diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/apparmor.bats | 164 | ||||
-rw-r--r-- | test/cgroups.bats | 40 | ||||
-rw-r--r-- | test/command.bats | 12 | ||||
-rw-r--r-- | test/ctr.bats | 873 | ||||
-rw-r--r-- | test/default_mounts.bats | 69 | ||||
-rw-r--r-- | test/helpers.bash | 143 | ||||
-rw-r--r-- | test/hooks.bats | 38 | ||||
-rw-r--r-- | test/image.bats | 250 | ||||
-rw-r--r-- | test/image_remove.bats | 74 | ||||
-rw-r--r-- | test/image_volume.bats | 68 | ||||
-rw-r--r-- | test/inspect.bats | 72 | ||||
-rw-r--r-- | test/kpod_export.bats | 1 | ||||
-rw-r--r-- | test/kpod_kill.bats | 4 | ||||
-rw-r--r-- | test/kpod_logs.bats | 3 | ||||
-rw-r--r-- | test/kpod_mount.bats | 1 | ||||
-rw-r--r-- | test/kpod_pause.bats | 5 | ||||
-rw-r--r-- | test/kpod_ps.bats | 14 | ||||
-rw-r--r-- | test/kpod_rename.bats | 1 | ||||
-rw-r--r-- | test/kpod_rm.bats | 4 | ||||
-rw-r--r-- | test/kpod_stats.bats | 5 | ||||
-rw-r--r-- | test/kpod_stop.bats | 2 | ||||
-rw-r--r-- | test/kpod_wait.bats | 3 | ||||
-rw-r--r-- | test/network.bats | 186 | ||||
-rw-r--r-- | test/pod.bats | 365 | ||||
-rw-r--r-- | test/restore.bats | 267 | ||||
-rw-r--r-- | test/runtimeversion.bats | 15 | ||||
-rw-r--r-- | test/seccomp.bats | 368 | ||||
-rw-r--r-- | test/selinux.bats | 26 |
28 files changed, 43 insertions, 3030 deletions
diff --git a/test/apparmor.bats b/test/apparmor.bats deleted file mode 100644 index e5c89bf0a..000000000 --- a/test/apparmor.bats +++ /dev/null @@ -1,164 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -# 1. test running with loading the default apparmor profile. -# test that we can run with the default apparmor profile which will not block touching a file in `.` -@test "load default apparmor profile and run a container with it" { - # this test requires apparmor, so skip this test if apparmor is not enabled. - enabled=$(is_apparmor_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since apparmor is not enabled." - fi - - start_crio - - sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname1": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor1.json - - run crioctl pod run --name apparmor1 --config "$TESTDIR"/apparmor1.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname1 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" touch test.txt - echo "$output" - [ "$status" -eq 0 ] - - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 2. test running with loading a specific apparmor profile as crio default apparmor profile. -# test that we can run with a specific apparmor profile which will block touching a file in `.` as crio default apparmor profile. -@test "load a specific apparmor profile as default apparmor and run a container with it" { - # this test requires apparmor, so skip this test if apparmor is not enabled. - enabled=$(is_apparmor_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since apparmor is not enabled." - fi - - load_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH" - start_crio "" "$APPARMOR_TEST_PROFILE_NAME" - - sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname2": "apparmor-test-deny-write"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor2.json - - run crioctl pod run --name apparmor2 --config "$TESTDIR"/apparmor2.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname2 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" touch test.txt - echo "$output" - [ "$status" -ne 0 ] - [[ "$output" =~ "Permission denied" ]] - - cleanup_ctrs - cleanup_pods - stop_crio - remove_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH" -} - -# 3. test running with loading a specific apparmor profile but not as crio default apparmor profile. -# test that we can run with a specific apparmor profile which will block touching a file in `.` -@test "load default apparmor profile and run a container with another apparmor profile" { - # this test requires apparmor, so skip this test if apparmor is not enabled. - enabled=$(is_apparmor_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since apparmor is not enabled." - fi - - load_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH" - start_crio - - sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname3": "apparmor-test-deny-write"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor3.json - - run crioctl pod run --name apparmor3 --config "$TESTDIR"/apparmor3.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname3 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" touch test.txt - echo "$output" - [ "$status" -ne 0 ] - [[ "$output" =~ "Permission denied" ]] - - cleanup_ctrs - cleanup_pods - stop_crio - remove_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH" -} - -# 4. test running with wrong apparmor profile name. -# test that we can will fail when running a ctr with rong apparmor profile name. -@test "run a container with wrong apparmor profile name" { - # this test requires apparmor, so skip this test if apparmor is not enabled. - enabled=$(is_apparmor_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since apparmor is not enabled." - fi - - start_crio - - sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname4": "not-exists"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor4.json - - run crioctl pod run --name apparmor4 --config "$TESTDIR"/apparmor4.