Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support --security-opt #297

Open
heitorPB opened this issue Nov 24, 2023 · 5 comments
Open

Support --security-opt #297

heitorPB opened this issue Nov 24, 2023 · 5 comments

Comments

@heitorPB
Copy link

I'm migrating a codebase (in Golang) that generates Nomad jobs from Docker driver to Podman.

I'm hitting the following error:

Nov 24 12:50:13 alien nomad[328531]:     2023-11-24T12:50:13.010-0300 [INFO]  client.alloc_runner.task_runner: Task event: alloc_id=db0c43a7-e0ec-c8d4-56bd-6f0f7da06b92 task=Upload type="Failed Validation"
Nov 24 12:50:13 alien nomad[328531]:   msg=
Nov 24 12:50:13 alien nomad[328531]:   | 2 errors occurred:
Nov 24 12:50:13 alien nomad[328531]:   | \t* failed to parse config:
Nov 24 12:50:13 alien nomad[328531]:   | \t* Invalid label: No argument or block type is named "security_opt".
Nov 24 12:50:13 alien nomad[328531]:   |
Nov 24 12:50:13 alien nomad[328531]:    failed=false
Nov 24 12:50:13 alien nomad[328531]:     2023-11-24T12:50:13.014-0300 [ERROR] client.alloc_runner.task_runner: running driver failed: alloc_id=db0c43a7-e0ec-c8d4-56bd-6f0f7da06b92 task=Upload
Nov 24 12:50:13 alien nomad[328531]:   error=
Nov 24 12:50:13 alien nomad[328531]:   | 2 errors occurred:
Nov 24 12:50:13 alien nomad[328531]:   | \t* failed to parse config:
Nov 24 12:50:13 alien nomad[328531]:   | \t* Invalid label: No argument or block type is named "security_opt".

The Docker driver supports the --security-opt flag (Nomad Docs). But the Podman driver doesn't.

This flag is supported in Podman: Podman docs - security-opt.

I'd like to request this feature. Or a mentor to guide/help me implement it :)

@lgfa29
Copy link
Contributor

lgfa29 commented Nov 25, 2023

Oi @heitorPB tudo bem? 🙂

I think this is nice feature request, and a good first issue to contribute if you're interested. This PR should point you o the right places that need to be modified: #203

More specifically you would need to:

  • Update taskConfigSpec with the new configuration.
  • Update TaskConfig with a new field for the configuration.
  • Update Driver.StartTask() to read the config value and set it to createOpts.
  • Write a test to verify the flag is actually set.
  • Update README.md and CHANGELOG.md

Let us know if you would be interested in working on this. Feel free to reach out if you have any question!

@ruspaul013
Copy link
Contributor

Hello @lgfa29 !

I was trying to add this feature to the podman driver but I observed that /v1.0.0/libpod/containers/create API does not include security_opt ( link ). Is there anything I can do?

@ruspaul013
Copy link
Contributor

I saw that almost all security options from here, have a corresponding value in /v1.0.0/libpod/containers/create. Should the function analyze the list of strings and assign to each option the value if specified in security_opt?

@lgfa29
Copy link
Contributor

lgfa29 commented Oct 1, 2024

Hi @ruspaul013,

Apologies for the delay, but I no longer work at HashiCorp. I'm not sure what would be the best way to handle this, but maybe looking at how the podman container create command works could shed some light into how they approach this flag.

@ruspaul013
Copy link
Contributor

Hey @lgfa29,

Thanks for the reply. I will take a look at podman container create command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants