2016-12-05 16:14:08 -05:00
|
|
|
package convert
|
|
|
|
|
|
|
|
import (
|
2018-05-03 21:02:44 -04:00
|
|
|
"context"
|
2017-11-10 16:24:32 -05:00
|
|
|
"os"
|
2016-12-05 16:14:08 -05:00
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2017-04-17 18:07:56 -04:00
|
|
|
composetypes "github.com/docker/cli/cli/compose/types"
|
2017-11-29 13:04:40 -05:00
|
|
|
"github.com/docker/docker/api/types"
|
2016-12-05 16:14:08 -05:00
|
|
|
"github.com/docker/docker/api/types/container"
|
|
|
|
"github.com/docker/docker/api/types/swarm"
|
2017-11-29 13:04:40 -05:00
|
|
|
"github.com/docker/docker/client"
|
2017-11-10 16:24:32 -05:00
|
|
|
"github.com/pkg/errors"
|
2020-02-22 12:12:14 -05:00
|
|
|
"gotest.tools/v3/assert"
|
|
|
|
is "gotest.tools/v3/assert/cmp"
|
2016-12-05 16:14:08 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestConvertRestartPolicyFromNone(t *testing.T) {
|
|
|
|
policy, err := convertRestartPolicy("no", nil)
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual((*swarm.RestartPolicy)(nil), policy))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertRestartPolicyFromUnknown(t *testing.T) {
|
|
|
|
_, err := convertRestartPolicy("unknown", nil)
|
2023-08-28 06:09:06 -04:00
|
|
|
assert.Error(t, err, "invalid restart policy: unknown policy 'unknown'; use one of 'no', 'always', 'on-failure', or 'unless-stopped'")
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertRestartPolicyFromAlways(t *testing.T) {
|
|
|
|
policy, err := convertRestartPolicy("always", nil)
|
|
|
|
expected := &swarm.RestartPolicy{
|
|
|
|
Condition: swarm.RestartPolicyConditionAny,
|
|
|
|
}
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, policy))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertRestartPolicyFromFailure(t *testing.T) {
|
|
|
|
policy, err := convertRestartPolicy("on-failure:4", nil)
|
|
|
|
attempts := uint64(4)
|
|
|
|
expected := &swarm.RestartPolicy{
|
|
|
|
Condition: swarm.RestartPolicyConditionOnFailure,
|
|
|
|
MaxAttempts: &attempts,
|
|
|
|
}
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, policy))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
2017-03-14 12:39:26 -04:00
|
|
|
func strPtr(val string) *string {
|
|
|
|
return &val
|
|
|
|
}
|
|
|
|
|
2016-12-05 16:14:08 -05:00
|
|
|
func TestConvertEnvironment(t *testing.T) {
|
2017-03-14 12:39:26 -04:00
|
|
|
source := map[string]*string{
|
|
|
|
"foo": strPtr("bar"),
|
|
|
|
"key": strPtr("value"),
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
env := convertEnvironment(source)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual([]string{"foo=bar", "key=value"}, env))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
2024-02-20 04:46:05 -05:00
|
|
|
func TestConvertEnvironmentWhenNilValueExists(t *testing.T) {
|
|
|
|
source := map[string]*string{
|
|
|
|
"key": strPtr("value"),
|
|
|
|
"keyWithNoValue": nil,
|
|
|
|
}
|
|
|
|
env := convertEnvironment(source)
|
|
|
|
assert.Check(t, is.DeepEqual([]string{"key=value", "keyWithNoValue"}, env))
|
|
|
|
}
|
|
|
|
|
Preserve sort-order of extra hosts, and allow duplicate entries
Extra hosts (`extra_hosts` in compose-file, or `--hosts` in services) adds
custom host/ip mappings to the container's `/etc/hosts`.
The current implementation used a `map[string]string{}` as intermediate
storage, and sorted the results alphabetically when converting to a service-spec.
As a result, duplicate hosts were removed, and order of host/ip mappings was not
preserved (in case the compose-file used a list instead of a map).
According to the **host.conf(5)** man page (http://man7.org/linux/man-pages/man5/host.conf.5.html)
multi Valid values are on and off. If set to on, the resolver
library will return all valid addresses for a host that
appears in the /etc/hosts file, instead of only the first.
This is off by default, as it may cause a substantial
performance loss at sites with large hosts files.
Multiple entries for a host are allowed, and even required for some situations,
for example, to add mappings for IPv4 and IPv6 addreses for a host, as illustrated
by the example hosts file in the **hosts(5)** man page (http://man7.org/linux/man-pages/man5/hosts.5.html):
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost
# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1 thishost.mydomain.org thishost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
This patch changes the intermediate storage format to use a `[]string`, and only
sorts entries if the input format in the compose file is a mapping. If the input
format is a list, the original sort-order is preserved.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-29 20:33:23 -04:00
|
|
|
func TestConvertExtraHosts(t *testing.T) {
|
|
|
|
source := composetypes.HostsList{
|
|
|
|
"zulu:127.0.0.2",
|
|
|
|
"alpha:127.0.0.1",
|
|
|
|
"zulu:ff02::1",
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual([]string{"127.0.0.2 zulu", "127.0.0.1 alpha", "ff02::1 zulu"}, convertExtraHosts(source)))
|
Preserve sort-order of extra hosts, and allow duplicate entries
Extra hosts (`extra_hosts` in compose-file, or `--hosts` in services) adds
custom host/ip mappings to the container's `/etc/hosts`.