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname4 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -ne 0 ] - [[ "$output" =~ "Creating container failed" ]] - - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 5. test running with default apparmor profile unloaded. -# test that we can will fail when running a ctr with rong apparmor profile name. -@test "run a container after unloading default apparmor profile" { - # this test requires apparmor, so skip this test if apparmor is not enabled. - enabled=$(is_apparmor_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since apparmor is not enabled." - fi - - start_crio - remove_apparmor_profile "$FAKE_CRIO_DEFAULT_PROFILE_PATH" - - sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname5": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor5.json - - run crioctl pod run --name apparmor5 --config "$TESTDIR"/apparmor5.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname5 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" touch test.txt - echo "$output" - [ "$status" -eq 0 ] - - - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/cgroups.bats b/test/cgroups.bats deleted file mode 100644 index cbe27be41..000000000 --- a/test/cgroups.bats +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "pids limit" { - if ! grep pids /proc/self/cgroup; then - skip "pids cgroup controller is not mounted" - fi - PIDS_LIMIT=1234 start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - pids_limit_config=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin); obj["command"] = ["/bin/sleep", "600"]; json.dump(obj, sys.stdout)') - echo "$pids_limit_config" > "$TESTDIR"/container_pids_limit.json - run crioctl ctr create --config "$TESTDIR"/container_pids_limit.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" cat /sys/fs/cgroup/pids/pids.max - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "1234" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/command.bats b/test/command.bats deleted file mode 100644 index 86e58f9db..000000000 --- a/test/command.bats +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -@test "crio commands" { - run ${CRIO_BINARY} --config /dev/null config > /dev/null - echo "$output" - [ "$status" -eq 0 ] - run ${CRIO_BINARY} badoption > /dev/null - echo "$output" - [ "$status" -ne 0 ] -} diff --git a/test/ctr.bats b/test/ctr.bats deleted file mode 100644 index 90f42b687..000000000 --- a/test/ctr.bats +++ /dev/null @@ -1,873 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "ctr not found correct error message" { - start_crio - run crioctl ctr status --id randomid - echo "$output" - [ "$status" -eq 1 ] - [[ "$output" =~ "container with ID starting with randomid not found" ]] - - stop_crio -} - -@test "ctr termination reason Completed" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Reason: Completed" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr termination reason Error" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - errorconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["command"] = ["false"]; json.dump(obj, sys.stdout)') - echo "$errorconfig" > "$TESTDIR"/container_config_error.json - run crioctl ctr create --config "$TESTDIR"/container_config_error.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Reason: Error" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr remove" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr lifecycle" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr logging" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - - # Create a new container. - newconfig=$(mktemp --tmpdir crio-config.XXXXXX.json) - cp "$TESTDATA"/container_config_logging.json "$newconfig" - sed -i 's|"%shellcommand%"|"echo here is some output \&\& echo and some from stderr >\&2"|' "$newconfig" - run crioctl ctr create --config "$newconfig" --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - # Ignore errors on stop. - run crioctl ctr status --id "$ctr_id" - [ "$status" -eq 0 ] - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - # Check that the output is what we expect. - logpath="$DEFAULT_LOG_PATH/$pod_id/$ctr_id.log" - [ -f "$logpath" ] - echo "$logpath :: $(cat "$logpath")" - grep -E "^[^\n]+ stdout here is some output$" "$logpath" - grep -E "^[^\n]+ stderr and some from stderr$" "$logpath" - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr logging [tty=true]" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - - # Create a new container. - newconfig=$(mktemp --tmpdir