Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add `--read-only` for `service create` and `service update` 

This fix tries to address the issue raised in 29972 where
it was not possible to specify `--read-only` for `docker service create`
and `docker service update`, in order to have the container's root file
system to be read only.

This fix adds `--read-only` and update the `ReadonlyRootfs` in `HostConfig`
through `service create` and `service update`.

Related docs has been updated.

Integration test has been added.

This fix fixes 29972.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This commit is contained in:
Yong Tang 2017-01-14 00:12:19 -08:00
parent 2e02d615c4
commit b849aa6b95
3 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
command/service/opts.go
View File

@ -303,6 +303,7 @@ type serviceOptions struct {
user string user string
groups opts.ListOpts groups opts.ListOpts
tty bool tty bool
readOnly bool
mounts opts.MountOpt mounts opts.MountOpt
dns opts.ListOpts dns opts.ListOpts
dnsSearch opts.ListOpts dnsSearch opts.ListOpts
@ -384,6 +385,7 @@ func (opts *serviceOptions) ToService() (swarm.ServiceSpec, error) {
User: opts.user, User: opts.user,
Groups: opts.groups.GetAll(), Groups: opts.groups.GetAll(),
TTY: opts.tty, TTY: opts.tty,
ReadOnly: opts.readOnly,
Mounts: opts.mounts.Value(), Mounts: opts.mounts.Value(),
DNSConfig: &swarm.DNSConfig{ DNSConfig: &swarm.DNSConfig{
Nameservers: opts.dns.GetAll(), Nameservers: opts.dns.GetAll(),
@ -488,6 +490,9 @@ func addServiceFlags(cmd *cobra.Command, opts *serviceOptions) {
flags.BoolVarP(&opts.tty, flagTTY, "t", false, "Allocate a pseudo-TTY") flags.BoolVarP(&opts.tty, flagTTY, "t", false, "Allocate a pseudo-TTY")
flags.SetAnnotation(flagTTY, "version", []string{"1.25"}) flags.SetAnnotation(flagTTY, "version", []string{"1.25"})
flags.BoolVar(&opts.readOnly, flagReadOnly, false, "Mount the container's root filesystem as read only")
flags.SetAnnotation(flagReadOnly, "version", []string{"1.26"})
} }
const ( const (
@ -532,6 +537,7 @@ const (
flagPublish = "publish" flagPublish = "publish"
flagPublishRemove = "publish-rm" flagPublishRemove = "publish-rm"
flagPublishAdd = "publish-add" flagPublishAdd = "publish-add"
flagReadOnly = "read-only"
flagReplicas = "replicas" flagReplicas = "replicas"
flagReserveCPU = "reserve-cpu" flagReserveCPU = "reserve-cpu"
flagReserveMemory = "reserve-memory" flagReserveMemory = "reserve-memory"

8
command/service/update.go
View File

@ -341,6 +341,14 @@ func updateService(flags *pflag.FlagSet, spec *swarm.ServiceSpec) error {
cspec.TTY = tty cspec.TTY = tty
} }
if flags.Changed(flagReadOnly) {
readOnly, err := flags.GetBool(flagReadOnly)
if err != nil {
return err
}
cspec.ReadOnly = readOnly
}
return nil return nil
} }

22
command/service/update_test.go
View File

@ -442,3 +442,25 @@ func TestUpdateSecretUpdateInPlace(t *testing.T) {
assert.Equal(t, updatedSecrets[0].SecretName, "foo") assert.Equal(t, updatedSecrets[0].SecretName, "foo")
assert.Equal(t, updatedSecrets[0].File.Name, "foo2") assert.Equal(t, updatedSecrets[0].File.Name, "foo2")
} }
func TestUpdateReadOnly(t *testing.T) {
spec := &swarm.ServiceSpec{}
cspec := &spec.TaskTemplate.ContainerSpec
// Update with --read-only=true, changed to true
flags := newUpdateCommand(nil).Flags()
flags.Set("read-only", "true")
updateService(flags, spec)
assert.Equal(t, cspec.ReadOnly, true)
// Update without --read-only, no change
flags = newUpdateCommand(nil).Flags()
updateService(flags, spec)
assert.Equal(t, cspec.ReadOnly, true)
// Update with --read-only=false, changed to false
flags = newUpdateCommand(nil).Flags()
flags.Set("read-only", "false")
updateService(flags, spec)
assert.Equal(t, cspec.ReadOnly, false)
}