kontena-cli 0.16.3 → 0.17.0.pre1

data/lib/kontena/cli/stacks/yaml/validator_v3.rb

@@ -0,0 +1,52 @@
+require 'hash_validator'
+
+module Kontena::Cli::Stacks
+  module YAML
+    class ValidatorV3
+      require_relative 'validations'
+      include Validations
+
+      def initialize
+        @schema = common_validations
+        @schema['build'] = optional('stacks_valid_build')
+        @schema['depends_on'] = optional('array')
+        @schema['network_mode'] = optional(%w(host bridge))
+        @schema['logging'] = optional({
+          'driver' => optional('string'),
+          'options' => optional(-> (value) { value.is_a?(Hash) })
+          })
+        Validations::CustomValidators.load
+      end
+
+      ##
+      # @param [Hash] yaml
+      # @param [TrueClass|FalseClass] strict
+      # @return [Array] validation_errors
+      def validate(yaml)
+        result = {
+          errors: [],
+          notifications: []
+        }
+        if yaml.key?('services')
+          yaml['services'].each do |service, options|
+            unless options.is_a?(Hash)
+              result[:errors] << { service => { 'options' => 'must be a mapping not a string'}  }
+              next
+            end
+            option_errors = validate_options(options)
+            result[:errors] << { service => option_errors.errors } unless option_errors.valid?
+          end
+        else
+          result[:errors] << { 'file' => 'services missing' }
+        end
+        if yaml.key?('volumes')
+          result[:notifications] << { 'volumes' => 'Kontena does not support volumes yet. To persist data just define service as stateful (stateful: true)' }
+        end
+        if yaml.key?('networks')
+          result[:notifications] << { 'networks' => 'Kontena does not support multiple networks yet. You can reference services with Kontena\'s internal DNS (service_name.kontena.local)' }
+        end
+        result
+      end
+    end
+  end
+end

data/lib/kontena/cli/version_command.rb

@@ -3,9 +3,13 @@ require_relative 'version'
 class Kontena::Cli::VersionCommand < Kontena::Command
   include Kontena::Cli::Common
 
+  option "--cli", :flag, "Only CLI version"
+
   def execute
-    url = api_url rescue nil
     puts "cli: #{Kontena::Cli::VERSION}"
+    return if cli?
+
+    url = api_url rescue nil
     if url
       resp = JSON.parse(client.http_client.get(path: '/').body) rescue nil
       if resp

data/lib/kontena/cli/vpn/create_command.rb

@@ -20,24 +20,27 @@ module Kontena::Cli::Vpn
       vpn_ip = node_vpn_ip(node)
       data = {
         name: 'vpn',
-        stateful: true,
-        image: 'kontena/openvpn:ethwe',
-        ports: [
-          {
-            container_port: '1194',
-            node_port: '1194',
-            protocol: 'udp'
-          }
-        ],
-        cap_add: ['NET_ADMIN'],
-        env: ["OVPN_SERVER_URL=udp://#{vpn_ip}:1194"],
-        affinity: ["node==#{node['name']}"]
+        services: [
+          name: 'server',
+          stateful: true,
+          image: 'kontena/openvpn:ethwe',
+          ports: [
+            {
+              container_port: '1194',
+              node_port: '1194',
+              protocol: 'udp'
+            }
+          ],
+          cap_add: ['NET_ADMIN'],
+          env: ["OVPN_SERVER_URL=udp://#{vpn_ip}:1194"],
+          affinity: ["node==#{node['name']}"]
+        ]
       }
-      client(token).post("grids/#{current_grid}/services", data)
-      client(token).post("services/#{current_grid}/vpn/deploy", {})
-      name = 'vpn'
-      spinner "deploying #{name.colorize(:cyan)} service " do
-        wait_for_deploy_to_finish(token, parse_service_id('vpn'))
+      client(token).post("grids/#{current_grid}/stacks", data)
+      client(token).post("stacks/#{current_grid}/vpn/deploy", {})
+      spinner "Deploying vpn service " do
+        sleep 1 while client(token).get("stacks/#{current_grid}/vpn")['state'] == 'deploying'
+        sleep 1 while client(token).get("stacks/#{current_grid}/vpn")['state'] == 'running'
       end
       spinner "generating #{name.colorize(:cyan)} keys (this will take a while) " do
         wait_for_configuration_to_finish(token)