crio-config.XXXXXX.json) - cp "$TESTDATA"/container_config_logging.json "$newconfig" - sed -i 's|"%shellcommand%"|"echo here is some output"|' "$newconfig" - sed -i 's|"tty": false,|"tty": true,|' "$newconfig" - run crioctl ctr create --config "$newconfig" --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - # Ignore errors on stop. - run crioctl ctr status --id "$ctr_id" - [ "$status" -eq 0 ] - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - # Check that the output is what we expect. - logpath="$DEFAULT_LOG_PATH/$pod_id/$ctr_id.log" - [ -f "$logpath" ] - echo "$logpath :: $(cat "$logpath")" - grep --binary -P "^[^\n]+ stdout here is some output\x0d$" "$logpath" - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr log max" { - LOG_SIZE_MAX_LIMIT=10000 start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - - # Create a new container. - newconfig=$(mktemp --tmpdir crio-config.XXXXXX.json) - cp "$TESTDATA"/container_config_logging.json "$newconfig" - sed -i 's|"%shellcommand%"|"for i in $(seq 250); do echo $i; done"|' "$newconfig" - run crioctl ctr create --config "$newconfig" --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - sleep 6 - run crioctl ctr status --id "$ctr_id" - [ "$status" -eq 0 ] - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - # Check that the output is what we expect. - logpath="$DEFAULT_LOG_PATH/$pod_id/$ctr_id.log" - [ -f "$logpath" ] - echo "$logpath :: $(cat "$logpath")" - len=$(wc -l "$logpath" | awk '{print $1}') - [ $len -lt 250 ] - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# regression test for #127 -@test "ctrs status for a pod" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl ctr list --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" != "" ]] - - printf '%s\n' "$output" | while IFS= read -r id - do - run crioctl ctr status --id "$id" - echo "$output" - [ "$status" -eq 0 ] - done - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr list filtering" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json --name pod1 - echo "$output" - [ "$status" -eq 0 ] - pod1_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - ctr1_id="$output" - run crioctl ctr start --id "$ctr1_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod run --config "$TESTDATA"/sandbox_config.json --name pod2 - echo "$output" - [ "$status" -eq 0 ] - pod2_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - ctr2_id="$output" - run crioctl pod run --config "$TESTDATA"/sandbox_config.json --name pod3 - echo "$output" - [ "$status" -eq 0 ] - pod3_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - ctr3_id="$output" - run crioctl ctr start --id "$ctr3_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr3_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr list --id "$ctr1_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - run crioctl ctr list --id "${ctr1_id:0:4}" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - run crioctl ctr list --id "$ctr2_id" --pod "$pod2_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr2_id" ]] - run crioctl ctr list --id "$ctr2_id" --pod "$pod3_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == "" ]] - run crioctl ctr list --state created --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr2_id" ]] - run crioctl ctr list --state running --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - run crioctl ctr list --state stopped --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr3_id" ]] - run crioctl ctr list --pod "$pod1_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - run crioctl ctr list --pod "$pod2_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr2_id" ]] - run crioctl ctr list --pod "$pod3_id" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr3_id" ]] - run crioctl pod stop --id "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr list label filtering" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" --name ctr1 --label "a=b" --label "c=d" --label "e=f" - echo "$output" - [ "$status" -eq 0 ] - ctr1_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" --name ctr2 --label "a=b" --label "c=d" - echo "$output" - [ "$status" -eq 0 ] - ctr2_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" --name ctr3 --label "a=b" - echo "$output" - [ "$status" -eq 0 ] - ctr3_id="$output" - run crioctl ctr list --label "tier=backend" --label "a=b" --label "c=d" --label "e=f" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - run crioctl ctr list --label "tier=frontend" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == "" ]] - run crioctl ctr list --label "a=b" --label "c=d" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - [[ "$output" =~ "$ctr2_id" ]] - run crioctl ctr list --label "a=b" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$ctr1_id" ]] - [[ "$output" =~ "$ctr2_id" ]] - [[ "$output" =~ "$ctr3_id" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr metadata in list & status" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr list --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - # TODO: expected value should not hard coded here - [[ "$output" =~ "Name: container1" ]] - [[ "$output" =~ "Attempt: 1" ]] - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - # TODO: expected value should not hard coded here - [[ "$output" =~ "Name: container1" ]] - [[ "$output" =~ "Attempt: 1" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr execsync conflicting with conmon flags parsing" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" sh -c "echo hello world" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "hello world" ]] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr execsync" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" echo HELLO - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "HELLO" ]] - run crioctl ctr execsync --id "$ctr_id" --timeout 1 sleep 10 - echo "$output" - [[ "$output" =~ "command timed out" ]] - [ "$status" -ne 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr device add" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis_device.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" ls /dev/mynull - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "/dev/mynull" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr execsync failure" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" doesnotexist - echo "$output" - [ "$status" -ne 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr execsync exit code" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" false - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr execsync std{out,err}" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" echo hello0 stdout - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == *"$(printf "Stdout:\nhello0 stdout")"* ]] - - stderrconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "runcom/stderr-test"; obj["command"] = ["/bin/sleep", "600"]; json.dump(obj, sys.stdout)') - echo "$stderrconfig" > "$TESTDIR"/container_config_stderr.json - run crioctl ctr create --config "$TESTDIR"/container_config_stderr.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" stderr - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == *"$(printf "Stderr:\nthis goes to stderr")"* ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr stop idempotent" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr caps drop" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - capsconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["capabilities"] = {u"add_capabilities": [], u"drop_capabilities": [u"mknod", u"kill", u"sys_chroot", u"setuid", u"setgid"]}; json.dump(obj, sys.stdout)') - echo "$capsconfig" > "$TESTDIR"/container_config_caps.json - run crioctl ctr create --config "$TESTDIR"/container_config_caps.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "run ctr with image with Config.Volumes" { - start_crio - run crioctl image pull gcr.io/k8s-testimages/redis:e2e - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - volumesconfig=$(cat "$TESTDATA"/container_redis.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "gcr.io/k8s-testimages/redis:e2e"; obj["args"] = []; json.dump(obj, sys.stdout)') - echo "$volumesconfig" > "$TESTDIR"/container_config_volumes.json - run crioctl ctr create --config "$TESTDIR"/container_config_volumes.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr oom" { - if [[ "$TRAVIS" == "true" ]]; then - skip "travis container tests don't support testing OOM" - fi - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - oomconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "mrunalp/oom"; obj["linux"]["resources"]["memory_limit_in_bytes"] = 5120000; obj["command"] = ["/oom"]; json.dump(obj, sys.stdout)') - echo "$oomconfig" > "$TESTDIR"/container_config_oom.json - run crioctl ctr create --config "$TESTDIR"/container_config_oom.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - # Wait for container to OOM - attempt=0 - while [ $attempt -le 100 ]; do - attempt=$((attempt+1)) - run crioctl ctr status --id "$ctr_id" - echo "$output" - if [[ "$output" =~ "OOMKilled" ]]; then - break - fi - sleep 10 - done - [[ "$output" =~ "OOMKilled" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr /etc/resolv.conf rw/ro mode" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config_resolvconf.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Status: CONTAINER_EXITED" ]] - [[ "$output" =~ "Exit Code: 0" ]] - [[ "$output" =~ "Reason: Completed" ]] - - run crioctl ctr create --name roctr --config "$TESTDATA"/container_config_resolvconf_ro.