feat(docker-compose): support privileged mode in docker compose (#3553)

support privileged mode in docker compose --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
projen · May 6, 2024 · 7bb3bd9 · 7bb3bd9
1 parent 5cf621a
commit 7bb3bd9
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 0 deletions.
diff --git a/docs/api/projen.md b/docs/api/projen.md
@@ -9891,6 +9891,7 @@ const dockerComposeServiceDescription: DockerComposeServiceDescription = { ... }
 | <code><a href="#projen.DockerComposeServiceDescription.property.networks">networks</a></code> | <code><a href="#projen.IDockerComposeNetworkBinding">IDockerComposeNetworkBinding</a>[]</code> | Add some networks to the service. |
 | <code><a href="#projen.DockerComposeServiceDescription.property.platform">platform</a></code> | <code>string</code> | Add platform. |
 | <code><a href="#projen.DockerComposeServiceDescription.property.ports">ports</a></code> | <code><a href="#projen.DockerComposeServicePort">DockerComposeServicePort</a>[]</code> | Map some ports. |
+| <code><a href="#projen.DockerComposeServiceDescription.property.privileged">privileged</a></code> | <code>boolean</code> | Run in privileged mode. |
 | <code><a href="#projen.DockerComposeServiceDescription.property.volumes">volumes</a></code> | <code><a href="#projen.IDockerComposeVolumeBinding">IDockerComposeVolumeBinding</a>[]</code> | Mount some volumes into the service. |
 
 ---
@@ -10031,6 +10032,19 @@ Map some ports.
 
 ---
 
+##### `privileged`<sup>Optional</sup> <a name="privileged" id="projen.DockerComposeServiceDescription.property.privileged"></a>
+
+```typescript
+public readonly privileged: boolean;
+```
+
+- *Type:* boolean
+- *Default:* no privileged mode flag is provided
+
+Run in privileged mode.
+
+---
+
 ##### `volumes`<sup>Optional</sup> <a name="volumes" id="projen.DockerComposeServiceDescription.property.volumes"></a>
 
 ```typescript
@@ -14004,6 +14018,7 @@ Add a volume to the service.
 | <code><a href="#projen.DockerComposeService.property.image">image</a></code> | <code>string</code> | Docker image. |
 | <code><a href="#projen.DockerComposeService.property.imageBuild">imageBuild</a></code> | <code><a href="#projen.DockerComposeBuild">DockerComposeBuild</a></code> | Docker image build instructions. |
 | <code><a href="#projen.DockerComposeService.property.platform">platform</a></code> | <code>string</code> | Target platform. |
+| <code><a href="#projen.DockerComposeService.property.privileged">privileged</a></code> | <code>boolean</code> | Run in privileged mode. |
 
 ---
 
@@ -14151,6 +14166,18 @@ Target platform.
 
 ---
 
+##### `privileged`<sup>Optional</sup> <a name="privileged" id="projen.DockerComposeService.property.privileged"></a>
+
+```typescript
+public readonly privileged: boolean;
+```
+
+- *Type:* boolean
+
+Run in privileged mode.
+
+---
+
 
 ### JsonPatch <a name="JsonPatch" id="projen.JsonPatch"></a>
 

diff --git a/src/docker-compose/docker-compose-render.ts b/src/docker-compose/docker-compose-render.ts
@@ -27,6 +27,7 @@ interface DockerComposeFileServiceSchema {
   readonly environment?: Record<string, string>;
   readonly labels?: Record<string, string>;
   readonly entrypoint?: string[];
+  readonly privileged?: boolean;
 }
 
 /**
@@ -131,6 +132,10 @@ export function renderDockerComposeFile(
         "platform",
         serviceDescription.platform
       ),
+      ...getObjectWithKeyAndValueIfValueIsDefined(
+        "privileged",
+        serviceDescription.privileged
+      ),
       ...(Object.keys(serviceDescription.environment).length > 0
         ? { environment: serviceDescription.environment }
         : {}),

diff --git a/src/docker-compose/docker-compose-service.ts b/src/docker-compose/docker-compose-service.ts
@@ -79,6 +79,11 @@ export class DockerComposeService implements IDockerComposeServiceName {
    */
   public readonly platform?: string;
 
+  /**
+   * Run in privileged mode
+   */
+  public readonly privileged?: boolean;
+
   constructor(
     serviceName: string,
     serviceDescription: DockerComposeServiceDescription
@@ -104,6 +109,7 @@ export class DockerComposeService implements IDockerComposeServiceName {
     this.labels = serviceDescription.labels ?? {};
     this.entrypoint = serviceDescription.entrypoint;
     this.platform = serviceDescription.platform;
+    this.privileged = serviceDescription.privileged;
   }
 
   /**
@@ -236,4 +242,10 @@ export interface DockerComposeServiceDescription {
    * @default - no platform is provided
    */
   readonly platform?: string;
+
+  /**
+   * Run in privileged mode
+   * @default - no privileged mode flag is provided
+   */
+  readonly privileged?: boolean;
 }
diff --git a/test/docker-compose/docker-compose.test.ts b/test/docker-compose/docker-compose.test.ts
@@ -249,6 +249,31 @@ describe("docker-compose", () => {
     assertDockerComposeFileValidates(project.outdir);
   });
 
+  test("can set privileged mode", () => {
+    const project = new TestProject();
+    const dc = new DockerCompose(project, {
+      services: {
+        alpine: {
+          image: "alpine",
+          privileged: true,
+        },
+      },
+    });
+
+    expect(dc._synthesizeDockerCompose()).toEqual({
+      version: "3.3",
+      services: {
+        alpine: {
+          image: "alpine",
+          privileged: true,
+        },
+      },
+    });
+
+    project.synth();
+    assertDockerComposeFileValidates(project.outdir);
+  });
+
   describe("can add a volume", () => {
     test("bind volume", () => {
       const project = new TestProject();