The current implementation used a `map[string]string{}` as intermediate
storage, and sorted the results alphabetically when converting to a service-spec.
As a result, duplicate hosts were removed, and order of host/ip mappings was not
preserved (in case the compose-file used a list instead of a map).
According to the **host.conf(5)** man page (http://man7.org/linux/man-pages/man5/host.conf.5.html)
multi Valid values are on and off. If set to on, the resolver
library will return all valid addresses for a host that
appears in the /etc/hosts file, instead of only the first.
This is off by default, as it may cause a substantial
performance loss at sites with large hosts files.
Multiple entries for a host are allowed, and even required for some situations,
for example, to add mappings for IPv4 and IPv6 addreses for a host, as illustrated
by the example hosts file in the **hosts(5)** man page (http://man7.org/linux/man-pages/man5/hosts.5.html):
# The following lines are desirable for IPv4 capable hosts
127.0.0.1 localhost
# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1 thishost.mydomain.org thishost
192.168.1.10 foo.mydomain.org foo
192.168.1.13 bar.mydomain.org bar
146.82.138.7 master.debian.org master
209.237.226.90 www.opensource.org
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
This patch changes the intermediate storage format to use a `[]string`, and only
sorts entries if the input format in the compose file is a mapping. If the input
format is a list, the original sort-order is preserved.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2017-10-29 20:33:23 -04:00
|
|
|
}
|
|
|
|
|
2016-12-05 16:14:08 -05:00
|
|
|
func TestConvertResourcesFull(t *testing.T) {
|
|
|
|
source := composetypes.Resources{
|
2020-05-09 17:08:42 -04:00
|
|
|
Limits: &composetypes.ResourceLimit{
|
2016-12-05 16:14:08 -05:00
|
|
|
NanoCPUs: "0.003",
|
|
|
|
MemoryBytes: composetypes.UnitBytes(300000000),
|
|
|
|
},
|
|
|
|
Reservations: &composetypes.Resource{
|
|
|
|
NanoCPUs: "0.002",
|
|
|
|
MemoryBytes: composetypes.UnitBytes(200000000),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
resources, err := convertResources(source)
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2016-12-05 16:14:08 -05:00
|
|
|
|
|
|
|
expected := &swarm.ResourceRequirements{
|
2020-06-15 05:26:48 -04:00
|
|
|
Limits: &swarm.Limit{
|
2016-12-05 16:14:08 -05:00
|
|
|
NanoCPUs: 3000000,
|
|
|
|
MemoryBytes: 300000000,
|
|
|
|
},
|
|
|
|
Reservations: &swarm.Resources{
|
|
|
|
NanoCPUs: 2000000,
|
|
|
|
MemoryBytes: 200000000,
|
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, resources))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
2017-01-09 14:22:02 -05:00
|
|
|
func TestConvertResourcesOnlyMemory(t *testing.T) {
|
|
|
|
source := composetypes.Resources{
|
2020-05-09 17:08:42 -04:00
|
|
|
Limits: &composetypes.ResourceLimit{
|
2017-01-09 14:22:02 -05:00
|
|
|
MemoryBytes: composetypes.UnitBytes(300000000),
|
|
|
|
},
|
|
|
|
Reservations: &composetypes.Resource{
|
|
|
|
MemoryBytes: composetypes.UnitBytes(200000000),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
resources, err := convertResources(source)
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2017-01-09 14:22:02 -05:00
|
|
|
|
|
|
|
expected := &swarm.ResourceRequirements{
|
2020-06-15 05:26:48 -04:00
|
|
|
Limits: &swarm.Limit{
|
2017-01-09 14:22:02 -05:00
|
|
|
MemoryBytes: 300000000,
|
|
|
|
},
|
|
|
|
Reservations: &swarm.Resources{
|
|
|
|
MemoryBytes: 200000000,
|
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, resources))
|
2017-01-09 14:22:02 -05:00
|
|
|
}
|
|
|
|
|
2016-12-05 16:14:08 -05:00
|
|
|
func TestConvertHealthcheck(t *testing.T) {
|
|
|
|
retries := uint64(10)
|
2018-08-29 17:29:39 -04:00
|
|
|
timeout := composetypes.Duration(30 * time.Second)
|
|
|
|
interval := composetypes.Duration(2 * time.Millisecond)
|
2023-10-11 12:35:51 -04:00
|
|
|
startPeriod := composetypes.Duration(time.Minute)
|
|
|
|
startInterval := composetypes.Duration(1 * time.Second)
