lib/kitchen/driver/docker.rb in kitchen-docker-1.7.0 vs lib/kitchen/driver/docker.rb in kitchen-docker-2.0.0

@@ -29,10 +29,13 @@
     class Docker < Kitchen::Driver::SSHBase
 
       default_config :binary,        'docker'
       default_config :socket,        ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock'
       default_config :privileged,    false
+      default_config :cap_add,       nil
+      default_config :cap_drop,      nil
+      default_config :security_opt,  nil
       default_config :use_cache,     true
       default_config :remove_images, false
       default_config :run_command,   '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes ' +
                                      '-o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid'
       default_config :username,      'kitchen'
@@ -41,10 +44,11 @@
       default_config :tls_verify,    false
       default_config :tls_cacert,    nil
       default_config :tls_cert,      nil
       default_config :tls_key,       nil
       default_config :publish_all,   false
+      default_config :wait_for_sshd, true
 
       default_config :use_sudo do |driver|
         !driver.remote_socket?
       end
 
@@ -80,11 +84,11 @@
       def create(state)
         state[:image_id] = build_image(state) unless state[:image_id]
         state[:container_id] = run_container(state) unless state[:container_id]
         state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
         state[:port] = container_ssh_port(state)
-        wait_for_sshd(state[:hostname], nil, :port => state[:port])
+        wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
       end
 
       def destroy(state)
         rm_container(state) if container_exists?(state)
         if config[:remove_images] && state[:image_id]
@@ -160,14 +164,16 @@
           "Unknown platform '#{config[:platform]}'"
         end
         username = config[:username]
         password = config[:password]
         base = <<-eos
-          RUN useradd -d /home/#{username} -m -s /bin/bash #{username}
+          RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
           RUN echo #{username}:#{password} | chpasswd
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+          RUN mkdir -p /etc/sudoers.d
           RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
+          RUN chmod 0440 /etc/sudoers.d/#{username}
         eos
         custom = ''
         Array(config[:provision_command]).each do |cmd|
           custom << "RUN #{cmd}\n"
         end
@@ -211,55 +217,57 @@
       end
 
       def build_run_command(image_id)
         cmd = "run -d -p 22"
         Array(config[:forward]).each {|port| cmd << " -p #{port}"}
-        Array(config[:dns]).each {|dns| cmd << " -dns #{dns}"}
+        Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
+        Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
         Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
         Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
         Array(config[:links]).each {|link| cmd << " --link #{link}"}
         cmd << " --name #{config[:instance_name]}" if config[:instance_name]
         cmd << " -P" if config[:publish_all]
         cmd << " -h #{config[:hostname]}" if config[:hostname]
         cmd << " -m #{config[:memory]}" if config[:memory]
         cmd << " -c #{config[:cpu]}" if config[:cpu]
-        cmd << " -privileged" if config[:privileged]
         cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
         cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
+        cmd << " --privileged" if config[:privileged]
+        Array(config[:cap_add]).each {|cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
+        Array(config[:cap_drop]).each {|cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
+        Array(config[:security_opt]).each {|opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]
         cmd << " #{image_id} #{config[:run_command]}"
         cmd
       end
 
       def run_container(state)
         cmd = build_run_command(state[:image_id])
         output = docker_command(cmd)
         parse_container_id(output)
       end
 
-      def inspect_container(state)
-        container_id = state[:container_id]
-        docker_command("inspect #{container_id}")
-      end
-
       def container_exists?(state)
-        state[:container_id] && !!inspect_container(state) rescue false
+        state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
       end
 
       def parse_container_ssh_port(output)
         begin
-          info = Array(::JSON.parse(output)).first
-          ports = info['NetworkSettings']['Ports'] || info['HostConfig']['PortBindings']
-          ssh_port = ports['22/tcp'].detect {|port| port['HostIp'] == '0.0.0.0'}
-          ssh_port['HostPort'].to_i
+          host, port = output.split(':')
+          port.to_i
         rescue
           raise ActionFailed,
-          'Could not parse Docker inspect output for container SSH port'
+          'Could not parse Docker port output for container SSH port'
         end
       end
 
       def container_ssh_port(state)
-        output = inspect_container(state)
-        parse_container_ssh_port(output)
+        begin
+          output = docker_command("port #{state[:container_id]} 22/tcp")
+          parse_container_ssh_port(output)
+        rescue
+          raise ActionFailed,
+          'Docker reports container has no ssh port mapped'
+        end
       end
 
       def rm_container(state)
         container_id = state[:container_id]
         docker_command("stop #{container_id}")