Add group_add docker option (#17313)

2023-06-03 02:26:01 +02:00 · 2023-06-03 02:26:01 +02:00 · cc64281445
parent fd52020560
commit cc64281445
6 changed files with 32 additions and 1 deletions
--- a/.changelog/17313.txt
+++ b/.changelog/17313.txt
@ -0,0 +1,3 @@
 ```release-note:improvement
 docker: Add `group_add` configuration
 ```
--- a/drivers/docker/config.go
+++ b/drivers/docker/config.go
@ -360,6 +360,7 @@ var (
 		"entrypoint":         hclspec.NewAttr("entrypoint", "list(string)", false),
 		"extra_hosts":        hclspec.NewAttr("extra_hosts", "list(string)", false),
 		"force_pull":         hclspec.NewAttr("force_pull", "bool", false),
 		"group_add":          hclspec.NewAttr("group_add", "list(string)", false),
 		"healthchecks":       hclspec.NewBlock("healthchecks", false, healthchecksBodySpec),
 		"hostname":           hclspec.NewAttr("hostname", "string", false),
 		"init":               hclspec.NewAttr("init", "bool", false),
@ -443,6 +444,7 @@ type TaskConfig struct {
 	Entrypoint        []string           `codec:"entrypoint"`
 	ExtraHosts        []string           `codec:"extra_hosts"`
 	ForcePull         bool               `codec:"force_pull"`
 	GroupAdd          []string           `codec:"group_add"`
 	Healthchecks      DockerHealthchecks `codec:"healthchecks"`
 	Hostname          string             `codec:"hostname"`
 	Init              bool               `codec:"init"`
--- a/drivers/docker/config_test.go
+++ b/drivers/docker/config_test.go
@ -228,6 +228,7 @@ config {
  entrypoint = ["/bin/bash", "-c"]
  extra_hosts = ["127.0.0.1  localhost.example.com"]
  force_pull = true
  group_add = ["group1", "group2"]
  healthchecks {
    disable = true
  }
@ -389,6 +390,7 @@ config {
 		Entrypoint:       []string{"/bin/bash", "-c"},
 		ExtraHosts:       []string{"127.0.0.1  localhost.example.com"},
 		ForcePull:        true,
 		GroupAdd:         []string{"group1", "group2"},
 		Healthchecks:     DockerHealthchecks{Disable: true},
 		Hostname:         "self.example.com",
 		Interactive:      true,
--- a/drivers/docker/driver.go
+++ b/drivers/docker/driver.go
@ -962,7 +962,8 @@ func (d *Driver) createContainerConfig(task *drivers.TaskConfig, driverConfig *T
 		PidsLimit: &pidsLimit,
-		Runtime: containerRuntime,
+		Runtime:  containerRuntime,
 		GroupAdd: driverConfig.GroupAdd,
 	}
 	// This translates to docker create/run --cpuset-cpus option.
--- a/drivers/docker/driver_test.go
+++ b/drivers/docker/driver_test.go
@ -3089,3 +3089,23 @@ func TestDockerDriver_StopSignal(t *testing.T) {
 		})
 	}
 }
 func TestDockerDriver_GroupAdd(t *testing.T) {
 	if !tu.IsCI() {
 		t.Parallel()
 	}
 	testutil.DockerCompatible(t)
 	task, cfg, _ := dockerTask(t)
 	cfg.GroupAdd = []string{"12345", "9999"}
 	require.NoError(t, task.EncodeConcreteDriverConfig(cfg))
 	client, d, handle, cleanup := dockerSetup(t, task, nil)
 	defer cleanup()
 	require.NoError(t, d.WaitUntilStarted(task.ID, 5*time.Second))
 	container, err := client.InspectContainer(handle.containerID)
 	require.NoError(t, err)
 	require.Exactly(t, cfg.GroupAdd, container.HostConfig.GroupAdd)
 }
--- a/website/content/docs/drivers/docker.mdx
+++ b/website/content/docs/drivers/docker.mdx
@ -128,6 +128,9 @@ config {
  are mutable. If image's tag is `latest` or omitted, the image will always be pulled
  regardless of this setting.
 - `group_add` - (Optional) A list of supplementary groups to be applied
  to the container user.
 - `healthchecks` - (Optional) A configuration block for controlling how the
  docker driver manages HEALTHCHECK directives built into the container. Set
  `healthchecks.disable` to disable any built-in healthcheck.