def test_get_refs(self, docker_client):
ref = SecretReference("a", "a_name", "a_file", "0", "0", "292")
s = SecretSpec(docker_client, spec={})
s.set_ref("abcd", ref)
assert s.get_refs("abcd") == [ref]
def test_set_ref(self, docker_client):
ref = SecretReference("a", "a_name", "a_file", "0", "0", "292")
s = SecretSpec(docker_client, spec={})
s.set_ref("abcd", ref)
assert len(s.services) == 1
assert s.services.get("abcd")["a"] == ref
def test_update_refs(self, docker_client):
# The fake service "qwerty" has Secrets "c" and "d". Let's use "c".
s = SecretSpec(docker_client, spec=None)
# Secret "e" renews "c".
e = SecretCollectionDefs.get("e")
assert e is not None
s.update_refs(e)
refs = set([x.get("SecretID") for x in s.get_refs("qwerty")])
assert refs == set(["e", "d"])
# The fake service "qwerty" has Secrets "c" and "d". Let's use "c".
s = SecretSpec(docker_client, spec=None)
# Secret "a" doesn't renew "c".
a = SecretCollectionDefs.get("a")
assert a is not None
s.update_refs(a)
refs = set([x.get("SecretID") for x in s.get_refs("qwerty")])
assert refs == set(["c", "d"])
def test_rollback_checkpoints_no_previous(self, installer, docker_client):
# This should also depend on TestSecretSpec tests but I
# can't get such dependencies to work.
s = SecretSpec(docker_client, spec=None)
s.write(installer.conf_file)
with patch('os.listdir') as mock_listdir:
mock_listdir.return_value = []
with patch.object(SwarmInstaller, "update_services") as mock_up:
installer.rollback_checkpoints(rollback=1)
mock_up.assert_not_called()
def test_update_services(self, installer, docker_client):
# This should also depend on TestSecretSpec tests but I
# can't get such dependencies to work.
spec = SecretSpec(docker_client)
with patch.object(Service, "update") as mock_update:
installer.update_services(spec)
calls = []
for service_id in spec.services:
calls.append(call(secrets=spec.get_refs(service_id)))
mock_update.assert_has_calls(calls)
def test_get_updated_ref(self, docker_client):
# The fake service "qwerty" has Secrets "c" and "d". Let's use "c".
s = SecretSpec(docker_client, spec=None)
ref = s.services.get("qwerty").get("c")
# Secret "e" renews "c".
e = SecretCollectionDefs.get("e")
assert e is not None
new_ref = s.get_updated_ref(ref, e)
assert new_ref.get("SecretID") == "e"
# Secret "a" doesn't renew "c".
a = SecretCollectionDefs.get("a")
assert a is not None
new_ref = s.get_updated_ref(ref, a)
assert new_ref.get("SecretID") == "c"
def __init__(self, config, name, docker_client=None):
if docker_client is not None:
# Use DockerClient supplied by caller if it exists.
# This is mainly used for testing.
self.docker_client = docker_client
else:
# Normally create DockerClient from env.
self.docker_client = docker.from_env()
super().__init__(config, name)
self.config = config
self.conf_file = os.path.join(config.config_dir, "docker-swarm.json")
info = self.docker_client.info()
node_id = info.get("Swarm").get("NodeID")
node = self.docker_client.nodes.get(node_id)
node_state = info.get("Swarm").get("LocalNodeState")
node_role = node.attrs.get("Spec").get("Role")
# Make sure we are running on a Docker Swarm manager node.
if node_state != "active":
raise PluginError("Swarm not active.")
if node_role != "manager":
raise PluginError("Not running on a Swarm Manager node.")
# Use the Docker task retention limit as the number of old
# secrets to keep. This makes sure enough secrets for historic
# tasks are always kept in the Swarm.
self.keep_secrets = info.get("Swarm") \
.get("Cluster") \
.get("Spec") \
.get("Orchestration") \
.get("TaskHistoryRetentionLimit")
# Create a new empty SecretSpec.
self.secret_spec = SecretSpec(self.docker_client)
def test_from_swarm_no_secrets(self, docker_client):
s = SecretSpec(docker_client, spec=None)
assert s.services == {}
def test_from_swarm(self, docker_client):
s = SecretSpec(docker_client, spec=None)
assert "qwerty" in s.services
secret_ids = set([x.get("SecretID") for x in s.get_refs("qwerty")])
assert secret_ids == set(["c", "d"])
def test_services(self, docker_client):
s = SecretSpec(docker_client, spec={})
assert s.services == {}
def test_init_with_spec(self, docker_client):
s = SecretSpec(docker_client, spec={})
assert s.spec == {}
def test_init_no_spec(self, docker_client):
with patch.object(SecretSpec, "from_swarm") as mock_from_env:
s = SecretSpec(docker_client, spec=None)
mock_from_env.assert_called_once()