Skip to content

Fix compose types #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pablomendezroyo merged 6 commits into from
Jun 17, 2022
Merged

Fix compose types #239

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4b72352
fix docker service network type
pablomendezroyo Jun 16, 2022
943d840
add security_opt
pablomendezroyo Jun 16, 2022
e9b4165
use ComposeNetwork interface in Compose iface
pablomendezroyo Jun 17, 2022
e846748
fix typo
pablomendezroyo Jun 17, 2022
64a7c97
fix compose network check
pablomendezroyo Jun 17, 2022
bdac780
export chainDriver types
pablomendezroyo Jun 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 22 additions & 15 deletions src/files/compose/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ export interface ComposeService {
pid?: string;
privileged?: boolean;
restart?: string;
security_opt?: string;
stop_grace_period?: string;
stop_signal?: string;
user?: string;
Expand All @@ -74,7 +75,7 @@ export interface ComposeServiceNetwork {
aliases?: string[];
}

export type ComposeServiceNetworks = string[] | ComposeServiceNetworksObj[];
export type ComposeServiceNetworks = string[] | ComposeServiceNetworksObj;

export type ComposeServiceNetworksObj = {
[networkName: string]: ComposeServiceNetwork;
Expand Down Expand Up @@ -103,21 +104,27 @@ export interface Compose {
services: {
[dnpName: string]: ComposeService;
};
networks?: {
[networkName: string]: {
name?: string;
external?: boolean;
driver?: string; // "bridge";
ipam?: { config: { subnet: string }[] }; // { subnet: "172.33.0.0/16" }
};
};
networks?: ComposeNetworks;
// { dappmanagerdnpdappnodeeth_data: {} };
volumes?: {
[volumeName: string]: {
// NOTE: Not allowed
external?: boolean | { name: string }; // name: "dncore_ipfsdnpdappnodeeth_data"
};
};
volumes?: ComposeVolumes;
}

export interface ComposeVolumes {
/** volumeName: "dncore_ipfsdnpdappnodeeth_data" */
[volumeName: string]: ComposeVolume | null;
}

export interface ComposeVolume {
// FORBIDDEN
// external?: boolean | { name: string }; // name: "dncore_ipfsdnpdappnodeeth_data"
// NOT allowed to user, only used by DAppNode internally (if any)
external?: boolean;
name?: string; // Volumes can only be declared locally or be external
driver?: string; // Dangerous
driver_opts?:
| { type: "none"; device: string; o: "bind" }
| { [driverOptName: string]: string }; // driver_opts are passed down to whatever driver is being used, there's. No verification on docker's part nor detailed documentation
labels?: { [labelName: string]: string }; // User should not use this feature
}

export interface ComposePaths {
Expand Down
49 changes: 24 additions & 25 deletions src/files/compose/validateDappnodeCompose.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ function validateComposeNetworks(compose: Compose): void {
)} are allowed`
);
// Check all networks are external
if (networks[networkName].external === false)
const network = networks[networkName];
if (network && network.external === false)
err(
`The docker network ${networkName} is not allowed. Docker internal networks are not allowed`
);
Expand Down Expand Up @@ -156,36 +157,34 @@ function validateComposeServiceNetworks(
const serviceNetworks = service.networks;
if (!serviceNetworks) return;

for (const serviceNetwork of serviceNetworks) {
if (typeof serviceNetwork === "string") {
if (Array.isArray(serviceNetworks)) {
for (const serviceNetwork of serviceNetworks) {
// Check docker network is whitelisted when defined in array format
if (!params.DOCKER_WHITELIST_NETWORKS.includes(serviceNetwork))
err(
`service ${serviceName} has a non-whitelisted docker network: ${serviceNetwork}. Only docker networks ${DOCKER_WHITELIST_NETWORKS_STR} are allowed`
);
} else {
for (const serviceNetworkObjectName of Object.keys(serviceNetwork)) {
// Check docker network is whitelisted when defined in object format
if (
!params.DOCKER_WHITELIST_NETWORKS.includes(serviceNetworkObjectName)
}
} else {
for (const serviceNetworkObjectName of Object.keys(serviceNetworks)) {
// Check docker network is whitelisted when defined in object format
if (!params.DOCKER_WHITELIST_NETWORKS.includes(serviceNetworkObjectName))
err(
`service ${serviceName} has a non-whitelisted docker network: ${serviceNetworkObjectName}. Only docker networks ${DOCKER_WHITELIST_NETWORKS_STR} are allowed`
);

// Check core aliases are not used by non core packages
const { aliases } = serviceNetworks[serviceNetworkObjectName];
if (
!isCore &&
aliases &&
params.DOCKER_CORE_ALIASES.some(coreAlias =>
aliases.includes(coreAlias)
)
err(
`service ${serviceName} has a non-whitelisted docker network: ${serviceNetworkObjectName}. Only docker networks ${DOCKER_WHITELIST_NETWORKS_STR} are allowed`
);

// Check core aliases are not used by non core packages
const { aliases } = serviceNetwork[serviceNetworkObjectName];
if (
!isCore &&
aliases &&
params.DOCKER_CORE_ALIASES.some(coreAlias =>
aliases.includes(coreAlias)
)
) {
err(
`service ${serviceName} has the network ${serviceNetworkObjectName} with reserved docker alias. Aliases ${DOCKER_WHITELIST_ALIASES_STR} are reserved to core packages`
);
}
) {
err(
`service ${serviceName} has the network ${serviceNetworkObjectName} with reserved docker alias. Aliases ${DOCKER_WHITELIST_ALIASES_STR} are reserved to core packages`
);
}
}
}
Expand Down
6 changes: 3 additions & 3 deletions src/files/manifest/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,15 +118,15 @@ interface Dependencies {

// Driver

type ChainDriver = ChainDriverType | ChainDriverSpecs;
export type ChainDriver = ChainDriverType | ChainDriverSpecs;

type ChainDriverSpecs = {
export type ChainDriverSpecs = {
driver: ChainDriverType;
serviceName?: string;
portNumber?: number;
};

type ChainDriverType =
export type ChainDriverType =
| "bitcoin"
| "ethereum"
| "ethereum-beacon-chain"
Expand Down
20 changes: 9 additions & 11 deletions test/files/compose/validateDappnodeCompose.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,18 +211,16 @@ service validator has a non-whitelisted docker network: danger_network. Only doc
...compose.services,
validator: {
...compose.services.validator,
networks: [
{
danger_network: {
ipv4_address: "172.33.4.5",
aliases: ["dappmanager.dappnode"]
},
other_network: {
ipv4_address: "",
aliases: ["core.dappnode"]
}
networks: {
danger_network: {
ipv4_address: "172.33.4.5",
aliases: ["dappmanager.dappnode"]
},
other_network: {
ipv4_address: "",
aliases: ["core.dappnode"]
}
]
}
}
}
},
Expand Down