kontena-cli 1.4.0.pre1 → 1.4.0.pre2

data/lib/kontena/client.rb

@@ -59,16 +59,8 @@ module Kontena
         require 'kontena/debug_instrumentor'
         excon_opts[:instrumentor] = Kontena::DebugInstrumentor
       end
-
-      cert_file = File.join(Dir.home, "/.kontena/certs/#{uri.host}.pem")
-      if File.exist?(cert_file) && File.readable?(cert_file)
-        excon_opts[:ssl_ca_file] = cert_file
-        key = OpenSSL::X509::Certificate.new(File.read(cert_file))
-        if key.issuer.to_s == "/C=FI/O=Test/OU=Test/CN=Test"
-          debug { "Key looks like a self-signed cert made by Kontena CLI, setting verify_peer_host to 'Test'" }
-          excon_opts[:ssl_verify_peer_host] = 'Test'
-        end
-      end
+      excon_opts[:ssl_ca_file] = @options[:ssl_cert_path]
+      excon_opts[:ssl_verify_peer_host] = @options[:ssl_subject_cn]
 
       debug { "Excon opts: #{excon_opts.inspect}" }
 

data/lib/kontena/command.rb

@@ -164,9 +164,10 @@ class Kontena::Command < Clamp::Command
     retried ||= false
     Kontena::Cli::Config.instance.require_current_master_token
   rescue Kontena::Cli::Config::TokenExpiredError
-    success = Kontena::Client.new(
-      Kontena::Cli::Config.instance.current_master.url,
-      Kontena::Cli::Config.instance.current_master.token
+    server = Kontena::Cli::Config.instance.current_master
+    success = Kontena::Client.new(server.url, server.token,
+      ssl_cert_path: server.ssl_cert_path,
+      ssl_subject_cn: server.ssl_subject_cn,
     ).refresh_token
     if success && !retried
       retried = true

data/omnibus/Gemfile

@@ -1,22 +1,9 @@
 source 'https://rubygems.org'
 
 # Install omnibus
-gem 'omnibus', '~> 5.5'
+gem 'omnibus', '~> 5.6'
 
 # Use Chef's software definitions. It is recommended that you write your own
 # software definitions, but you can clone/fork Chef's to get you started.
-# gem 'omnibus-software', github: 'opscode/omnibus-software'
+gem 'omnibus-software', github: 'opscode/omnibus-software'
 
-# This development group is installed by default when you run `bundle install`,
-# but if you are using Omnibus in a CI-based infrastructure, you do not need
-# the Test Kitchen-based build lab. You can skip these unnecessary dependencies
-# by running `bundle install --without development` to speed up build times.
-group :development do
-  # Use Berkshelf for resolving cookbook dependencies
-  gem 'berkshelf', '~> 3.3'
-
-  # Use Test Kitchen with Vagrant for converging the build environment
-  gem 'test-kitchen',    '~> 1.4'
-  gem 'kitchen-vagrant', '~> 0.18'
-  gem 'omnibus-software', github: 'chef/omnibus-software'
-end

