Add support for configuring escalated plugins via envvar.

2016-01-10 17:19:48 -06:00 · 2016-01-10 17:19:48 -06:00 · d5767b7d57
commit d5767b7d57
parent a84db63f11
4 changed files with 26 additions and 12 deletions
--- a/controller/build.go
+++ b/controller/build.go
@ -264,9 +264,10 @@ func PostBuild(c *gin.Context) {
 		Config:    string(raw),
 		Secret:    string(sec),
 		System: &model.System{
-			Link:    httputil.GetURL(c.Request),
-			Plugins: strings.Split(os.Getenv("PLUGIN_FILTER"), " "),
-			Globals: strings.Split(os.Getenv("PLUGIN_PARAMS"), " "),
+			Link:      httputil.GetURL(c.Request),
+			Plugins:   strings.Split(os.Getenv("PLUGIN_FILTER"), " "),
+			Globals:   strings.Split(os.Getenv("PLUGIN_PARAMS"), " "),
+			Escalates: strings.Split(os.Getenv("ESCALATE_FILTER"), " "),
 		},
 	})

--- a/controller/hook.go
+++ b/controller/hook.go
@ -2,11 +2,12 @@ package controller

 import (
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"os"
 	"path/filepath"
-	"strings"
 	"regexp"
+	"strings"
+
+	"github.com/gin-gonic/gin"

 	log "github.com/Sirupsen/logrus"
 	"github.com/drone/drone/engine"
@ -214,9 +215,10 @@ func PostHook(c *gin.Context) {
 		Config:    string(raw),
 		Secret:    string(sec),
 		System: &model.System{
-			Link:    httputil.GetURL(c.Request),
-			Plugins: strings.Split(os.Getenv("PLUGIN_FILTER"), " "),
-			Globals: strings.Split(os.Getenv("PLUGIN_PARAMS"), " "),
+			Link:      httputil.GetURL(c.Request),
+			Plugins:   strings.Split(os.Getenv("PLUGIN_FILTER"), " "),
+			Globals:   strings.Split(os.Getenv("PLUGIN_PARAMS"), " "),
+			Escalates: strings.Split(os.Getenv("ESCALATE_FILTER"), " "),
 		},
 	})

--- a/docs/setup/plugins.md
+++ b/docs/setup/plugins.md
@ -19,3 +19,13 @@ Whitelist official Drone plugins and registry user `octocat`
 ```
 PLUGIN_FILTER=plugins/* octocat/*
 ```
+
+Additionally, some plugins may require to be execute as a "privileged" container.
+This mode is most common for plugins that are attempting to run docker in docker type behaviors (for example the plugins/docker requires this mode).
+Drone will ship will a default pattern that will allow selected official Drone plugins to run in an privileged mode.
+This whitelist can be customized by setting the `ESCALATE_FILTER` environment variable.
+This is a space-separated list and includes glob matching capabilities.
+
+```
+ESCALATE_FILTER=plugins/drone-docker plugins/drone-ecr plugins/drone-gcr
+```
--- a/model/sys.go
+++ b/model/sys.go
@ -1,8 +1,9 @@
 package model

 type System struct {
-	Version string   `json:"version"`
-	Link    string   `json:"link_url"`
-	Plugins []string `json:"plugins"`
-	Globals []string `json:"globals"`
+	Version   string   `json:"version"`
+	Link      string   `json:"link_url"`
+	Plugins   []string `json:"plugins"`
+	Globals   []string `json:"globals"`
+	Escalates []string `json:"privileged_plugins"`
 }