2016-09-08 13:11:39 -04:00
|
|
|
package service
|
|
|
|
|
|
|
|
import (
|
2016-10-13 14:28:32 -04:00
|
|
|
"reflect"
|
2016-09-08 13:11:39 -04:00
|
|
|
"sort"
|
|
|
|
"testing"
|
2016-10-13 14:28:32 -04:00
|
|
|
"time"
|
2016-09-08 13:11:39 -04:00
|
|
|
|
Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-30 12:15:53 -05:00
|
|
|
"github.com/docker/docker/api/types"
|
2016-10-13 14:28:32 -04:00
|
|
|
"github.com/docker/docker/api/types/container"
|
2016-09-08 13:11:39 -04:00
|
|
|
mounttypes "github.com/docker/docker/api/types/mount"
|
|
|
|
"github.com/docker/docker/api/types/swarm"
|
|
|
|
"github.com/docker/docker/pkg/testutil/assert"
|
Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-30 12:15:53 -05:00
|
|
|
"golang.org/x/net/context"
|
2016-09-08 13:11:39 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestUpdateServiceArgs(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("args", "the \"new args\"")
|
|
|
|
|
|
|
|
spec := &swarm.ServiceSpec{}
|
|
|
|
cspec := &spec.TaskTemplate.ContainerSpec
|
|
|
|
cspec.Args = []string{"old", "args"}
|
|
|
|
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.EqualStringSlice(t, cspec.Args, []string{"the", "new args"})
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateLabels(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("label-add", "toadd=newlabel")
|
|
|
|
flags.Set("label-rm", "toremove")
|
|
|
|
|
|
|
|
labels := map[string]string{
|
|
|
|
"toremove": "thelabeltoremove",
|
|
|
|
"tokeep": "value",
|
|
|
|
}
|
|
|
|
|
|
|
|
updateLabels(flags, &labels)
|
|
|
|
assert.Equal(t, len(labels), 2)
|
|
|
|
assert.Equal(t, labels["tokeep"], "value")
|
|
|
|
assert.Equal(t, labels["toadd"], "newlabel")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateLabelsRemoveALabelThatDoesNotExist(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("label-rm", "dne")
|
|
|
|
|
|
|
|
labels := map[string]string{"foo": "theoldlabel"}
|
|
|
|
updateLabels(flags, &labels)
|
|
|
|
assert.Equal(t, len(labels), 1)
|
|
|
|
}
|
|
|
|
|
2017-01-19 18:27:37 -05:00
|
|
|
func TestUpdatePlacementConstraints(t *testing.T) {
|
2016-09-08 13:11:39 -04:00
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("constraint-add", "node=toadd")
|
|
|
|
flags.Set("constraint-rm", "node!=toremove")
|
|
|
|
|
|
|
|
placement := &swarm.Placement{
|
|
|
|
Constraints: []string{"node!=toremove", "container=tokeep"},
|
|
|
|
}
|
|
|
|
|
2017-01-19 18:27:37 -05:00
|
|
|
updatePlacementConstraints(flags, placement)
|
2016-09-08 13:11:39 -04:00
|
|
|
assert.Equal(t, len(placement.Constraints), 2)
|
|
|
|
assert.Equal(t, placement.Constraints[0], "container=tokeep")
|
|
|
|
assert.Equal(t, placement.Constraints[1], "node=toadd")
|
|
|
|
}
|
|
|
|
|
2017-01-19 18:27:37 -05:00
|
|
|
func TestUpdatePlacementPrefs(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("placement-pref-add", "spread=node.labels.dc")
|
|
|
|
flags.Set("placement-pref-rm", "spread=node.labels.rack")
|
|
|
|
|
|
|
|
placement := &swarm.Placement{
|
|
|
|
Preferences: []swarm.PlacementPreference{
|
|
|
|
{
|
|
|
|
Spread: &swarm.SpreadOver{
|
|
|
|
SpreadDescriptor: "node.labels.rack",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Spread: &swarm.SpreadOver{
|
|
|
|
SpreadDescriptor: "node.labels.row",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
updatePlacementPreferences(flags, placement)
|
|
|
|
assert.Equal(t, len(placement.Preferences), 2)
|
|
|
|
assert.Equal(t, placement.Preferences[0].Spread.SpreadDescriptor, "node.labels.row")
