Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate security options to use = as separator. #21232

Merged
merged 1 commit into from
Mar 18, 2016
Merged

Consolidate security options to use = as separator. #21232

merged 1 commit into from
Mar 18, 2016

Conversation

calavera
Copy link
Contributor

All other options we have use = as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use = for the security
options too.

I change the daemon parsing to accept =. It still
supports : but it logs a warning when this separator
is used.

Let's decide if we want to do this and I'll complete it
with tests and documentation changes.

Signed-off-by: David Calavera david.calavera@gmail.com

@calavera calavera force-pushed the consolidate_security_opts_format branch from 66251b9 to e2f9e74 Compare March 15, 2016 22:45
@jessfraz
Copy link
Contributor

LGTM

@runcom
Copy link
Member

runcom commented Mar 15, 2016

Design LGTM

@calavera calavera force-pushed the consolidate_security_opts_format branch from e2f9e74 to f412c22 Compare March 15, 2016 23:07
@thaJeztah
Copy link
Member

👍 thanks!

@thaJeztah
Copy link
Member

Will need to search the docs to update the examples

@calavera calavera force-pushed the consolidate_security_opts_format branch from f412c22 to 377f82b Compare March 15, 2016 23:23
@calavera
Copy link
Contributor Author

@thaJeztah I think I got all of them, but please double check.

@thaJeztah
Copy link
Member

@calavera docs look good, possibly needed;

bash completion:
https://github.com/docker/docker/blob/dd32445ecc6b706e8681dcc9d80c42c9b6cbf6cd/contrib/completion/bash/docker#L1781-L1800

tests:
https://github.com/docker/docker/blob/01f165169b6913320defdc9ce3995614e4c286d1/integration-cli/docker_cli_run_unix_test.go#L713-L933

Do we need a deprecation warning? (do we plan to deprecate the old notation?)

@vdemeester
Copy link
Member

LGTM 🐼
@thaJeztah Given the warning I would say yes, we need a deprecation warning (https://github.com/docker/docker/pull/21232/files#diff-b56258ecab11f7b797306907327cc904R84).
@calavera a question though, shouldn't the warning be also client-side ?

@calavera
Copy link
Contributor Author

we need a deprecation warning

agreed

shouldn't the warning be also client-side ?

we don't do any parsing client side, and we don't show other warnings like this in the client afaik, but I can add it if people want it.

@calavera calavera force-pushed the consolidate_security_opts_format branch 2 times, most recently from 7a96715 to 0d55e0d Compare March 16, 2016 22:32
@vdemeester vdemeester mentioned this pull request Mar 17, 2016
Merged
@rhatdan
Copy link
Contributor

rhatdan commented Mar 17, 2016

The SELinux label ones have multiple ":" in them.

--security-opt label:type:container_log_t --security-opt label:level:s0:c1,c2

I guess becomes

   --security-opt label=type:container_log_t --security-opt label=level:s0:c1,c2

@calavera
Copy link
Contributor Author

I guess becomes

   --security-opt label=type:container_log_t --security-opt label=level:s0:c1,c2

Yes

@justincormack
Copy link
Contributor

We do some parsing client side, as the seccomp config file is parsed client side.

@calavera
Copy link
Contributor Author

@justincormack yes, we use this function: https://github.com/docker/docker/pull/21232/files#diff-555969c76e0ae264bc1e3c8e880cb50cR509

@calavera
Consolidate security options to use = as separator.
cb9aeb0 
All other options we have use `=` as separator, labels,
log configurations, graph configurations and so on.
We should be consistent and use `=` for the security
options too.

Signed-off-by: David Calavera <david.calavera@gmail.com>
@calavera calavera force-pushed the consolidate_security_opts_format branch from 0d55e0d to cb9aeb0 Compare March 17, 2016 17:34
@calavera calavera added this to the 1.11.0 milestone Mar 18, 2016
@jessfraz
Copy link
Contributor

LGTM

jessfraz pushed a commit that referenced this pull request Mar 18, 2016
Merge pull request #21232 from calavera/consolidate_security_opts_format
06e98f0 
Consolidate security options to use `=` as separator.
@jessfraz jessfraz merged commit 06e98f0 into moby:master Mar 18, 2016
albers
albers reviewed Mar 28, 2016
View reviewed changes
contrib/completion/bash/docker
@@ -1788,17 +1788,17 @@ _docker_run() {
;;
--security-opt)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry David, this change does not work: = cannot be substituted for : here because it is in COMP_WORDBREAKS.
I will create a fix.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: to be accurate: : us also in $COMP_WORDBREAKS but there is speacial treatment for it in

_get_comp_words_by_ref -n : cur prev words cword

Fix created: #21584

@albers albers mentioned this pull request Mar 28, 2016
Merged
This was referenced Apr 29, 2016
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
impact/api impact/deprecation status/2-code-review
Projects
None yet
Milestone
1.11.0
Development

Successfully merging this pull request may close these issues.
9 participants
@calavera @jessfraz @runcom @thaJeztah @vdemeester @rhatdan @justincormack @albers @GordonTheTurtle