|
|
|
|
|
2016-12-05 16:14:08 -05:00
|
|
|
source := &composetypes.HealthCheckConfig{
|
2023-10-11 12:35:51 -04:00
|
|
|
Test: []string{"EXEC", "touch", "/foo"},
|
|
|
|
Timeout: &timeout,
|
|
|
|
Interval: &interval,
|
|
|
|
Retries: &retries,
|
|
|
|
StartPeriod: &startPeriod,
|
|
|
|
StartInterval: &startInterval,
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
expected := &container.HealthConfig{
|
2023-10-11 12:35:51 -04:00
|
|
|
Test: source.Test,
|
|
|
|
Timeout: time.Duration(timeout),
|
|
|
|
Interval: time.Duration(interval),
|
|
|
|
StartPeriod: time.Duration(startPeriod),
|
|
|
|
StartInterval: time.Duration(startInterval),
|
|
|
|
Retries: 10,
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
healthcheck, err := convertHealthcheck(source)
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, healthcheck))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertHealthcheckDisable(t *testing.T) {
|
|
|
|
source := &composetypes.HealthCheckConfig{Disable: true}
|
|
|
|
expected := &container.HealthConfig{
|
|
|
|
Test: []string{"NONE"},
|
|
|
|
}
|
|
|
|
|
|
|
|
healthcheck, err := convertHealthcheck(source)
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, healthcheck))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertHealthcheckDisableWithTest(t *testing.T) {
|
|
|
|
source := &composetypes.HealthCheckConfig{
|
|
|
|
Disable: true,
|
|
|
|
Test: []string{"EXEC", "touch"},
|
|
|
|
}
|
|
|
|
_, err := convertHealthcheck(source)
|
2018-03-06 15:54:24 -05:00
|
|
|
assert.Error(t, err, "test and disable can't be set at the same time")
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
2017-01-31 15:45:45 -05:00
|
|
|
func TestConvertEndpointSpec(t *testing.T) {
|
|
|
|
source := []composetypes.ServicePortConfig{
|
|
|
|
{
|
|
|
|
Protocol: "udp",
|
|
|
|
Target: 53,
|
|
|
|
Published: 1053,
|
|
|
|
Mode: "host",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Target: 8080,
|
|
|
|
Published: 80,
|
|
|
|
},
|
|
|
|
}
|
2019-04-02 07:40:25 -04:00
|
|
|
endpoint := convertEndpointSpec("vip", source)
|
2017-01-31 15:45:45 -05:00
|
|
|
|
|
|
|
expected := swarm.EndpointSpec{
|
2017-02-17 00:34:49 -05:00
|
|
|
Mode: swarm.ResolutionMode(strings.ToLower("vip")),
|
2017-01-31 15:45:45 -05:00
|
|
|
Ports: []swarm.PortConfig{
|
|
|
|
{
|
|
|
|
TargetPort: 8080,
|
|
|
|
PublishedPort: 80,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Protocol: "udp",
|
|
|
|
TargetPort: 53,
|
|
|
|
PublishedPort: 1053,
|
|
|
|
PublishMode: "host",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, *endpoint))
|
2017-01-31 15:45:45 -05:00
|
|
|
}
|
|
|
|
|
2016-12-05 16:14:08 -05:00
|
|
|
func TestConvertServiceNetworksOnlyDefault(t *testing.T) {
|
|
|
|
networkConfigs := networkMap{}
|
|
|
|
|
|
|
|
configs, err := convertServiceNetworks(
|
2017-02-22 13:52:09 -05:00
|
|
|
nil, networkConfigs, NewNamespace("foo"), "service")
|
2016-12-05 16:14:08 -05:00
|
|
|
|
|
|
|
expected := []swarm.NetworkAttachmentConfig{
|
|
|
|
{
|
|
|
|
Target: "foo_default",
|
|
|
|
Aliases: []string{"service"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, configs))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertServiceNetworks(t *testing.T) {
|
|
|
|
networkConfigs := networkMap{
|
|
|
|
"front": composetypes.NetworkConfig{
|
2017-12-11 11:29:45 -05:00
|
|
|
External: composetypes.External{External: true},
|
|
|
|
Name: "fronttier",
|
2016-12-05 16:14:08 -05:00
|
|
|
},
|
|
|
|
"back": composetypes.NetworkConfig{},
|
|
|
|
}
|
|
|
|
networks := map[string]*composetypes.ServiceNetworkConfig{
|
|
|
|
"front": {
|
|
|
|
Aliases: []string{"something"},
|
2024-06-07 04:13:21 -04:00
|
|
|
DriverOpts: map[string]string{
|
|
|
|
"driver.opt1": "optval1",
|
|
|
|
"driver.opt2": "optval2",
|
|
|
|
},
|
2016-12-05 16:14:08 -05:00
|
|
|
},
|
|
|
|
"back": {
|
|
|
|
Aliases: []string{"other"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
configs, err := convertServiceNetworks(
|
|
|
|
networks, networkConfigs, NewNamespace("foo"), "service")
|
