Merge pull request #412 from thaJeztah/19.03_backport_builder_entitilement_confg

[19.03 backport] builder entitlements configuration added.
This commit is contained in:
Andrew Hsu 2019-10-28 10:53:19 -07:00 committed by GitHub
commit 370def6b30
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 5 deletions

View file

@ -196,10 +196,7 @@ func newController(rt http.RoundTripper, opt Opt) (*control.Controller, error) {
ResolveCacheExporterFuncs: map[string]remotecache.ResolveCacheExporterFunc{
"inline": inlineremotecache.ResolveCacheExporterFunc(),
},
Entitlements: []string{
string(entitlements.EntitlementNetworkHost),
// string(entitlements.EntitlementSecurityInsecure),
},
Entitlements: getEntitlements(opt.BuilderConfig),
})
}
@ -255,3 +252,15 @@ func parsePlatforms(platformsStr []string) ([]specs.Platform, error) {
}
return out, nil
}
func getEntitlements(conf config.BuilderConfig) []string {
var ents []string
// Incase of no config settings, NetworkHost should be enabled & SecurityInsecure must be disabled.
if conf.Entitlements.NetworkHost == nil || *conf.Entitlements.NetworkHost {
ents = append(ents, string(entitlements.EntitlementNetworkHost))
}
if conf.Entitlements.SecurityInsecure != nil && *conf.Entitlements.SecurityInsecure {
ents = append(ents, string(entitlements.EntitlementSecurityInsecure))
}
return ents
}

View file

@ -61,7 +61,14 @@ type BuilderGCConfig struct {
DefaultKeepStorage string `json:",omitempty"`
}
// BuilderEntitlements contains settings to enable/disable entitlements
type BuilderEntitlements struct {
NetworkHost *bool `json:"network-host,omitempty"`
SecurityInsecure *bool `json:"security-insecure,omitempty"`
}
// BuilderConfig contains config for the builder
type BuilderConfig struct {
GC BuilderGCConfig `json:",omitempty"`
GC BuilderGCConfig `json:",omitempty"`
Entitlements BuilderEntitlements `json:",omitempty"`
}