diff options
Diffstat (limited to 'test/e2e')
34 files changed, 1423 insertions, 48 deletions
diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 71f5d1b02..8b03e9386 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -3,7 +3,10 @@ package integration import ( + "io/ioutil" "os" + "path/filepath" + "runtime" "strings" . "github.com/containers/libpod/test/utils" @@ -41,6 +44,15 @@ var _ = Describe("Podman build", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + iid := session.OutputToStringArray()[len(session.OutputToStringArray())-1] + + // Verify that OS and Arch are being set + inspect := podmanTest.PodmanNoCache([]string{"inspect", iid}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectImageJSON() + Expect(data[0].Os).To(Equal(runtime.GOOS)) + Expect(data[0].Architecture).To(Equal(runtime.GOARCH)) + session = podmanTest.PodmanNoCache([]string{"rmi", "alpine"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -105,4 +117,62 @@ var _ = Describe("Podman build", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) + + It("podman build Containerfile locations", func() { + // Given + // Switch to temp dir and restore it afterwards + cwd, err := os.Getwd() + Expect(err).To(BeNil()) + Expect(os.Chdir(os.TempDir())).To(BeNil()) + defer Expect(os.Chdir(cwd)).To(BeNil()) + + // Write target and fake files + targetPath := filepath.Join(os.TempDir(), "dir") + Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + + fakeFile := filepath.Join(os.TempDir(), "Containerfile") + Expect(ioutil.WriteFile(fakeFile, []byte("FROM alpine"), 0755)).To(BeNil()) + + targetFile := filepath.Join(targetPath, "Containerfile") + Expect(ioutil.WriteFile(targetFile, []byte("FROM scratch"), 0755)).To(BeNil()) + + defer func() { + Expect(os.RemoveAll(fakeFile)).To(BeNil()) + Expect(os.RemoveAll(targetFile)).To(BeNil()) + }() + + // When + session := podmanTest.PodmanNoCache([]string{ + "build", "-f", targetFile, "-t", "test-locations", + }) + session.WaitWithDefaultTimeout() + + // Then + Expect(session.ExitCode()).To(Equal(0)) + Expect(strings.Fields(session.OutputToString())). + To(ContainElement("scratch")) + }) + + It("podman build basic alpine and print id to external file", func() { + + // Switch to temp dir and restore it afterwards + cwd, err := os.Getwd() + Expect(err).To(BeNil()) + Expect(os.Chdir(os.TempDir())).To(BeNil()) + defer Expect(os.Chdir(cwd)).To(BeNil()) + + targetPath := filepath.Join(os.TempDir(), "dir") + targetFile := filepath.Join(targetPath, "idFile") + + session := podmanTest.PodmanNoCache([]string{"build", "build/basicalpine", "--iidfile", targetFile}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + id, _ := ioutil.ReadFile(targetFile) + + // Verify that id is correct + inspect := podmanTest.PodmanNoCache([]string{"inspect", string(id)}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectImageJSON() + Expect(data[0].ID).To(Equal(string(id))) + }) }) diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index e9d274649..72387ed8c 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -1,7 +1,9 @@ package integration import ( + "io/ioutil" "os" + "path/filepath" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -115,6 +117,25 @@ var _ = Describe("Podman commit", func() { Expect(foundBlue).To(Equal(true)) }) + It("podman commit container with change flag and JSON entrypoint with =", func() { + test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", ALPINE, "ls"}) + test.WaitWithDefaultTimeout() + Expect(test.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session := podmanTest.Podman([]string{"commit", "--change", `ENTRYPOINT ["foo", "bar=baz"]`, "test1", "foobar.com/test1-image:latest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"}) + check.WaitWithDefaultTimeout() + data := check.InspectImageJSON() + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].Config.Entrypoint)).To(Equal(2)) + Expect(data[0].Config.Entrypoint[0]).To(Equal("foo")) + Expect(data[0].Config.Entrypoint[1]).To(Equal("bar=baz")) + }) + It("podman commit container with change CMD flag", func() { test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", ALPINE, "ls"}) test.WaitWithDefaultTimeout() @@ -215,4 +236,30 @@ var _ = Describe("Podman commit", func() { } Expect(envMap["TEST=1=1-01=9.01"]).To(BeTrue()) }) + + It("podman commit container and print id to external file", func() { + // Switch to temp dir and restore it afterwards + cwd, err := os.Getwd() + Expect(err).To(BeNil()) + Expect(os.Chdir(os.TempDir())).To(BeNil()) + targetPath := filepath.Join(os.TempDir(), "dir") + Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + targetFile := filepath.Join(targetPath, "idFile") + defer Expect(os.RemoveAll(targetFile)).To(BeNil()) + defer Expect(os.Chdir(cwd)).To(BeNil()) + + _, ec, _ := podmanTest.RunLsContainer("test1") + Expect(ec).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session := podmanTest.Podman([]string{"commit", "test1", "foobar.com/test1-image:latest", "--iidfile", targetFile}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + id, _ := ioutil.ReadFile(targetFile) + check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"}) + check.WaitWithDefaultTimeout() + data := check.InspectImageJSON() + Expect(data[0].ID).To(Equal(string(id))) + }) }) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 16b971e65..b10c3237d 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -15,6 +15,7 @@ import ( "time" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" "github.com/containers/libpod/pkg/inspect" "github.com/containers/libpod/pkg/rootless" . "github.com/containers/libpod/test/utils" @@ -320,7 +321,7 @@ func (s *PodmanSessionIntegration) InspectImageJSON() []inspect.ImageData { } // InspectContainer returns a container's inspect data in JSON format -func (p *PodmanTestIntegration) InspectContainer(name string) []libpod.InspectContainerData { +func (p *PodmanTestIntegration) InspectContainer(name string) []define.InspectContainerData { cmd := []string{"inspect", name} session := p.Podman(cmd) session.WaitWithDefaultTimeout() @@ -492,8 +493,8 @@ func (p *PodmanTestIntegration) PullImage(image string) error { // InspectContainerToJSON takes the session output of an inspect // container and returns json -func (s *PodmanSessionIntegration) InspectContainerToJSON() []libpod.InspectContainerData { - var i []libpod.InspectContainerData +func (s *PodmanSessionIntegration) InspectContainerToJSON() []define.InspectContainerData { + var i []define.InspectContainerData err := json.Unmarshal(s.Out.Contents(), &i) Expect(err).To(BeNil()) return i @@ -519,6 +520,21 @@ func (p *PodmanTestIntegration) CreatePod(name string) (*PodmanSessionIntegratio return session, session.ExitCode(), session.OutputToString() } +// CreatePod creates a pod with no infra container and some labels. +// it optionally takes a pod name +func (p *PodmanTestIntegration) CreatePodWithLabels(name string, labels map[string]string) (*PodmanSessionIntegration, int, string) { + var podmanArgs = []string{"pod", "create", "--infra=false", "--share", ""} + if name != "" { + podmanArgs = append(podmanArgs, "--name", name) + } + for labelKey, labelValue := range labels { + podmanArgs = append(podmanArgs, "--label", fmt.Sprintf("%s=%s", labelKey, labelValue)) + } + session := p.Podman(podmanArgs) + session.WaitWithDefaultTimeout() + return session, session.ExitCode(), session.OutputToString() +} + func (p *PodmanTestIntegration) RunTopContainerInPod(name, pod string) *PodmanSessionIntegration { var