summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEd Santiago <santiago@redhat.com>2022-01-10 11:54:12 -0700
committerEd Santiago <santiago@redhat.com>2022-01-17 14:40:30 -0700
commitc8124b88aecf8b01f6376950b7caf1ba9f619988 (patch)
tree3bd08727368c557460ef115c48415f4025db4706
parentb59c30f729401214131dd1378a49efa80f134717 (diff)
downloadpodman-c8124b88aecf8b01f6376950b7caf1ba9f619988.tar.gz
podman-c8124b88aecf8b01f6376950b7caf1ba9f619988.tar.bz2
podman-c8124b88aecf8b01f6376950b7caf1ba9f619988.zip
[WIP] Tests for podman image scp (the sudo form)
Start inching our way back to having tests for the sudo form of podman image scp. Basically, copy an image to another user and then back, using a pseudorandom name. Confirm that the image makes it to the remote end, and that when we copy it back, the original image digest is preserved. When scp'ing as root, we identify the destination rootless user account via the $PODMAN_ROOTLESS_USER envariable. Setting this and creating the account is left as an exercise for the CI framework (be it github, or Fedora/CentOS/RHEL gating, or other). Also: amend hack/bats to set and relay $PODMAN_ROOTLESS_USER, so developers can test locally. Also: remove what I'm 99% sure is a debugging printf. Signed-off-by: Ed Santiago <santiago@redhat.com>
-rwxr-xr-xhack/bats4
-rw-r--r--test/system/120-load.bats98
2 files changed, 87 insertions, 15 deletions
diff --git a/hack/bats b/hack/bats
index cd81a9c73..0776521f4 100755
--- a/hack/bats
+++ b/hack/bats
@@ -98,6 +98,9 @@ if [[ -z "$CONTAINERS_HELPER_BINARY_DIR" ]]; then
export CONTAINERS_HELPER_BINARY_DIR=$(pwd)/bin
fi
+# Used in 120-load test to identify rootless destination for podman image scp
+export PODMAN_ROOTLESS_USER=$(id -un)
+
# Root
if [ -z "$ROOTLESS_ONLY" ]; then
echo "# bats ${bats_filter[@]} $TESTS"
@@ -105,6 +108,7 @@ if [ -z "$ROOTLESS_ONLY" ]; then
--preserve-env=PODMAN_TEST_DEBUG \
--preserve-env=OCI_RUNTIME \
--preserve-env=CONTAINERS_HELPER_BINARY_DIR \
+ --preserve-env=PODMAN_ROOTLESS_USER \
bats "${bats_opts[@]}" "${bats_filter[@]}" $TESTS
rc=$?
fi
diff --git a/test/system/120-load.bats b/test/system/120-load.bats
index b1d181d50..f5ba93d8a 100644
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@@ -80,26 +80,94 @@ verify_iid_and_name() {
@test "podman image scp transfer" {
skip_if_remote "only applicable under local podman"
+ if is_ubuntu; then
+ skip "I don't have time to deal with this"
+ fi
- skip "FIXME FIXME FIXME: this needs a big rewrite"
-
- get_iid_and_name
+ # The testing is the same whether we're root or rootless; all that
+ # differs is the destination (not-me) username.
if is_rootless; then
+ # Simple: push to root.
whoami=$(id -un)
- # FIXME: first, test that we can sudo. If we can't, skip.
- # FIXME: test 'scp $IMAGE root@localhost::'
- # FIXME: then test the rest
- # FIXME: check output
- run_podman image scp $whoami@localhost::$iid root@localhost::
- is "$output" "Loaded image.*: $iid" "...."
-
- # FIXME: "-q" is a NOP
- run_podman image scp -q $whoami@localhost::$iid root@localhost::
+ notme=root
+ _sudo() { command sudo -n "$@"; }
else
- # root
- # FIXME: identify a rootless user. DO NOT CREATE ONE.
- run_podman image scp root@localhost::$iid 1000:1000@localhost::
+ # Harder: our CI infrastructure needs to define this & set up the acct
+ whoami=root
+ notme=${PODMAN_ROOTLESS_USER}
+ if [[ -z "$notme" ]]; then
+ skip "To run this test, set PODMAN_ROOTLESS_USER to a safe username"
+ fi
+ _sudo() { command sudo -n -u "$notme" "$@"; }
fi
+
+ # If we can't sudo, we can't test.
+ _sudo true || skip "cannot sudo to $notme"
+
+ # FIXME FIXME FIXME: it'd be reeeeeeally nice if we could pass --root
+ # to the non-self user, hence avoid vandalizing
+ # their storage.
+
+ # Preserve digest of original image; we will compare against it later
+ run_podman image inspect --format '{{.Digest}}' $IMAGE
+ src_digest=$output
+
+ # image name that is not likely to exist in the destination
+ newname=foo.bar/nonesuch/c_$(random_string 10 | tr A-Z a-z):mytag
+ run_podman tag $IMAGE $newname
+
+ # Copy it there.
+ # FIXME: the first '.*' in the expect string below is unfortunate; it's
+ # a workaround for Ubuntu which gripes:
+ # "warning.*defaulting to su since machinectl is not available"
+ # Reexamine this once #12829 is fixed
+ run_podman image scp $newname ${notme}@localhost::
+ is "$output" ".*Copying blob .*Copying config.*Writing manifest.*Storing signatures"
+
+ # confirm that image was copied. FIXME: also try $PODMAN image inspect?
+ _sudo $PODMAN image exists $newname
+
+ # Copy it back, this time using -q
+ run_podman untag $IMAGE $newname
+ run_podman image scp -q ${notme}@localhost::$newname
+
+ expect="Loaded image(s): $newname"
+ # FIXME FIXME FIXME: ubuntu has no machinectl, emits useless warning message instead
+ if ! is_rootless; then
+ # FIXME: root on fedora uses machinectl, which emits useless \n and \r (#12829)
+ NL=$'\n'
+ CR=$'\r'
+ expect="$NL$expect$CR"
+ fi
+ is "$output" "$expect" "-q silences output"
+
+ # Confirm that we have it, and that its digest matches our original
+ run_podman image inspect --format '{{.Digest}}' $newname
+ is "$output" "$src_digest" "Digest of re-fetched image matches original"
+
+ # Clean up
+ _sudo $PODMAN image rm $newname
+ run_podman untag $IMAGE $newname
+
+ # Negative test for nonexistent image.
+ # FIXME FIXME: cannot test on root, because it uses machinectl (#12829)
+ if is_rootless; then
+ # FIXME: error message is 2 lines, the 2nd being "exit status 125".
+ # FIXME: is that fixable, or do we have to live with it?
+ nope="nope.nope/nonesuch:notag"
+ run_podman 125 image scp ${notme}@localhost::$nope
+ is "$output" "Error: $nope: image not known.*" "Pulling nonexistent image"
+
+ run_podman 125 image scp $nope ${notme}@localhost::
+ is "$output" "Error: $nope: image not known.*" "Pushing nonexistent image"
+ fi
+
+ # Negative test for copying to a different name
+ run_podman 125 image scp $IMAGE ${notme}@localhost::newname:newtag
+ is "$output" "Error: cannot specify an image rename: invalid argument" \
+ "Pushing with a different name: not allowed"
+
+ # FIXME: any point in copying by image ID? What else should we test?
}