Merge branch 'main' into automated/standardfiles

sous-chefs · Oct 10, 2023 · 2b8d44c · 2b8d44c
2 parents a642e1c + e37bc46
commit 2b8d44c
Show file tree

Hide file tree

Showing 10 changed files with 106 additions and 15 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ name: ci
 
 jobs:
   lint-unit:
-    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@89865ee56cd1c401b2e758f3b82cafab834ca9f7
+    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@19068b35e66a632c5640c222430fcea905c1662f
     permissions:
       actions: write
       checks: write
@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Chef
         uses: actionshub/[email protected]
       - name: Dokken
@@ -69,7 +69,7 @@ jobs:
 
   integration-amazonlinux:
     needs: lint-unit
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         os:
@@ -81,7 +81,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Chef
         uses: actionshub/[email protected]
       - name: Dokken
@@ -114,7 +114,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Chef
         uses: actionshub/[email protected]
       - name: Dokken

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Standardise files with files in sous-chefs/repo-management
 - Various MDL fixes
 
+## 11.2.5 - *2023-10-10*
+
+## 11.2.4 - *2023-09-29*
+
+## 11.2.3 - *2023-09-04*
+
+## 11.2.2 - *2023-08-18*
+
+## 11.2.1 - *2023-08-18*
+
+- Fix breaking change introduced by #1253
+
+## 11.2.0 - *2023-08-10*
+
+- added cgroup_ns option to container resource with default private
+
+## 11.1.1 - *2023-07-10*
+
+## 11.1.0 - *2023-06-06*
+
 ## 11.0.1 - *2023-06-01*
 
 - Only pass common resource properties of the `docker_service`-resource to

diff --git a/documentation/docker_container.md b/documentation/docker_container.md
@@ -45,7 +45,7 @@ Most `docker_container` properties are the `snake_case` version of the `CamelCas
 - `health_check` - A hash containing the health check options - [healthcheck reference](https://docs.docker.com/engine/reference/run/#healthcheck)
 - `host` - A string containing the host the API should communicate with. Defaults to ENV['DOCKER_HOST'] if set
 - `host_name` - The hostname for the container.
-- `labels` A string, array, or hash to set metadata on the container in the form ['foo:bar', 'hello:world']`
+- `labels` A string, array, or hash to set metadata on the container in the form `['foo:bar', 'hello:world']`
 - `links` - An array of source container/alias pairs to link the container to in the form `[container_a:www', container_b:db']`
 - `log_driver` - Sets a custom logging driver for the container (json-file/syslog/journald/gelf/fluentd/awslogs/splunk/etwlogs/gcplogs/logentries/loki-docker/local/none).
 - `log_opts` - Configures the above logging driver options (driver-specific).
@@ -88,6 +88,7 @@ Most `docker_container` properties are the `snake_case` version of the `CamelCas
 - `tls_ca_cert` - Trust certs signed only by this CA. Defaults to ENV['DOCKER_CERT_PATH'] if set
 - `tls_client_cert` - Path to TLS certificate file for docker cli. Defaults to ENV['DOCKER_CERT_PATH'] if set
 - `tls_client_key` - Path to TLS key file for docker cli. Defaults to ENV['DOCKER_CERT_PATH'] if set
+- `tmpfs` - A hash of paths to tmpfs options. Defaults to `{}`.
 - `userns_mode` - Modify the user namespace mode - Defaults to `nil`, example option: `host`
 - `pid_mode` - Set the PID (Process) Namespace mode for the container. `host`: use the host's PID namespace inside the container.
 - `ipc_mode` - Set the IPC mode for the container - Defaults to `nil`, example option: `host`
@@ -277,6 +278,16 @@ docker_container 'ohai_debian' do
 end
 ```
 
+### Mount a tmpfs at a given directory in the container
+
+```ruby
+docker_container 'tmp_db' do
+    command '/bin/run_db.sh'
+    tmpfs { '/var/lib/db_data' => 'rw,size=2g' }
+    action :run
+end
+```
+
 ### Set a container's entrypoint
 
 ```ruby

diff --git a/libraries/helpers_container.rb b/libraries/helpers_container.rb
@@ -0,0 +1,10 @@
+module DockerCookbook
+  module DockerHelpers
+    module Container
+      def cgroupv2?
+        return if node.dig('filesystem', 'by_device').nil?
+        node.dig('filesystem', 'by_device').key?('cgroup2')
+      end
+    end
+  end
+end
diff --git a/metadata.rb b/metadata.rb
@@ -3,7 +3,7 @@
 maintainer_email  '[email protected]'
 license           'Apache-2.0'
 description       'Provides docker_service, docker_image, and docker_container resources'
-version           '11.0.1'
+version           '11.2.5'
 source_url        'https://github.com/sous-chefs/docker'
 issues_url        'https://github.com/sous-chefs/docker/issues'
 chef_version      '>= 16.0', '< 19.0'

diff --git a/resources/container.rb b/resources/container.rb
@@ -2,6 +2,8 @@
 use 'partial/_base'
 use 'partial/_logging'
 
