summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEd Santiago <santiago@redhat.com>2019-12-23 05:43:08 -0700
committerEd Santiago <santiago@redhat.com>2020-01-13 06:29:52 -0700
commit1298f19773574963b9ce5ba7ca3b1637d1a07ef6 (patch)
tree69367bb8637056113e793d812c70af9c4f5a62d9
parent9e2e4d7615311b38b1e553af32a5666888ef3c96 (diff)
downloadpodman-1298f19773574963b9ce5ba7ca3b1637d1a07ef6.tar.gz
podman-1298f19773574963b9ce5ba7ca3b1637d1a07ef6.tar.bz2
podman-1298f19773574963b9ce5ba7ca3b1637d1a07ef6.zip
more BATS tests
- run: --name (includes 'podman container exists' tests) - run: --pull (always, never, missing) - build: new test for ADD URL (#4420) - exec: new test for issue #4785 (pipe getting lost) - diff: new test - selinux (mostly copied from docker-autotest) Plus a bug fix: the wait_for_output() helper would continue checking, eventually timing out, even if the container had already exited (probably because of an error). Fix: as part of the loop, run 'podman inspect' and bail out if container is not running. Include exit code and logs. Signed-off-by: Ed Santiago <santiago@redhat.com>
-rw-r--r--test/system/030-run.bats51
-rw-r--r--test/system/070-build.bats21
-rw-r--r--test/system/075-exec.bats16
-rw-r--r--test/system/140-diff.bats28
-rw-r--r--test/system/410-selinux.bats66
-rw-r--r--test/system/helpers.bash14
6 files changed, 193 insertions, 3 deletions
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
index 7cbb60501..f1e9776c1 100644
--- a/test/system/030-run.bats
+++ b/test/system/030-run.bats
@@ -85,4 +85,55 @@ echo $rand | 0 | $rand
run_podman 1 run --rm $IMAGE sh -c /bin/false
}
+@test "podman run --name" {
+ randomname=$(random_string 30)
+
+ # Assume that 4 seconds gives us enough time for 3 quick tests (or at
+ # least for the 'ps'; the 'container exists' should pass even in the
+ # unlikely case that the container exits before we get to them)
+ run_podman run -d --name $randomname $IMAGE sleep 4
+ cid=$output
+
+ run_podman ps --format '{{.Names}}--{{.ID}}'
+ is "$output" "$randomname--${cid:0:12}"
+
+ run_podman container exists $randomname
+ run_podman container exists $cid
+
+ # Done with live-container tests; now let's test after container finishes
+ run_podman wait $cid
+
+ # Container still exists even after stopping:
+ run_podman container exists $randomname
+ run_podman container exists $cid
+
+ # ...but not after being removed:
+ run_podman rm $cid
+ run_podman 1 container exists $randomname
+ run_podman 1 container exists $cid
+}
+
+@test "podman run --pull" {
+ skip_if_remote "podman-remote does not emit 'Trying to pull' msgs"
+
+ run_podman run --pull=missing $IMAGE true
+ is "$output" "" "--pull=missing [present]: no output"
+
+ run_podman run --pull=never $IMAGE true
+ is "$output" "" "--pull=never [present]: no output"
+
+ # Now test with busybox, which we don't have present
+ run_podman 125 run --pull=never busybox true
+ is "$output" "Error: unable to find a name and tag match for busybox in repotags: no such image" "--pull=never [busybox/missing]: error"
+
+ run_podman run --pull=missing busybox true
+ is "$output" "Trying to pull .*" "--pull=missing [busybox/missing]: fetches"
+
+ run_podman run --pull=always busybox true
+ is "$output" "Trying to pull .*" "--pull=always [busybox/present]: fetches"
+
+ run_podman rm -a
+ run_podman rmi busybox
+}
+
# vim: filetype=sh
diff --git a/test/system/070-build.bats b/test/system/070-build.bats
index 7c39da72c..fd4ce03fc 100644
--- a/test/system/070-build.bats
+++ b/test/system/070-build.bats
@@ -40,7 +40,7 @@ EOF
# Make an empty test directory, with a subdirectory used for tar
tmpdir=$PODMAN_TMPDIR/build-test
- run mkdir -p $tmpdir/subtest || die "Could not mkdir $tmpdir/subtest"
+ mkdir -p $tmpdir/subtest || die "Could not mkdir $tmpdir/subtest"
echo "This is the ORIGINAL file" > $tmpdir/subtest/myfile1
run tar -C $tmpdir -cJf $tmpdir/myfile.tar.xz subtest
@@ -80,6 +80,25 @@ EOF
run_podman rmi -f build_test $iid
}
+@test "podman build - URLs" {
+ tmpdir=$PODMAN_TMPDIR/build-test
+ mkdir -p $tmpdir
+
+ cat >$tmpdir/Dockerfile <<EOF
+FROM $IMAGE
+ADD https://github.com/containers/libpod/blob/master/README.md /tmp/
+EOF
+ run_podman build -t add_url $tmpdir
+ run_podman run --rm add_url stat /tmp/README.md
+ run_podman rmi -f add_url
+
+ # Now test COPY. That should fail.
