Handle sysctls maps

- Add support to handle sysctls maps.
- Directly raise an error if sysctls is neither an array nor map instead
  of letting podman fail with an unhelpful message.

Support for sysctls arrays was added in #261.

Fixes #754: sysctls only works with arrays, not maps

Signed-off-by: lemmi <lemmi@nerd2nerd.org>

podman_compose.py

@@ -956,8 +956,18 @@ async def container_to_args(compose, cnt, detached=True):
         podman_args.append("-i")
     if cnt.get("stop_signal", None):
         podman_args.extend(["--stop-signal", cnt["stop_signal"]])
-    for i in cnt.get("sysctls", []):
+
+    sysctls = cnt.get("sysctls")
+    if sysctls is not None:
+        if isinstance(sysctls, dict):
+            for sysctl, value in sysctls.items():
+                podman_args.extend(["--sysctl", "{}={}".format(sysctl, value)])
+        elif isinstance(sysctls, list):
+            for i in sysctls:
                 podman_args.extend(["--sysctl", i])
+        else:
+            raise TypeError("sysctls should be either dict or list")
+
     if cnt.get("tty", None):
         podman_args.append("--tty")
     if cnt.get("privileged", None):

pytests/test_container_to_args.py

@@ -66,3 +66,67 @@ class TestContainerToArgs(unittest.IsolatedAsyncioTestCase):
                 "busybox",
             ],
         )
+
+    async def test_sysctl_list(self):
+        c = create_compose_mock()
+
+        cnt = get_minimal_container()
+        cnt["sysctls"] = [
+            "net.core.somaxconn=1024",
+            "net.ipv4.tcp_syncookies=0",
+        ]
+
+        args = await container_to_args(c, cnt)
+        self.assertEqual(
+            args,
+            [
+                "--name=project_name_service_name1",
+                "-d",
+                "--net",
+                "",
+                "--network-alias",
+                "service_name",
+                "--sysctl",
+                "net.core.somaxconn=1024",
+                "--sysctl",
+                "net.ipv4.tcp_syncookies=0",
+                "busybox",
+            ],
+        )
+
+    async def test_sysctl_map(self):
+        c = create_compose_mock()
+
+        cnt = get_minimal_container()
+        cnt["sysctls"] = {
+            "net.core.somaxconn": 1024,
+            "net.ipv4.tcp_syncookies": 0,
+        }
+
+        args = await container_to_args(c, cnt)
+        self.assertEqual(
+            args,
+            [
+                "--name=project_name_service_name1",
+                "-d",
+                "--net",
+                "",
+                "--network-alias",
+                "service_name",
+                "--sysctl",
+                "net.core.somaxconn=1024",
+                "--sysctl",
+                "net.ipv4.tcp_syncookies=0",
+                "busybox",
+            ],
+        )
+
+    async def test_sysctl_wrong_type(self):
+        c = create_compose_mock()
+        cnt = get_minimal_container()
+
+        # check whether wrong types are correctly rejected
+        for wrong_type in [True, 0, 0.0, "wrong", ()]:
+            with self.assertRaises(TypeError):
+                cnt["sysctls"] = wrong_type
+                await container_to_args(c, cnt)