From 31b4efcaecb4a23745cacfb1defccfb0d3f0381d Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Wed, 2 Jul 2025 18:20:35 -0700 Subject: [PATCH] warn instead of error, lift logic to main.go Signed-off-by: Evan Miller --- cmd/quadlet/main.go | 16 +++++++++++++++ pkg/systemd/quadlet/quadlet.go | 8 -------- test/e2e/quadlet/service-dynamicuser.build | 6 +++++- .../e2e/quadlet/service-dynamicuser.container | 5 ++++- test/e2e/quadlet/service-dynamicuser.image | 5 ++++- test/e2e/quadlet/service-dynamicuser.kube | 5 ++++- test/e2e/quadlet/service-dynamicuser.network | 1 - test/e2e/quadlet/service-dynamicuser.pod | 1 - test/e2e/quadlet/service-dynamicuser.volume | 1 - test/e2e/quadlet/service-group.container | 3 ++- test/e2e/quadlet/service-user.container | 2 +- test/e2e/quadlet_test.go | 20 +++++++++---------- 12 files changed, 46 insertions(+), 27 deletions(-) diff --git a/cmd/quadlet/main.go b/cmd/quadlet/main.go index 4f9af0075d..496b41c0af 100644 --- a/cmd/quadlet/main.go +++ b/cmd/quadlet/main.go @@ -574,6 +574,20 @@ func warnIfAmbiguousName(unit *parser.UnitFile, group string) { } } +// Warns if the unit has any properties defined in the Service group that are known to cause issues. +// We want to warn instead of erroring to avoid breaking any existing users' units, +// or to allow users to use these properties if they know what they are doing. +// We implement this here instead of in quadlet.initServiceUnitFile to avoid +// having to refactor a large amount of code in the generator just for a warning. +func warnIfUnsupportedServiceKeys(unit *parser.UnitFile) { + for _, key := range quadlet.UnsupportedServiceKeys { + _, hasKey := unit.Lookup(quadlet.ServiceGroup, key) + if hasKey { + Logf("Warning: using key %s in the Service group is not supported - use at your own risk", key) + } + } +} + func generateUnitsInfoMap(units []*parser.UnitFile) map[string]*quadlet.UnitInfo { unitsInfoMap := make(map[string]*quadlet.UnitInfo) for _, unit := range units { @@ -722,6 +736,8 @@ func process() bool { var service *parser.UnitFile var warnings, err error + warnIfUnsupportedServiceKeys(unit) + switch { case strings.HasSuffix(unit.Filename, ".container"): warnIfAmbiguousName(unit, quadlet.ContainerGroup) diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index 549c07e69e..6d53d12168 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -2248,14 +2248,6 @@ func initServiceUnitFile(quadletUnitFile *parser.UnitFile, isUser bool, unitsInf return nil, nil, err } - // These Service keys cannot be used in a Quadlet unit - for _, key := range UnsupportedServiceKeys { - _, hasKey := quadletUnitFile.Lookup(ServiceGroup, key) - if hasKey { - return nil, nil, fmt.Errorf("using key %s in the Service group is not supported", key) - } - } - service := quadletUnitFile.Dup() service.Filename = unitInfo.ServiceFileName() diff --git a/test/e2e/quadlet/service-dynamicuser.build b/test/e2e/quadlet/service-dynamicuser.build index 68029df5ad..d8feaf0b20 100644 --- a/test/e2e/quadlet/service-dynamicuser.build +++ b/test/e2e/quadlet/service-dynamicuser.build @@ -1,4 +1,8 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" + +[Build] +ImageTag=localhost/imagename +SetWorkingDirectory=unit + [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.container b/test/e2e/quadlet/service-dynamicuser.container index 68029df5ad..f2a010d9a1 100644 --- a/test/e2e/quadlet/service-dynamicuser.container +++ b/test/e2e/quadlet/service-dynamicuser.container @@ -1,4 +1,7 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" + +[Container] +Image=localhost/imagename + [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.image b/test/e2e/quadlet/service-dynamicuser.image index 68029df5ad..3cceaea51c 100644 --- a/test/e2e/quadlet/service-dynamicuser.image +++ b/test/e2e/quadlet/service-dynamicuser.image @@ -1,4 +1,7 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" + +[Image] +Image=localhost/imagename + [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.kube b/test/e2e/quadlet/service-dynamicuser.kube index 68029df5ad..53aad5c4d2 100644 --- a/test/e2e/quadlet/service-dynamicuser.kube +++ b/test/e2e/quadlet/service-dynamicuser.kube @@ -1,4 +1,7 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" + +[Kube] +Yaml=deployment.yml + [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.network b/test/e2e/quadlet/service-dynamicuser.network index 68029df5ad..f568456aff 100644 --- a/test/e2e/quadlet/service-dynamicuser.network +++ b/test/e2e/quadlet/service-dynamicuser.network @@ -1,4 +1,3 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.pod b/test/e2e/quadlet/service-dynamicuser.pod index 68029df5ad..f568456aff 100644 --- a/test/e2e/quadlet/service-dynamicuser.pod +++ b/test/e2e/quadlet/service-dynamicuser.pod @@ -1,4 +1,3 