data/lib/kontena/cli/vpn/remove_command.rb

@@ -10,11 +10,12 @@ module Kontena::Cli::Vpn
       token = require_token
       confirm unless forced?
       name = 'vpn'
-      vpn = client(token).get("services/#{current_grid}/#{name}") rescue nil
-      exit_with_error("#{name} service does not exist") if vpn.nil?
+
+      vpn = client(token).get("stacks/#{current_grid}/vpn") rescue nil
+      exit_with_error("VPN stack does not exist") if vpn.nil?
 
       spinner "Removing #{name.colorize(:cyan)} service " do
-        client(token).delete("services/#{current_grid}/vpn")
+        client(token).delete("stacks/#{current_grid}/vpn")
       end
     end
   end

data/lib/kontena/client.rb

@@ -51,15 +51,28 @@ module Kontena
       @logger.progname = 'CLIENT'
 
       @options[:default_headers] ||= {}
-      Excon.defaults[:ssl_verify_peer] = false if ignore_ssl_errors?
 
-      @http_client = Excon.new(
-        api_url,
+      excon_opts = {
         omit_default_port: true,
         connect_timeout: ENV["EXCON_CONNECT_TIMEOUT"] ? ENV["EXCON_CONNECT_TIMEOUT"].to_i : 5,
         read_timeout:    ENV["EXCON_READ_TIMEOUT"]    ? ENV["EXCON_READ_TIMEOUT"].to_i    : 30,
-        write_timeout:   ENV["EXCON_WRITE_TIMEOUT"]   ? ENV["EXCON_WRITE_TIMEOUT"].to_i   : 5
-      )
+        write_timeout:   ENV["EXCON_WRITE_TIMEOUT"]   ? ENV["EXCON_WRITE_TIMEOUT"].to_i   : 5,
+        ssl_verify_peer: ignore_ssl_errors? ? false : true
+      }
+
+      cert_file = File.join(Dir.home, "/.kontena/certs/#{uri.host}.pem")
+      if File.exist?(cert_file) && File.readable?(cert_file)
+        excon_opts[:ssl_ca_file] = cert_file
+        key = OpenSSL::X509::Certificate.new(File.read(cert_file))
+        if key.issuer.to_s == "/C=FI/O=Test/OU=Test/CN=Test"
+          logger.debug "Key looks like a self-signed cert made by Kontena CLI, setting verify_peer_host to 'Test'"
+          excon_opts[:ssl_verify_peer_host] = 'Test'
+        end
+      end
+
+      logger.debug "Excon opts: #{excon_opts.inspect}"
+
+      @http_client = Excon.new(api_url, excon_opts)
 
       @default_headers = {
         ACCEPT => CONTENT_JSON,
@@ -107,20 +120,6 @@ module Kontena
       end
     end
 
-    # OAuth2 client_id from ENV KONTENA_CLIENT_ID or client CLIENT_ID constant
-    #
-    # @return [String]
-    def client_id
-      ENV['KONTENA_CLIENT_ID'] || CLIENT_ID
-    end
-
-    # OAuth2 client_secret from ENV KONTENA_CLIENT_SECRET or client CLIENT_SECRET constant
-    #
-    # @return [String]
-    def client_secret
-      ENV['KONTENA_CLIENT_SECRET'] || CLIENT_SECRET
-    end
-
     # Requests path supplied as argument and returns true if the request was a success.
     # For checking if the current authentication is valid.
     #
@@ -146,7 +145,7 @@ module Kontena
       return nil unless token_account
       return nil unless token_account['token_endpoint']
 
-      request(
+      response = request(
         http_method: token_account['token_method'].downcase.to_sym,
         path: token_account['token_endpoint'],
         headers: { CONTENT_TYPE => token_account['token_post_content_type'] },
@@ -159,6 +158,8 @@ module Kontena
         expects: [200,201],
         auth: false
       )
+      response['expires_at'] ||= in_to_at(response['expires_in'])
+      response
     end
 
