podup 0.4.0

Translate and run docker-compose files on rootless Podman
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

use podup::parse_file;
use podup::parse_str;
use std::io::Write;

#[test]
fn yaml_anchor_and_alias() {
	let yaml = r#"
x-common: &common
  image: alpine
  restart: always
  environment:
    LOG_LEVEL: info

services:
  web:
    <<: *common
  api:
    <<: *common
    image: node:20
"#;
	let file = parse_str(yaml).unwrap();

	// web inherits image and environment from anchor.
	assert_eq!(file.services["web"].image.as_deref(), Some("alpine"));
	assert!(file.services["web"]
		.environment
		.to_map()
		.contains_key("LOG_LEVEL"));

	// api overrides image, keeps environment.
	assert_eq!(file.services["api"].image.as_deref(), Some("node:20"));
	assert!(file.services["api"]
		.environment
		.to_map()
		.contains_key("LOG_LEVEL"));
}

#[test]
fn yaml_anchor_passthrough_for_environment() {
	let yaml = r#"
x-env: &env
  NODE_ENV: production
  PORT: "3000"

services:
  app:
    image: node
    environment: *env
"#;
	let file = parse_str(yaml).unwrap();
	let env = file.services["app"].environment.to_map();
	assert_eq!(
		env.get("NODE_ENV").and_then(|v| v.clone()).as_deref(),
		Some("production")
	);
	assert_eq!(
		env.get("PORT").and_then(|v| v.clone()).as_deref(),
		Some("3000")
	);
}

#[test]
fn yaml_merge_key_sequence_of_anchors() {
	let yaml = r#"
x-a: &a
  restart: always
x-b: &b
  environment:
    FROM_B: "yes"

services:
  app:
    image: alpine
    <<: [*a, *b]
"#;
	let file = parse_str(yaml).unwrap();
	assert_eq!(
		file.services["app"]
			.restart
			.as_ref()
			.map(|r| format!("{r:?}")),
		Some("Always".to_string())
	);
	assert!(file.services["app"]
		.environment
		.to_map()
		.contains_key("FROM_B"));
}

#[test]
fn include_absolute_path_rejected() {
	let dir = tempfile::tempdir().unwrap();
	let main = dir.path().join("docker-compose.yml");
	writeln!(
		std::fs::File::create(&main).unwrap(),
		"include:\n  - /etc/passwd\nservices:\n  app:\n    image: alpine"
	)
	.unwrap();
	assert!(parse_file(&main).is_err());
}

#[test]
fn include_parent_traversal_rejected() {
	let dir = tempfile::tempdir().unwrap();
	let main = dir.path().join("docker-compose.yml");
	writeln!(
		std::fs::File::create(&main).unwrap(),
		"include:\n  - ../../secret.yml\nservices:\n  app:\n    image: alpine"
	)
	.unwrap();
	assert!(parse_file(&main).is_err());
}

#[test]
fn extends_file_absolute_path_rejected() {
	let dir = tempfile::tempdir().unwrap();
	let main = dir.path().join("docker-compose.yml");
	writeln!(
		std::fs::File::create(&main).unwrap(),
		"services:\n  app:\n    extends:\n      service: base\n      file: /etc/shadow"
	)
	.unwrap();
	assert!(parse_file(&main).is_err());
}

#[test]
fn extends_file_parent_traversal_rejected() {
	let dir = tempfile::tempdir().unwrap();
	let main = dir.path().join("docker-compose.yml");
	writeln!(
		std::fs::File::create(&main).unwrap(),
		"services:\n  app:\n    extends:\n      service: base\n      file: ../../other.yml"
	)
	.unwrap();
	assert!(parse_file(&main).is_err());
}