podmanArgs = []string{"run", "--pod", pod} if name != "" { diff --git a/test/e2e/config.go b/test/e2e/config.go index 96cc157be..49a47c7da 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -2,7 +2,7 @@ package integration var ( redis = "docker.io/library/redis:alpine" - fedoraMinimal = "registry.fedoraproject.org/fedora-minimal:latest" + fedoraMinimal = "quay.io/libpod/fedora-minimal:latest" ALPINE = "docker.io/library/alpine:latest" ALPINELISTTAG = "docker.io/library/alpine:3.10.2" ALPINELISTDIGEST = "docker.io/library/alpine@sha256:72c42ed48c3a2db31b7dafe17d275b634664a708d901ec9fd57b1529280f01fb" @@ -10,7 +10,7 @@ var ( ALPINEAMD64ID = "961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4" ALPINEARM64DIGEST = "docker.io/library/alpine@sha256:db7f3dcef3d586f7dd123f107c93d7911515a5991c4b9e51fa2a43e46335a43e" ALPINEARM64ID = "915beeae46751fc564998c79e73a1026542e945ca4f73dc841d09ccc6c2c0672" - infra = "k8s.gcr.io/pause:3.1" + infra = "k8s.gcr.io/pause:3.2" BB = "docker.io/library/busybox:latest" healthcheck = "docker.io/libpod/alpine_healthcheck:latest" ImageCacheDir = "/tmp/podman/imagecachedir" diff --git a/test/e2e/config/containers-caps.conf b/test/e2e/config/containers-caps.conf new file mode 100644 index 000000000..7b964e4a7 --- /dev/null +++ b/test/e2e/config/containers-caps.conf @@ -0,0 +1,17 @@ +[containers] + +# List of default capabilities for containers. If it is empty or commented out, +# the default capabilities defined in the container engine will be added. +# +default_capabilities = [ + "CHOWN", + "DAC_OVERRIDE", + "FOWNER", + "FSETID", + "KILL", + "MKNOD", + "NET_BIND_SERVICE", + "SETGID", + "SETPCAP", + "SETUID", +] diff --git a/test/e2e/config/containers-ns.conf b/test/e2e/config/containers-ns.conf new file mode 100644 index 000000000..d2cf5b03f --- /dev/null +++ b/test/e2e/config/containers-ns.conf @@ -0,0 +1,24 @@ +[containers] + +pidns = "host" +netns = "host" +ipcns = "host" +utsns = "host" +userns = "host" +cgroupns = "host" + +# List of default capabilities for containers. If it is empty or commented out, +# the default capabilities defined in the container engine will be added. +# +default_capabilities = [ + "CHOWN", + "DAC_OVERRIDE", + "FOWNER", + "FSETID", + "KILL", + "MKNOD", + "NET_BIND_SERVICE", + "SETGID", + "SETPCAP", + "SETUID", +] diff --git a/test/e2e/config/containers.conf b/test/e2e/config/containers.conf new file mode 100644 index 000000000..55d18f5e8 --- /dev/null +++ b/test/e2e/config/containers.conf @@ -0,0 +1,50 @@ +[containers] + +# A list of ulimits to be set in containers by default, specified as +# "<ulimit name>=<soft limit>:<hard limit>", for example: +# "nofile=1024:2048" +# See setrlimit(2) for a list of resource names. +# Any limit not specified here will be inherited from the process launching the +# container engine. +# Ulimits has limits for non privileged container engines. +# +default_ulimits = [ + "nofile=500:500", +] + +# Environment variable list for the conmon process; used for passing necessary +# environment variables to conmon or the runtime. +# +env = [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "foo=bar", +] + +# container engines use container separation using MAC(SELinux) labeling. +# Flag is ignored on label disabled systems. +# +label = true + +# Size of /dev/shm. Specified as <number><unit>. +# Unit is optional, values: +# b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). +# If the unit is omitted, the system uses bytes. +# +shm_size = "201k" + +# List of devices. Specified as +# "<device-on-host>:<device-on-container>:<permissions>", for example: +# "/dev/sdc:/dev/xvdc:rwm". +# If it is empty or commented out, only the default devices will be used +# +devices = [ + "/dev/zero:/dev/notone,rwm", +] + +default_sysctls = [ + "net.ipv4.ping_group_range=0 1000", +] + +dns_searches=[ "foobar.com", ] +dns_servers=[ "1.2.3.4", ] +dns_options=[ "debug", ] diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go new file mode 100644 index 000000000..a2ef7eb4a --- /dev/null +++ b/test/e2e/containers_conf_test.go @@ -0,0 +1,214 @@ +// +build !remoteclient + +package integration + +import ( + "fmt" + "io/ioutil" + "os" + "os/exec" + "path/filepath" + "strings" + + . "github.com/containers/libpod/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman run", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + os.Setenv("CONTAINERS_CONF", "config/containers.conf") + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + os.Unsetenv("CONTAINERS_CONF") + }) + + It("podman run limits test", func() { + SkipIfRootless() + //containers.conf is set to "nofile=500:500" + session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("500")) + + session = podmanTest.Podman([]string{"run", "--rm", "--ulimit", "nofile=2048:2048", fedoraMinimal, "ulimit", "-n"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("2048")) + }) + + It("podman run with containers.conf having additional env", func() { + //containers.conf default env includes foo + session := podmanTest.Podman([]string{"run", ALPINE, "printenv"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("foo=bar")) + }) + + It("podman run with additional devices", func() { + //containers.conf devices includes notone + session := podmanTest.Podman([]string{"run", "--device", "/dev/null:/dev/bar", ALPINE, "ls", "/dev"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("bar")) + Expect(session.OutputToString()).To(ContainSubstring("notone")) + }) + + It("podman run shm-size", func() { + //containers.conf default sets shm-size=201k, which ends up as 200k + session := podmanTest.Podman([]string{"run", ALPINE, "grep", "shm", "/proc/self/mounts"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("size=200k")) + }) + + It("podman Capabilities in containers.conf", func() { + SkipIfRootless() + os.Setenv("CONTAINERS_CONF", "config/containers.conf") + cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"}) + cap.WaitWithDefaultTimeout() + Expect(cap.ExitCode()).To(Equal(0)) + + os.Setenv("CONTAINERS_CONF", "config/containers-ns.conf") + session := podmanTest.Podman([]string{"run", "busybox", "grep", "CapEff", "/proc/self/status"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).ToNot(Equal(cap.OutputToString())) + }) + + It("podman Regular capabilties", func() { + SkipIfRootless() + os.Setenv("CONTAINERS_CONF", "config/containers.conf") + setup := podmanTest.RunTopContainer("test1") + setup.WaitWithDefaultTimeout() + result := podmanTest.Podman([]string{"top", "test1", "capeff"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).To(ContainSubstring("SYS_CHROOT")) + Expect(result.OutputToString()).To(ContainSubstring("NET_RAW")) + }) + + It("podman drop capabilties", func() { + os.Setenv("CONTAINERS_CONF", "config/containers-caps.conf") + setup := podmanTest.RunTopContainer("test1") + setup.WaitWithDefaultTimeout() + result := podmanTest.Podman([]string{"container", "top", "test1", "capeff"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.OutputToString()).ToNot(ContainSubstring("SYS_CHROOT")) + Expect(result.OutputToString()).ToNot(ContainSubstring("NET_RAW")) + }) + + verifyNSHandling := func(nspath, option string) { + os.Setenv("CONTAINERS_CONF", "config/containers-ns.conf") + //containers.conf default ipcns to default to host + session := podmanTest.Podman([]string{"run", ALPINE, "ls", "-l", nspath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + fields := strings.Split(session.OutputToString(), " ") + ctrNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + + cmd := exec.Command("ls", "-l", nspath) + res, err := cmd.Output() + Expect(err).To(BeNil()) + fields = strings.Split(string(res), " ") + hostNS := strings.TrimSuffix(fields[len(fields)-1], "\n") + Expect(hostNS).To(Equal(ctrNS)) + + session = podmanTest.Podman([]string{"run", option, "private", ALPINE, "ls", "-l", nspath}) + fields = strings.Split(session.OutputToString(), " ") + ctrNS = fields[len(fields)-1] + Expect(hostNS).ToNot(Equal(ctrNS)) + } + + It("podman compare netns", func() { + verifyNSHandling("/proc/self/ns/net", "--network") + }) + + It("podman compare ipcns", func() { + verifyNSHandling("/proc/self/ns/ipc", "--ipc") + }) + + It("podman compare utsns", func() { + verifyNSHandling("/proc/self/ns/uts", "--uts") + }) + + It("podman compare pidns", func() { + verifyNSHandling("/proc/self/ns/pid", "--pid") + }) + + It("podman compare cgroupns", func() { + verifyNSHandling("/proc/self/ns/cgroup", "--cgroupns") + }) + + It("podman containers.conf additionalvolumes", func() { + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + err := ioutil.WriteFile(conffile, []byte(fmt.Sprintf("[containers]\nvolumes=[\"%s:%s:Z\",]\n", tempdir, tempdir)), 0755) + if err != nil { + os.Exit(1) + } + + os.Setenv("CONTAINERS_CONF", conffile) + result := podmanTest.Podman([]string{"run", ALPINE, "ls", tempdir}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + }) + + It("podman run containers.conf sysctl test", func() { + SkipIfRootless() + //containers.conf is set to "net.ipv4.ping_group_range=0 1000" + session := podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "cat", "/proc/sys/net/ipv4/ping_group_range"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("1000")) + }) + + It("podman run containers.conf search domain", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session.LineInOuputStartsWith("search foobar.com") + }) + + It("podman run add dns server", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session.LineInOuputStartsWith("server 1.2.3.4") + }) + + It("podman run add dns option", func() { + session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session.LineInOuputStartsWith("options debug") + }) + + It("podman run containers.conf remove all search domain", func() { + session := podmanTest.Podman([]string{"run", "--dns-search=.", ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOuputStartsWith("search")).To(BeFalse()) + }) +}) diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 72a0638f9..693795637 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -4,6 +4,7 @@ package integration import ( "os" + "time" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -86,8 +87,23 @@ var _ = Describe("Podman create with --ip flag", func() { result = podmanTest.Podman([]string{"start", "test1"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) + + // race prevention: wait until IP address is assigned + for i := 0; i < 5; i++ { + result = podmanTest.Podman([]string{"inspect", "--format", "{{.NetworkSettings.IPAddress}}", "test1"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + if result.OutputToString() != "" { + break + } + time.Sleep(1 * time.Second) + } + Expect(result.OutputToString()).To(Equal(ip)) + + // test1 container is running with the given IP. result = podmanTest.Podman([]string{"start", "test2"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) + Expect(result.ErrorToString()).To(ContainSubstring("requested IP address " + ip + " is not available")) }) }) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 134b7b162..10742a0e8 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -304,4 +304,42 @@ var _ = Describe("Podman create", func() { session.WaitWithDefaultTimeout() Expect(session).To(Not(Equal(0))) }) + + It("podman create with unset label", func() { + // Alpine is assumed to have no labels here, which seems safe + ctrName := "testctr" + session := podmanTest.Podman([]string{"create", "--label", "TESTKEY1=", "--label", "TESTKEY2", "--name", ctrName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", ctrName}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].Config.Labels)).To(Equal(2)) + _, ok1 := data[0].Config.Labels["TESTKEY1"] + Expect(ok1).To(BeTrue()) + _, ok2 := data[0].Config.Labels["TESTKEY2"] + Expect(ok2).To(BeTrue()) + }) + + It("podman create with set label", func() { + // Alpine is assumed to have no labels here, which seems safe + ctrName := "testctr" + session := podmanTest.Podman([]string{"create", "--label", "TESTKEY1=value1", "--label", "TESTKEY2=bar", "--name", ctrName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", ctrName}) + inspect.WaitWithDefaultTimeout() + data := inspect.InspectContainerToJSON() + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].Config.Labels)).To(Equal(2)) + val1, ok1 := data[0].Config.Labels["TESTKEY1"] + Expect(ok1).To(BeTrue()) + Expect(val1).To(Equal("value1")) + val2, ok2 := data[0].Config.Labels["TESTKEY2"] + Expect(ok2).To(BeTrue()) + Expect(val2).To(Equal("bar")) + }) }) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index ed4eb3335..ab806f683 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "strings" @@ -244,4 +245,27 @@ var _ = Describe("Podman exec", func() { Expect(session.ExitCode()).To(Equal(0)) }) + It("podman exec preserves --group-add groups", func() { + groupName := "group1" + gid := "4444" + ctrName1 := "ctr1" + ctr1 := podmanTest.Podman([]string{"run", "-ti", "--name", ctrName1, fedoraMinimal, "groupadd", "-g", gid, groupName}) + ctr1.WaitWithDefaultTimeout() + Expect(ctr1.ExitCode()).To(Equal(0)) + + imgName := "img1" + commit := podmanTest.Podman([]string{"commit", ctrName1, imgName}) + commit.WaitWithDefaultTimeout() + Expect(commit.ExitCode()).To(Equal(0)) + + ctrName2 := "ctr2" + ctr2 := podmanTest.Podman([]string{"run", "-d", "--name", ctrName2, "--group-add", groupName, imgName, "sleep", "300"}) + ctr2.WaitWithDefaultTimeout() + Expect(ctr2.ExitCode()).To(Equal(0)) + + exec := podmanTest.Podman([]string{"exec", "-ti", ctrName2, "id"}) + exec.WaitWithDefaultTimeout() + Expect(exec.ExitCode()).To(Equal(0)) + Expect(strings.Contains(exec.OutputToString(), fmt.Sprintf("%s(%s)", gid, groupName))).To(BeTrue()) + }) }) diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 603edbe6b..389f2c822 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -10,7 +10,7 @@ import ( "github.com/ghodss/yaml" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "k8s.io/api/core/v1" + v1 "k8s.io/api/core/v1" ) var _ = Describe("Podman generate kube", func() { @@ -69,6 +69,51 @@ var _ = Describe("Podman generate kube", func() { Expect(numContainers).To(Equal(1)) }) + It("podman generate service kube on container with --security-opt level", func() { + session := podmanTest.Podman([]string{"create", "--name", "test", "--security-opt", "label=level:s0:c100,c200", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err := yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("level: s0:c100,c200")) + }) + + It("podman generate service kube on container with --security-opt disable", func() { + session := podmanTest.Podman([]string{"create", "--name", "test-disable", "--security-opt", "label=disable", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test-disable"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("type: spc_t")) + }) + + It("podman generate service kube on container with --security-opt type", func() { + session := podmanTest.Podman([]string{"create", "--name", "test", "--security-opt", "label=type:foo_bar_t", "alpine"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "test"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(kube.OutputToString()).To(ContainSubstring("type: foo_bar_t")) + }) + It("podman generate service kube on container", func() { session := podmanTest.RunTopContainer("top") session.WaitWithDefaultTimeout() diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index d0dadd09d..e5ab0b854 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -191,7 +191,35 @@ var _ = Describe("Podman generate systemd", func() { found, _ := session.GrepString("# container-foo.service") Expect(found).To(BeTrue()) - found, _ = session.GrepString("stop --ignore --cidfile /%t/%n-cid -t 42") + found, _ = session.GrepString("stop --ignore --cidfile %t/%n-cid -t 42") + Expect(found).To(BeTrue()) + }) + + It("podman generate systemd --new without explicit detaching param", func() { + n := podmanTest.Podman([]string{"create", "--name", "foo", "alpine", "top"}) + n.WaitWithDefaultTimeout() + Expect(n.