moby/integration-cli/docker_cli_service_create_test.go

//go:build !windows

package main

import (
	"encoding/json"
	"fmt"
	"path/filepath"
	"strings"
	"testing"

	"github.com/docker/docker/api/types"
	"github.com/docker/docker/api/types/mount"
	"github.com/docker/docker/api/types/swarm"
	"github.com/docker/docker/integration-cli/checker"
	"github.com/docker/docker/testutil"
	"gotest.tools/v3/assert"
	"gotest.tools/v3/poll"
)

func (s *DockerSwarmSuite) TestServiceCreateMountVolume(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)
	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=volume,source=foo,target=/foo,volume-nocopy", "busybox", "top")
	assert.NilError(c, err, out)
	id := strings.TrimSpace(out)

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, id)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	// check container mount config
	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)

	var mountConfig []mount.Mount
	assert.Assert(c, json.Unmarshal([]byte(out), &mountConfig) == nil)
	assert.Equal(c, len(mountConfig), 1)

	assert.Equal(c, mountConfig[0].Source, "foo")
	assert.Equal(c, mountConfig[0].Target, "/foo")
	assert.Equal(c, mountConfig[0].Type, mount.TypeVolume)
	assert.Assert(c, mountConfig[0].VolumeOptions != nil)
	assert.Assert(c, mountConfig[0].VolumeOptions.NoCopy)

	// check container mounts actual
	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)

	var mounts []types.MountPoint
	assert.Assert(c, json.Unmarshal([]byte(out), &mounts) == nil)
	assert.Equal(c, len(mounts), 1)

	assert.Equal(c, mounts[0].Type, mount.TypeVolume)
	assert.Equal(c, mounts[0].Name, "foo")
	assert.Equal(c, mounts[0].Destination, "/foo")
	assert.Equal(c, mounts[0].RW, true)
}

func (s *DockerSwarmSuite) TestServiceCreateWithSecretSimple(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	serviceName := "test-service-secret"
	testName := "test_secret"
	id := d.CreateSecret(c, swarm.SecretSpec{
		Annotations: swarm.Annotations{
			Name: testName,
		},
		Data: []byte("TESTINGDATA"),
	})
	assert.Assert(c, id != "", "secrets: %s", id)

	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", testName, "busybox", "top")
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.SecretReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), 1)

	assert.Equal(c, refs[0].SecretName, testName)
	assert.Assert(c, refs[0].File != nil)
	assert.Equal(c, refs[0].File.Name, testName)
	assert.Equal(c, refs[0].File.UID, "0")
	assert.Equal(c, refs[0].File.GID, "0")

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
	d.DeleteSecret(c, testName)
}

func (s *DockerSwarmSuite) TestServiceCreateWithSecretSourceTargetPaths(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	testPaths := map[string]string{
		"app":                  "/etc/secret",
		"test_secret":          "test_secret",
		"relative_secret":      "relative/secret",
		"escapes_in_container": "../secret",
	}

	var secretFlags []string

	for testName, testTarget := range testPaths {
		id := d.CreateSecret(c, swarm.SecretSpec{
			Annotations: swarm.Annotations{
				Name: testName,
			},
			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
		})
		assert.Assert(c, id != "", "secrets: %s", id)

		secretFlags = append(secretFlags, "--secret", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
	}

	serviceName := "svc"
	serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName}
	serviceCmd = append(serviceCmd, secretFlags...)
	serviceCmd = append(serviceCmd, "busybox", "top")
	out, err := d.Cmd(serviceCmd...)
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.SecretReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), len(testPaths))

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, serviceName)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	for testName, testTarget := range testPaths {
		path := testTarget
		if !filepath.IsAbs(path) {
			path = filepath.Join("/run/secrets", path)
		}
		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
		assert.NilError(c, err)
		assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget)
	}

