Revert "Add support for selinux in verbose bind mount specification" #942
Conversation
|
I have been using a fork of this project with #911 along with #771 and #763 in production for months. I don't really enjoy maintaining my own fork to get basic features and compatibility with docker-compose, so obviously I want all of the above to be merged and I was extremely excited when #911 was because it meant one fewer patchset I had to carry around downstream. I understand the value of testing, but if you are so insistent about it, perhaps you could make a PR to add missing tests instead of second guessing other maintainers and trying to revert useful changes. Perhaps if the documentation about what qualifies as adequately tested in your opinion were clearer (e.g. mentioned at all in I am happy to try and help write tests for my selinux change, but the unit testing code is kind of daunting if you aren't intimately familiar with the framework being used, and it seems a bit haphazard. I didn't see any obvious place to add what I felt should be the small amount of code needed to test my PR without having to add a bunch of infrastructure. It literally just needs to make an example volume description and then verify that |
|
Hi @charliemirabile, thanks a lot for response. I will explain my position about why I insist on tests by contributors. Your comment also raised several very good points which I also addressed below.
This is not a viable long-term strategy. There usually are many contributors, but just a single or several maintainers. If the policy of accepting PRs without tests is established, then few people will write them. Then the maintainer will need to write tests for all PRs. It would be inappropriate to expect this level of effort from a maintainer, especially given that this is an open source project. This will lead to maintainer burnout. This project has already experienced this, as it was unmaintained between summer 2023 and the beginning of this year. Therefore any established policies should prefer to reduce maintainer time expediture as few people can take such role long-term.
I think it's useful that people do unfinished PRs to gather early feedback. The last thing I would want is for a developer to invert significant amount of time writing tests before making sure that the maintainers agree that the solution itself is acceptable in principle. So I see "looks good, but needs tests" reviews as an advantage. Once the PR is created, if the original contributor does not have interest in writing tests, then someone else can do that and the code changes go in.
That's not true, see https://github.com/containers/podman-compose/blob/v1.1.0/.github/PULL_REQUEST_TEMPLATE.md However, you're right that the documentation should be improved. The fact that you didn't see it is evidence of that in itself.
It's actually relatively easy. If you've written that in a comment on the PR I would have guided you to what's expected.
An example: You just modify This pattern should be documented somewhere so that people could actually see how easy it is to add tests and then wouldn't be discouraged by my "looks good, but needs tests" reviews. Thank you for writing the comment with detailed feedback. It raised very clear points on where the development processes of this project should be improved. |
This is a fair point. I completely agree that it is not viable or appropriate for maintainers to take on all the burden of writing tests. I still feel that maybe in this specific situation where something gets merged without tests, it might be more productive to try and add the tests than pull the feature back out, but if the PR really was merged in error and the maintainers are on the same page about not wanting it in, a reversion does make sense. That is between you and the other folks maintaining the project. As an outside observer it is just very disheartening to watch your thing go in and then immediately see a new PR to rip it back out.
Yes, that is reasonable.
Would they file a new PR? I considered doing this for #763 and #771 (though obviously I was going to work on getting #911 acceptable for merge first), but I am not sure about the etiquette there and I wouldn't want to "steal" the credit for the feature just because I was willing to come along and make tests. (even if I include their commit in my branch, it would still show up as "my" PR if I had to file a new one), ant its not like I could push more commits to their branch associated with the existing one.
Ok yes, that actually is pretty clear. I went looking before I wrote my previous comment, but didn't think to check
Yeah, it was on my stack to get back to #911 and I would have asked if I couldn't figure it out; just been working on other things. Seeing it get merged reminded me to come check on it which is when I saw this PR.