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"generate", "systemd", "--timeout", "42", "--name", "--new", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Grepping the output (in addition to unit tests) + found, _ := session.GrepString("--cgroups=no-conmon -d") + Expect(found).To(BeTrue()) + }) + + It("podman generate systemd --new with explicit detaching param in middle", func() { + n := podmanTest.Podman([]string{"create", "--name", "foo", "-d", "alpine", "top"}) + n.WaitWithDefaultTimeout() + Expect(n.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"generate", "systemd", "--timeout", "42", "--name", "--new", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Grepping the output (in addition to unit tests) + found, _ := session.GrepString("--name foo -d alpine top") Expect(found).To(BeTrue()) }) diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go index 7633261e3..19a8658ac 100644 --- a/test/e2e/healthcheck_run_test.go +++ b/test/e2e/healthcheck_run_test.go @@ -41,6 +41,26 @@ var _ = Describe("Podman healthcheck run", func() { Expect(session).To(ExitWithError()) }) + It("podman disable healthcheck with --no-healthcheck on valid container", func() { + SkipIfRemote() + session := podmanTest.Podman([]string{"run", "-dt", "--no-healthcheck", "--name", "hc", healthcheck}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + hc := podmanTest.Podman([]string{"healthcheck", "run", "hc"}) + hc.WaitWithDefaultTimeout() + Expect(hc.ExitCode()).To(Equal(125)) + }) + + It("podman disable healthcheck with --health-cmd=none on valid container", func() { + SkipIfRemote() + session := podmanTest.Podman([]string{"run", "-dt", "--health-cmd", "none", "--name", "hc", healthcheck}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + hc := podmanTest.Podman([]string{"healthcheck", "run", "hc"}) + hc.WaitWithDefaultTimeout() + Expect(hc.ExitCode()).To(Equal(125)) + }) + It("podman healthcheck on valid container", func() { Skip("Extremely consistent flake - re-enable on debugging") session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", healthcheck}) diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go index 80e6d4444..8b6b679a5 100644 --- a/test/e2e/images_test.go +++ b/test/e2e/images_test.go @@ -116,7 +116,8 @@ var _ = Describe("Podman images", func() { }) It("podman images in GO template format", func() { - session := podmanTest.Podman([]string{"images", "--format={{.ID}}"}) + formatStr := "{{.ID}}\t{{.Created}}\t{{.CreatedAt}}\t{{.CreatedSince}}\t{{.CreatedTime}}" + session := podmanTest.Podman([]string{"images", fmt.Sprintf("--format=%s", formatStr)}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) @@ -270,26 +271,36 @@ RUN apk update && apk add man Expect(result.ExitCode()).To(Equal(0)) }) - It("podman images sort by tag", func() { - session := podmanTest.Podman([]string{"images", "--sort", "tag", "--format={{.Tag}}"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) + It("podman images sort by values", func() { + sortValueTest := func(value string, result int, format string) []string { + f := fmt.Sprintf("{{.%s}}", format) + session := podmanTest.Podman([]string{"images", "--sort", value, "--format", f}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(result)) + + return session.OutputToStringArray() + } + + sortedArr := sortValueTest("created", 0, "CreatedAt") + Expect(sort.SliceIsSorted(sortedArr, func(i, j int) bool { return sortedArr[i] > sortedArr[j] })).To(BeTrue()) - sortedArr := session.OutputToStringArray() + sortedArr = sortValueTest("id", 0, "ID") Expect(sort.SliceIsSorted(sortedArr, func(i, j int) bool { return sortedArr[i] < sortedArr[j] })).To(BeTrue()) - }) - It("podman images sort by size", func() { - session := podmanTest.Podman([]string{"images", "--sort", "size", "--format={{.Size}}"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) + sortedArr = sortValueTest("repository", 0, "Repository") + Expect(sort.SliceIsSorted(sortedArr, func(i, j int) bool { return sortedArr[i] < sortedArr[j] })).To(BeTrue()) - sortedArr := session.OutputToStringArray() + sortedArr = sortValueTest("size", 0, "Size") Expect(sort.SliceIsSorted(sortedArr, func(i, j int) bool { size1, _ := units.FromHumanSize(sortedArr[i]) size2, _ := units.FromHumanSize(sortedArr[j]) return size1 < size2 })).To(BeTrue()) + sortedArr = sortValueTest("tag", 0, "Tag") + Expect(sort.SliceIsSorted(sortedArr, func(i, j int) bool { return sortedArr[i] < sortedArr[j] })).To(BeTrue()) + + sortValueTest("badvalue", 125, "Tag") + sortValueTest("id", 125, "badvalue") }) It("podman images --all flag", func() { diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 9d23384ea..ebac087ac 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -164,4 +164,17 @@ var _ = Describe("Podman inspect", func() { Expect(inspectDst.ExitCode()).To(Equal(0)) Expect(inspectDst.OutputToString()).To(Equal("/test1")) }) + + It("podman inspect shows healthcheck on docker image", func() { + pull := podmanTest.Podman([]string{"pull", healthcheck}) + pull.WaitWithDefaultTimeout() + Expect(pull.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"inspect", "--format=json", healthcheck}) + session.WaitWithDefaultTimeout() + imageData := session.InspectImageJSON() + Expect(imageData[0].HealthCheck.Timeout).To(BeNumerically("==", 3000000000)) + Expect(imageData[0].HealthCheck.Interval).To(BeNumerically("==", 60000000000)) + Expect(imageData[0].HealthCheck.Test).To(Equal([]string{"CMD-SHELL", "curl -f http://localhost/ || exit 1"})) + }) }) diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 43f08bf03..dc5e91c72 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -122,6 +122,8 @@ func populateCache(podman *PodmanTestIntegration) { for _, image := range CACHE_IMAGES { podman.RestoreArtifactToCache(image) } + // logformatter uses this to recognize the first test + fmt.Printf("-----------------------------\n") } func removeCache() { diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index 9ff358d26..9a2cee9e1 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -205,7 +205,7 @@ var _ = Describe("Podman load", func() { podmanTest.RestoreArtifact(fedoraMinimal) outfile := filepath.Join(podmanTest.TempDir, "load_test.tar.gz") - setup := podmanTest.PodmanNoCache([]string{"tag", "fedora-minimal", "hello"}) + setup := podmanTest.PodmanNoCache([]string{"tag", fedoraMinimal, "hello"}) setup.WaitWithDefaultTimeout() Expect(setup.ExitCode()).To(Equal(0)) diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index c3df10f5e..42698d270 