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
}

func (s *DockerSwarmSuite) TestServiceCreateWithSecretReferencedTwice(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	id := d.CreateSecret(c, swarm.SecretSpec{
		Annotations: swarm.Annotations{
			Name: "mysecret",
		},
		Data: []byte("TESTINGDATA"),
	})
	assert.Assert(c, id != "", "secrets: %s", id)

	serviceName := "svc"
	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--secret", "source=mysecret,target=target1", "--secret", "source=mysecret,target=target2", "busybox", "top")
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Secrets }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.SecretReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), 2)

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, serviceName)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	for _, target := range []string{"target1", "target2"} {
		assert.NilError(c, err, out)
		path := filepath.Join("/run/secrets", target)
		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
		assert.NilError(c, err)
		assert.Equal(c, out, "TESTINGDATA")
	}

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
}

func (s *DockerSwarmSuite) TestServiceCreateWithConfigSimple(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	serviceName := "test-service-config"
	testName := "test_config"
	id := d.CreateConfig(c, swarm.ConfigSpec{
		Annotations: swarm.Annotations{
			Name: testName,
		},
		Data: []byte("TESTINGDATA"),
	})
	assert.Assert(c, id != "", "configs: %s", id)

	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", testName, "busybox", "top")
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.ConfigReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), 1)

	assert.Equal(c, refs[0].ConfigName, testName)
	assert.Assert(c, refs[0].File != nil)
	assert.Equal(c, refs[0].File.Name, testName)
	assert.Equal(c, refs[0].File.UID, "0")
	assert.Equal(c, refs[0].File.GID, "0")

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
	d.DeleteConfig(c, testName)
}

func (s *DockerSwarmSuite) TestServiceCreateWithConfigSourceTargetPaths(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	testPaths := map[string]string{
		"app":             "/etc/config",
		"test_config":     "test_config",
		"relative_config": "relative/config",
	}

	var configFlags []string

	for testName, testTarget := range testPaths {
		id := d.CreateConfig(c, swarm.ConfigSpec{
			Annotations: swarm.Annotations{
				Name: testName,
			},
			Data: []byte("TESTINGDATA " + testName + " " + testTarget),
		})
		assert.Assert(c, id != "", "configs: %s", id)

		configFlags = append(configFlags, "--config", fmt.Sprintf("source=%s,target=%s", testName, testTarget))
	}

	serviceName := "svc"
	serviceCmd := []string{"service", "create", "--detach", "--no-resolve-image", "--name", serviceName}
	serviceCmd = append(serviceCmd, configFlags...)
	serviceCmd = append(serviceCmd, "busybox", "top")
	out, err := d.Cmd(serviceCmd...)
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.ConfigReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), len(testPaths))

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, serviceName)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	for testName, testTarget := range testPaths {
		path := testTarget
		if !filepath.IsAbs(path) {
			path = filepath.Join("/", path)
		}
		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
		assert.NilError(c, err)
		assert.Equal(c, out, "TESTINGDATA "+testName+" "+testTarget)
	}

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
}

func (s *DockerSwarmSuite) TestServiceCreateWithConfigReferencedTwice(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)

	id := d.CreateConfig(c, swarm.ConfigSpec{
		Annotations: swarm.Annotations{
			Name: "myconfig",
		},
		Data: []byte("TESTINGDATA"),
	})
	assert.Assert(c, id != "", "configs: %s", id)

	serviceName := "svc"
	out, err := d.Cmd("service", "create", "--detach", "--no-resolve-image", "--name", serviceName, "--config", "source=myconfig,target=target1", "--config", "source=myconfig,target=target2", "busybox", "top")
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "inspect", "--format", "{{ json .Spec.TaskTemplate.ContainerSpec.Configs }}", serviceName)
	assert.NilError(c, err)

	var refs []swarm.ConfigReference
	assert.Assert(c, json.Unmarshal([]byte(out), &refs) == nil)
	assert.Equal(c, len(refs), 2)