+include DockerCookbook::DockerHelpers::Container
+
 property :container_name, String, name_property: true
 property :repo, String, default: lazy { container_name }
 property :tag, String, default: 'latest'
@@ -12,6 +14,7 @@
 property :autoremove, [true, false], default: false, desired_state: false
 property :cap_add, [Array, nil], coerce: proc { |v| Array(v).empty? ? nil : Array(v) }
 property :cap_drop, [Array, nil], coerce: proc { |v| Array(v).empty? ? nil : Array(v) }
+property :cgroup_ns, String, default: lazy { cgroupv2? ? 'private' : 'host' }
 property :cgroup_parent, String, default: ''
 property :cpus, [Integer, Float], coerce: proc { |v| coerce_cpus(v) }, default: 0
 property :cpu_shares, Integer, default: 0
@@ -64,6 +67,7 @@
 property :stdin_once, [true, false], default: false, desired_state: false
 property :sysctls, Hash, default: {}
 property :timeout, Integer, desired_state: false
+property :tmpfs, Hash, default: {}
 property :tty, [true, false], default: false
 property :ulimits, [Array, nil], coerce: proc { |v| coerce_ulimits(v) }
 property :user, String
@@ -478,6 +482,7 @@ def load_container_labels
           'CapAdd'          => new_resource.cap_add,
           'CapDrop'         => new_resource.cap_drop,
           'CgroupParent'    => new_resource.cgroup_parent,
+          'CgroupnsMode'    => new_resource.cgroup_ns,
           'CpuShares'       => new_resource.cpu_shares,
           'CpusetCpus'      => new_resource.cpuset_cpus,
           'Devices'         => new_resource.devices,
@@ -510,6 +515,7 @@ def load_container_labels
           'SecurityOpt'     => new_resource.security_opt,
           'ShmSize'         => new_resource.shm_size,
           'Sysctls'         => new_resource.sysctls,
+          'Tmpfs'           => new_resource.tmpfs,
           'Ulimits'         => ulimits_to_hash,
           'UsernsMode'      => new_resource.userns_mode,
           'UTSMode'         => new_resource.uts_mode,
@@ -653,6 +659,8 @@ def load_container_labels
 end
 
 action_class do
+  include DockerCookbook::DockerHelpers::Container
+
   def validate_container_create
     if new_resource.property_is_set?(:restart_policy) &&
        new_resource.restart_policy != 'no' &&
@@ -727,9 +735,4 @@ def ulimits_to_hash
   def read_env_file
     new_resource.env_file.map { |f| ::File.readlines(f).map(&:strip) }.flatten
   end
-
-  def cgroupv2?
-    return if node.dig('filesystem', 'by_device').nil?
-    node.dig('filesystem', 'by_device').key?('cgroup2')
-  end
 end
diff --git a/spec/docker_test/container_spec.rb b/spec/docker_test/container_spec.rb
@@ -288,6 +288,16 @@
     end
   end
 
+  context 'testing tmpfs_mounter' do
+    it 'run_if_missing_docker_container[tmpfs_mounter]' do
+      expect(chef_run).to run_if_missing_docker_container('tmpfs_mounter').with(
+        repo: 'busybox',
+        command: ['df', '-h', '/tmpfs_dir'],
+        tmpfs: { '/tmpfs_dir' => 'rw,size=10m' }
+      )
+    end
+  end
+
   context 'testing volumes_from' do
     it 'creates directory[/chefbuilder]' do
       expect(chef_run).to create_directory('/chefbuilder').with(