data/omnibus/Gemfile.lock

@@ -1,107 +1,48 @@
 GIT
-  remote: git://github.com/chef/omnibus-software.git
-  revision: fae57713431ef3a325a0662272be85cfc1d157a4
+  remote: git://github.com/opscode/omnibus-software.git
+  revision: f315da39ad2ead2541fdaf21af1a555870109e7a
   specs:
     omnibus-software (4.0.0)
       chef-sugar (>= 3.4.0)
-      omnibus (>= 5.5.0)
+      omnibus (>= 5.6.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.3.8)
-    artifactory (2.3.3)
-    aws-sdk (2.5.8)
-      aws-sdk-resources (= 2.5.8)
-    aws-sdk-core (2.5.8)
+    awesome_print (1.8.0)
+    aws-sdk (2.10.17)
+      aws-sdk-resources (= 2.10.17)
+    aws-sdk-core (2.10.17)
+      aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
-    aws-sdk-resources (2.5.8)
-      aws-sdk-core (= 2.5.8)
-    berkshelf (3.3.0)
-      addressable (~> 2.3.4)
-      berkshelf-api-client (~> 1.2)
-      buff-config (~> 1.0)
-      buff-extensions (~> 1.0)
-      buff-shell_out (~> 0.1)
-      celluloid (~> 0.16.0)
-      celluloid-io (~> 0.16.1)
-      cleanroom (~> 1.0)
-      faraday (~> 0.9.0)
-      httpclient (~> 2.6.0)
-      minitar (~> 0.5.4)
-      octokit (~> 3.0)
-      retryable (~> 2.0)
-      ridley (~> 4.0)
-      solve (~> 1.1)
-      thor (~> 0.19)
-    berkshelf-api-client (1.3.1)
-      faraday (~> 0.9.1)
-      httpclient (~> 2.6.0)
-    buff-config (1.0.1)
-      buff-extensions (~> 1.0)
-      varia_model (~> 0.4)
-    buff-extensions (1.0.0)
-    buff-ignore (1.2.0)
-    buff-ruby_engine (0.1.0)
-    buff-shell_out (0.2.0)
-      buff-ruby_engine (~> 0.1.0)
-    celluloid (0.16.0)
-      timers (~> 4.0.0)
-    celluloid-io (0.16.2)
-      celluloid (>= 0.16.0)
-      nio4r (>= 1.1.0)
+    aws-sdk-resources (2.10.17)
+      aws-sdk-core (= 2.10.17)
+    aws-sigv4 (1.0.1)
     chef-config (12.13.37)
       fuzzyurl
       mixlib-config (~> 2.0)
       mixlib-shellout (~> 2.0)
-    chef-sugar (3.4.0)
+    chef-sugar (3.5.0)
     cleanroom (1.0.0)
-    dep-selector-libgecode (1.3.1)
-    dep_selector (1.0.4)
-      dep-selector-libgecode (~> 1.0)
-      ffi (~> 1.9)
-    erubis (2.7.0)
-    faraday (0.9.2)
-      multipart-post (>= 1.2, < 3)
     ffi (1.9.14)
-    ffi-yajl (2.3.0)
+    ffi-yajl (2.3.1)
       libyajl2 (~> 1.2)
     fuzzyurl (0.9.0)
-    hashie (3.4.4)
-    hitimes (1.2.4)
-    httpclient (2.6.0.1)
+    iostruct (0.0.4)
     ipaddress (0.8.3)
     jmespath (1.3.1)
-    json (2.0.2)
-    kitchen-vagrant (0.20.0)
-      test-kitchen (~> 1.4)
     libyajl2 (1.2.0)
-    license_scout (0.1.2)
+    license_scout (0.1.3)
       ffi-yajl (~> 2.2)
       mixlib-shellout (~> 2.2)
-    minitar (0.5.4)