|
|
|
|
assert.Equal(t, placement.Preferences[1].Spread.SpreadDescriptor, "node.labels.dc")
|
|
|
|
}
|
|
|
|
|
2016-09-08 13:11:39 -04:00
|
|
|
func TestUpdateEnvironment(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("env-add", "toadd=newenv")
|
|
|
|
flags.Set("env-rm", "toremove")
|
|
|
|
|
|
|
|
envs := []string{"toremove=theenvtoremove", "tokeep=value"}
|
|
|
|
|
|
|
|
updateEnvironment(flags, &envs)
|
|
|
|
assert.Equal(t, len(envs), 2)
|
|
|
|
// Order has been removed in updateEnvironment (map)
|
|
|
|
sort.Strings(envs)
|
|
|
|
assert.Equal(t, envs[0], "toadd=newenv")
|
|
|
|
assert.Equal(t, envs[1], "tokeep=value")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateEnvironmentWithDuplicateValues(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("env-add", "foo=newenv")
|
|
|
|
flags.Set("env-add", "foo=dupe")
|
|
|
|
flags.Set("env-rm", "foo")
|
|
|
|
|
|
|
|
envs := []string{"foo=value"}
|
|
|
|
|
|
|
|
updateEnvironment(flags, &envs)
|
|
|
|
assert.Equal(t, len(envs), 0)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateEnvironmentWithDuplicateKeys(t *testing.T) {
|
|
|
|
// Test case for #25404
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("env-add", "A=b")
|
|
|
|
|
|
|
|
envs := []string{"A=c"}
|
|
|
|
|
|
|
|
updateEnvironment(flags, &envs)
|
|
|
|
assert.Equal(t, len(envs), 1)
|
|
|
|
assert.Equal(t, envs[0], "A=b")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateGroups(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("group-add", "wheel")
|
|
|
|
flags.Set("group-add", "docker")
|
|
|
|
flags.Set("group-rm", "root")
|
|
|
|
flags.Set("group-add", "foo")
|
|
|
|
flags.Set("group-rm", "docker")
|
|
|
|
|
|
|
|
groups := []string{"bar", "root"}
|
|
|
|
|
|
|
|
updateGroups(flags, &groups)
|
|
|
|
assert.Equal(t, len(groups), 3)
|
|
|
|
assert.Equal(t, groups[0], "bar")
|
|
|
|
assert.Equal(t, groups[1], "foo")
|
|
|
|
assert.Equal(t, groups[2], "wheel")
|
|
|
|
}
|
|
|
|
|
2016-10-26 23:05:39 -04:00
|
|
|
func TestUpdateDNSConfig(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
|
|
|
|
// IPv4, with duplicates
|
|
|
|
flags.Set("dns-add", "1.1.1.1")
|
|
|
|
flags.Set("dns-add", "1.1.1.1")
|
|
|
|
flags.Set("dns-add", "2.2.2.2")
|
|
|
|
flags.Set("dns-rm", "3.3.3.3")
|
|
|
|
flags.Set("dns-rm", "2.2.2.2")
|
|
|
|
// IPv6
|
|
|
|
flags.Set("dns-add", "2001:db8:abc8::1")
|
|
|
|
// Invalid dns record
|
|
|
|
assert.Error(t, flags.Set("dns-add", "x.y.z.w"), "x.y.z.w is not an ip address")
|
|
|
|
|
|
|
|
// domains with duplicates
|
|
|
|
flags.Set("dns-search-add", "example.com")
|
|
|
|
flags.Set("dns-search-add", "example.com")
|
|
|
|
flags.Set("dns-search-add", "example.org")
|
|
|
|
flags.Set("dns-search-rm", "example.org")
|
|
|
|
// Invalid dns search domain
|
|
|
|
assert.Error(t, flags.Set("dns-search-add", "example$com"), "example$com is not a valid domain")
|
|
|
|
|
2016-11-08 21:29:10 -05:00
|
|
|
flags.Set("dns-option-add", "ndots:9")
|
|
|
|
flags.Set("dns-option-rm", "timeout:3")
|
2016-10-26 23:05:39 -04:00
|
|
|
|
|
|
|
config := &swarm.DNSConfig{
|
|
|
|
Nameservers: []string{"3.3.3.3", "5.5.5.5"},
|
|
|
|
Search: []string{"localdomain"},
|
|
|
|
Options: []string{"timeout:3"},
|
|
|
|
}
|
|
|
|
|
|
|
|
updateDNSConfig(flags, &config)
|
|
|
|
|
|
|
|
assert.Equal(t, len(config.Nameservers), 3)
|
|
|
|
assert.Equal(t, config.Nameservers[0], "1.1.1.1")
|
|
|
|
assert.Equal(t, config.Nameservers[1], "2001:db8:abc8::1")
|
|
|
