DEV Community

Scarab Systems
Scarab Systems

Posted on

Scarab Field Test #019 — Docker Compose Config Variable Discovery Boundary

#docker #devops #aiops #discuss

Target: docker/compose

Issue: docker/compose#13613

Public branch: https://github.com/scarab-systems/compose
Current commit: 319ee5604 — Skip validation when extracting config variables

PR status: not opened yet

This field test targeted a Docker Compose boundary around config variable extraction.

The issue surfaced when Compose attempted to discover interpolation variables from a config file that contained templated values inside typed fields.

Example shape:

yaml ports: - host_ip: "${LXKNS_ADDRESS:-127.0.0.1}" published: "${LXKNS_PORT:-5010}"

The intent of config --variables is to discover variables used by the Compose file.

But in this path, Compose was loading the unresolved, non-interpolated model and still allowing validation to run against fields that were intentionally still templated.

That meant a value like:

text ${LXKNS_ADDRESS:-127.0.0.1}

could reach IP validation before interpolation was supposed to resolve it.

The failure mode was:

text invalid ip address

Boundary

This was not a port parsing bug.

It was a boundary issue between:

  • variable discovery
  • unresolved config loading
  • interpolation timing
  • typed field validation

Variable discovery needs to inspect the unresolved model so it can find variable references.

Validation needs to run when the model is meant to be interpreted as actual runtime configuration.

Those are not the same phase.

The patch keeps validation intact for normal config loading, but skips validation only while loading the unresolved, non-interpolated model for variable extraction.

What changed

The repair updates the config --variables path and remote-stack interpolation-variable discovery path so validation is skipped only during unresolved model loading for variable discovery.

Regression coverage was added for templated typed port fields, including:

yaml host_ip: "${LXKNS_ADDRESS:-127.0.0.1}" published: "${LXKNS_PORT:-5010}"

The repair keeps the scope narrow: variable extraction can now inspect templated typed fields without treating unresolved interpolation syntax as final runtime values.

Validation

The regression failed before repair with:

text invalid ip address

After repair:

text go test ./cmd/compose

passed.

text docker buildx bake lint

passed with:

text 0 issues

Public diff leak scan also passed: no SDS residue, local paths, Codex references, doctrine references, generated runtime artifacts, or private diagnostic content.

DCO sign-off is present.

Why this matters

This is a small-looking fix, but the boundary is important.

A config tool has to know when it is reading a file to discover variable references and when it is validating a fully resolved runtime configuration.

If those phases collapse into each other, the tool starts rejecting valid templates before it has finished discovering what needs to be interpolated.

That is the kind of bug that looks like a bad user value, but the deeper problem is timing: validation is happening in a phase where values are not supposed to be final yet.

This field test reduced the issue to that boundary and repaired it without weakening normal validation.

Top comments (0)