mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2025-01-01 19:46:44 +00:00
Allow only the options that we know can be supported
This commit is contained in:
Pablo Carranza Velez
parent
4db78b9743
commit
02e111ff62
@ -253,10 +253,10 @@ do ->
|
|||||||
knex('image').select().where('repoTag', options.Image)
|
knex('image').select().where('repoTag', options.Image)
|
||||||
.then (images) ->
|
.then (images) ->
|
||||||
throw new Error('Only images created via the Supervisor can be used for creating containers.') if images.length == 0
|
throw new Error('Only images created via the Supervisor can be used for creating containers.') if images.length == 0
|
||||||
knex.transaction (trx) ->
|
knex.transaction (tx) ->
|
||||||
Promise.try ->
|
Promise.try ->
|
||||||
return internalId if internalId?
|
return internalId if internalId?
|
||||||
trx.insert({}, 'id').into('container')
|
tx.insert({}, 'id').into('container')
|
||||||
.then ([ id ]) ->
|
.then ([ id ]) ->
|
||||||
return id
|
return id
|
||||||
.then (id) ->
|
.then (id) ->
|
||||||
@ -283,9 +283,8 @@ do ->
|
|||||||
docker.modem.dialAsync(optsf)
|
docker.modem.dialAsync(optsf)
|
||||||
.then (data) ->
|
.then (data) ->
|
||||||
containerId = data.Id
|
containerId = data.Id
|
||||||
trx('container').update({ containerId }).where({ id })
|
tx('container').update({ containerId }).where({ id })
|
||||||
.then ->
|
.return(data)
|
||||||
return data
|
|
||||||
exports.createContainer = (req, res) ->
|
exports.createContainer = (req, res) ->
|
||||||
createContainer(req.body)
|
createContainer(req.body)
|
||||||
.then (data) ->
|
.then (data) ->
|
||||||
|
|||||||
@ -230,52 +230,24 @@ exports.defaultBinds = (dataPath) ->
|
|||||||
exports.validComposeOptions = [
|
exports.validComposeOptions = [
|
||||||
'command'
|
'command'
|
||||||
'entrypoint'
|
'entrypoint'
|
||||||
'env_file'
|
|
||||||
'environment'
|
'environment'
|
||||||
'expose'
|
'expose'
|
||||||
'image'
|
'image'
|
||||||
'labels'
|
'labels'
|
||||||
'ports'
|
'ports'
|
||||||
'stop_signal'
|
'stop_signal'
|
||||||
'volumes'
|
'volumes' # Will be overwritten with the default binds
|
||||||
'user'
|
'user'
|
||||||
'working_dir'
|
'working_dir'
|
||||||
'cap_add'
|
|
||||||
'cap_drop'
|
|
||||||
'devices'
|
|
||||||
'dns'
|
|
||||||
'dns_search'
|
|
||||||
'tmpfs'
|
|
||||||
'extra_hosts'
|
|
||||||
'links'
|
|
||||||
'net'
|
|
||||||
'network_mode'
|
'network_mode'
|
||||||
'ulimits'
|
'net'
|
||||||
'volumes_from'
|
|
||||||
'cpu_shares'
|
|
||||||
'cpu_quota'
|
|
||||||
'cpuset'
|
|
||||||
'domainname'
|
|
||||||
'hostname'
|
|
||||||
'mac_address'
|
|
||||||
'mem_limit'
|
|
||||||
'memswap_limit'
|
|
||||||
'privileged'
|
'privileged'
|
||||||
'tty'
|
|
||||||
'read_only'
|
|
||||||
'shm_size'
|
|
||||||
'ipc'
|
|
||||||
'restart'
|
'restart'
|
||||||
'security_opt'
|
|
||||||
'networks'
|
|
||||||
'pid'
|
|
||||||
]
|
]
|
||||||
|
|
||||||
exports.validContainerOptions = [
|
exports.validContainerOptions = [
|
||||||
'Hostname'
|
'Hostname'
|
||||||
'Domainname'
|
|
||||||
'User'
|
'User'
|
||||||
'Tty'
|
|
||||||
'Env'
|
'Env'
|
||||||
'Labels'
|
'Labels'
|
||||||
'Cmd'
|
'Cmd'
|
||||||
@ -283,59 +255,22 @@ exports.validContainerOptions = [
|
|||||||
'Image'
|
'Image'
|
||||||
'Volumes'
|
'Volumes'
|
||||||
'WorkingDir'
|
'WorkingDir'
|
||||||
'NetworkDisabled'
|
|
||||||
'ExposedPorts'
|
'ExposedPorts'
|
||||||
'HostConfig'
|
'HostConfig'
|
||||||
'Name'
|
'Name'
|
||||||
]
|
]
|
||||||
|
|
||||||
exports.validHostConfigOptions = [
|
exports.validHostConfigOptions = [
|
||||||
'Binds'
|
'Binds' # Will be overwritten with the default binds
|
||||||
'Links'
|
'Links'
|
||||||
'Memory'
|
|
||||||
'MemorySwap'
|
|
||||||
'MemoryReservation'
|
|
||||||
'KernelMemory'
|
|
||||||
'CpuShares'
|
|
||||||
'CpuPeriod'
|
|
||||||
'CpuQuota'
|
|
||||||
'CpusetCpus'
|
|
||||||
'CpusetMems'
|
|
||||||
'BlkioWeight'
|
|
||||||
'BlkioWeightDevice'
|
|
||||||
'BlkioDeviceReadBps'
|
|
||||||
'BlkioDeviceWriteBps'
|
|
||||||
'BlkioDeviceReadIOps'
|
|
||||||
'BlkioDeviceWriteIOps'
|
|
||||||
'MemorySwappiness'
|
|
||||||
'OomKillDisable'
|
|
||||||
'OomScoreAdj'
|
|
||||||
'PidMode'
|
|
||||||
'PortBindings'
|
'PortBindings'
|
||||||
'PublishAllPorts'
|
|
||||||
'Privileged'
|
'Privileged'
|
||||||
'ReadonlyRootfs'
|
|
||||||
'Dns'
|
|
||||||
'DnsOptions'
|
|
||||||
'DnsSearch'
|
|
||||||
'ExtraHosts'
|
|
||||||
'VolumesFrom'
|
|
||||||
'CapAdd'
|
|
||||||
'CapDrop'
|
|
||||||
'GroupAdd'
|
|
||||||
'RestartPolicy'
|
'RestartPolicy'
|
||||||
'NetworkMode'
|
'NetworkMode'
|
||||||
'Devices'
|
|
||||||
'Ulimits'
|
|
||||||
'SecurityOpt'
|
|
||||||
'ShmSize'
|
|
||||||
]
|
]
|
||||||
|
|
||||||
exports.validateKeys = (options, validSet) ->
|
exports.validateKeys = (options, validSet) ->
|
||||||
Promise.try ->
|
Promise.try ->
|
||||||
return if !options?
|
return if !options?
|
||||||
keys = _.keys(options)
|
invalidKeys = _.keys(_.omit(options, validSet))
|
||||||
invalidKeys = []
|
|
||||||
_.each keys, (key) ->
|
|
||||||
invalidKeys.push(key) if !_.includes(validSet, key)
|
|
||||||
throw new Error("Using #{invalidKeys.join(', ')} is not allowed.") if !_.isEmpty(invalidKeys)
|
throw new Error("Using #{invalidKeys.join(', ')} is not allowed.") if !_.isEmpty(invalidKeys)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user