|
assert.Equal(t, config.Nameservers[2], "5.5.5.5")
|
|
|
|
|
|
|
|
assert.Equal(t, len(config.Search), 2)
|
|
|
|
assert.Equal(t, config.Search[0], "example.com")
|
|
|
|
assert.Equal(t, config.Search[1], "localdomain")
|
|
|
|
|
|
|
|
assert.Equal(t, len(config.Options), 1)
|
|
|
|
assert.Equal(t, config.Options[0], "ndots:9")
|
|
|
|
}
|
|
|
|
|
2016-09-08 13:11:39 -04:00
|
|
|
func TestUpdateMounts(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
2016-08-24 04:30:54 -04:00
|
|
|
flags.Set("mount-add", "type=volume,source=vol2,target=/toadd")
|
2016-09-08 13:11:39 -04:00
|
|
|
flags.Set("mount-rm", "/toremove")
|
|
|
|
|
|
|
|
mounts := []mounttypes.Mount{
|
2016-08-24 04:30:54 -04:00
|
|
|
{Target: "/toremove", Source: "vol1", Type: mounttypes.TypeBind},
|
|
|
|
{Target: "/tokeep", Source: "vol3", Type: mounttypes.TypeBind},
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
updateMounts(flags, &mounts)
|
|
|
|
assert.Equal(t, len(mounts), 2)
|
2016-08-24 04:30:54 -04:00
|
|
|
assert.Equal(t, mounts[0].Target, "/toadd")
|
|
|
|
assert.Equal(t, mounts[1].Target, "/tokeep")
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdateMountsWithDuplicateMounts(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("mount-add", "type=volume,source=vol4,target=/toadd")
|
|
|
|
|
|
|
|
mounts := []mounttypes.Mount{
|
|
|
|
{Target: "/tokeep1", Source: "vol1", Type: mounttypes.TypeBind},
|
|
|
|
{Target: "/toadd", Source: "vol2", Type: mounttypes.TypeBind},
|
|
|
|
{Target: "/tokeep2", Source: "vol3", Type: mounttypes.TypeBind},
|
|
|
|
}
|
|
|
|
|
|
|
|
updateMounts(flags, &mounts)
|
|
|
|
assert.Equal(t, len(mounts), 3)
|
|
|
|
assert.Equal(t, mounts[0].Target, "/tokeep1")
|
|
|
|
assert.Equal(t, mounts[1].Target, "/tokeep2")
|
|
|
|
assert.Equal(t, mounts[2].Target, "/toadd")
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestUpdatePorts(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("publish-add", "1000:1000")
|
|
|
|
flags.Set("publish-rm", "333/udp")
|
|
|
|
|
|
|
|
portConfigs := []swarm.PortConfig{
|
|
|
|
{TargetPort: 333, Protocol: swarm.PortConfigProtocolUDP},
|
|
|
|
{TargetPort: 555},
|
|
|
|
}
|
|
|
|
|
|
|
|
err := updatePorts(flags, &portConfigs)
|
|
|
|
assert.Equal(t, err, nil)
|
|
|
|
assert.Equal(t, len(portConfigs), 2)
|
|
|
|
// Do a sort to have the order (might have changed by map)
|
|
|
|
targetPorts := []int{int(portConfigs[0].TargetPort), int(portConfigs[1].TargetPort)}
|
|
|
|
sort.Ints(targetPorts)
|
|
|
|
assert.Equal(t, targetPorts[0], 555)
|
|
|
|
assert.Equal(t, targetPorts[1], 1000)
|
|
|
|
}
|
|
|
|
|
2016-12-09 15:17:57 -05:00
|
|
|
func TestUpdatePortsDuplicate(t *testing.T) {
|
2016-09-08 13:11:39 -04:00
|
|
|
// Test case for #25375
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("publish-add", "80:80")
|
|
|
|
|
|
|
|
portConfigs := []swarm.PortConfig{
|
2016-12-09 15:17:57 -05:00
|
|
|
{
|
|
|
|
TargetPort: 80,
|
|
|
|
PublishedPort: 80,
|
|
|
|
Protocol: swarm.PortConfigProtocolTCP,
|
|
|
|
PublishMode: swarm.PortConfigPublishModeIngress,
|
|
|
|
},
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
err := updatePorts(flags, &portConfigs)
|
|
|
|
assert.Equal(t, err, nil)
|
|
|
|
assert.Equal(t, len(portConfigs), 1)
|
2016-11-10 15:13:26 -05:00
|
|
|
assert.Equal(t, portConfigs[0].TargetPort, uint32(80))
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
2016-10-13 14:28:32 -04:00
|
|
|
|
|
|
|
func TestUpdateHealthcheckTable(t *testing.T) {
|
|
|
|
type test struct {
