moby-derp 0.3.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa8c78f203aa3fb7ed760ae7936d4ed9217b6115a575dbd12750fc6f593255e1
-  data.tar.gz: 88fb2d48ab4f6fa6548dee35bde129b1335243689ef535336397cdcc958c6d47
+  metadata.gz: 99faf7a4a2ccef6a30df32e08d424bf89c5693278100484a75e21276136e6a3a
+  data.tar.gz: 379c96e91a43e3b19db58d0e61d1324749969f58a2946a72f687429cda959f34
 SHA512:
-  metadata.gz: 33122f5119bc621fb16352c0b87adb63ff0a22b441f185133afc833118303f97b1c48ae9cc82f72719f4bc1360c773e42ddc381bc6b143ae9438700e1e558c72
-  data.tar.gz: 1d20c21089923a1ce19580d36049e6e2462c4473a89b15ba7c6c23074f953ff15b4b635c434eb7883268fff8b40f91cfed5c2dd8cc44d52072b83bec2bfc5a91
+  metadata.gz: 6d7b1071d6a38f8aa880ad7287c7355460a32dc4a66250e13bcec612d1f11ee91530d2cfedbba0bb4e8bdf54f5784fbaac00f807a46a967a35ddf45193feb6a6
+  data.tar.gz: ef1b7425e29551844fe383159a19010cc611ffc8dc07566f4c7e30afa4d3d02882692a3beaed35d6490263d51e093decd662e59b9e0169f177f2c221eb9079c4

data/README.md

@@ -134,7 +134,7 @@ wrapper script, like this:
 
     set -e
 
-    MOBY_DERP_SYSTEM_CONFIG_FILE=/opt/srv/etc/moby-derp/moby-derp.yaml
+    export MOBY_DERP_SYSTEM_CONFIG_FILE=/opt/srv/etc/moby-derp/moby-derp.yaml
 
     exec /usr/local/bin/moby-derp "$@"
 
@@ -185,7 +185,7 @@ to `moby-derp`.  This means that, yes, different users need to use different
 filenames.  The benefit of this is that the `sudo` configuration becomes a lot
 easier to audit -- the pod name is right there.
 
-This means that no matter a user does, they cannot have any effect on any
+This means that no matter what a user does, they cannot have any effect on any
 container which is not named for the pod they're manipulating.  There are also
 safety valves around `moby-derp`-managed containers being labelled as such, so
 that in the event that someone does inadvertently name a container in such a
@@ -220,7 +220,7 @@ still publish to ephemeral ports (using the `:containerPort` syntax, or
 `publish_all: true`) if they wish.
 
 If a pod *does* need to bind to a specific host port, then that pod/port pair
-should be whitelisted in the system configuration file.
+should be whitelisted in the [system configuration file](#system-configuration).
 
 
 # Contributing

data/bin/moby-derp

@@ -11,7 +11,7 @@ if ARGV.length != 1
 	exit 1
 end
 
-logger = Logger.new($stdout)
+logger = Logger.new($stderr)
 logger.formatter = ->(s, t, p, m) { "#{m}\n" }
 
 case ENV["MOBY_DERP_LOG_LEVEL"]
@@ -44,6 +44,8 @@ rescue MobyDerp::ConfigurationError => ex
   exit 1
 end
 
+Docker.options = { read_timeout: 86400 }
+
 pod = MobyDerp::Pod.new(pod_config)
 
 begin

data/lib/moby_derp/config_file.rb

@@ -1,7 +1,7 @@
 require_relative "./error"
 require_relative "./logging_helpers"
 
-require "safe_yaml"
+require "yaml"
 
 module MobyDerp
 	class ConfigFile
@@ -12,7 +12,7 @@ module MobyDerp
 		def initialize(filename)
 			begin
 				@logger.debug(logloc) { "Reading configuration file #{filename}" }
-				@config = SafeYAML.load(File.read(filename))
+				@config = YAML.safe_load(File.read(filename))
 			rescue Errno::ENOENT
 				raise ConfigurationError,
 				      "file does not exist"

data/lib/moby_derp/container.rb

@@ -71,6 +71,7 @@ module MobyDerp
 							}
 						}
 					end
+					params["ExposedPorts"] = Hash[@pod.expose.map { |ex| [ex, {}] }]
 				else
 					params["HostConfig"] = {
 						"NetworkMode"   => "container:#{@pod.root_container_id}",
@@ -126,7 +127,9 @@ module MobyDerp
 				params["Labels"] = @pod.common_labels.merge(@config.labels)
 				params["Labels"]["org.hezmatt.moby-derp.pod-name"] = @pod.name
 