|
|
|
|
|
|
|
expected := []swarm.NetworkAttachmentConfig{
|
|
|
|
{
|
|
|
|
Target: "foo_back",
|
|
|
|
Aliases: []string{"other", "service"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Target: "fronttier",
|
|
|
|
Aliases: []string{"something", "service"},
|
2024-06-07 04:13:21 -04:00
|
|
|
DriverOpts: map[string]string{
|
|
|
|
"driver.opt1": "optval1",
|
|
|
|
"driver.opt2": "optval2",
|
|
|
|
},
|
2016-12-05 16:14:08 -05:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2018-07-08 15:08:17 -04:00
|
|
|
assert.Check(t, is.DeepEqual(expected, configs))
|
2016-12-05 16:14:08 -05:00
|
|
|
}
|
|
|
|
|
2017-02-22 13:52:09 -05:00
|
|
|
func TestConvertServiceNetworksCustomDefault(t *testing.T) {
|
|
|
|
networkConfigs := networkMap{
|
|
|
|
"default": composetypes.NetworkConfig{
|
2017-12-11 11:29:45 -05:00
|
|
|
External: composetypes.External{External: true},
|
|
|
|
Name: "custom",
|
2017-02-22 13:52:09 -05:00
|
|
|
},
|
|
|
|
}
|
|
|
|
networks := map[string]*composetypes.ServiceNetworkConfig{}
|
|
|
|
|
|
|
|
configs, err := convertServiceNetworks(
|
|
|
|
networks, networkConfigs, NewNamespace("foo"), "service")
|
|
|
|
|
|
|
|
expected := []swarm.NetworkAttachmentConfig{
|
|
|
|
{
|
|
|
|
Target: "custom",
|
|
|
|
Aliases: []string{"service"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2018-03-06 14:44:13 -05:00
|
|
|
assert.NilError(t, err)
|
2019-04-02 10:23:00 -04:00
|
|
|
assert.Check(t, is.DeepEqual(expected, configs))
|
2017-02-22 13:52:09 -05:00
|
|
|
}
|
|
|
|
|
2017-03-23 19:38:17 -04:00
|
|
|
func TestConvertDNSConfigEmpty(t *testing.T) {
|
2019-04-02 07:40:25 -04:00
|
|
|
dnsConfig := convertDNSConfig(nil, nil)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual((*swarm.DNSConfig)(nil), dnsConfig))
|
2017-03-23 19:38:17 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
nameservers = []string{"8.8.8.8", "9.9.9.9"}
|
|
|
|
search = []string{"dc1.example.com", "dc2.example.com"}
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestConvertDNSConfigAll(t *testing.T) {
|
2019-04-02 07:40:25 -04:00
|
|
|
dnsConfig := convertDNSConfig(nameservers, search)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(&swarm.DNSConfig{
|
2017-03-23 19:38:17 -04:00
|
|
|
Nameservers: nameservers,
|
|
|
|
Search: search,
|
2018-03-05 18:53:52 -05:00
|
|
|
}, dnsConfig))
|
2017-03-23 19:38:17 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertDNSConfigNameservers(t *testing.T) {
|
2019-04-02 07:40:25 -04:00
|
|
|
dnsConfig := convertDNSConfig(nameservers, nil)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(&swarm.DNSConfig{
|
2017-03-23 19:38:17 -04:00
|
|
|
Nameservers: nameservers,
|
|
|
|
Search: nil,
|
2018-03-05 18:53:52 -05:00
|
|
|
}, dnsConfig))
|
2017-03-23 19:38:17 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertDNSConfigSearch(t *testing.T) {
|
2019-04-02 07:40:25 -04:00
|
|
|
dnsConfig := convertDNSConfig(nil, search)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(&swarm.DNSConfig{
|
2017-03-23 19:38:17 -04:00
|
|
|
Nameservers: nil,
|
|
|
|
Search: search,
|
2018-03-05 18:53:52 -05:00
|
|
|
}, dnsConfig))
|
2017-03-23 19:38:17 -04:00
|
|
|
}
|
2017-05-11 08:30:04 -04:00
|
|
|
|
|
|
|
func TestConvertCredentialSpec(t *testing.T) {
|
2019-02-02 10:35:26 -05:00
|
|
|
tests := []struct {
|
|
|
|
name string
|
|
|
|
in composetypes.CredentialSpecConfig
|
|
|
|
out *swarm.CredentialSpec
|
2019-04-01 14:38:11 -04:00
|
|
|
configs []*swarm.ConfigReference
|
2019-02-02 10:35:26 -05:00
|
|
|
expectedErr string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
name: "empty",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "config-and-file",
|
|
|
|
in: composetypes.CredentialSpecConfig{Config: "0bt9dmxjvjiqermk6xrop3ekq", File: "somefile.json"},
|
|
|
|
expectedErr: `invalid credential spec: cannot specify both "Config" and "File"`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "config-and-registry",
|
|
|
|
in: composetypes.CredentialSpecConfig{Config: "0bt9dmxjvjiqermk6xrop3ekq", Registry: "testing"},