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-dynamicuser.volume b/test/e2e/quadlet/service-dynamicuser.volume index 68029df5ad..f568456aff 100644 --- a/test/e2e/quadlet/service-dynamicuser.volume +++ b/test/e2e/quadlet/service-dynamicuser.volume @@ -1,4 +1,3 @@ -## assert-failed ## assert-stderr-contains "using key DynamicUser in the Service group is not supported" [Service] DynamicUser=foobar diff --git a/test/e2e/quadlet/service-group.container b/test/e2e/quadlet/service-group.container index e72954e918..e37f6036b5 100644 --- a/test/e2e/quadlet/service-group.container +++ b/test/e2e/quadlet/service-group.container @@ -1,7 +1,8 @@ -## assert-failed ## assert-stderr-contains "using key Group in the Service group is not supported" [Container] +Image=localhost/imagename # This is fine +User=1000 Group=1000 [Service] diff --git a/test/e2e/quadlet/service-user.container b/test/e2e/quadlet/service-user.container index 1f8334e1bc..166054d2c4 100644 --- a/test/e2e/quadlet/service-user.container +++ b/test/e2e/quadlet/service-user.container @@ -1,6 +1,6 @@ -## assert-failed ## assert-stderr-contains "using key User in the Service group is not supported" [Container] +Image=localhost/imagename # This is fine User=1000 diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go index 0c075a4980..e35abb5609 100644 --- a/test/e2e/quadlet_test.go +++ b/test/e2e/quadlet_test.go @@ -1096,6 +1096,16 @@ BOGUS=foo runWarningQuadletTestCase, Entry("label-unsupported-escape.container", "label-unsupported-escape.container", "unsupported escape char"), Entry("shortname.container", "shortname.container", "Warning: shortname.container specifies the image \"shortname\" which not a fully qualified image name. This is not ideal for performance and security reasons. See the podman-pull manpage discussion of short-name-aliases.conf for details."), + + Entry("Unsupported Service Key - User", "service-user.container", "Warning: using key User in the Service group is not supported"), + Entry("Unsupported Service Key - Group", "service-group.container", "Warning: using key Group in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.build", "service-dynamicuser.build", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.container", "service-dynamicuser.container", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.image", "service-dynamicuser.image", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.kube", "service-dynamicuser.kube", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.network", "service-dynamicuser.network", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.pod", "service-dynamicuser.pod", "Warning: using key DynamicUser in the Service group is not supported"), + Entry("Unsupported Service Key - DynamicUser.volume", "service-dynamicuser.volume", "Warning: using key DynamicUser in the Service group is not supported"), ) DescribeTable("Running expected error quadlet test case", @@ -1126,16 +1136,6 @@ BOGUS=foo Entry("Build - Neither WorkingDirectory nor File Key", "neither-workingdirectory-nor-file.build", "converting \"neither-workingdirectory-nor-file.build\": neither SetWorkingDirectory, nor File key specified"), Entry("Build - No ImageTag Key", "no-imagetag.build", "converting \"no-imagetag.build\": no ImageTag key specified"), Entry("emptyline.container", "emptyline.container", "converting \"emptyline.container\": no Image or Rootfs key specified"), - - Entry("Unsupported Service Key - User", "service-user.container", "converting \"service-user.container\": using key User in the Service group is not supported"), - Entry("Unsupported Service Key - Group", "service-group.container", "converting \"service-group.container\": using key Group in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.build", "service-dynamicuser.build", "converting \"service-dynamicuser.build\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.container", "service-dynamicuser.container", "converting \"service-dynamicuser.container\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.image", "service-dynamicuser.image", "converting \"service-dynamicuser.image\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.kube", "service-dynamicuser.kube", "converting \"service-dynamicuser.kube\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.network", "service-dynamicuser.network", "converting \"service-dynamicuser.network\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.pod", "service-dynamicuser.pod", "converting \"service-dynamicuser.pod\": using key DynamicUser in the Service group is not supported"), - Entry("Unsupported Service Key - DynamicUser.volume", "service-dynamicuser.volume", "converting \"service-dynamicuser.volume\": using key DynamicUser in the Service group is not supported"), ) DescribeTable("Running success quadlet with ServiceName test case",