     # Return server version from a Kontena master by requesting '/'

data/lib/kontena/machine/cert_helper.rb

@@ -4,6 +4,10 @@ module Kontena
   module Machine
     module CertHelper
 
+      def certificate_public_key(cert)
+        cert[/(-----BEGIN CERTIFICATE-----.+?-----END CERTIFICATE-----)/m, 1]
+      end
+
       def generate_self_signed_cert
         key = OpenSSL::PKey::RSA.new(2048)
         public_key = key.public_key

data/lib/kontena/machine/cloud_config/cloudinit.yml

@@ -11,7 +11,7 @@ write_files:
   - path: /etc/systemd/system/docker.service.d/50-kontena.conf
     content: |
         [Service]
-        Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/19" --bip="<%= docker_bip %>"'
+        Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/16" --bip="<%= docker_bip %>"'
   - path: /etc/sysctl.d/99-inotify.conf
     owner: root
     permissions: 0644

data/lib/kontena/main_command.rb

@@ -35,7 +35,7 @@ class Kontena::MainCommand < Kontena::Command
   subcommand "logout", "Logout from Kontena Masters or Kontena Cloud accounts", Kontena::Cli::LogoutCommand
   subcommand "grid", "Grid specific commands", Kontena::Cli::GridCommand
   subcommand "app", "App specific commands", Kontena::Cli::AppCommand
-  subcommand "stack", "Stack specific commands", Kontena::Cli::StackCommand if experimental?
+  subcommand "stack", "Stack specific commands", Kontena::Cli::StackCommand
   subcommand "service", "Service specific commands", Kontena::Cli::ServiceCommand
   subcommand "vault", "Vault specific commands", Kontena::Cli::VaultCommand
   subcommand "certificate", "LE Certificate specific commands", Kontena::Cli::CertificateCommand

data/spec/fixtures/kontena-build.yml

@@ -3,7 +3,7 @@ wordpress:
   image: registry.kontena.local/wordpress:latest
   stateful: true
   environment:
-    WORDPRESS_DB_PASSWORD: %{project}_secret
+    WORDPRESS_DB_PASSWORD: ${project}_secret
   instances: 2
   deploy:
     strategy: ha
@@ -13,4 +13,4 @@ mysql:
     service: mysql
   stateful: true
   environment:
-    - MYSQL_ROOT_PASSWORD=%{project}_secret
+    - MYSQL_ROOT_PASSWORD=${project}_secret

data/spec/fixtures/kontena-invalid.yml

@@ -1,4 +1,4 @@
 wordpress:
   stateful: 'true'
   environment:
-    WORDPRESS_DB_PASSWORD: %{project}_secret
+    WORDPRESS_DB_PASSWORD: ${project}_secret

data/spec/fixtures/kontena-not-hash-service-config.yml

@@ -1,3 +1,3 @@
 version: '2'
 services:
-  wordpress: 'service config cannot be string'    
+  wordpress: 'service config cannot be string'

data/spec/fixtures/kontena-with-env-file.yml

@@ -5,7 +5,7 @@ wordpress:
   stateful: true
   env_file: .env
   environment:
-    WORDPRESS_DB_PASSWORD: %{project}_secret
+    WORDPRESS_DB_PASSWORD: ${project}_secret
   instances: 2
   deploy:
     strategy: ha
@@ -15,4 +15,4 @@ mysql:
     service: mysql
   stateful: true
   environment:
-    - MYSQL_ROOT_PASSWORD=%{project}_secret
+    - MYSQL_ROOT_PASSWORD=${project}_secret

data/spec/fixtures/kontena_build_v3.yml

@@ -0,0 +1,23 @@
+stack: user/stackname
+version: 0.1.1
+services:
+  mysql:
+    stateful: true
+    environment:
+      - MYSQL_ROOT_PASSWORD=${project}_secret
+
+  webapp:
+    image: webapp
+    build:
+      context: .
+      args:
+        - foo=bar
+        - baz=baf
+
+  some_app:
+    image: some_app
+    build:
+      context: .
+      args:
+        foo: bar
+        baz:

data/spec/fixtures/kontena_v3.yml

@@ -0,0 +1,20 @@
+stack: user/stackname
+version: 0.1.1
+services:
+  wordpress:
+    extends:
+      file: docker-compose_v2.yml
+      service: wordpress
+    stateful: true
+    environment:
+      WORDPRESS_DB_PASSWORD: ${STACK}_secret
+    instances: 2
+    deploy:
+      strategy: ha
+  mysql:
+    extends:
+      file: docker-compose_v2.yml
+      service: mysql
+    stateful: true
+    environment:
+      - MYSQL_ROOT_PASSWORD=${STACK}_secret