|
|
|
|
expectedErr: `invalid credential spec: cannot specify both "Config" and "Registry"`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "file-and-registry",
|
|
|
|
in: composetypes.CredentialSpecConfig{File: "somefile.json", Registry: "testing"},
|
|
|
|
expectedErr: `invalid credential spec: cannot specify both "File" and "Registry"`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "config-and-file-and-registry",
|
|
|
|
in: composetypes.CredentialSpecConfig{Config: "0bt9dmxjvjiqermk6xrop3ekq", File: "somefile.json", Registry: "testing"},
|
|
|
|
expectedErr: `invalid credential spec: cannot specify both "Config", "File", and "Registry"`,
|
|
|
|
},
|
2019-04-01 14:38:11 -04:00
|
|
|
{
|
|
|
|
name: "missing-config-reference",
|
|
|
|
in: composetypes.CredentialSpecConfig{Config: "missing"},
|
|
|
|
expectedErr: "invalid credential spec: spec specifies config missing, but no such config can be found",
|
|
|
|
configs: []*swarm.ConfigReference{
|
|
|
|
{
|
|
|
|
ConfigName: "someName",
|
|
|
|
ConfigID: "missing",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "namespaced-config",
|
|
|
|
in: composetypes.CredentialSpecConfig{Config: "name"},
|
|
|
|
configs: []*swarm.ConfigReference{
|
|
|
|
{
|
|
|
|
ConfigName: "namespaced-config_name",
|
|
|
|
ConfigID: "someID",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
out: &swarm.CredentialSpec{Config: "someID"},
|
|
|
|
},
|
2019-02-02 10:35:26 -05:00
|
|
|
{
|
|
|
|
name: "config",
|
2019-04-01 14:38:11 -04:00
|
|
|
in: composetypes.CredentialSpecConfig{Config: "someName"},
|
|
|
|
configs: []*swarm.ConfigReference{
|
|
|
|
{
|
|
|
|
ConfigName: "someOtherName",
|
|
|
|
ConfigID: "someOtherID",
|
|
|
|
}, {
|
|
|
|
ConfigName: "someName",
|
|
|
|
ConfigID: "someID",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
out: &swarm.CredentialSpec{Config: "someID"},
|
2019-02-02 10:35:26 -05:00
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "file",
|
|
|
|
in: composetypes.CredentialSpecConfig{File: "somefile.json"},
|
|
|
|
out: &swarm.CredentialSpec{File: "somefile.json"},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
name: "registry",
|
|
|
|
in: composetypes.CredentialSpecConfig{Registry: "testing"},
|
|
|
|
out: &swarm.CredentialSpec{Registry: "testing"},
|
|
|
|
},
|
|
|
|
}
|
2017-05-11 08:30:04 -04:00
|
|
|
|
2019-02-02 10:35:26 -05:00
|
|
|
for _, tc := range tests {
|
|
|
|
tc := tc
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
2019-04-01 14:38:11 -04:00
|
|
|
namespace := NewNamespace(tc.name)
|
|
|
|
swarmSpec, err := convertCredentialSpec(namespace, tc.in, tc.configs)
|
2019-02-02 10:35:26 -05:00
|
|
|
|
|
|
|
if tc.expectedErr != "" {
|
|
|
|
assert.Error(t, err, tc.expectedErr)
|
|
|
|
} else {
|
|
|
|
assert.NilError(t, err)
|
|
|
|
}
|
|
|
|
assert.DeepEqual(t, swarmSpec, tc.out)
|
|
|
|
})
|
|
|
|
}
|
2017-05-11 08:30:04 -04:00
|
|
|
}
|
2017-07-19 04:55:34 -04:00
|
|
|
|
|
|
|
func TestConvertUpdateConfigOrder(t *testing.T) {
|
|
|
|
// test default behavior
|
|
|
|
updateConfig := convertUpdateConfig(&composetypes.UpdateConfig{})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal("", updateConfig.Order))
|
2017-07-19 04:55:34 -04:00
|
|
|
|
|
|
|
// test start-first
|
|
|
|
updateConfig = convertUpdateConfig(&composetypes.UpdateConfig{
|
|
|
|
Order: "start-first",
|
|
|
|
})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(updateConfig.Order, "start-first"))
|
2017-07-19 04:55:34 -04:00
|
|
|
|
|
|
|
// test stop-first
|
|
|
|
updateConfig = convertUpdateConfig(&composetypes.UpdateConfig{
|
|
|
|
Order: "stop-first",
|
|
|
|
})
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Equal(updateConfig.Order, "stop-first"))
|
2017-07-19 04:55:34 -04:00
|
|
|
}
|
2017-11-10 16:24:32 -05:00
|
|
|
|
|
|
|
func TestConvertFileObject(t *testing.T) {
|
|
|
|
namespace := NewNamespace("testing")
|
|
|
|
config := composetypes.FileReferenceConfig{
|
|
|
|
Source: "source",
|
|
|
|
Target: "target",
|
|
|
|
UID: "user",
|
|
|
|