-				unless @root_container
+				if @root_container
+					params["Labels"] = @pod.root_labels.merge(params["Labels"])
+				else
 					params["Labels"]["org.hezmatt.moby-derp.root-container-id"] = @pod.root_container_id
 				end
 			end
@@ -190,7 +193,7 @@ module MobyDerp
 		def mount_structure(mount)
 			{
 				"Type"     => "bind",
-				"Source"   => "#{@pod.mount_root}/#{mount.source}",
+				"Source"   => mount.source[0] == "/" ? mount.source : "#{@pod.mount_root}/#{mount.source}",
 				"Target"   => mount.target,
 				"ReadOnly" => mount.readonly,
 			}

data/lib/moby_derp/container_config.rb

@@ -3,6 +3,7 @@ require_relative "./error"
 require_relative "./mount"
 
 require "docker-api"
+require "shellwords"
 
 module MobyDerp
 	class ContainerConfig
@@ -66,7 +67,10 @@ module MobyDerp
 		def validate_command
 			case @command
 			when String
-				true
+				# Despite the Docker Engine API spec saying you can pass a string,
+				# if you do it doesn't get parsed into arguments... so that's pretty
+				# fucking useless.
+				@command = Shellwords.split(@command)
 			when Array
 				unless @command.all? { |c| String === c }
 					raise ConfigurationError, "all elements of the command array must be strings"

data/lib/moby_derp/pod.rb

@@ -48,6 +48,10 @@ module MobyDerp
 			@config.common_labels
 		end
 
+		def root_labels
+			@config.root_labels
+		end
+
 		def common_environment
 			@config.common_environment
 		end
@@ -68,6 +72,10 @@ module MobyDerp
 			@config.hostname
 		end
 
+		def expose
+			@config.expose
+		end
+
 		private
 
 		def root_container

data/lib/moby_derp/pod_config.rb

@@ -3,13 +3,24 @@ require_relative "./container_config"
 require_relative "./logging_helpers"
 require_relative "./mount"
 
-require "safe_yaml"
 require "socket"
 
 module MobyDerp
 	class PodConfig < ConfigFile
 		include LoggingHelpers
 
+		VALID_CONFIG_KEYS = %w{
+			containers
+			hostname
+			common_environment
+			common_labels
+			root_labels
+			common_mounts
+			expose
+			publish
+			publish_all
+		}
+
 		attr_reader :name,
 		            :containers,
 		            :hostname,
@@ -21,8 +32,8 @@ module MobyDerp
 		            :publish,
 		            :publish_all,
 		            :mount_root,
-						:system_config,
-						:logger
+		            :system_config,
+		            :logger
 
 		def initialize(filename, system_config)
 			@logger = system_config.logger
@@ -34,6 +45,10 @@ module MobyDerp
 			@name = File.basename(filename, ".*")
 			validate_name
 
+			unless (bad_keys = @config.keys - VALID_CONFIG_KEYS).empty?
+				raise ConfigurationError,
+				      "Invalid pod configuration key(s): #{bad_keys.inspect}"
+			end
 
 			unless @config.has_key?("containers")
 				raise ConfigurationError,
@@ -181,18 +196,23 @@ module MobyDerp
 				      "expose must be an array"
 			end
 
-			@expose.map!(&:to_s)
-
-			@expose.each do |e|
+			@expose.map! do |e|
+				e = e.to_s
 				unless e.is_a?(String) && e =~ %r{\A\d+(/(tcp|udp))?\z}
 					raise ConfigurationError,
 					      "exposed ports must be integers, with an optional protocol specifier (got #{e.inspect})"
 				end
 
+				if $1.nil?
+					e += "/tcp"
+				end
+
 				if e.to_i < 1 || e.to_i > 65535
 					raise ConfigurationError,
 					      "exposed port #{e} is out of range (expected 1-65535)"
 				end
+
+				e
 			end
 		end
 

data/lib/moby_derp/system_config.rb

@@ -1,16 +1,21 @@
 require_relative "./config_file"
 
-require "safe_yaml"
-
 module MobyDerp
 	class SystemConfig < ConfigFile
 		attr_reader :mount_root, :port_whitelist, :network_name, :use_host_resolv_conf,
 		            :cpu_count, :cpu_bits
 
-		def initialize(filename, moby_info, logger)
+		def initialize(config_data_or_filename, moby_info, logger)
 			@logger = logger
 