data/spec/fixtures/stack-internal-extend.yml

@@ -0,0 +1,11 @@
+stack: user/stackname
+version: 0.1.1
+services:
+  base:
+    stateful: true
+    instances: 2
+    deploy:
+      strategy: ha
+  app:
+    extends: base
+    stateful: true

data/spec/fixtures/stack-with-env-file.yml

@@ -0,0 +1,21 @@
+stack: user/stackname
+version: 0.1.1
+services:
+  wordpress:
+    extends:
+      file: docker-compose_v2.yml
+      service: wordpress
+    stateful: true
+    env_file: .env
+    environment:
+      WORDPRESS_DB_PASSWORD: ${STACK}_secret
+    instances: 2
+    deploy:
+      strategy: ha
+  mysql:
+    extends:
+      file: docker-compose_v2.yml
+      service: mysql
+    stateful: true
+    environment:
+      - MYSQL_ROOT_PASSWORD=${STACK}_secret

data/spec/fixtures/stack-with-variables.yml

@@ -0,0 +1,22 @@
+stack: user/stackname
+version: 0.1.1
+services:
+  wordpress:
+    extends:
+      file: docker-compose_v2.yml
+      service: wordpress
+    image: wordpress:$TAG
+    stateful: true
+    environment:
+      - WORDPRESS_DB_PASSWORD=${STACK}_secret
+    instances: 2
+    deploy:
+      strategy: ha
+  mysql:
+    extends:
+      file: docker-compose_v2.yml
+      service: mysql
+    image: ${MYSQL_IMAGE}
+    stateful: true
+    environment:
+      - INTERNAL_VAR=$$INTERNAL_VAR

data/spec/kontena/cli/app/scale_spec.rb

@@ -42,7 +42,9 @@ describe Kontena::Cli::Apps::ScaleCommand do
 
     it 'scales given service' do
       allow(File).to receive(:read).with("#{Dir.getwd}/kontena.yml").and_return(kontena_yml_no_instances)
-      expect(subject).to receive(:scale_service).with(duck_type(:access_token),'kontena-test-wordpress',3)
+      allow(subject).to receive(:wait_for_deploy_to_finish).and_return(true)
+      expect(subject).to receive(:scale_service).with(duck_type(:access_token), 'kontena-test-wordpress', 3)
+
       subject.run(['wordpress', 3])
     end
 