-    mixlib-authentication (1.4.1)
-      mixlib-log
     mixlib-cli (1.7.0)
     mixlib-config (2.2.4)
-    mixlib-install (1.1.0)
-      artifactory
-      mixlib-shellout
-      mixlib-versioning
     mixlib-log (1.7.1)
     mixlib-shellout (2.2.7)
     mixlib-versioning (1.1.0)
     multipart-post (2.0.0)
-    net-scp (1.2.1)
-      net-ssh (>= 2.6.5)
-    net-ssh (3.2.0)
-    net-ssh-gateway (1.2.0)
-      net-ssh (>= 2.6.5)
-    nio4r (1.2.1)
-    octokit (3.8.0)
-      sawyer (~> 0.6.0, >= 0.5.3)
-    ohai (8.19.2)
-      chef-config (>= 12.5.0.alpha.1, < 13)
+    ohai (8.24.1)
+      chef-config (>= 12.5.0.alpha.1, < 14)
       ffi (~> 1.9)
       ffi-yajl (~> 2.2)
       ipaddress
@@ -112,7 +53,7 @@ GEM
       plist (~> 3.1)
       systemu (~> 2.6.4)
       wmi-lite (~> 1.0)
-    omnibus (5.5.0)
+    omnibus (5.6.1)
       aws-sdk (~> 2)
       chef-sugar (~> 3.3)
       cleanroom (~> 1.0)
@@ -121,63 +62,29 @@ GEM
       mixlib-shellout (~> 2.0)
       mixlib-versioning
       ohai (~> 8.0)
+      pedump
       ruby-progressbar (~> 1.7)
       thor (~> 0.18)
-    plist (3.2.0)
-    retryable (2.0.4)
-    ridley (4.4.2)
-      addressable
-      buff-config (~> 1.0)
-      buff-extensions (~> 1.0)
-      buff-ignore (~> 1.1)
-      buff-shell_out (~> 0.1)
-      celluloid (~> 0.16.0)
-      celluloid-io (~> 0.16.1)
-      chef-config
-      erubis
-      faraday (~> 0.9.0)
-      hashie (>= 2.0.2, < 4.0.0)
-      httpclient (~> 2.6)
-      json (>= 1.7.7)
-      mixlib-authentication (>= 1.3.0)
-      retryable (~> 2.0)
-      semverse (~> 1.1)
-      varia_model (~> 0.4.0)
+    pedump (0.5.2)
+      awesome_print
+      iostruct (>= 0.0.4)
+      multipart-post (~> 2.0.0)
+      progressbar
+      zhexdump (>= 0.0.2)
+    plist (3.3.0)
+    progressbar (1.8.2)
     ruby-progressbar (1.8.1)
-    safe_yaml (1.0.4)
-    sawyer (0.6.0)
-      addressable (~> 2.3.5)
-      faraday (~> 0.8, < 0.10)
-    semverse (1.2.1)
-    solve (1.2.1)
-      dep_selector (~> 1.0)
-      semverse (~> 1.1)
     systemu (2.6.5)
-    test-kitchen (1.12.0)
-      mixlib-install (~> 1.0, >= 1.0.4)
-      mixlib-shellout (>= 1.2, < 3.0)
-      net-scp (~> 1.1)
-      net-ssh (>= 2.9, < 4.0)
-      net-ssh-gateway (~> 1.2.0)
-      safe_yaml (~> 1.0)
-      thor (~> 0.18)
     thor (0.19.1)
-    timers (4.0.4)
-      hitimes
-    varia_model (0.4.1)
-      buff-extensions (~> 1.0)
-      hashie (>= 2.0.2, < 4.0.0)
     wmi-lite (1.0.0)
+    zhexdump (0.0.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  berkshelf (~> 3.3)
-  kitchen-vagrant (~> 0.18)
-  omnibus (~> 5.5)
+  omnibus (~> 5.6)
   omnibus-software!
-  test-kitchen (~> 1.4)
 
