diff options
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/play_kube_test.go | 44 | ||||
| -rw-r--r-- | test/e2e/run_networking_test.go | 10 | ||||
| -rw-r--r-- | test/e2e/run_passwd_test.go | 54 |
3 files changed, 99 insertions, 9 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 121cea017..5e01971cb 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -99,6 +99,12 @@ spec: hostPort: {{ .Port }} protocol: TCP workingDir: / + volumeMounts: + {{ if .VolumeMount }} + - name: {{.VolumeName}} + mountPath: {{ .VolumeMountPath }} + readonly: {{.VolumeReadOnly}} + {{ end }} {{ end }} {{ end }} {{ end }} @@ -383,12 +389,16 @@ type Ctr struct { PullPolicy string HostIP string Port string + VolumeMount bool + VolumeMountPath string + VolumeName string + VolumeReadOnly bool } // getCtr takes a list of ctrOptions and returns a Ctr with sane defaults // and the configured options func getCtr(options ...ctrOption) *Ctr { - c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", ""} + c := Ctr{defaultCtrName, defaultCtrImage, defaultCtrCmd, defaultCtrArg, true, false, nil, nil, "", "", "", false, "", "", false} for _, option := range options { option(&c) } @@ -448,6 +458,15 @@ func withHostIP(ip string, port string) ctrOption { } } +func withVolumeMount(mountPath string, readonly bool) ctrOption { + return func(c *Ctr) { + c.VolumeMountPath = mountPath + c.VolumeName = defaultVolName + c.VolumeReadOnly = readonly + c.VolumeMount = true + } +} + func getCtrNameInPod(pod *Pod) string { return fmt.Sprintf("%s-%s", pod.Name, defaultCtrName) } @@ -1035,4 +1054,27 @@ spec: kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).NotTo(Equal(0)) }) + + It("podman play kube test with read only volume", func() { + hostPathLocation := filepath.Join(tempdir, "file") + f, err := os.Create(hostPathLocation) + Expect(err).To(BeNil()) + f.Close() + + ctr := getCtr(withVolumeMount(hostPathLocation, true), withImage(BB)) + pod := getPod(withVolume(getVolume("File", hostPathLocation)), withCtr(ctr)) + err = generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{.HostConfig.Binds}}'"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + + correct := fmt.Sprintf("%s:%s:%s", hostPathLocation, hostPathLocation, "ro") + Expect(inspect.OutputToString()).To(ContainSubstring(correct)) + }) }) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index a48f7c83e..c20bfe631 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -535,15 +535,12 @@ var _ = Describe("Podman run networking", func() { create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.30.0/24", netName}) create.WaitWithDefaultTimeout() Expect(create.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) run := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"}) run.WaitWithDefaultTimeout() Expect(run.ExitCode()).To(BeZero()) Expect(run.OutputToString()).To(ContainSubstring(ipAddr)) - - netrm := podmanTest.Podman([]string{"network", "rm", netName}) - netrm.WaitWithDefaultTimeout() - Expect(netrm.ExitCode()).To(BeZero()) }) It("podman run with new:pod and static-ip", func() { @@ -555,6 +552,7 @@ var _ = Describe("Podman run networking", func() { create := podmanTest.Podman([]string{"network", "create", "--subnet", "10.25.40.0/24", netName}) create.WaitWithDefaultTimeout() Expect(create.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) run := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "--pod", "new:" + podname, "--net", netName, "--ip", ipAddr, ALPINE, "ip", "addr"}) run.WaitWithDefaultTimeout() @@ -564,9 +562,5 @@ var _ = Describe("Podman run networking", func() { podrm := podmanTest.Podman([]string{"pod", "rm", "-f", podname}) podrm.WaitWithDefaultTimeout() Expect(podrm.ExitCode()).To(BeZero()) - - netrm := podmanTest.Podman([]string{"network", "rm", netName}) - netrm.WaitWithDefaultTimeout() - Expect(netrm.ExitCode()).To(BeZero()) }) }) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index c48876dee..dfb8c72a1 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -71,4 +71,58 @@ USER 1000` Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) }) + + It("podman run with no user specified does not change --group specified", func() { + session := podmanTest.Podman([]string{"run", "--read-only", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) + }) + + It("podman run group specified in container", func() { + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:bin", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) + }) + + It("podman run non-numeric group not specified in container", func() { + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:doesnotexist", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + + It("podman run numeric group specified in container", func() { + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "root:11", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOutputContains("/etc/group")).To(BeFalse()) + }) + + It("podman run numeric group not specified in container", func() { + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001:20001", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOutputContains("/etc/group")).To(BeTrue()) + }) + + It("podman run numeric user not specified in container modifies group", func() { + session := podmanTest.Podman([]string{"run", "--read-only", "-u", "20001", BB, "mount"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.LineInOutputContains("/etc/group")).To(BeTrue()) + }) + + It("podman run numeric group from image and no group file", func() { + SkipIfRemote() + dockerfile := `FROM alpine +RUN rm -f /etc/passwd /etc/shadow /etc/group +USER 1000` + imgName := "testimg" + podmanTest.BuildImage(dockerfile, imgName, "false") + session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring("/etc/group"))) + }) }) |