Yes, this actually is pretty easy. I appreciate the clarification. I think just pointing folks to that file and saying "if you are adding support for new parts of the compose spec you probably need to add one of these tests in this file to check the args you are generating" would go a long way
Thank you for your helpful reply in spite of the slightly snarky tone I took in my original post here. I appreciate your help and am sorry I took some of my frustration out on you earlier. Also, is how does this patch look for testing selinux? Happy to make a PR for it, but maybe it would just be easier for you to replace this PR with this. ---
pytests/test_container_to_args.py | 64 +++++++++++++++++++++++++++++++++++++++
1 file changed, 64 insertions(+)
diff --git a/pytests/test_container_to_args.py b/pytests/test_container_to_args.py
index f79062d..ccdf757 100644
--- a/pytests/test_container_to_args.py
+++ b/pytests/test_container_to_args.py
@@ -428,3 +428,67 @@ class TestContainerToArgs(unittest.IsolatedAsyncioTestCase):
"nvidia-smi",
],
)
+
+ async def test_selinux_volume(self):
+ c = create_compose_mock()
+
+ cnt = get_minimal_container()
+
+ # This is supposed to happen during `_parse_compose_file`
+ # but that is probably getting skipped during testing
+ cnt["_service"] = cnt["service_name"]
+
+ cnt["volumes"] = [
+ {
+ "type": "bind",
+ "source": "./foo",
+ "target": "/mnt",
+ "bind": {
+ "selinux": "z",
+ },
+ }
+ ]
+
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ "--mount",
+ "type=bind,source=./foo,destination=/mnt,z",
+ "--network=bridge",
+ "--network-alias=service_name",
+ "busybox",
+ ],
+ )
+
+ cnt["volumes"][0]["bind"]["selinux"] = "Z"
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ "--mount",
+ "type=bind,source=./foo,destination=/mnt,Z",
+ "--network=bridge",
+ "--network-alias=service_name",
+ "busybox",
+ ],
+ )
+
+ c.prefer_volume_over_mount = True
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ "-v",
+ "./foo:/mnt:Z",
+ "--network=bridge",
+ "--network-alias=service_name",
+ "busybox",
+ ],
+ ) |
I agree. This was a bit of internal drama between maintainers that you were dragged into with no fault of your own.
Well, if someone abandons a PR for a long time then I think it's reasonable to not be surprised if someone else integrates the code and finishes what's missing. I think what's important is to acknowledge the contribution by not changing authorship of the commit and giving credit to the original PR in the new PR. As long that's done, no reasonable person should feel hurt. Right now I know another person who's going to go PRs in this repo one by one and try adding tests to all of these, so if you're otherwise busy I wouldn't recommend spending your time budget on these. Well, at least for a couple of upcoming weeks, I don't know if the person will deliver.
Sorry, now I understand why you didn't see it. It is a template added to new PRs, your PR was an older one from before the template existed.
The code looks good. I would split the test into three, because it checks three different situation. Maybe Thanks a lot for proposing the test. |
How about this? Parameterized is pretty slick, so while I was at it, I added a fourth to round it out (both z and Z with both vol and mount) pytests/test_container_to_args.py | 42 +++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/pytests/test_container_to_args.py b/pytests/test_container_to_args.py
index f79062d..ae6952e 100644
--- a/pytests/test_container_to_args.py
+++ b/pytests/test_container_to_args.py
@@ -3,6 +3,7 @@
import unittest
from os import path
from unittest import mock
+from parameterized import parameterized
from podman_compose import container_to_args
@@ -428,3 +429,44 @@ class TestContainerToArgs(unittest.IsolatedAsyncioTestCase):
"nvidia-smi",
],
)
+
+ @parameterized.expand([
+ (False, "z", ["--mount", "type=bind,source=./foo,destination=/mnt,z"]),
+ (False, "Z", ["--mount", "type=bind,source=./foo,destination=/mnt,Z"]),
+ (True, "z", ["-v", "./foo:/mnt:z"]),
+ (True, "Z", ["-v", "./foo:/mnt:Z"]),
+
+ ])
+ async def test_selinux_volume(self, prefer_volume, selinux_type, expected_additional_args):
+ c = create_compose_mock()
+ c.prefer_volume_over_mount = prefer_volume
+
+ cnt = get_minimal_container()
+
+ # This is supposed to happen during `_parse_compose_file`
+ # but that is probably getting skipped during testing
+ cnt["_service"] = cnt["service_name"]
+
+ cnt["volumes"] = [
+ {
+ "type": "bind",
+ "source": "./foo",
+ "target": "/mnt",
+ "bind": {
+ "selinux": selinux_type,
+ },
+ }
+ ]
+
+ args = await container_to_args(c, cnt)
+ self.assertEqual(
+ args,
+ [
+ "--name=project_name_service_name1",
+ "-d",
+ *expected_additional_args,
+ "--network=bridge",
+ "--network-alias=service_name",
+ "busybox",
+ ],
+ ) |
|
Looks good |
|
Feel free to create a PR and I will merge it ASAP and close this one |
|
Alright, just created #946 |
|
Thanks, closing this PR. |
Reverts #911.
The PR still needs tests before being accepted.