 BUNDLED WITH
-   1.12.5
+   1.15.3

data/spec/kontena/cli/common_spec.rb

@@ -167,14 +167,15 @@ describe Kontena::Cli::Common do
   end
 
   describe '#use_refresh_token' do
+    let(:token) { double }
     let(:server) do
-      spy
-    end
-
-    let(:token) do
-      token = double
-      allow(server).to receive(:token).and_return(token)
-      token
+      double(:server,
+        name: 'example',
+        url: 'http://www.example.org',
+        token: token,
+        ssl_cert_path: nil,
+        ssl_subject_cn: nil,
+      )
     end
 
     let(:client) do
@@ -203,8 +204,7 @@ describe Kontena::Cli::Common do
       end
 
       it 'creates refresh_token request to given server' do
-        allow(server).to receive(:url).and_return('http://www.example.org')
-        expect(Kontena::Client).to receive(:new).with('http://www.example.org', token).and_return(client)
+        expect(Kontena::Client).to receive(:new).with('http://www.example.org', token, ssl_cert_path: nil, ssl_subject_cn: nil).and_return(client)
         expect(client).to receive(:refresh_token).once
         subject.use_refresh_token(server)
       end

data/spec/kontena/cli/containers/exec_command_spec.rb

@@ -0,0 +1,55 @@
+require 'kontena/cli/containers/exec_command'
+
+describe Kontena::Cli::Containers::ExecCommand do
+  include ClientHelpers
+
+  it 'executes with defaults' do
+    expect(subject).to receive(:container_exec).with('test-grid/host/test-service-1', [ 'test' ],
+      interactive: false,
+      shell: false,
+      tty: false,
+    ) { 0 }
+
+    subject.run(['host/test-service-1', 'test'])
+  end
+
+  it 'executes with --shell' do
+    expect(subject).to receive(:container_exec).with('test-grid/host/test-service-1', [ 'echo', '$HOSTNAME' ],
+      interactive: false,
+      shell: true,
+      tty: false,
+    ) { 0 }
+
+    subject.run(['--shell', 'host/test-service-1', 'echo', '$HOSTNAME'])
+  end
+
+  it 'executes with -i' do
+    expect(subject).to receive(:container_exec).with('test-grid/host/test-service-1', [ 'test' ],
+      interactive: true,
+      shell: false,
+      tty: false,
+    ) { 0 }
+
+    subject.run(['-i', 'host/test-service-1', 'test'])
+  end
+
+  it 'executes with -it' do
+    expect(subject).to receive(:container_exec).with('test-grid/host/test-service-1', [ 'test' ],
+      interactive: true,
+      shell: false,
+      tty: true,
+    ) { 0 }
+
+    subject.run(['-it', 'host/test-service-1', 'test'])
+  end
+
+  it 'fails on error' do
+    expect(subject).to receive(:container_exec).with('test-grid/host/test-service-1', [ 'test' ],
+      interactive: false,
+      shell: false,
+      tty: false,
+    ) { 1 }
+
+    expect{subject.run(['host/test-service-1', 'test'])}.to exit_with_error
+  end
+end

data/spec/kontena/cli/helpers/exec_helper_spec.rb

@@ -1,44 +1,326 @@
 require "kontena/cli/helpers/exec_helper"
 
 describe Kontena::Cli::Helpers::ExecHelper do
-
   include ClientHelpers
 
+  let(:master_url) { 'http://master.example.com/' }
+
   let(:described_class) do
     Class.new do
+      include Kontena::Cli::Common
       include Kontena::Cli::Helpers::ExecHelper
-      def initialize(*args)
+    end
+  end
+  subject { described_class.new }
+  let(:default_options) { Kontena::Cli::Helpers::ExecHelper::WEBSOCKET_CLIENT_OPTIONS }
+
+  let(:logger) { instance_double(Logger) }
+
+  before do
+    allow(subject).to receive(:logger).and_return(logger)
+    allow(logger).to receive(:debug)
+    Thread.abort_on_exception = true
+  end
+
+  describe '#read_stdin' do
+    context 'without tty' do
+      it 'yields lines from stdin.gets until eof' do
+        expect($stdin).to receive(:gets).and_return("line 1\n")
+        expect($stdin).to receive(:gets).and_return("line 2\n")
+        expect($stdin).to receive(:gets).and_return(nil)
+
+        expect{|b|subject.read_stdin(&b)}.to yield_successive_args(
+          "line 1\n",
+          "line 2\n"
+        )
+      end
+    end
+
+    context 'with tty' do
+      let(:stdin_raw) { instance_double(IO) }
+
+      before do
+        allow(STDIN).to receive(:raw) do |&block|
+          block.call(stdin_raw)
+        end
+      end
+
+      it 'yields from stdin.readpartial in raw mode until raising error' do
+        expect(stdin_raw).to receive(:readpartial).and_return("f")
+        expect(stdin_raw).to receive(:readpartial).and_return("oo")
+        expect(stdin_raw).to receive(:readpartial).and_return("\n")
+        expect(stdin_raw).to receive(:readpartial).and_raise(EOFError)
+
+        expect{|b| subject.read_stdin(tty: true, &b)}.to yield_successive_args(
+          "f",
+          "oo",
+          "\n",
+        ).and raise_error(EOFError)
       end
     end
   end
 
