From 7b54944fccb57fbaa51a8851028b0c280edc0430 Mon Sep 17 00:00:00 2001 From: anti Date: Sun, 10 May 2026 01:29:46 -0400 Subject: [PATCH] =?UTF-8?q?fix(https):=20remove=20ports=20from=20compose?= =?UTF-8?q?=20fragment=20=E2=80=94=20MACVLAN=20makes=20port=20publishing?= =?UTF-8?q?=20incompatible=20with=20network=5Fmode?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- decnet/services/https.py | 2 -- tests/services/test_http_https_versions.py | 20 ++++++++------------ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/decnet/services/https.py b/decnet/services/https.py index 6d64048b..729e2ea6 100644 --- a/decnet/services/https.py +++ b/decnet/services/https.py @@ -113,8 +113,6 @@ class HTTPSService(BaseService): fragment["environment"]["TLS_CN"] = cfg["tls_cn"] if "http_versions" in cfg: fragment["environment"]["HTTP_VERSIONS"] = json.dumps(cfg["http_versions"]) - if "http/3" in cfg["http_versions"]: - fragment.setdefault("ports", []).append("443:443/udp") return fragment diff --git a/tests/services/test_http_https_versions.py b/tests/services/test_http_https_versions.py index 747c94d0..1f4bc70f 100644 --- a/tests/services/test_http_https_versions.py +++ b/tests/services/test_http_https_versions.py @@ -1,4 +1,4 @@ -"""http_versions multi_enum field: coercion, compose env, UDP port gate.""" +"""http_versions multi_enum field: coercion, compose env.""" import json import pytest @@ -116,22 +116,18 @@ def test_https_compose_http_versions_env(): assert versions == ["http/1.1", "http/2"] -def test_https_compose_h3_adds_udp_port(): +def test_https_compose_h3_no_ports_key(): + # Fleet uses MACVLAN — service containers share base netns, port publishing + # is incompatible with network_mode: service:. UDP/443 is reachable + # via the MACVLAN IP without any ports: mapping. svc = HTTPSService() cfg = svc.validate_cfg({"http_versions": ["http/1.1", "http/2", "http/3"]}) frag = svc.compose_fragment("decky-test", service_cfg=cfg) - assert "443:443/udp" in frag.get("ports", []) + assert "ports" not in frag -def test_https_compose_no_h3_no_udp_port(): +def test_https_compose_no_h3_no_ports_key(): svc = HTTPSService() cfg = svc.validate_cfg({"http_versions": ["http/1.1", "http/2"]}) frag = svc.compose_fragment("decky-test", service_cfg=cfg) - assert "443:443/udp" not in frag.get("ports", []) - - -def test_https_compose_h3_only_still_adds_udp_port(): - svc = HTTPSService() - cfg = svc.validate_cfg({"http_versions": ["http/3"]}) - frag = svc.compose_fragment("decky-test", service_cfg=cfg) - assert "443:443/udp" in frag.get("ports", []) + assert "ports" not in frag