docker: add support to add/drop capabilities

10 years ago · b96d304b93
parent 92199342cd
commit b96d304b93
1 changed files with 27 additions and 2 deletions
--- a/cloud/docker/docker.py
+++ b/cloud/docker/docker.py
@ -292,7 +292,19 @@ options:
    required: false
    default: null
    version_added: "2.0"
-
+  cap_add:
+    description:
+      - Add capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    version_added: "2.0"
+  cap_drop:
+    description:
+      - Drop capabilities for the container. Requires docker-py >= 0.5.0.
+    required: false
+    default: false
+    aliases: []
+    version_added: "2.0"
 author:
    - "Cove Schneider (@cove)"
    - "Joshua Conner (@joshuaconner)"
@ -551,6 +563,8 @@ class DockerManager(object):
            'log_driver': ((1, 2, 0), '1.18'),
            'host_config': ((0, 7, 0), '1.15'),
            'cpu_set': ((0, 6, 0), '1.14'),
+            'cap_add': ((0, 5, 0), '1.14'),
+            'cap_drop': ((0, 5, 0), '1.14'),
            # Clientside only
            'insecure_registry': ((0, 5, 0), '0.0')
            }
@ -1321,7 +1335,8 @@ class DockerManager(object):

        optionals = {}
        for optional_param in ('dns', 'volumes_from', 'restart_policy',
-                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver'):
+                'restart_policy_retry', 'pid', 'extra_hosts', 'log_driver',
+                'cap_add', 'cap_drop'):
            optionals[optional_param] = self.module.params.get(optional_param)

        if optionals['dns'] is not None:
@ -1356,6 +1371,14 @@ class DockerManager(object):
            log_config.type = optionals['log_driver']
            params['log_config'] = log_config

+        if optionals['cap_add'] is not None:
+            self.ensure_capability('cap_add')
+            params['cap_add'] = optionals['cap_add']
+
+        if optionals['cap_drop'] is not None:
+            self.ensure_capability('cap_drop')
+            params['cap_drop'] = optionals['cap_drop']
+
        return docker.utils.create_host_config(**params)

    def create_containers(self, count=1):
@ -1609,6 +1632,8 @@ def main():
            insecure_registry = dict(default=False, type='bool'),
            log_driver      = dict(default=None, choices=['json-file', 'none', 'syslog']),
            cpu_set         = dict(default=None),
+            cap_add         = dict(default=None, type='list'),
+            cap_drop        = dict(default=None, type='list'),
        ),
        required_together = (
            ['tls_client_cert', 'tls_client_key'],