-  describe '#ws_url' do
-    it 'returns an exec url for a container id' do
-      expect(subject).to receive(:require_current_master).and_return(double(url: 'http://someurl/'))
-      expect(subject.ws_url('abcd1234')).to eq 'ws://someurl/v1/containers/abcd1234/exec'
+  describe '#websocket_exec' do
+    let(:websocket_url) { 'ws://master.example.com/v1/containers/test-grid/host-node/service-1/exec' }
+    let(:websocket_headers) { {
+      'Authorization' => 'Bearer 1234567',
+    }}
+    let(:websocket_options) { {
+        headers: websocket_headers,
+        ssl_params: {
+          verify_mode: OpenSSL::SSL::VERIFY_PEER,
+          ca_file: nil,
+        },
+        ssl_hostname: nil,
+        **default_options
+    }}
+    let(:websocket_client) { instance_double(Kontena::Websocket::Client) }
+    let(:write_thread) { instance_double(Thread) }
+
+    before do
+      allow(Kontena::Websocket::Client).to receive(:connect).with(websocket_url, websocket_options).and_yield(websocket_client)
     end
 
-    it 'also works when the url does not have a trailing slash' do
-      expect(subject).to receive(:require_current_master).and_return(double(url: 'http://someurl'))
-      expect(subject.ws_url('abcd1234')).to eq 'ws://someurl/v1/containers/abcd1234/exec'
+    it 'connects and reads messages to stdout until exit success' do
+      expect(websocket_client).to receive(:send).with('{"cmd":["test"]}')
+      expect(websocket_client).to receive(:read) do |&block|
+        block.call('{"stream": "stdout", "chunk": "test\n"}')
+        block.call('{"exit": 0}')
+      end
+
+      expect{
+        exit_status = subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test' ])
+
+        expect(exit_status).to eq 0
+      }.to output("test\n").to_stdout
     end
 
-    context 'query params' do
-      before(:each) do
-        allow(subject).to receive(:require_current_master).and_return(double(url: 'http://someurl'))
+    it 'connects and reads messages to stderr until exit error' do
+      expect(websocket_client).to receive(:send).with('{"cmd":["test-error"]}')
+      expect(websocket_client).to receive(:read) do |&block|
+        block.call('{"stream": "stderr", "chunk": "error\n"}')
+        block.call('{"exit": 1}')
       end
 
-      it 'can add the interactive query param' do
-        expect(subject.ws_url('abcd1234', interactive: true)).to eq 'ws://someurl/v1/containers/abcd1234/exec?interactive=true'
+      expect{
+        exit_status = subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-error' ])
+
+        expect(exit_status).to eq 1
+      }.to output("error\n").to_stderr
+    end
+
+    context 'with shell' do
+      let(:websocket_url) { 'ws://master.example.com/v1/containers/test-grid/host-node/service-1/exec?shell=true' }
+
+      it 'connects with the shell query param' do
+        expect(websocket_client).to receive(:send).with('{"cmd":["test-shell"]}')
+        expect(subject).to receive(:websocket_exec_read).and_return(0)
+
+        subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-shell' ], shell: true)
+      end
+    end
+
+    context 'with https master' do
+      let(:master_url) { 'https://master.example.com/' }
+      let(:ssl_cert_path) { nil }
+      let(:ssl_subject_cn) { nil }
+      let(:master) { double(:master,
+        url: master_url,
+        ssl_cert_path: ssl_cert_path,
+        ssl_subject_cn: ssl_subject_cn,
+      ) }
+
+      let(:websocket_url) { 'wss://master.example.com/v1/containers/test-grid/host-node/service-1/exec' }
+      let(:websocket_options) { {
+          headers: websocket_headers,
+          ssl_params: {
+            verify_mode: OpenSSL::SSL::VERIFY_PEER,
+            ca_file: nil,
+          },
+          ssl_hostname: nil,
+          **default_options
+      } }
+
+      before do
+        allow(subject).to receive(:require_current_master).and_return(master)
+        allow(ENV).to receive(:[]).with('SSL_IGNORE_ERRORS').and_return(nil)
+      end
+
+      it 'verifies SSL by default' do
+        expect(Kontena::Websocket::Client).to receive(:connect).with(websocket_url, websocket_options).and_raise(Kontena::Websocket::SSLVerifyError.new(OpenSSL::X509::V_OK, nil, nil, "..."))
+
+        expect{
+          subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-ssl' ])
+        }.to exit_with_error.and output(/certificate verify failed/).to_stderr
       end
 