|
|
|
|
flags [][2]string
|
|
|
|
initial *container.HealthConfig
|
|
|
|
expected *container.HealthConfig
|
|
|
|
err string
|
|
|
|
}
|
|
|
|
testCases := []test{
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"no-healthcheck", "true"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}, Retries: 10},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"NONE"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-cmd", "cmd1"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"NONE"}},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"CMD-SHELL", "cmd1"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-retries", "10"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"NONE"}},
|
|
|
|
expected: &container.HealthConfig{Retries: 10},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-retries", "10"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-interval", "1m"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Interval: time.Minute},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-cmd", ""}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
|
|
|
|
expected: &container.HealthConfig{Retries: 10},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-retries", "0"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, Retries: 10},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
|
|
|
|
},
|
2016-11-29 04:58:47 -05:00
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-start-period", "1m"}},
|
|
|
|
initial: &container.HealthConfig{Test: []string{"CMD", "cmd1"}},
|
|
|
|
expected: &container.HealthConfig{Test: []string{"CMD", "cmd1"}, StartPeriod: time.Minute},
|
|
|
|
},
|
2016-10-13 14:28:32 -04:00
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-cmd", "cmd1"}, {"no-healthcheck", "true"}},
|
|
|
|
err: "--no-healthcheck conflicts with --health-* options",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-interval", "10m"}, {"no-healthcheck", "true"}},
|
|
|
|
err: "--no-healthcheck conflicts with --health-* options",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
flags: [][2]string{{"health-timeout", "1m"}, {"no-healthcheck", "true"}},
|
|
|
|
err: "--no-healthcheck conflicts with --health-* options",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for i, c := range testCases {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
for _, flag := range c.flags {
|
|
|
|
flags.Set(flag[0], flag[1])
|
|
|
|
}
|
|
|
|
cspec := &swarm.ContainerSpec{
|
|
|
|
Healthcheck: c.initial,
|
|
|
|
}
|
|
|
|
err := updateHealthcheck(flags, cspec)
|
|
|
|
if c.err != "" {
|
|
|
|
assert.Error(t, err, c.err)
|
|
|
|
} else {
|
|
|
|
assert.NilError(t, err)
|
|
|
|
if !reflect.DeepEqual(cspec.Healthcheck, c.expected) {
|
|
|
|
t.Errorf("incorrect result for test %d, expected health config:\n\t%#v\ngot:\n\t%#v", i, c.expected, cspec.Healthcheck)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-11-03 11:05:00 -04:00
|
|
|
|
|
|
|
func TestUpdateHosts(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("host-add", "example.net:2.2.2.2")
|
|
|
|
flags.Set("host-add", "ipv6.net:2001:db8:abc8::1")
|
|
|
|
// remove with ipv6 should work
|
|
|
|
flags.Set("host-rm", "example.net:2001:db8:abc8::1")
|
|
|
|
// just hostname should work as well
|
|
|
|
flags.Set("host-rm", "example.net")
|
|
|
|
// bad format error
|
|
|
|
assert.Error(t, flags.Set("host-add", "$example.com$"), "bad format for add-host:")
|
|
|
|
|
|
|
|
hosts := []string{"1.2.3.4 example.com", "4.3.2.1 example.org", "2001:db8:abc8::1 example.net"}
