diff --git a/.changelog/17313.txt b/.changelog/17313.txt new file mode 100644 index 000000000000..dc53d6a87fa7 --- /dev/null +++ b/.changelog/17313.txt @@ -0,0 +1,3 @@ +```release-note:improvement +docker: Add `group_add` configuration +``` diff --git a/drivers/docker/config.go b/drivers/docker/config.go index b8dc0bc5c328..b4fa249e3faf 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -360,6 +360,7 @@ var ( "entrypoint": hclspec.NewAttr("entrypoint", "list(string)", false), "extra_hosts": hclspec.NewAttr("extra_hosts", "list(string)", false), "force_pull": hclspec.NewAttr("force_pull", "bool", false), + "group_add": hclspec.NewAttr("group_add", "list(string)", false), "healthchecks": hclspec.NewBlock("healthchecks", false, healthchecksBodySpec), "hostname": hclspec.NewAttr("hostname", "string", false), "init": hclspec.NewAttr("init", "bool", false), @@ -443,6 +444,7 @@ type TaskConfig struct { Entrypoint []string `codec:"entrypoint"` ExtraHosts []string `codec:"extra_hosts"` ForcePull bool `codec:"force_pull"` + GroupAdd []string `codec:"group_add"` Healthchecks DockerHealthchecks `codec:"healthchecks"` Hostname string `codec:"hostname"` Init bool `codec:"init"` diff --git a/drivers/docker/config_test.go b/drivers/docker/config_test.go index 1e49fc2a6952..d355e452b770 100644 --- a/drivers/docker/config_test.go +++ b/drivers/docker/config_test.go @@ -228,6 +228,7 @@ config { entrypoint = ["/bin/bash", "-c"] extra_hosts = ["127.0.0.1 localhost.example.com"] force_pull = true + group_add = ["group1", "group2"] healthchecks { disable = true } @@ -389,6 +390,7 @@ config { Entrypoint: []string{"/bin/bash", "-c"}, ExtraHosts: []string{"127.0.0.1 localhost.example.com"}, ForcePull: true, + GroupAdd: []string{"group1", "group2"}, Healthchecks: DockerHealthchecks{Disable: true}, Hostname: "self.example.com", Interactive: true, diff --git a/drivers/docker/driver.go b/drivers/docker/driver.go index d0db2840f873..ccc3aa0cd893 100644 --- a/drivers/docker/driver.go +++ b/drivers/docker/driver.go @@ -962,7 +962,8 @@ func (d *Driver) createContainerConfig(task *drivers.TaskConfig, driverConfig *T PidsLimit: &pidsLimit, - Runtime: containerRuntime, + Runtime: containerRuntime, + GroupAdd: driverConfig.GroupAdd, } // This translates to docker create/run --cpuset-cpus option. diff --git a/drivers/docker/driver_test.go b/drivers/docker/driver_test.go index 79475aefe003..92e0bc373fbd 100644 --- a/drivers/docker/driver_test.go +++ b/drivers/docker/driver_test.go @@ -3089,3 +3089,23 @@ func TestDockerDriver_StopSignal(t *testing.T) { }) } } + +func TestDockerDriver_GroupAdd(t *testing.T) { + if !tu.IsCI() { + t.Parallel() + } + testutil.DockerCompatible(t) + + task, cfg, _ := dockerTask(t) + cfg.GroupAdd = []string{"12345", "9999"} + require.NoError(t, task.EncodeConcreteDriverConfig(cfg)) + + client, d, handle, cleanup := dockerSetup(t, task, nil) + defer cleanup() + require.NoError(t, d.WaitUntilStarted(task.ID, 5*time.Second)) + + container, err := client.InspectContainer(handle.containerID) + require.NoError(t, err) + + require.Exactly(t, cfg.GroupAdd, container.HostConfig.GroupAdd) +} diff --git a/website/content/docs/drivers/docker.mdx b/website/content/docs/drivers/docker.mdx index 322d540085d3..4a4ef03ed62d 100644 --- a/website/content/docs/drivers/docker.mdx +++ b/website/content/docs/drivers/docker.mdx @@ -128,6 +128,9 @@ config { are mutable. If image's tag is `latest` or omitted, the image will always be pulled regardless of this setting. +- `group_add` - (Optional) A list of supplementary groups to be applied + to the container user. + - `healthchecks` - (Optional) A configuration block for controlling how the docker driver manages HEALTHCHECK directives built into the container. Set `healthchecks.disable` to disable any built-in healthcheck.