteral(`["runc", "nvidia"]`),
 		),
 		// image to use when creating a network namespace parent container
@@ -579,8 +579,8 @@ type DriverConfig struct {
 	PullActivityTimeout         string        `codec:"pull_activity_timeout"`
 	pullActivityTimeoutDuration time.Duration `codec:"-"`
 
-	AllowedRuntimesList []string            `codec:"allowed_runtimes"`
-	allowedRuntimes     map[string]struct{} `codec:"-"`
+	AllowRuntimesList []string            `codec:"allow_runtimes"`
+	allowRuntimes     map[string]struct{} `codec:"-"`
 }
 
 type AuthConfig struct {
@@ -666,9 +666,9 @@ func (d *Driver) SetConfig(c *base.Config) error {
 		d.config.pullActivityTimeoutDuration = dur
 	}
 
-	d.config.allowedRuntimes = make(map[string]struct{}, len(d.config.AllowedRuntimesList))
-	for _, r := range d.config.AllowedRuntimesList {
-		d.config.allowedRuntimes[r] = struct{}{}
+	d.config.allowRuntimes = make(map[string]struct{}, len(d.config.AllowRuntimesList))
+	for _, r := range d.config.AllowRuntimesList {
+		d.config.allowRuntimes[r] = struct{}{}
 	}
 
 	if c.AgentConfig != nil {

drivers/docker/config_test.go

@@ -554,7 +554,7 @@ func TestConfig_DriverConfig_PullActivityTimeout(t *testing.T) {
 	}
 }
 
-func TestConfig_DriverConfig_AllowedRuntimes(t *testing.T) {
+func TestConfig_DriverConfig_AllowRuntimes(t *testing.T) {
 	cases := []struct {
 		name     string
 		config   string
@@ -567,7 +567,7 @@ func TestConfig_DriverConfig_AllowedRuntimes(t *testing.T) {
 		},
 		{
 			name:     "custom",
-			config:   `{ allowed_runtimes = ["runc", "firecracker"]}`,
+			config:   `{ allow_runtimes = ["runc", "firecracker"]}`,
 			expected: map[string]struct{}{"runc": struct{}{}, "firecracker": struct{}{}},
 		},
 	}
@@ -579,7 +579,7 @@ func TestConfig_DriverConfig_AllowedRuntimes(t *testing.T) {
 
 			dh := dockerDriverHarness(t, tc)
 			d := dh.Impl().(*Driver)
-			require.Equal(t, c.expected, d.config.allowedRuntimes)
+			require.Equal(t, c.expected, d.config.allowRuntimes)
 		})
 	}
 

drivers/docker/driver.go

@@ -749,7 +749,7 @@ func (d *Driver) createContainerConfig(task *drivers.TaskConfig, driverConfig *T
 		}
 		containerRuntime = d.config.GPURuntimeName
 	}
-	if _, ok := d.config.allowedRuntimes[containerRuntime]; !ok && containerRuntime != "" {
+	if _, ok := d.config.allowRuntimes[containerRuntime]; !ok && containerRuntime != "" {
 		return c, fmt.Errorf("requested runtime %q is not allowed", containerRuntime)
 	}
 

drivers/docker/driver_test.go

@@ -1101,18 +1101,18 @@ func TestDockerDriver_CreateContainerConfig_RuntimeConflict(t *testing.T) {
 	require.Contains(t, err.Error(), "conflicting runtime requests")
 }
 
-func TestDockerDriver_CreateContainerConfig_ChecksAllowedRuntimes(t *testing.T) {
+func TestDockerDriver_CreateContainerConfig_ChecksAllowRuntimes(t *testing.T) {
 	t.Parallel()
 
 	dh := dockerDriverHarness(t, nil)
 	driver := dh.Impl().(*Driver)
 	driver.gpuRuntime = true
-	driver.config.allowedRuntimes = map[string]struct{}{
+	driver.config.allowRuntimes = map[string]struct{}{
 		"runc":   struct{}{},
 		"custom": struct{}{},
 	}
 
-	allowedRuntime := []string{
+	allowRuntime := []string{
 		"", // default always works
 		"runc",
 		"custom",
@@ -1122,7 +1122,7 @@ func TestDockerDriver_CreateContainerConfig_ChecksAllowedRuntimes(t *testing.T)
 	defer freeport.Return(ports)
 	require.NoError(t, task.EncodeConcreteDriverConfig(cfg))
 
-	for _, runtime := range allowedRuntime {
+	for _, runtime := range allowRuntime {
 		t.Run(runtime, func(t *testing.T) {
 			cfg.Runtime = runtime
 			c, err := driver.createContainerConfig(task, cfg, "org/repo:0.1")