-			super(filename)
+			case config_data_or_filename
+			when String
+				super(config_data_or_filename)
+			when Hash
+				@config = stringify_keys(config_data_or_filename)
+			else
+				raise ArgumentError, "Unsupported type for config_data_or_filename parameter"
+			end
 
 			@mount_root           = @config["mount_root"]
 			@port_whitelist       = stringify_keys(@config["port_whitelist"] || {})

data/moby-derp.gemspec

@@ -25,7 +25,6 @@ Gem::Specification.new do |s|
 
 	s.add_runtime_dependency "docker-api"
 	s.add_runtime_dependency "json-canonicalization"
-	s.add_runtime_dependency "safe_yaml"
 
 	s.add_development_dependency 'bundler'
 	s.add_development_dependency 'deep_merge'

data/smoke_tests/exposed.bats

@@ -0,0 +1,28 @@
+load test_helper
+
+@test "Exposed ports" {
+	config_file <<-'EOF'
+		expose:
+		  - 80
+		  - "53/udp"
+		containers:
+		  bob:
+		    image: busybox:latest
+		    command: sleep 600
+		common_labels:
+		  moby-derp-smoke-test: ayup
+EOF
+
+	run $MOBY_DERP_BIN $TEST_CONFIG_FILE
+
+	echo "status: $status"
+	echo "output: $output"
+
+	[ "$status" = "0" ]
+	container_running "mdst"
+	container_running "mdst.bob"
+
+	docker inspect mdst --format='{{.Config.ExposedPorts}}'
+	docker inspect mdst --format='{{.Config.ExposedPorts}}' | grep 'map.*53/udp:{}'
+	docker inspect mdst --format='{{.Config.ExposedPorts}}' | grep 'map.*80/tcp:{}'
+}

data/smoke_tests/root_labels.bats

@@ -0,0 +1,27 @@
+load test_helper
+
+@test "Core labels" {
+	config_file <<-'EOF'
+		root_labels:
+		  foo: booblee
+		containers:
+		  bob:
+		    image: busybox:latest
+		    command: sleep 1
+		common_labels:
+		  moby-derp-smoke-test: ayup
+EOF
+
+	run $MOBY_DERP_BIN $TEST_CONFIG_FILE
+
+	echo "status: $status"
+	echo "output: $output"
+
+	[ "$status" = "0" ]
+	container_running "mdst"
+	container_running "mdst.bob"
+
+	docker inspect mdst --format='{{.Config.Labels}}'
+	docker inspect mdst --format='{{.Config.Labels}}' | grep 'map.*foo:booblee'
+	! docker inspect mdst.bob --format='{{.Config.Labels}}' | grep 'map.*foo:booblee'
+}

data/smoke_tests/test_helper.bash

@@ -23,7 +23,7 @@ EOF
 teardown() {
 	for i in $(docker ps -a --format='{{.Names}}'); do
 		if docker container inspect $i --format='{{.Config.Labels}}' | grep -q moby-derp-smoke-test; then
-			docker rm -f $i
+			docker rm -f $i >/dev/null
 		fi
 	done
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: moby-derp
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Matt Palmer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-03 00:00:00.000000000 Z
+date: 2020-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docker-api
@@ -38,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: safe_yaml
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -214,14 +200,15 @@ files:
 - lib/moby_derp/container_config.rb
 - lib/moby_derp/error.rb
 - lib/moby_derp/logging_helpers.rb
-- lib/moby_derp/moby_info.rb
 - lib/moby_derp/mount.rb
 - lib/moby_derp/pod.rb
 - lib/moby_derp/pod_config.rb
 - lib/moby_derp/system_config.rb
 - moby-derp.gemspec
+- smoke_tests/exposed.bats
 - smoke_tests/minimal.bats
 - smoke_tests/no_file.bats
+- smoke_tests/root_labels.bats
 - smoke_tests/test_helper.bash
 homepage: http://github.com/mpalmer/moby-derp
 licenses: []
@@ -241,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: A simple management system for a pod of moby containers

data/lib/moby_derp/moby_info.rb

@@ -1,12 +0,0 @@
-module MobyDerp
-	class MobyInfo
-		attr_reader :cpu_count, :cpu_bits
-
-		def initialize(info)
-			@cpu_count = info["NCPU"]
-			# As far as I can tell, the only 32-bit platform Moby supports is
-			# armhf; if that turns out to be incorrect, amend the list below.
-			@cpu_bits  = %w{armhf}.include?(info["Architecture"]) ? 32 : 64
-		end
-	end
-end