From 9767d9e5e160f27c35aaac4ef31f245867704ae4 Mon Sep 17 00:00:00 2001
From: Chai Feng <chaifeng@chaifeng.com>
Date: Wed, 3 Oct 2018 11:09:54 +0800
Subject: [PATCH] WIP: update all services rules

---
 docker-entrypoint.sh | 44 ++++++++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index ac83636..39f5252 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -4,7 +4,7 @@
 
 ufw_docker_agent=ufw-docker-agent
 
-function ufw_update_service_instances() {
+function ufw-update-service-instances() {
     name="$1"
     port="$2"
 
@@ -13,35 +13,55 @@ function ufw_update_service_instances() {
 
     docker ps -qf "label=com.docker.swarm.service.name=${name}" |
         while read name; do
-            echo ufw-docker allow "${opts[@]}"
+            ufw-docker allow "${opts[@]}"
         done
 }
 
+function update-ufw-rules() {
+    declare -p | sed -e '/^declare -x ufw_public_/!d' \
+                     -e 's/^declare -x ufw_public_//' \
+                     -e 's/="/ /' \
+                     -e 's/"$//' |
+        while read name port; do
+            echo "${name}=$port"
+            ufw-update-service-instances "${name}" "${port}"
+        done
+}
+
+function run-ufw-docker() {
+    echo docker run --rm --cap-add NET_ADMIN --network host -v /etc/ufw:/etc/ufw "${ufw_docker_agent}" "$@"
+}
+
+function get-service-name-of() {
+    docker inspect "$1" --format '{{range $k,$v:=.Config.Labels}}{{ if eq $k "com.docker.swarm.service.name" }}{{$v}}{{end}}{{end}}' | grep -E "^.+\$"
+}
+
 case "$1" in
     start)
-        declare -p | sed -e '/^declare -x ufw_public_/!d' \
-                         -e 's/^declare -x ufw_public_//' \
-                         -e 's/="/ /' \
-                         -e 's/"$//' |
-            while read name port; do
-                echo "${name}=$port"
-                ufw_update_service_instances "${name}" "${port}"
-            done
+        run-ufw-docker update-ufw-rules
         docker events --format '{{.Time}} {{.Status}} {{.Actor.Attributes.name}}' --filter 'scope=local' --filter 'type=container' |
             while read time status name; do
                 echo "$time $status $name" >&2
 
-                declare -a agent_opts=(run --rm --cap-add NET_ADMIN --network host -v /etc/ufw:/etc/ufw "${ufw_docker_agent_image}")
+                [[ "$status" = @(kill|start) ]] || continue
+
+                declare -n env_name="ufw_public_$(get-service-name-of "$name")"
+                [[ -z "$env_name" ]] && continue
+
+                declare -a agent_opts=()
                 [[ "status" = start ]] && agent_opts+=(allow "$name")
                 [[ "status" = stop ]] && agent_opts+=(delete allow "$name")
 
-                echo docker "${agent_opts[@]}"
+                run-ufw-docker "${agent_opts[@]}" >&2
             done
         sleep 60; exit 1
         ;;
     delete|allow)
         ufw-docker "$@"
         ;;
+    update-ufw-rules)
+        update-ufw-rules
+        ;;
     *)
         if [[ -f "$1" ]]; then
             exec "$@"