Add key to control if a container can get started by its pod

By default today, the container is always started if its pod is also started. This prevents to create custom with systemd where containers in a pod could be started through their `[Install]` section. We add a key `StartWithPod=`, enabled by default, that enables one to disable that behavior. This prevents the pod service from changing the state of the container service. Fixes #24401 Signed-off-by: Farya L. Maerten <me@ltow.me>
2025-05-20 08:36:23 +08:00 · 2024-10-31 22:17:40 +01:00
parent de990415a2
commit 2597eeae70
7 changed files with 52 additions and 7 deletions
--- a/test/e2e/quadlet/startwithpod.pod
+++ b/test/e2e/quadlet/startwithpod.pod
@ -0,0 +1,7 @@
+## assert-key-contains "Unit" "Wants" "startwithpod_yes.service"
+## assert-key-contains "Unit" "Before" "startwithpod_yes.service"
+
+## assert-key-not-contains "Unit" "Wants" "startwithpod_no.service"
+## assert-key-not-contains "Unit" "Before" "startwithpod_no.service"
+
+[Pod]
--- a/test/e2e/quadlet/startwithpod_no.container
+++ b/test/e2e/quadlet/startwithpod_no.container
@ -0,0 +1,7 @@
+# assert-key-contains "Unit" "After" "startwithpod-pod.service"
+# assert-key-contains "Unit" "BindsTo" "startwithpod-pod.service"
+
+[Container]
+Image=localhost/image
+Pod=startwithpod.pod
+StartWithPod=no
--- a/test/e2e/quadlet/startwithpod_yes.container
+++ b/test/e2e/quadlet/startwithpod_yes.container
@ -0,0 +1,7 @@
+# assert-key-contains "Unit" "After" "startwithpod-pod.service"
+# assert-key-contains "Unit" "BindsTo" "startwithpod-pod.service"
+
+[Container]
+Image=localhost/image
+Pod=startwithpod.pod
+StartWithPod=yes
--- a/test/e2e/quadlet_test.go
+++ b/test/e2e/quadlet_test.go
@ -227,6 +227,10 @@ func (t *quadletTestcase) assertKeyContains(args []string, unit *parser.UnitFile
 	return ok && strings.Contains(realValue, value)
 }

+func (t *quadletTestcase) assertKeyNotContains(args []string, unit *parser.UnitFile) bool {
+	return !t.assertKeyContains(args, unit)
+}
+
 func (t *quadletTestcase) assertPodmanArgs(args []string, unit *parser.UnitFile, key string, allowRegex, globalOnly bool) bool {
 	podmanArgs, _ := unit.LookupLastArgs("Service", key)
 	if globalOnly {
@ -516,6 +520,8 @@ func (t *quadletTestcase) doAssert(check []string, unit *parser.UnitFile, sessio
 		ok = t.assertKeyIsRegex(args, unit)
 	case "assert-key-contains":
 		ok = t.assertKeyContains(args, unit)
+	case "assert-key-not-contains":
+		ok = t.assertKeyNotContains(args, unit)
 	case "assert-last-key-is-regex":
 		ok = t.assertLastKeyIsRegex(args, unit)
 	case "assert-podman-args":
@ -1122,6 +1128,7 @@ BOGUS=foo
 		Entry("Pod - Quadlet Volume", "volume.pod", []string{"basic.volume"}),
 		Entry("Pod - Quadlet Network overriding service name", "network.servicename.quadlet.pod", []string{"service-name.network"}),
 		Entry("Pod - Quadlet Volume overriding service name", "volume.servicename.pod", []string{"service-name.volume"}),
+		Entry("Pod - Do not autostart a container with pod", "startwithpod.pod", []string{"startwithpod_no.container", "startwithpod_yes.container"}),
 	)

 })