+ sed -i -e 's/ADD/COPY/' $tmpdir/Dockerfile
+ run_podman 125 build -t copy_url $tmpdir
+ is "$output" ".*error building at STEP .*: source can't be a URL for COPY"
+}
+
+
function teardown() {
# A timeout or other error in 'build' can leave behind stale images
# that podman can't even see and which will cascade into subsequent
diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats
index 472fdd1ab..36e9d57ec 100644
--- a/test/system/075-exec.bats
+++ b/test/system/075-exec.bats
@@ -49,4 +49,20 @@ load helpers
run_podman rm -f $cid
}
+# Issue #4785 - piping to exec statement - fixed in #4818
+@test "podman exec - cat from stdin" {
+ skip_if_remote
+
+ run_podman run -d $IMAGE sh -c 'while [ ! -e /stop ]; do sleep 0.1;done'
+ cid="$output"
+
+ echo_string=$(random_string 20)
+ run_podman exec -i $cid cat < <(echo $echo_string)
+ is "$output" "$echo_string" "output read back from 'exec cat'"
+
+ run_podman exec $cid touch /stop
+ run_podman wait $cid
+ run_podman rm $cid
+}
+
# vim: filetype=sh
diff --git a/test/system/140-diff.bats b/test/system/140-diff.bats
new file mode 100644
index 000000000..9f4a2c0de
--- /dev/null
+++ b/test/system/140-diff.bats
@@ -0,0 +1,28 @@
+#!/usr/bin/env bats -*- bats -*-
+#
+# Tests for podman diff
+#
+
+load helpers
+
+@test "podman diff" {
+ rand_file=$(random_string 10)
+ run_podman run $IMAGE sh -c "touch /$rand_file;rm /etc/services"
+ run_podman diff --format json -l
+
+ # Expected results for each type of diff
+ declare -A expect=(
+ [added]="/$rand_file"
+ [changed]="/etc"
+ [deleted]="/etc/services"
+ )
+
+ for field in ${!expect[@]}; do
+ result=$(jq -r -c ".${field}[]" <<<"$output")
+ is "$result" "${expect[$field]}" "$field"
+ done
+
+ run_podman rm -l
+}
+
+# vim: filetype=sh
diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats
new file mode 100644
index 000000000..8a0477eff
--- /dev/null
+++ b/test/system/410-selinux.bats
@@ -0,0 +1,66 @@
+#!/usr/bin/env bats -*- bats -*-
+#
+# 410-selinux - podman selinux tests
+#
+
+load helpers
+
+
+function check_label() {
+ if [ ! -e /usr/sbin/selinuxenabled ] || ! /usr/sbin/selinuxenabled; then
+ skip "selinux disabled or not available"
+ fi
+
+ local args="$1"; shift # command-line args for run
+
+ # FIXME: it'd be nice to specify the command to run, e.g. 'ls -dZ /',
+ # but alpine ls (from busybox) doesn't support -Z
+ run_podman run --rm $args $IMAGE cat -v /proc/self/attr/current
+
+ # FIXME: on some CI systems, 'run --privileged' emits a spurious
+ # warning line about dup devices. Ignore it.
+ local context="$output"
+ if [ ${#lines[@]} -gt 1 ]; then
+ if expr "${lines[0]}" : "WARNING: .* type, major" >/dev/null; then
+ echo "# ${lines[0]} [ignored]" >&3
+ context="${lines[1]}"
+ else
+ die "FAILED: too much output, expected one single line"
+ fi
+ fi
+
+ is "$context" ".*_u:system_r:.*" "SELinux role should always be system_r"
+
+ # e.g. system_u:system_r:container_t:s0:c45,c745 -> "container_t"
+ type=$(cut -d: -f3 <<<"$context")
+ is "$type" "$1" "SELinux type"
+
+ if [ -n "$2" ]; then
+ # e.g. from the above example -> "s0:c45,c745"
+ range=$(cut -d: -f4,5 <<<"$context")
+ is "$range" "$2" "SELinux range"
+ fi
+}
+
+
+@test "podman selinux: confined container" {
+ check_label "" "container_t"
+}
+
+@test "podman selinux: container with label=disable" {
+ skip_if_rootless
+
+ check_label "--security-opt label=disable" "spc_t"
+}
+
+@test "podman selinux: privileged container" {
+ skip_if_rootless
+
+ check_label "--privileged --userns=host" "spc_t"
+}
+
+@test "podman selinux: container with overridden range" {
+ check_label "--security-opt label=level:s0:c1,c2" "container_t" "s0:c1,c2"
+}
+
+# vim: filetype=sh
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 940f3f426..2e856930e 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -192,15 +192,24 @@ function wait_for_output {
fi
done
- [ -n "$cid" ] || die "FATAL: wait_for_ready: no container name/ID in '$*'"
+ [ -n "$cid" ] || die "FATAL: wait_for_output: no container name/ID in '$*'"
t1=$(expr $SECONDS + $how_long)
while [ $SECONDS -lt $t1 ]; do
run_podman logs $cid
- if expr "$output" : ".*$expect" >/dev/null; then
+ logs=$output
+ if expr "$logs" : ".*$expect" >/dev/null; then
return
fi
+ # Barf if container is not running
+ run_podman inspect --format '{{.State.Running}}' $cid
+ if [ $output != "true" ]; then
+ run_podman inspect --format '{{.State.ExitCode}}' $cid
+ exitcode=$output
+ die "Container exited (status: $exitcode) before we saw '$expect': $logs"
+ fi
+
sleep $sleep_delay
done
@@ -258,6 +267,7 @@ function skip_if_not_systemd() {
# die # Abort with helpful message
#########
function die() {
+ # FIXME: handle multi-line output
echo "#/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv" >&2
echo "#| FAIL: $*" >&2
echo "#\\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^" >&2