GID: "group",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: uint32Ptr(0o644),
|
2017-11-10 16:24:32 -05:00
|
|
|
}
|
|
|
|
swarmRef, err := convertFileObject(namespace, config, lookupConfig)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
2017-11-10 16:24:32 -05:00
|
|
|
|
|
|
|
expected := swarmReferenceObject{
|
|
|
|
Name: "testing_source",
|
|
|
|
File: swarmReferenceTarget{
|
|
|
|
Name: config.Target,
|
|
|
|
UID: config.UID,
|
|
|
|
GID: config.GID,
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: os.FileMode(0o644),
|
2017-11-10 16:24:32 -05:00
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, swarmRef))
|
2017-11-10 16:24:32 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func lookupConfig(key string) (composetypes.FileObjectConfig, error) {
|
|
|
|
if key != "source" {
|
|
|
|
return composetypes.FileObjectConfig{}, errors.New("bad key")
|
|
|
|
}
|
|
|
|
return composetypes.FileObjectConfig{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertFileObjectDefaults(t *testing.T) {
|
|
|
|
namespace := NewNamespace("testing")
|
|
|
|
config := composetypes.FileReferenceConfig{Source: "source"}
|
|
|
|
swarmRef, err := convertFileObject(namespace, config, lookupConfig)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
2017-11-10 16:24:32 -05:00
|
|
|
|
|
|
|
expected := swarmReferenceObject{
|
|
|
|
Name: "testing_source",
|
|
|
|
File: swarmReferenceTarget{
|
|
|
|
Name: config.Source,
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: os.FileMode(0o444),
|
2017-11-10 16:24:32 -05:00
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.DeepEqual(expected, swarmRef))
|
2017-11-10 16:24:32 -05:00
|
|
|
}
|
2017-11-17 09:31:13 -05:00
|
|
|
|
|
|
|
func TestServiceConvertsIsolation(t *testing.T) {
|
|
|
|
src := composetypes.ServiceConfig{
|
|
|
|
Isolation: "hyperv",
|
|
|
|
}
|
|
|
|
result, err := Service("1.35", Namespace{name: "foo"}, src, nil, nil, nil, nil)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.Equal(container.IsolationHyperV, result.TaskTemplate.ContainerSpec.Isolation))
|
2017-11-17 09:31:13 -05:00
|
|
|
}
|
2017-11-29 13:04:40 -05:00
|
|
|
|
|
|
|
func TestConvertServiceSecrets(t *testing.T) {
|
|
|
|
namespace := Namespace{name: "foo"}
|
|
|
|
secrets := []composetypes.ServiceSecretConfig{
|
|
|
|
{Source: "foo_secret"},
|
|
|
|
{Source: "bar_secret"},
|
|
|
|
}
|
|
|
|
secretSpecs := map[string]composetypes.SecretConfig{
|
|
|
|
"foo_secret": {
|
|
|
|
Name: "foo_secret",
|
|
|
|
},
|
|
|
|
"bar_secret": {
|
|
|
|
Name: "bar_secret",
|
|
|
|
},
|
|
|
|
}
|
2023-11-20 11:38:50 -05:00
|
|
|
apiClient := &fakeClient{
|
2017-11-29 13:04:40 -05:00
|
|
|
secretListFunc: func(opts types.SecretListOptions) ([]swarm.Secret, error) {
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Contains(opts.Filters.Get("name"), "foo_secret"))
|
|
|
|
assert.Check(t, is.Contains(opts.Filters.Get("name"), "bar_secret"))
|
2017-11-29 13:04:40 -05:00
|
|
|
return []swarm.Secret{
|
|
|
|
{Spec: swarm.SecretSpec{Annotations: swarm.Annotations{Name: "foo_secret"}}},
|
|
|
|
{Spec: swarm.SecretSpec{Annotations: swarm.Annotations{Name: "bar_secret"}}},
|
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
}
|
2023-09-09 18:27:44 -04:00
|
|
|
ctx := context.Background()
|
|
|
|
refs, err := convertServiceSecrets(ctx, apiClient, namespace, secrets, secretSpecs)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
2017-11-29 13:04:40 -05:00
|
|
|
expected := []*swarm.SecretReference{
|
|
|
|
{
|
|
|
|
SecretName: "bar_secret",
|
|
|
|
File: &swarm.SecretReferenceFileTarget{
|
|
|
|
Name: "bar_secret",
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: 0o444,
|
2017-11-29 13:04:40 -05:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
SecretName: "foo_secret",
|
|
|
|
File: &swarm.SecretReferenceFileTarget{
|
|
|
|
Name: "foo_secret",
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: 0o444,
|
2017-11-29 13:04:40 -05:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.DeepEqual(t, expected, refs)