-      it 'can add the shell query param' do
-        expect(subject.ws_url('abcd1234', shell: true)).to eq 'ws://someurl/v1/containers/abcd1234/exec?shell=true'
+      context 'with a kontena cli cert' do
+        let(:ssl_cert_path) { '~/.kontena/certs/test.pem' }
+        let(:ssl_subject_cn) { 'Test' }
+        let(:websocket_options) { {
+            headers: websocket_headers,
+            ssl_params: {
+              verify_mode: OpenSSL::SSL::VERIFY_PEER,
+              ca_file: '~/.kontena/certs/test.pem',
+            },
+            ssl_hostname: 'Test',
+            **default_options
+        } }
+
+        it 'uses the cert' do
+          expect(Kontena::Websocket::Client).to receive(:connect).with(websocket_url, websocket_options).and_raise(Kontena::Websocket::Error, 'testing')
+
+          expect{
+            subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-ssl' ])
+          }.to exit_with_error.and output(/testing/).to_stderr
+        end
       end
 
-      it 'can add both query params' do
-        expect(subject.ws_url('abcd1234', shell: true, interactive: true)).to eq 'ws://someurl/v1/containers/abcd1234/exec?interactive=true&shell=true'
+      context 'with SSL_IGNORE_ERRORS' do
+        let(:websocket_url) { 'wss://master.example.com/v1/containers/test-grid/host-node/service-1/exec' }
+        let(:websocket_options) { {
+            headers: websocket_headers,
+            ssl_params: {
+              verify_mode: OpenSSL::SSL::VERIFY_NONE,
+              ca_file: nil,
+            },
+            ssl_hostname: nil,
+            **default_options
+        } }
+
+        before do
+          allow(ENV).to receive(:[]).with('SSL_IGNORE_ERRORS').and_return('true')
+        end
+
+        it 'connects without ssl verify' do
+          expect(websocket_client).to receive(:send).with('{"cmd":["test-shell"]}')
+          expect(subject).to receive(:websocket_exec_read).and_return(0)
+
+          subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-shell' ])
+        end
       end
     end
+
+    context 'with interactive' do
+      let(:websocket_url) { 'ws://master.example.com/v1/containers/test-grid/host-node/service-1/exec?interactive=true' }
+
+      it 'connects and sends messages from stdin' do
+        stdin_eof = false
+
+        expect(STDIN).to receive(:gets).once.and_return "test 1\n"
+        expect(STDIN).to receive(:gets).once.and_return "test 2\n"
+        expect(STDIN).to receive(:gets).once.and_return nil
+        expect(STDIN).to_not receive(:gets)
+
+        expect(websocket_client).to receive(:send).with('{"cmd":["test-interactive"]}')
+        expect(websocket_client).to receive(:send).with('{"stdin":"test 1\n"}')
+        expect(websocket_client).to receive(:send).with('{"stdin":"test 2\n"}')
+        expect(websocket_client).to receive(:send).with('{"stdin":null}') do
+          stdin_eof = true
+        end
+
+        expect(websocket_client).to receive(:read) do |&block|
+          sleep 0.1 until stdin_eof
+          block.call('{"exit": 0}')
+        end
+
+        exit_status = subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-interactive' ], interactive: true)
+
+        expect(exit_status).to eq 0
+      end
+    end
+
+    context 'with interactive tty' do
+      let(:websocket_url) { 'ws://master.example.com/v1/containers/test-grid/host-node/service-1/exec?interactive=true&tty=true' }
+
+      it 'connects and sends messages from stdin' do
+        stdin_eol = false
+
+        expect(websocket_client).to receive(:send).once.with('{"cmd":["test-tty"]}')