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -19,14 +19,15 @@ import ( var _ = Describe("Podman login and logout", func() { var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - authPath string - certPath string - port int - server string - testImg string + tempdir string + err error + podmanTest *PodmanTestIntegration + authPath string + certPath string + port int + server string + testImg string + registriesConfWithSearch []byte ) BeforeEach(func() { @@ -64,6 +65,9 @@ var _ = Describe("Podman login and logout", func() { f.Sync() port = 4999 + config.GinkgoConfig.ParallelNode server = strings.Join([]string{"localhost", strconv.Itoa(port)}, ":") + + registriesConfWithSearch = []byte(fmt.Sprintf("[registries.search]\nregistries = ['%s']", server)) + testImg = strings.Join([]string{server, "test-apline"}, "/") os.MkdirAll(filepath.Join("/etc/containers/certs.d", server), os.ModePerm) @@ -95,6 +99,7 @@ var _ = Describe("Podman login and logout", func() { }) It("podman login and logout", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test", server}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -112,7 +117,40 @@ var _ = Describe("Podman login and logout", func() { Expect(session).To(ExitWithError()) }) + It("podman login and logout without registry parameter", func() { + SkipIfRootless() + + registriesConf, err := ioutil.TempFile("", "TestLoginWithoutParameter") + Expect(err).To(BeNil()) + defer registriesConf.Close() + defer os.Remove(registriesConf.Name()) + + err = ioutil.WriteFile(registriesConf.Name(), []byte(registriesConfWithSearch), os.ModePerm) + Expect(err).To(BeNil()) + + // Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not + // run in parallel unless they opt in by calling t.Parallel(). So don’t do that. + oldRCP, hasRCP := os.LookupEnv("REGISTRIES_CONFIG_PATH") + defer func() { + if hasRCP { + os.Setenv("REGISTRIES_CONFIG_PATH", oldRCP) + } else { + os.Unsetenv("REGISTRIES_CONFIG_PATH") + } + }() + os.Setenv("REGISTRIES_CONFIG_PATH", registriesConf.Name()) + + session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To((Equal(0))) + + session = podmanTest.Podman([]string{"logout"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman login and logout with flag --authfile", func() { + SkipIfRootless() authFile := filepath.Join(podmanTest.TempDir, "auth.json") session := podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", "--authfile", authFile, server}) session.WaitWithDefaultTimeout() @@ -145,6 +183,7 @@ var _ = Describe("Podman login and logout", func() { }) It("podman login and logout with --tls-verify", func() { + SkipIfRootless() session := podmanTest.Podman([]string{"login", "--username", "podmantest", "--password", "test", "--tls-verify=false", server}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -158,6 +197,7 @@ var _ = Describe("Podman login and logout", func() { Expect(session.ExitCode()).To(Equal(0)) }) It("podman login and logout with --cert-dir", func() { + SkipIfRootless() certDir := filepath.Join(podmanTest.TempDir, "certs") os.MkdirAll(certDir, os.ModePerm) @@ -177,6 +217,7 @@ var _ = Describe("Podman login and logout", func() { Expect(session.ExitCode()).To(Equal(0)) }) It("podman login and logout with multi registry", func() { + SkipIfRootless() os.MkdirAll("/etc/containers/certs.d/localhost:9001", os.ModePerm) cwd, _ := os.Getwd() diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index b83757cc0..7eccaa9ab 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -58,7 +58,7 @@ func genericPluginsToPortMap(plugins interface{}, pluginType string) (network.Po } func (p *PodmanTestIntegration) removeCNINetwork(name string) { - session := p.Podman([]string{"network", "rm", name}) + session := p.Podman([]string{"network", "rm", "-f", name}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(BeZero()) } diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index 9aed5351a..440d307b5 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -4,13 +4,15 @@ package integration import ( "fmt" + "io/ioutil" + "os" + "path/filepath" + "strings" + . "github.com/containers/libpod/test/utils" "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" - "io/ioutil" - "os" - "path/filepath" ) func writeConf(conf []byte, confPath string) { @@ -155,4 +157,76 @@ var _ = Describe("Podman network", func() { Expect(session.IsJSONOutputValid()).To(BeTrue()) }) + It("podman inspect container single CNI network", func() { + SkipIfRootless() + netName := "testNetSingleCNI" + network := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.50.0/24", netName}) + network.WaitWithDefaultTimeout() + Expect(network.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) + + ctrName := "testCtr" + container := podmanTest.Podman([]string{"run", "-dt", "--network", netName, "--name", ctrName, ALPINE, "top"}) + container.WaitWithDefaultTimeout() + Expect(container.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", ctrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(BeZero()) + conData := inspect.InspectContainerToJSON() + Expect(len(conData)).To(Equal(1)) + Expect(len(conData[0].NetworkSettings.Networks)).To(Equal(1)) + net, ok := conData[0].NetworkSettings.Networks[netName] + Expect(ok).To(BeTrue()) + Expect(net.NetworkID).To(Equal(netName)) + Expect(net.IPPrefixLen).To(Equal(24)) + Expect(strings.HasPrefix(net.IPAddress, "10.50.50.")).To(BeTrue()) + + // Necessary to ensure the CNI network is removed cleanly + rmAll := podmanTest.Podman([]string{"rm", "-f", ctrName}) + rmAll.WaitWithDefaultTimeout() + Expect(rmAll.ExitCode()).To(BeZero()) + }) + + It("podman inspect container two CNI networks", func() { + SkipIfRootless() + netName1 := "testNetTwoCNI1" + network1 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.0/25", netName1}) + network1.WaitWithDefaultTimeout() + Expect(network1.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName1) + + netName2 := "testNetTwoCNI2" + network2 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.128/26", netName2}) + network2.WaitWithDefaultTimeout() + Expect(network2.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName2) + + ctrName := "testCtr" + container := podmanTest.Podman([]string{"run", "-dt", "--network", fmt.Sprintf("%s,%s", netName1, netName2), "--name", ctrName, ALPINE, "top"}) + container.WaitWithDefaultTimeout() + Expect(container.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", ctrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(BeZero()) + conData := inspect.InspectContainerToJSON() + Expect(len(conData)).To(Equal(1)) + Expect(len(conData[0].NetworkSettings.Networks)).To(Equal(2)) + net1, ok := conData[0].NetworkSettings.Networks[netName1] + Expect(ok).To(BeTrue()) + Expect(net1.NetworkID).To(Equal(netName1)) + Expect(net1.IPPrefixLen).To(Equal(25)) + Expect(strings.HasPrefix(net1.IPAddress, "10.50.51.")).To(BeTrue()) + net2, ok := conData[0].NetworkSettings.Networks[netName2] + Expect(ok).To(BeTrue()) + Expect(net2.NetworkID).To(Equal(netName2)) + Expect(net2.IPPrefixLen).To(Equal(26)) + Expect(strings.HasPrefix(net2.IPAddress, "10.50.51.")).To(BeTrue()) + + // Necessary to ensure the CNI network is removed cleanly + rmAll := podmanTest.Podman([]string{"rm", "-f", ctrName}) + rmAll.WaitWithDefaultTimeout() + Expect(rmAll.ExitCode()).To(BeZero()) + }) }) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 89a5eddf4..9daf266b8 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -4,6 +4,7 @@ package integration import ( "fmt" + "io/ioutil" "os" "path/filepath" "text/template" @@ -47,6 +48,7 @@ spec: value: podman image: {{ .Image }} name: {{ .Name }} + imagePullPolicy: {{ .PullPolicy }} resources: {} {{ if .SecurityContext }} securityContext: @@ -153,12 +155,13 @@ type Ctr struct { Caps bool CapAdd []string CapDrop []string + PullPolicy string } // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults // and the configured options func getCtr(options ...ctrOption) *Ctr { - c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, true, false, nil, nil} + c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, true, false, nil, nil, ""} for _, option := range options { option(&c) } @@ -199,6 +202,12 @@ func withCapDrop(caps []string) ctrOption { } } +func withPullPolicy(policy string) ctrOption { + return func(c *Ctr) { + c.PullPolicy = policy + } +} + var _ = Describe("Podman generate kube", func() { var ( tempdir string @@ -396,4 +405,128 @@ var _ = Describe("Podman generate kube", func() { Expect(logs.ExitCode()).To(Equal(0)) Expect(logs.OutputToString()).To(ContainSubstring("Operation not permitted")) }) + + It("podman play kube with pull policy of never should be 125", func() { + ctr := getCtr(withPullPolicy("never"), withImage(BB_GLIBC)) + err := generateKubeYaml(getPod(withCtr(ctr)), kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(125)) + }) + + It("podman play kube with pull policy of missing", func() { + ctr := getCtr(withPullPolicy("missing"), withImage(BB)) + err := generateKubeYaml(getPod(withCtr(ctr)), kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + }) + + It("podman play kube with pull always", func() { + oldBB := "docker.io/library/busybox:1.30.1" + pull := podmanTest.Podman([]string{"pull", oldBB}) + pull.WaitWithDefaultTimeout() + + tag := podmanTest.Podman([]string{"tag", oldBB, BB}) + tag.WaitWithDefaultTimeout() + Expect(tag.ExitCode()).To(BeZero()) + + rmi := podmanTest.Podman([]string{"rmi", oldBB}) + rmi.WaitWithDefaultTimeout() + Expect(rmi.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", BB}) + inspect.WaitWithDefaultTimeout() + oldBBinspect := inspect.InspectImageJSON() + + ctr := getCtr(withPullPolicy("always"), withImage(BB)) + err := generateKubeYaml(getPod(withCtr(ctr)), kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect = podmanTest.Podman([]string{"inspect", BB}) + inspect.WaitWithDefaultTimeout() + newBBinspect := inspect.InspectImageJSON() + Expect(oldBBinspect[0].Digest).To(Not(Equal(newBBinspect[0].Digest))) + }) + + It("podman play kube with latest image should always pull", func() { + oldBB := "docker.io/library/busybox:1.30.1" + pull := podmanTest.Podman([]string{"pull", oldBB}) + pull.WaitWithDefaultTimeout() + + tag := podmanTest.Podman([]string{"tag", oldBB, BB}) + tag.WaitWithDefaultTimeout() + Expect(tag.ExitCode()).To(BeZero()) + + rmi := podmanTest.Podman([]string{"rmi", oldBB}) + rmi.WaitWithDefaultTimeout() + Expect(rmi.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", BB}) + inspect.WaitWithDefaultTimeout() + oldBBinspect := inspect.InspectImageJSON() + + ctr := getCtr(withImage(BB)) + err := generateKubeYaml(getPod(withCtr(ctr)), kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect = podmanTest.Podman([]string{"inspect", BB}) + inspect.WaitWithDefaultTimeout() + newBBinspect := inspect.InspectImageJSON() + Expect(oldBBinspect[0].Digest).To(Not(Equal(newBBinspect[0].Digest))) + }) + + It("podman play kube with image data", func() { + testyaml := ` +apiVersion: v1 +kind: Pod +metadata: + name: demo_pod +spec: + containers: + - image: demo + name: demo_kube +` + pull := podmanTest.Podman([]string{"create", "--workdir", "/etc", "--name", "newBB", "--label", "key1=value1", "alpine"}) + + pull.WaitWithDefaultTimeout() + Expect(pull.ExitCode()).To(BeZero()) + + c := podmanTest.Podman([]string{"commit", "-c", "STOPSIGNAL=51", "newBB", "demo"}) + c.WaitWithDefaultTimeout() + Expect(c.ExitCode()).To(Equal(0)) + + conffile := filepath.Join(podmanTest.TempDir, "kube.yaml") + tempdir, err = CreateTempDirInTempDir() + Expect(err).To(BeNil()) + + err := ioutil.WriteFile(conffile, []byte(testyaml), 0755) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", conffile}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", "demo_kube"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + Expect(ctr[0].Config.WorkingDir).To(ContainSubstring("/etc")) + Expect(ctr[0].Config.Labels["key1"]).To(ContainSubstring("value1")) + Expect(ctr[0].Config.Labels["key1"]).To(ContainSubstring("value1")) + Expect(ctr[0].Config.StopSignal).To(Equal(uint(51))) + }) }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 2efa36141..e0a10c202 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -1,7 +1,9 @@ package integration import ( + "fmt" "os" + "strings" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -117,4 +119,167 @@ var _ = Describe("Podman pod create", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) }) + + It("podman create pod with --no-hosts", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + alpineResolvConf := podmanTest.Podman([]string{"run", "-ti", "--rm", "--no-hosts", ALPINE, "cat", "/etc/hosts"}) + alpineResolvConf.WaitWithDefaultTimeout() + Expect(alpineResolvConf.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(podResolvConf.OutputToString()).To(Equal(alpineResolvConf.OutputToString())) + }) + + It("podman create pod with --no-hosts and no infra should fail", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with --add-host", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), "12.34.56.78 test.example.com")).To(BeTrue()) + }) + + It("podman create pod with --add-host and no infra should fail", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS server set", func() { + SkipIfRemote() + name := "test" + server := "12.34.56.78" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("nameserver %s", server))).To(BeTrue()) + }) + + It("podman create pod with DNS server set and no infra should fail", func() { + SkipIfRemote() + name := "test" + server := "12.34.56.78" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS option set", func() { + SkipIfRemote() + name := "test" + option := "attempts:5" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("options %s", option))).To(BeTrue()) + }) + + It("podman create pod with DNS option set and no infra should fail", func() { + SkipIfRemote() + name := "test" + option := "attempts:5" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS search domain set", func() { + SkipIfRemote() + name := "test" + search := "example.com" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("search %s", search))).To(BeTrue()) + }) + + It("podman create pod with DNS search domain set and no infra should fail", func() { + SkipIfRemote() + name := "test" + search := "example.com" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with IP address", func() { + SkipIfRemote() + SkipIfRootless() + name := "test" + ip := GetRandomIPAddress() + podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue()) + }) + + It("podman create pod with IP address and no infra should fail", func() { + SkipIfRemote() + name := "test" + ip := GetRandomIPAddress() + podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with MAC address", func() { + SkipIfRemote() + SkipIfRootless() + name := "test" + mac := "92:d0:c6:0a:29:35" + podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue()) + }) + + It("podman create pod with MAC address and no infra should fail", func() { + SkipIfRemote() + name := "test" + mac := "92:d0:c6:0a:29:35" + podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) }) diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go index aa07be55c..551ad3818 100644 --- a/test/e2e/pod_ps_test.go +++ b/test/e2e/pod_ps_test.go @@ -204,4 +204,27 @@ var _ = Describe("Podman ps", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(BeEmpty()) }) + + It("podman pod ps filter labels", func() { + _, ec, podid1 := podmanTest.CreatePod("") + Expect(ec).To(Equal(0)) + + _, ec, podid2 := podmanTest.CreatePodWithLabels("", map[string]string{ + "io.podman.test.label": "value1", + "io.podman.test.key": "irrelevant-value", + }) + Expect(ec).To(Equal(0)) + + _, ec, podid3 := podmanTest.CreatePodWithLabels("", map[string]string{ + "io.podman.test.label": "value2", + }) + Expect(ec).To(Equal(0)) + + session := podmanTest.Podman([]string{"pod", "ps", "--no-trunc", "--filter", "label=io.podman.test.key", "--filter", "label=io.podman.test.label=value1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring(podid1))) + Expect(session.OutputToString()).To(ContainSubstring(podid2)) + Expect(session.OutputToString()).To(Not(ContainSubstring(podid3))) + }) }) diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index c9b01ad4a..672b0e103 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -59,6 +59,34 @@ var _ = Describe("Podman prune", func() { Expect(podmanTest.NumberOfContainers()).To(Equal(1)) }) + It("podman container prune after create containers", func() { + create := podmanTest.Podman([]string{"create", "--name", "test", BB}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + prune := podmanTest.Podman([]string{"container", "prune", "-f"}) + prune.WaitWithDefaultTimeout() + Expect(prune.ExitCode()).To(Equal(0)) + + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + }) + + It("podman container prune after create & init containers", func() { + create := podmanTest.Podman([]string{"create", "--name", "test", BB}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + init := podmanTest.Podman([]string{"init", "test"}) + init.WaitWithDefaultTimeout() + Expect(init.ExitCode()).To(Equal(0)) + + prune := podmanTest.Podman([]string{"container", "prune", "-f"}) + prune.WaitWithDefaultTimeout() + Expect(prune.ExitCode()).To(Equal(0)) + + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + }) + It("podman image prune none images", func() { SkipIfRemote() podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true") diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 12bfdfe41..adbb9c16c 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -170,10 +170,11 @@ var _ = Describe("Podman ps", func() { _, ec, _ := podmanTest.RunLsContainer("test1") Expect(ec).To(Equal(0)) - result := podmanTest.Podman([]string{"ps", "-a", "--format", "table {{.ID}} {{.Image}} {{.Labels}}"}) + result := podmanTest.Podman([]string{"ps", "-a", "--format", "table {{.ID}} {{.Image}} {{.ImageID}} {{.Labels}}"}) result.WaitWithDefaultTimeout() Expect(strings.Contains(result.OutputToStringArray()[0], "table")).To(BeFalse()) Expect(strings.Contains(result.OutputToStringArray()[0], "ID")).To(BeTrue()) + Expect(strings.Contains(result.OutputToStringArray()[0], "ImageID")).To(BeTrue()) Expect(strings.Contains(result.OutputToStringArray()[1], "alpine:latest")).To(BeTrue()) Expect(result.ExitCode()).To(Equal(0)) }) @@ -227,6 +228,35 @@ var _ = Describe("Podman ps", func() { Expect(output[0]).To(Equal(fullCid)) }) + It("podman ps filter by exited does not need all", func() { + ctr := podmanTest.Podman([]string{"run", "-t", "-i", ALPINE, "ls", "/"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(Equal(0)) + + psAll := podmanTest.Podman([]string{"ps", "-aq", "--no-trunc"}) + psAll.WaitWithDefaultTimeout() + Expect(psAll.ExitCode()).To(Equal(0)) + + psFilter := podmanTest.Podman([]string{"ps", "--no-trunc", "--quiet", "--filter", "status=exited"}) + psFilter.WaitWithDefaultTimeout() + Expect(psFilter.ExitCode()).To(Equal(0)) + + Expect(psAll.OutputToString()).To(Equal(psFilter.OutputToString())) + }) + + It("podman filter without status does not find non-running", func() { + ctrName := "aContainerName" + ctr := podmanTest.Podman([]string{"create", "--name", ctrName, "-t", "-i", ALPINE, "ls", "/"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(Equal(0)) + + psFilter := podmanTest.Podman([]string{"ps", "--no-trunc", "--quiet", "--format", "{{.Names}}", "--filter", fmt.Sprintf("name=%s", ctrName)}) + psFilter.WaitWithDefaultTimeout() + Expect(psFilter.ExitCode()).To(Equal(0)) + + Expect(strings.Contains(psFilter.OutputToString(), ctrName)).To(BeFalse()) + }) + It("podman ps mutually exclusive flags", func() { session := podmanTest.Podman([]string{"ps", "-aqs"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go index a45735a8a..d60f2a8cd 100644 --- a/test/e2e/run_memory_test.go +++ b/test/e2e/run_memory_test.go @@ -70,7 +70,11 @@ var _ = Describe("Podman run memory", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("41943040")) + if cgroupsv2 { + Expect(session.OutputToString()).To(Equal("max")) + } else { + Expect(session.OutputToString()).To(Equal("41943040")) + } }) It("podman run memory-swappiness test", func() { diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 5e587b198..5be9db810 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -146,6 +146,17 @@ var _ = Describe("Podman run networking", func() { Expect(match).Should(BeTrue()) }) + It("podman run --net container: and --uts container:", func() { + ctrName := "ctrToJoin" + ctr1 := podmanTest.RunTopContainer(ctrName) + ctr1.WaitWithDefaultTimeout() + Expect(ctr1.ExitCode()).To(Equal(0)) + + ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--uts=container:" + ctrName, ALPINE, "true"}) + ctr2.WaitWithDefaultTimeout() + Expect(ctr2.ExitCode()).To(Equal(0)) + }) + It("podman run --net container: copies hosts and resolv", func() { SkipIfRootless() ctrName := "ctr1" diff --git a/test/e2e/run_security_labels.go b/test/e2e/run_security_labels.go new file mode 100644 index 000000000..a04bdc739 --- /dev/null +++ b/test/e2e/run_security_labels.go @@ -0,0 +1,152 @@ +// +build !remoteclient + +package integration + +import ( + "os" + "strings" + + . "github.com/containers/libpod/test/utils" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman generate kube", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + + }) + + AfterEach(func() { + podmanTest.Cleanup() + f := CurrentGinkgoTestDescription() + processTestResult(f) + }) + + It("podman security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SETUID,CAP_SETGID")) + }) + + It("podman bad security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Not(Equal("CAP_SYS_ADMIN"))) + }) + + It("podman --cap-add sys_admin security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--cap-add", "SYS_ADMIN", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SYS_ADMIN")) + }) + + It("podman --cap-drop all sys_admin security labels", func() { + test1 := podmanTest.Podman([]string{"create", "--cap-drop", "all", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("")) + }) + + It("podman security labels from image", func() { + test1 := podmanTest.Podman([]string{"create", "--name", "test1", "alpine", "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,net_raw", "test1", "image1"}) + commit.WaitWithDefaultTimeout() + Expect(commit.ExitCode()).To(BeZero()) + + image1 := podmanTest.Podman([]string{"create", "--name", "test2", "image1", "echo", "test1"}) + image1.WaitWithDefaultTimeout() + Expect(image1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test2"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_NET_RAW")) + + }) + + It("podman --privileged security labels", func() { + pull := podmanTest.Podman([]string{"create", "--privileged", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test"}) + pull.WaitWithDefaultTimeout() + Expect(pull.