diff --git a/spec/libraries/container_spec.rb b/spec/libraries/container_spec.rb
@@ -71,7 +71,7 @@
       expect { chef_run }.to_not raise_error
       expect(chef_run).to create_docker_container('hello_world').with(
         tag: 'ubuntu:latest',
-        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Healthcheck' => nil, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } } }
+        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Healthcheck' => nil, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CgroupnsMode' => 'private', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Tmpfs' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } } }
       )
     }
   end
@@ -98,7 +98,7 @@
       expect { chef_run }.to_not raise_error
       expect(chef_run).to create_docker_container('hello_world').with(
         tag: 'ubuntu:latest',
-        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } }, 'Healthcheck' => { 'Test' => ['string'], 'Interval' => 0, 'Timeout' => 0, 'Retries' => 0, 'StartPeriod' => 0 } }
+        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CgroupnsMode' => 'private', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Tmpfs' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } }, 'Healthcheck' => { 'Test' => ['string'], 'Interval' => 0, 'Timeout' => 0, 'Retries' => 0, 'StartPeriod' => 0 } }
       )
     }
   end
@@ -117,7 +117,25 @@
       expect(chef_run).to create_docker_container('hello_world').with(
         tag: 'ubuntu:latest',
         # Should be missing 'MemorySwappiness'
-        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Healthcheck' => nil, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } } }
+        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Healthcheck' => nil, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupParent' => '', 'CgroupnsMode' => 'host', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Tmpfs' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } } }
+      )
+    }
+  end
+
+  context 'creates docker container with cgroupns option' do
+    recipe do
+      docker_container 'hello_world' do
+        tag 'ubuntu:latest'
+        cgroup_ns 'host'
+        action :create
+      end
+    end
+
+    it {
+      expect { chef_run }.to_not raise_error
+      expect(chef_run).to create_docker_container('hello_world').with(
+        tag: 'ubuntu:latest',
+        create_options: { 'name' => 'hello_world', 'Image' => 'hello_world:ubuntu:latest', 'Labels' => {}, 'Cmd' => nil, 'AttachStderr' => false, 'AttachStdin' => false, 'AttachStdout' => false, 'Domainname' => '', 'Entrypoint' => nil, 'Env' => [], 'ExposedPorts' => {}, 'Healthcheck' => nil, 'Hostname' => nil, 'MacAddress' => nil, 'NetworkDisabled' => false, 'OpenStdin' => false, 'StdinOnce' => false, 'Tty' => false, 'User' => nil, 'Volumes' => {}, 'WorkingDir' => nil, 'HostConfig' => { 'Binds' => nil, 'CapAdd' => nil, 'CapDrop' => nil, 'CgroupnsMode' => 'host', 'CgroupParent' => '', 'CpuShares' => 0, 'CpusetCpus' => '', 'Devices' => [], 'Dns' => [], 'DnsSearch' => [], 'ExtraHosts' => nil, 'IpcMode' => 'shareable', 'Init' => nil, 'KernelMemory' => 0, 'Links' => nil, 'LogConfig' => nil, 'Memory' => 0, 'MemorySwap' => nil, 'MemoryReservation' => 0, 'NanoCpus' => 0, 'NetworkMode' => 'bridge', 'OomKillDisable' => false, 'OomScoreAdj' => -500, 'Privileged' => false, 'PidMode' => '', 'PortBindings' => {}, 'PublishAllPorts' => false, 'RestartPolicy' => { 'Name' => nil, 'MaximumRetryCount' => 0 }, 'ReadonlyRootfs' => false, 'Runtime' => 'runc', 'SecurityOpt' => nil, 'ShmSize' => 67108864, 'Sysctls' => {}, 'Tmpfs' => {}, 'Ulimits' => nil, 'UsernsMode' => '', 'UTSMode' => '', 'VolumesFrom' => nil, 'VolumeDriver' => nil }, 'NetworkingConfig' => { 'EndpointsConfig' => { 'bridge' => { 'IPAMConfig' => { 'IPv4Address' => nil }, 'Aliases' => [] } } } }
       )
     }
   end

diff --git a/test/cookbooks/docker_test/recipes/container.rb b/test/cookbooks/docker_test/recipes/container.rb
@@ -290,6 +290,18 @@
   action :run_if_missing
 end
 
+#######
+# tmpfs
+#######
+
+# docker inspect -f "{{ .HostConfig.Tmpfs }}"
+docker_container 'tmpfs_mounter' do
+  repo 'busybox'
+  command 'df -h /tmpfs_dir'
+  tmpfs '/tmpfs_dir' => 'rw,size=10m'
+  action :run_if_missing
+end
+
 ##############
 # volumes_from
 ##############

diff --git a/test/integration/resources/inspec/assert_functioning_spec.rb b/test/integration/resources/inspec/assert_functioning_spec.rb
@@ -315,6 +315,13 @@
   its(:stdout) { should match(%r{\/summer\:\{\}}) }
 end
 
+# docker_container[tmpfs_mounter]
+
+describe command('docker inspect -f "{{ .HostConfig.Tmpfs }}" tmpfs_mounter') do
+  its(:exit_status) { should eq 0 }
+  its(:stdout) { should match('/tmpfs.*10.0m.*tmpfs_dir/') }
+end
+
 # docker_container[chef_container]
 
 describe docker_container('chef_container') do