+
+        expect(subject).to receive(:read_stdin).once.with(tty: true) do |&block|
+          expect(websocket_client).to receive(:send).once.with('{"stdin":"f"}')
+          block.call 'f'
+
+          expect(websocket_client).to receive(:send).once.with('{"stdin":"oo"}')
+          block.call 'oo'
+
+          expect(websocket_client).to receive(:send).once.with('{"stdin":"\n"}')
+          block.call "\n"
+
+          expect(websocket_client).to_not receive(:send)
+          stdin_eol = true
+          sleep
+        end
+
+        expect(websocket_client).to receive(:read) do |&block|
+          sleep 0.1 until stdin_eol
+          block.call('{"stream": "stdout", "chunk": "ok\n"}')
+          block.call('{"exit": 0}')
+        end
+
+        expect{
+          exit_status = subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-tty' ], interactive: true, tty: true)
+
+          expect(exit_status).to eq 0
+        }.to output("ok\n").to_stdout
+      end
+    end
+
+    context 'with interactive stdin read errors' do
+      let(:websocket_url) { 'ws://master.example.com/v1/containers/test-grid/host-node/service-1/exec?interactive=true' }
+
+      it 'closes websocket and raises from connect block' do
+        stdin_err = false
+
+        expect(websocket_client).to receive(:send).with('{"cmd":["test-close"]}')
+
+        expect(STDIN).to receive(:gets).once.and_return "test\n"
+        expect(websocket_client).to receive(:send).with('{"stdin":"test\n"}')
+
+        expect(STDIN).to receive(:gets).once.and_raise Errno::EIO
+        expect(logger).to receive(:error).with(Errno::EIO)
+        expect(websocket_client).to receive(:close).with(1001, "stdin read Errno::EIO: Input/output error") do
+          stdin_err = true
+        end
+        expect(STDIN).to_not receive(:gets)
+
+        expect(websocket_client).to receive(:read) do |&block|
+          sleep 0.1 until stdin_err
+        end
+        expect(websocket_client).to receive(:close_reason).and_return "stdin read Errno::EIO: Input/output error"
+        expect(logger).to receive(:error)
+
+        expect{
+          subject.websocket_exec('containers/test-grid/host-node/service-1/exec', [ 'test-close' ], interactive: true)
+        }.to raise_error(RuntimeError, "stdin read Errno::EIO: Input/output error")
+      end
+    end
+  end
+
+  describe '#websocket_url' do
+    it 'returns a websocket URL without query params' do
+      expect(subject.websocket_url('containers/test-grid/host-node/service-1')).to eq 'ws://master.example.com/v1/containers/test-grid/host-node/service-1'
+    end
+
+    it 'returns a websocket URL with query params' do
+      expect(subject.websocket_url('containers/test-grid/host-node/service-1', shell: true)).to eq 'ws://master.example.com/v1/containers/test-grid/host-node/service-1?shell=true'
+    end
+
+    context 'without a trailing slash in the master url' do
+      let(:master_url) { 'http://master2.example.com' } # TODO: https
+
+      it 'returns a websocket URL' do
+        expect(subject.websocket_url('containers/test-grid/host-node/service-1', shell: true)).to eq 'ws://master2.example.com/v1/containers/test-grid/host-node/service-1?shell=true'
+      end
+    end
+  end
+
+  describe '#container_exec' do
+    it 'uses the exec url for a container id' do
+      expect(subject).to receive(:websocket_exec).with('containers/test-grid/host-node/service-1/exec', ['test'], shell: true)
+
+      subject.container_exec('test-grid/host-node/service-1', [ 'test' ], shell: true)
+    end
   end
 end