data/spec/kontena/cli/cloud/login_command_spec.rb

@@ -0,0 +1,283 @@
+require_relative "../../../spec_helper"
+require 'kontena/cli/cloud/login_command'
+require 'kontena/cli/localhost_web_server'
+require 'launchy'
+
+describe Kontena::Cli::Cloud::LoginCommand do
+
+  include ClientHelpers
+
+  let(:subject) do
+    described_class.new(File.basename($0))
+  end
+
+  let(:config) { double(:config) }
+  let(:client) { double(:client) }
+
+  before(:each) do
+    allow(subject).to receive(:config).and_return(config)
+    allow(Kontena::Client).to receive(:new).and_return(client)
+  end
+
+  it 'should give error if trying to use --code and --force' do
+    expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+    subject.run(['--code', 'abcd', '--force'])
+  end
+
+  it 'should give error if trying to use --token and --force' do
+    expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+    subject.run(['--token', 'abcd', '--force'])
+  end
+
+  it 'should give error if trying to use --token and --code' do
+    expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+    subject.run(['--token', 'abcd', '--code', 'defg'])
+  end
+
+  context 'when config has token' do
+    let(:account) do
+      account = Kontena::Cli::Config::Account.new(Kontena::Cli::Config.kontena_account_data)
+      account.token = Kontena::Cli::Config::Token.new(access_token: 'foofoo', parent_type: :account, parent_name: 'kontena')
+      account.username = 'testuser'
+      account
+    end
+
+    before(:each) do
+      expect(subject).to receive(:kontena_account).at_least(:once).and_return(account)
+    end
+
+    it 'should check if the token works and not authenticate again if it does' do
+      expect(client).to receive(:authentication_ok?).with(account.userinfo_endpoint).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run([])
+    end
+
+    it 'should not use the token from config when --token given' do
+      expect(client).to receive(:authentication_ok?).with(account.userinfo_endpoint).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--token', 'abcd'])
+      expect(account.token.access_token).to eq 'abcd'
+    end
+
+    it 'should not use the token from config when --code given' do
+      expect(client).to receive(:authentication_ok?).with(account.userinfo_endpoint).and_return(true)
+      expect(subject).to receive(:use_authorization_code).with('abcd')
+      expect(subject).not_to receive(:web_flow)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--code', 'abcd'])
+    end
+
+    it 'should not use the token from config when --force given' do
+      expect(client).not_to receive(:authentication_ok?)
+      expect(subject).to receive(:web_flow).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--force'])
+    end
+  end
+
+  context 'when config does not have a token' do
+    let(:account) do
+      account = Kontena::Cli::Config::Account.new(Kontena::Cli::Config.kontena_account_data)
+      account.token = Kontena::Cli::Config::Token.new(access_token: nil, parent_type: :account, parent_name: 'kontena')
+      account.username = 'testuser'
+      account
+    end
+
+    before(:each) do
+      expect(subject).to receive(:kontena_account).at_least(:once).and_return(account)
+    end
+
+    it 'should use --code if given' do
+      expect(client).to receive(:authentication_ok?).with(account.userinfo_endpoint).and_return(true)
+      expect(client).to receive(:exchange_code).with('abcd').and_return({
+        'access_token' => 'abcdefg'
+      })
+      expect(subject).not_to receive(:web_flow)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--code', 'abcd'])
+      expect(account.token.access_token).to eq 'abcdefg'
+    end
+
+    it 'should use the --token if given' do
+      expect(client).to receive(:authentication_ok?).with(account.userinfo_endpoint).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--token', 'abcd'])
+      expect(account.token.access_token).to eq 'abcd'
+    end
+
+    it 'should enter the webflow if --force given' do
+      expect(client).not_to receive(:authentication_ok?)
+      expect(subject).to receive(:web_flow).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run(['--force'])
+    end
+
+    it 'should enter the webflow if --force not given' do
+      expect(client).not_to receive(:authentication_ok?)
+      expect(subject).to receive(:web_flow).and_return(true)
+      expect(subject).to receive(:finish).and_return(true)
+      subject.run([])
+    end
+  end
+
+  context 'when performing web flow' do
+    let(:account) do
+      account = Kontena::Cli::Config::Account.new(Kontena::Cli::Config.kontena_account_data)
+      account.token = Kontena::Cli::Config::Token.new(access_token: nil, parent_type: :account, parent_name: 'kontena')
+      account
+    end
+
+    let(:webserver) { double(:webserver) }
+
+    before(:each) do
+      expect(subject).to receive(:kontena_account).at_least(:once).and_return(account)
+      allow(subject).to receive(:any_key_to_continue).and_return(true)
+    end
+
+    context 'cloud returns a token' do
+      it 'starts a web server, opens a a browser, parses the response and updates the token' do
+        expect(Kontena::LocalhostWebServer).to receive(:new).and_return(webserver)
+        expect(webserver).to receive(:port).and_return(1234)
+        expect(webserver).to receive(:serve_one).and_return({
+          'access_token' => 'abcd'
+        })