|
|
|
|
|
|
|
|
updateHosts(flags, &hosts)
|
|
|
|
assert.Equal(t, len(hosts), 3)
|
|
|
|
assert.Equal(t, hosts[0], "1.2.3.4 example.com")
|
|
|
|
assert.Equal(t, hosts[1], "2001:db8:abc8::1 ipv6.net")
|
|
|
|
assert.Equal(t, hosts[2], "4.3.2.1 example.org")
|
|
|
|
}
|
2016-08-18 21:09:07 -04:00
|
|
|
|
|
|
|
func TestUpdatePortsRmWithProtocol(t *testing.T) {
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("publish-add", "8081:81")
|
|
|
|
flags.Set("publish-add", "8082:82")
|
|
|
|
flags.Set("publish-rm", "80")
|
|
|
|
flags.Set("publish-rm", "81/tcp")
|
|
|
|
flags.Set("publish-rm", "82/udp")
|
|
|
|
|
|
|
|
portConfigs := []swarm.PortConfig{
|
2016-12-09 15:17:57 -05:00
|
|
|
{
|
|
|
|
TargetPort: 80,
|
|
|
|
PublishedPort: 8080,
|
|
|
|
Protocol: swarm.PortConfigProtocolTCP,
|
|
|
|
PublishMode: swarm.PortConfigPublishModeIngress,
|
|
|
|
},
|
2016-08-18 21:09:07 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
err := updatePorts(flags, &portConfigs)
|
|
|
|
assert.Equal(t, err, nil)
|
2016-12-09 15:17:57 -05:00
|
|
|
assert.Equal(t, len(portConfigs), 2)
|
|
|
|
assert.Equal(t, portConfigs[0].TargetPort, uint32(81))
|
|
|
|
assert.Equal(t, portConfigs[1].TargetPort, uint32(82))
|
2016-08-18 21:09:07 -04:00
|
|
|
}
|
|
|
|
|
Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-30 12:15:53 -05:00
|
|
|
type secretAPIClientMock struct {
|
|
|
|
listResult []swarm.Secret
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s secretAPIClientMock) SecretList(ctx context.Context, options types.SecretListOptions) ([]swarm.Secret, error) {
|
|
|
|
return s.listResult, nil
|
|
|
|
}
|
|
|
|
func (s secretAPIClientMock) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
|
|
|
|
return types.SecretCreateResponse{}, nil
|
|
|
|
}
|
|
|
|
func (s secretAPIClientMock) SecretRemove(ctx context.Context, id string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
func (s secretAPIClientMock) SecretInspectWithRaw(ctx context.Context, name string) (swarm.Secret, []byte, error) {
|
|
|
|
return swarm.Secret{}, []byte{}, nil
|
|
|
|
}
|
2016-11-22 14:03:23 -05:00
|
|
|
func (s secretAPIClientMock) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
|
|
|
|
return nil
|
|
|
|
}
|
Update order of '--secret-rm' and '--secret-add'
When using both `--secret-rm` and `--secret-add` on `docker service update`,
`--secret-rm` was always performed last. This made it impossible to update
a secret that was already in use on a service (for example, to change
it's permissions, or mount-location inside the container).
This patch changes the order in which `rm` and `add` are performed,
allowing updating a secret in a single `docker service update`.
Before this change, the `rm` was always performed "last", so the secret
was always removed:
$ echo "foo" | docker secret create foo -f -
foo
$ docker service create --name myservice --secret foo nginx:alpine
62xjcr9sr0c2hvepdzqrn3ssn
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
null
After this change, the `rm` is performed _first_, allowing users to
update a secret without updating the service _twice_;
$ echo "foo" | docker secret create foo -f -
1bllmvw3a1yaq3eixqw3f7bjl
$ docker service create --name myservice --secret foo nginx:alpine
lr6s3uoggli1x0hab78glpcxo
$ docker service update --secret-rm foo --secret-add source=foo,target=foo2 myservice
myservice
$ docker service inspect --format '{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}' myservice | jq .