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, serviceName)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	for _, target := range []string{"target1", "target2"} {
		assert.NilError(c, err, out)
		path := filepath.Join("/", target)
		out, err := d.Cmd("exec", task.Status.ContainerStatus.ContainerID, "cat", path)
		assert.NilError(c, err)
		assert.Equal(c, out, "TESTINGDATA")
	}

	out, err = d.Cmd("service", "rm", serviceName)
	assert.NilError(c, err, out)
}

func (s *DockerSwarmSuite) TestServiceCreateMountTmpfs(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)
	out, err := d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--mount", "type=tmpfs,target=/foo,tmpfs-size=1MB", "busybox", "sh", "-c", "mount | grep foo; exec tail -f /dev/null")
	assert.NilError(c, err, out)
	id := strings.TrimSpace(out)

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, id)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	// check container mount config
	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .HostConfig.Mounts}}", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)

	var mountConfig []mount.Mount
	assert.Assert(c, json.Unmarshal([]byte(out), &mountConfig) == nil)
	assert.Equal(c, len(mountConfig), 1)

	assert.Equal(c, mountConfig[0].Source, "")
	assert.Equal(c, mountConfig[0].Target, "/foo")
	assert.Equal(c, mountConfig[0].Type, mount.TypeTmpfs)
	assert.Assert(c, mountConfig[0].TmpfsOptions != nil)
	assert.Equal(c, mountConfig[0].TmpfsOptions.SizeBytes, int64(1048576))

	// check container mounts actual
	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .Mounts}}", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)

	var mounts []types.MountPoint
	assert.Assert(c, json.Unmarshal([]byte(out), &mounts) == nil)
	assert.Equal(c, len(mounts), 1)

	assert.Equal(c, mounts[0].Type, mount.TypeTmpfs)
	assert.Equal(c, mounts[0].Name, "")
	assert.Equal(c, mounts[0].Destination, "/foo")
	assert.Equal(c, mounts[0].RW, true)

	out, err = s.nodeCmd(c, task.NodeID, "logs", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)
	assert.Assert(c, strings.HasPrefix(strings.TrimSpace(out), "tmpfs on /foo type tmpfs"))
	assert.Assert(c, strings.Contains(strings.TrimSpace(out), "size=1024k"))
}

func (s *DockerSwarmSuite) TestServiceCreateWithNetworkAlias(c *testing.T) {
	ctx := testutil.GetContext(c)
	d := s.AddDaemon(ctx, c, true, true)
	out, err := d.Cmd("network", "create", "--scope=swarm", "test_swarm_br")
	assert.NilError(c, err, out)

	out, err = d.Cmd("service", "create", "--no-resolve-image", "--detach=true", "--network=name=test_swarm_br,alias=srv_alias", "--name=alias_tst_container", "busybox", "top")
	assert.NilError(c, err, out)
	id := strings.TrimSpace(out)

	var tasks []swarm.Task
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		tasks = d.GetServiceTasks(ctx, c, id)
		return len(tasks) > 0, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	task := tasks[0]
	poll.WaitOn(c, pollCheck(c, func(c *testing.T) (interface{}, string) {
		if task.NodeID == "" || task.Status.ContainerStatus == nil {
			task = d.GetTask(ctx, c, task.ID)
		}
		return task.NodeID != "" && task.Status.ContainerStatus != nil, ""
	}, checker.Equals(true)), poll.WithTimeout(defaultReconciliationTimeout))

	// check container alias config
	out, err = s.nodeCmd(c, task.NodeID, "inspect", "--format", "{{json .NetworkSettings.Networks.test_swarm_br.Aliases}}", task.Status.ContainerStatus.ContainerID)
	assert.NilError(c, err, out)

	// Make sure the only alias seen is the container-id
	var aliases []string
	assert.Assert(c, json.Unmarshal([]byte(out), &aliases) == nil)
	assert.Equal(c, len(aliases), 1)

	assert.Assert(c, strings.Contains(task.Status.ContainerStatus.ContainerID, aliases[0]))
}