+        expect(Launchy).to receive(:open).and_return(true)
+        expect(subject).to receive(:finish).and_return(true)
+        subject.run([])
+        expect(account.token.access_token).to eq 'abcd'
+      end
+    end
+
+    context 'cloud returns a code' do
+      it 'starts a web server, opens a a browser, parses the response and updates the token' do
+        expect(Kontena::LocalhostWebServer).to receive(:new).and_return(webserver)
+        expect(webserver).to receive(:port).and_return(1234)
+        expect(webserver).to receive(:serve_one).and_return({
+          'code' => 'abcd'
+        })
+        expect(Launchy).to receive(:open).and_return(true)
+        expect(client).to receive(:exchange_code).with('abcd').and_return({
+          'access_token' => 'abcdefg'
+        })
+        expect(subject).to receive(:finish).and_return(true)
+        subject.run([])
+        expect(account.token.access_token).to eq 'abcdefg'
+      end
+    end
+
+    context 'cloud returns an error' do
+      it 'starts a web server, opens a a browser, parses the response and updates the token' do
+        expect(Kontena::LocalhostWebServer).to receive(:new).and_return(webserver)
+        expect(webserver).to receive(:port).and_return(1234)
+        expect(webserver).to receive(:serve_one).and_return({
+          'error' => 'foo'
+        })
+        expect(Launchy).to receive(:open).and_return(true)
+        expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+        subject.run([])
+      end
+    end
+  end
+
+  context 'methods' do
+    let(:account) do
+      account = Kontena::Cli::Config::Account.new(Kontena::Cli::Config.kontena_account_data)
+      account.token = Kontena::Cli::Config::Token.new(access_token: 'foofoo', parent_type: :account, parent_name: 'kontena')
+      account
+    end
+
+    before(:each) do
+      allow(subject).to receive(:kontena_account).and_return(account)
+    end
+
+    describe '#finish' do
+      it 'updates user info, sets the current account, writes the config and displays login info' do
+        expect(subject).to receive(:kontena_account).at_least(:once).and_return(account)
+        allow(config).to receive(:reset_instance).and_return(true)
+        allow(config).to receive(:display_logo).and_return(true)
+        allow(subject).to receive(:reset_cloud_client).and_return(true)
+        expect(subject).to receive(:display_login_info).and_return(true)
+        expect(subject).to receive(:update_userinfo).and_return(true)
+        expect(config).to receive(:current_account=).and_return(true)
+        expect(config).to receive(:write).and_return(true)
+        subject.finish
+      end
+    end
+
+    describe '#use_authorization_code' do
+      it 'should use #exchange_code on client' do
+        expect(client).to receive(:exchange_code).with('abcd').and_return(true)
+        allow(subject).to receive(:update_token).and_return(true)
+        subject.use_authorization_code('abcd')
+      end
+
+      it 'should update the account token' do
+        expect(client).to receive(:exchange_code).with('abcd').and_return(
+          'access_token' => 'token'
+        )
+        subject.use_authorization_code('abcd')
+        expect(account.token.access_token).to eq 'token'
+      end
+    end
+
+    describe '#update_userinfo' do
+      it 'should make a get request to account userinfo endpoint' do
+        expect(client).to receive(:get).with('/' + account.userinfo_endpoint.split('/').last).and_return(nil)
+        allow(subject).to receive(:exit_with_error)
+        subject.update_userinfo
+      end
+
+      it 'should update account username' do
+        expect(client).to receive(:get).and_return(
+          'data' => {
+            'attributes' => {
+              'username' => 'foofoo'
+            }
+          }
+        )
+        expect(account).to receive(:username=).with('foofoo')
+        subject.update_userinfo
+      end
+
+      it 'should exit with error if cloud responds with error' do
+        expect(client).to receive(:get).and_return('error' => 'foo')
+        expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+        subject.update_userinfo
+      end
+
+      it 'should exit with error if cloud responds with something silly' do
+        expect(client).to receive(:get).and_return('foo')
+        expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+        subject.update_userinfo
+      end
+    end
+
+    describe '#update_token' do
+      it 'should exchange code if response has code' do
+        expect(subject).to receive(:use_authorization_code).with('abcd').and_return({})
+        subject.update_token({'code' => 'abcd'})
+      end
+
+      it 'should update the token of kontena account' do
+        subject.update_token(
+          'access_token' => 'token',
+          'refresh_token' => 'refresh',
+          'expires_in' => 123,
+          'expires_at' => 12345
+        )
+        expect(account.token.access_token).to eq 'token'
+        expect(account.token.refresh_token).to eq 'refresh'
+        expect(account.token.expires_at).to eq 12345
+      end
+
+      it 'should give error when response has error' do
+        expect(subject).to receive(:exit_with_error).and_throw(:exit_with_error)
+        subject.update_token('error' => 'fail!')
+      end
+
+      it 'should raise if response is not a hash' do
+        expect{subject.update_token('foo')}.to raise_error(TypeError)
+      end
+    end
+  end
+end