|
2017-11-29 13:04:40 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestConvertServiceConfigs(t *testing.T) {
|
|
|
|
namespace := Namespace{name: "foo"}
|
2019-04-01 14:38:11 -04:00
|
|
|
service := composetypes.ServiceConfig{
|
|
|
|
Configs: []composetypes.ServiceConfigObjConfig{
|
|
|
|
{Source: "foo_config"},
|
|
|
|
{Source: "bar_config"},
|
|
|
|
},
|
|
|
|
CredentialSpec: composetypes.CredentialSpecConfig{
|
|
|
|
Config: "baz_config",
|
|
|
|
},
|
2017-11-29 13:04:40 -05:00
|
|
|
}
|
|
|
|
configSpecs := map[string]composetypes.ConfigObjConfig{
|
|
|
|
"foo_config": {
|
|
|
|
Name: "foo_config",
|
|
|
|
},
|
|
|
|
"bar_config": {
|
|
|
|
Name: "bar_config",
|
|
|
|
},
|
2019-04-01 14:38:11 -04:00
|
|
|
"baz_config": {
|
|
|
|
Name: "baz_config",
|
|
|
|
},
|
2017-11-29 13:04:40 -05:00
|
|
|
}
|
2023-11-20 11:38:50 -05:00
|
|
|
apiClient := &fakeClient{
|
2017-11-29 13:04:40 -05:00
|
|
|
configListFunc: func(opts types.ConfigListOptions) ([]swarm.Config, error) {
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.Check(t, is.Contains(opts.Filters.Get("name"), "foo_config"))
|
|
|
|
assert.Check(t, is.Contains(opts.Filters.Get("name"), "bar_config"))
|
2019-04-01 14:38:11 -04:00
|
|
|
assert.Check(t, is.Contains(opts.Filters.Get("name"), "baz_config"))
|
2017-11-29 13:04:40 -05:00
|
|
|
return []swarm.Config{
|
|
|
|
{Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "foo_config"}}},
|
|
|
|
{Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "bar_config"}}},
|
2019-04-01 14:38:11 -04:00
|
|
|
{Spec: swarm.ConfigSpec{Annotations: swarm.Annotations{Name: "baz_config"}}},
|
2017-11-29 13:04:40 -05:00
|
|
|
}, nil
|
|
|
|
},
|
|
|
|
}
|
2023-09-09 18:27:44 -04:00
|
|
|
ctx := context.Background()
|
|
|
|
refs, err := convertServiceConfigObjs(ctx, apiClient, namespace, service, configSpecs)
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.NilError(t, err)
|
2017-11-29 13:04:40 -05:00
|
|
|
expected := []*swarm.ConfigReference{
|
|
|
|
{
|
|
|
|
ConfigName: "bar_config",
|
|
|
|
File: &swarm.ConfigReferenceFileTarget{
|
|
|
|
Name: "bar_config",
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: 0o444,
|
2017-11-29 13:04:40 -05:00
|
|
|
},
|
|
|
|
},
|
2019-04-01 14:38:11 -04:00
|
|
|
{
|
|
|
|
ConfigName: "baz_config",
|
|
|
|
Runtime: &swarm.ConfigReferenceRuntimeTarget{},
|
|
|
|
},
|
2017-11-29 13:04:40 -05:00
|
|
|
{
|
|
|
|
ConfigName: "foo_config",
|
|
|
|
File: &swarm.ConfigReferenceFileTarget{
|
|
|
|
Name: "foo_config",
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
2022-09-30 13:13:22 -04:00
|
|
|
Mode: 0o444,
|
2017-11-29 13:04:40 -05:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2018-03-05 18:53:52 -05:00
|
|
|
assert.DeepEqual(t, expected, refs)
|
2017-11-29 13:04:40 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
type fakeClient struct {
|
|
|
|
client.Client
|
|
|
|
secretListFunc func(types.SecretListOptions) ([]swarm.Secret, error)
|
|
|
|
configListFunc func(types.ConfigListOptions) ([]swarm.Config, error)
|
|
|
|
}
|
|
|
|
|
2023-03-30 10:41:55 -04:00
|
|
|
func (c *fakeClient) SecretList(_ context.Context, options types.SecretListOptions) ([]swarm.Secret, error) {
|
2017-11-29 13:04:40 -05:00
|
|
|
if c.secretListFunc != nil {
|
|
|
|
return c.secretListFunc(options)
|
|
|
|
}
|
|
|
|
return []swarm.Secret{}, nil
|
|
|
|
}
|
|
|
|
|
2023-03-30 10:41:55 -04:00
|
|
|
func (c *fakeClient) ConfigList(_ context.Context, options types.ConfigListOptions) ([]swarm.Config, error) {
|
2017-11-29 13:04:40 -05:00
|
|
|
if c.configListFunc != nil {
|
|
|
|
return c.configListFunc(options)
|
|
|
|
}
|
|
|
|
return []swarm.Config{}, nil
|
|
|
|
}
|
2018-05-29 05:37:51 -04:00
|
|
|
|
|
|
|
func TestConvertUpdateConfigParallelism(t *testing.T) {
|
|
|
|
parallel := uint64(4)
|
|
|
|
|
|
|
|
// test default behavior
|
|
|
|
updateConfig := convertUpdateConfig(&composetypes.UpdateConfig{})
|
|
|
|
assert.Check(t, is.Equal(uint64(1), updateConfig.Parallelism))
|
|
|
|
|
|
|
|
// Non default value
|
|