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Not(Equal("CAP_SETUID,CAP_SETGID"))) + }) + + It("podman container runlabel (podman --version)", func() { + PodmanDockerfile := ` +FROM alpine:latest +LABEL io.containers.capabilities=chown,mknod` + + image := "podman-caps:podman" + podmanTest.BuildImage(PodmanDockerfile, image, "false") + + test1 := podmanTest.Podman([]string{"create", "--name", "test1", image, "echo", "test1"}) + test1.WaitWithDefaultTimeout() + Expect(test1.ExitCode()).To(BeZero()) + + inspect := podmanTest.Podman([]string{"inspect", "test1"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + ctr := inspect.InspectContainerToJSON() + caps := strings.Join(ctr[0].EffectiveCaps, ",") + Expect(caps).To(Equal("CAP_CHOWN,CAP_MKNOD")) + }) + +}) diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go index 5b4842fea..5ad8f9fb0 100644 --- a/test/e2e/run_staticip_test.go +++ b/test/e2e/run_staticip_test.go @@ -3,7 +3,10 @@ package integration import ( + "fmt" + "net/http" "os" + "time" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -65,9 +68,20 @@ var _ = Describe("Podman run with --ip flag", func() { It("Podman run two containers with the same IP", func() { ip := GetRandomIPAddress() - result := podmanTest.Podman([]string{"run", "-d", "--ip", ip, ALPINE, "sleep", "999"}) + result := podmanTest.Podman([]string{"run", "-dt", "--ip", ip, nginx}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) + for i := 0; i < 10; i++ { + fmt.Println("Waiting for nginx", err) + time.Sleep(1 * time.Second) + response, err := http.Get(fmt.Sprintf("http://%s", ip)) + if err != nil { + continue + } + if response.StatusCode == http.StatusOK { + break + } + } result = podmanTest.Podman([]string{"run", "-ti", "--ip", ip, ALPINE, "ip", "addr"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 72547ea00..9b6de6f65 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -374,7 +374,9 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("1048576")) + if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + Expect(session.OutputToString()).To(ContainSubstring("1048576")) + } }) It("podman run device-write-bps test", func() { @@ -392,7 +394,9 @@ var _ = Describe("Podman run", func() { } session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("1048576")) + if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + Expect(session.OutputToString()).To(ContainSubstring("1048576")) + } }) It("podman run device-read-iops test", func() { @@ -411,7 +415,9 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("100")) + if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + Expect(session.OutputToString()).To(ContainSubstring("100")) + } }) It("podman run device-write-iops test", func() { @@ -430,7 +436,9 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("100")) + if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + Expect(session.OutputToString()).To(ContainSubstring("100")) + } }) It("podman run notify_socket", func() { @@ -999,4 +1007,16 @@ USER mail` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) + + It("podman run --device-cgroup-rule", func() { + SkipIfRemote() + SkipIfRootless() + deviceCgroupRule := "c 42:* rwm" + session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + session = podmanTest.Podman([]string{"exec", "test", "mknod", "newDev", "c", "42", "1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) }) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 0c2389e40..e31338dbc 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -15,6 +15,10 @@ import ( "github.com/onsi/gomega/gexec" ) +var VolumeTrailingSlashDockerfile = ` +FROM alpine:latest +VOLUME /test/` + var _ = Describe("Podman run with volumes", func() { var ( tempdir string @@ -397,4 +401,44 @@ var _ = Describe("Podman run with volumes", func() { volMount.WaitWithDefaultTimeout() Expect(volMount.ExitCode()).To(Not(Equal(0))) }) + + It("Podman fix for CVE-2020-1726", func() { + volName := "testVol" + volCreate := podmanTest.Podman([]string{"volume", "create", volName}) + volCreate.WaitWithDefaultTimeout() + Expect(volCreate.ExitCode()).To(Equal(0)) + + volPath := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{.Mountpoint}}", volName}) + volPath.WaitWithDefaultTimeout() + Expect(volPath.ExitCode()).To(Equal(0)) + path := volPath.OutputToString() + + fileName := "thisIsATestFile" + file, err := os.Create(filepath.Join(path, fileName)) + Expect(err).To(BeNil()) + defer file.Close() + + runLs := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "-v", fmt.Sprintf("%v:/etc/ssl", volName), ALPINE, "ls", "-1", "/etc/ssl"}) + runLs.WaitWithDefaultTimeout() + Expect(runLs.ExitCode()).To(Equal(0)) + outputArr := runLs.OutputToStringArray() + Expect(len(outputArr)).To(Equal(1)) + Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue()) + }) + + It("Podman mount over image volume with trailing /", func() { + image := "podman-volume-test:trailing" + podmanTest.BuildImage(VolumeTrailingSlashDockerfile, image, "false") + + ctrName := "testCtr" + create := podmanTest.Podman([]string{"create", "-v", "/tmp:/test", "--name", ctrName, image, "ls"}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + data := podmanTest.InspectContainer(ctrName) + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].Mounts)).To(Equal(1)) + Expect(data[0].Mounts[0].Source).To(Equal("/tmp")) + Expect(data[0].Mounts[0].Destination).To(Equal("/test")) + }) }) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index d88231510..9ba0241fe 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -164,13 +164,6 @@ registries = ['{{.Host}}:{{.Port}}']` } }) - It("podman search v2 registry with empty query", func() { - search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"}) - search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) - Expect(len(search.OutputToStringArray())).To(BeNumerically(">=", 1)) - }) - It("podman search attempts HTTP if tls-verify flag is set false", func() { if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") @@ -225,6 +218,14 @@ registries = ['{{.Host}}:{{.Port}}']` Expect(search.ExitCode()).To(Equal(0)) Expect(search.OutputToString()).ShouldNot(BeEmpty()) + + // podman search v2 registry with empty query + searchEmpty := podmanTest.PodmanNoCache([]string{"search", fmt.Sprintf("%s/", registryEndpoints[3].Address()), "--tls-verify=false"}) + searchEmpty.WaitWithDefaultTimeout() + Expect(searchEmpty.ExitCode()).To(BeZero()) + Expect(len(searchEmpty.OutputToStringArray())).To(BeNumerically(">=", 1)) + match, _ := search.GrepString("my-alpine") + Expect(match).Should(BeTrue()) }) It("podman search attempts HTTP if registry is in registries.insecure and force secure is false", func() { diff --git a/test/e2e/volume_prune_test.go b/test/e2e/volume_prune_test.go index ba249278b..3049646b0 100644 --- a/test/e2e/volume_prune_test.go +++ b/test/e2e/volume_prune_test.go @@ -89,7 +89,7 @@ var _ = Describe("Podman volume prune", func() { session = podmanTest.Podman([]string{"volume", "ls"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(len(session.OutputToStringArray())).To(Equal(2)) + Expect(len(session.OutputToStringArray())).To(Equal(0)) podmanTest.Cleanup() }) |