[
{
"File": {
"Name": "foo2",
"UID": "0",
"GID": "0",
"Mode": 292
},
"SecretID": "tn9qiblgnuuut11eufquw5dev",
"SecretName": "foo"
}
]
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-12-30 12:15:53 -05:00
|
|
|
|
|
|
|
// TestUpdateSecretUpdateInPlace tests the ability to update the "target" of an secret with "docker service update"
|
|
|
|
// by combining "--secret-rm" and "--secret-add" for the same secret.
|
|
|
|
func TestUpdateSecretUpdateInPlace(t *testing.T) {
|
|
|
|
apiClient := secretAPIClientMock{
|
|
|
|
listResult: []swarm.Secret{
|
|
|
|
{
|
|
|
|
ID: "tn9qiblgnuuut11eufquw5dev",
|
|
|
|
Spec: swarm.SecretSpec{Annotations: swarm.Annotations{Name: "foo"}},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("secret-add", "source=foo,target=foo2")
|
|
|
|
flags.Set("secret-rm", "foo")
|
|
|
|
|
|
|
|
secrets := []*swarm.SecretReference{
|
|
|
|
{
|
|
|
|
File: &swarm.SecretReferenceFileTarget{
|
|
|
|
Name: "foo",
|
|
|
|
UID: "0",
|
|
|
|
GID: "0",
|
|
|
|
Mode: 292,
|
|
|
|
},
|
|
|
|
SecretID: "tn9qiblgnuuut11eufquw5dev",
|
|
|
|
SecretName: "foo",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
updatedSecrets, err := getUpdatedSecrets(apiClient, flags, secrets)
|
|
|
|
|
|
|
|
assert.Equal(t, err, nil)
|
|
|
|
assert.Equal(t, len(updatedSecrets), 1)
|
|
|
|
assert.Equal(t, updatedSecrets[0].SecretID, "tn9qiblgnuuut11eufquw5dev")
|
|
|
|
assert.Equal(t, updatedSecrets[0].SecretName, "foo")
|
|
|
|
assert.Equal(t, updatedSecrets[0].File.Name, "foo2")
|
|
|
|
}
|
2017-01-14 03:12:19 -05:00
|
|
|
|
|
|
|
func TestUpdateReadOnly(t *testing.T) {
|
|
|
|
spec := &swarm.ServiceSpec{}
|
|
|
|
cspec := &spec.TaskTemplate.ContainerSpec
|
|
|
|
|
|
|
|
// Update with --read-only=true, changed to true
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("read-only", "true")
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.ReadOnly, true)
|
|
|
|
|
|
|
|
// Update without --read-only, no change
|
|
|
|
flags = newUpdateCommand(nil).Flags()
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.ReadOnly, true)
|
|
|
|
|
|
|
|
// Update with --read-only=false, changed to false
|
|
|
|
flags = newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("read-only", "false")
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.ReadOnly, false)
|
|
|
|
}
|
2017-02-06 00:22:57 -05:00
|
|
|
|
|
|
|
func TestUpdateStopSignal(t *testing.T) {
|
|
|
|
spec := &swarm.ServiceSpec{}
|
|
|
|
cspec := &spec.TaskTemplate.ContainerSpec
|
|
|
|
|
|
|
|
// Update with --stop-signal=SIGUSR1
|
|
|
|
flags := newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("stop-signal", "SIGUSR1")
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.StopSignal, "SIGUSR1")
|
|
|
|
|
|
|
|
// Update without --stop-signal, no change
|
|
|
|
flags = newUpdateCommand(nil).Flags()
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.StopSignal, "SIGUSR1")
|
|
|
|
|
|
|
|
// Update with --stop-signal=SIGWINCH
|
|
|
|
flags = newUpdateCommand(nil).Flags()
|
|
|
|
flags.Set("stop-signal", "SIGWINCH")
|
|
|
|
updateService(flags, spec)
|
|
|
|
assert.Equal(t, cspec.StopSignal, "SIGWINCH")
|
|
|
|
}
|