|
|
updateConfig = convertUpdateConfig(&composetypes.UpdateConfig{
|
|
|
|
Parallelism: ¶llel,
|
|
|
|
})
|
|
|
|
assert.Check(t, is.Equal(parallel, updateConfig.Parallelism))
|
|
|
|
}
|
2019-09-09 13:24:51 -04:00
|
|
|
|
|
|
|
func TestConvertServiceCapAddAndCapDrop(t *testing.T) {
|
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-25 07:03:06 -04:00
|
|
|
tests := []struct {
|
|
|
|
title string
|
|
|
|
in, out composetypes.ServiceConfig
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
title: "default behavior",
|
2019-09-09 13:24:51 -04:00
|
|
|
},
|
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-25 07:03:06 -04:00
|
|
|
{
|
|
|
|
title: "some values",
|
|
|
|
in: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"SYS_NICE", "CAP_NET_ADMIN"},
|
|
|
|
CapDrop: []string{"CHOWN", "CAP_NET_ADMIN", "DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER"},
|
|
|
|
},
|
|
|
|
out: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"CAP_NET_ADMIN", "CAP_SYS_NICE"},
|
|
|
|
CapDrop: []string{"CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
title: "adding ALL capabilities",
|
|
|
|
in: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"ALL", "CAP_NET_ADMIN"},
|
|
|
|
CapDrop: []string{"CHOWN", "CAP_NET_ADMIN", "DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER"},
|
|
|
|
},
|
|
|
|
out: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"ALL"},
|
|
|
|
CapDrop: []string{"CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_NET_ADMIN"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
title: "dropping ALL capabilities",
|
|
|
|
in: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"CHOWN", "CAP_NET_ADMIN", "DAC_OVERRIDE", "CAP_FSETID", "CAP_FOWNER"},
|
|
|
|
CapDrop: []string{"ALL", "CAP_NET_ADMIN", "CAP_FOO"},
|
|
|
|
},
|
|
|
|
out: composetypes.ServiceConfig{
|
|
|
|
CapAdd: []string{"CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_NET_ADMIN"},
|
|
|
|
CapDrop: []string{"ALL"},
|
|
|
|
},
|
2019-09-09 13:24:51 -04:00
|
|
|
},
|
|
|
|
}
|
Service cap-add/cap-drop: improve handling of combinations and special "ALL" value
When creating and updating services, we need to avoid unneeded service churn.
The interaction of separate lists to "add" and "drop" capabilities, a special
("ALL") capability, as well as a "relaxed" format for accepted capabilities
(case-insensitive, `CAP_` prefix optional) make this rather involved.
This patch updates how we handle `--cap-add` / `--cap-drop` when _creating_ as
well as _updating_, with the following rules/assumptions applied:
- both existing (service spec) and new (values passed through flags or in
the compose-file) are normalized and de-duplicated before use.
- the special "ALL" capability is equivalent to "all capabilities" and taken
into account when normalizing capabilities. Combining "ALL" capabilities
and other capabilities is therefore equivalent to just specifying "ALL".
- adding capabilities takes precedence over dropping, which means that if
a capability is both set to be "dropped" and to be "added", it is removed
from the list to "drop".
- the final lists should be sorted and normalized to reduce service churn
- no validation of capabilities is handled by the client. Validation is
delegated to the daemon/server.
When deploying a service using a docker-compose file, the docker-compose file
is *mostly* handled as being "declarative". However, many of the issues outlined
above also apply to compose-files, so similar handling is applied to compose
files as well to prevent service churn.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-08-25 07:03:06 -04:00
|
|
|
for _, tc := range tests {
|
|
|
|
tc := tc
|
|
|
|
t.Run(tc.title, func(t *testing.T) {
|
|
|
|
result, err := Service("1.41", Namespace{name: "foo"}, tc.in, nil, nil, nil, nil)
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityAdd, tc.out.CapAdd))
|
|
|
|
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityDrop, tc.out.CapDrop))
|
|
|
|
})
|
|
|
|
}
|
2019-09-09 13:24:51 -04:00
|
|
|
}
|