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Status: CONTAINER_EXITED" ]] - [[ "$output" =~ "Exit Code: 1" ]] - [[ "$output" =~ "Reason: Error" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr create with non-existent command" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - newconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["command"] = ["nonexistent"]; json.dump(obj, sys.stdout)') - echo "$newconfig" > "$TESTDIR"/container_nonexistent.json - run crioctl ctr create --config "$TESTDIR"/container_nonexistent.json --pod "$pod_id" - [ "$status" -ne 0 ] - [[ "$output" =~ "executable file not found" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr create with non-existent command [tty]" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - newconfig=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["command"] = ["nonexistent"]; obj["tty"] = True; json.dump(obj, sys.stdout)') - echo "$newconfig" > "$TESTDIR"/container_nonexistent.json - run crioctl ctr create --config "$TESTDIR"/container_nonexistent.json --pod "$pod_id" - [ "$status" -ne 0 ] - [[ "$output" =~ "executable file not found" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/default_mounts.bats b/test/default_mounts.bats deleted file mode 100644 index 8e727085e..000000000 --- a/test/default_mounts.bats +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -IMAGE="redis:alpine" - -function teardown() { - cleanup_test -} - -@test "bind secrets mounts to container" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl image pull "$IMAGE" - [ "$status" -eq 0 ] - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" cat /proc/mounts - echo "$output" - [ "$status" -eq 0 ] - mount_info="$output" - run grep /container/path1 <<< "$mount_info" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "default mounts correctly sorted with other mounts" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl image pull "$IMAGE" - [ "$status" -eq 0 ] - host_path="$TESTDIR"/clash - mkdir "$host_path" - echo "clashing..." > "$host_path"/clashing.txt - sed -e "s,%HPATH%,$host_path,g" "$TESTDATA"/container_redis_default_mounts.json > "$TESTDIR"/defmounts_pre.json - sed -e 's,%CPATH%,\/container\/path1\/clash,g' "$TESTDIR"/defmounts_pre.json > "$TESTDIR"/defmounts.json - run crioctl ctr create --config "$TESTDIR"/defmounts.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr execsync --id "$ctr_id" ls -la /container/path1/clash - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" cat /container/path1/clash/clashing.txt - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "clashing..." ]] - run crioctl ctr execsync --id "$ctr_id" ls -la /container/path1 - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" cat /container/path1/test.txt - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Testing secrets mounts!" ]] - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/helpers.bash b/test/helpers.bash index 22955d333..f98e376fb 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -9,17 +9,9 @@ TESTDATA="${INTEGRATION_ROOT}/testdata" # Root directory of the repository. CRIO_ROOT=${CRIO_ROOT:-$(cd "$INTEGRATION_ROOT/../.."; pwd -P)} -# Path of the crio binary. -CRIO_BINARY=${CRIO_BINARY:-${CRIO_ROOT}/cri-o/bin/crio} -# Path of the crictl binary. -CRICTL_PATH=$(command -v crictl || true) -CRICTL_BINARY=${CRICTL_PATH:-/usr/bin/crictl} -# Path to kpod binary. KPOD_BINARY=${KPOD_BINARY:-${CRIO_ROOT}/cri-o/bin/kpod} # Path of the conmon binary. CONMON_BINARY=${CONMON_BINARY:-${CRIO_ROOT}/cri-o/bin/conmon} -# Path of the pause binary. -PAUSE_BINARY=${PAUSE_BINARY:-${CRIO_ROOT}/cri-o/bin/pause} # Path of the default seccomp profile. SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/cri-o/seccomp.json} # Name of the default apparmor profile. @@ -92,7 +84,6 @@ if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts) chcon -R ${filelabel} $TESTDIR fi -CRIO_SOCKET="$TESTDIR/crio.sock" CRIO_CONFIG="$TESTDIR/crio.conf" CRIO_CNI_CONFIG="$TESTDIR/cni/net.d/" CRIO_CNI_PLUGIN=${CRIO_CNI_PLUGIN:-/opt/cni/bin/} @@ -216,140 +207,6 @@ function wait_until_reachable() { retry 15 1 crictl status } -# Start crio. -function start_crio() { - if [[ -n "$1" ]]; then - seccomp="$1" - else - seccomp="$SECCOMP_PROFILE" - fi - - if [[ -n "$2" ]]; then - apparmor="$2" - else - apparmor="$APPARMOR_PROFILE" - fi - - # Don't forget: bin2img, copyimg, and crio have their own default drivers, so if you override any, you probably need to override them all - if ! [ "$3" = "--no-pause-image" ] ; then - "$BIN2IMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --source-binary "$PAUSE_BINARY" - fi - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/redis:alpine --import-from=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json -# TODO: remove the code below for copying redis:alpine in using a canonical reference once -# https://github.com/kubernetes-incubator/cri-o/issues/531 is complete and we can -# copy the image using a tagged reference and then subsequently find the image without -# having to explicitly record the canonical reference as one of the image's names - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b --import-from=dir:"$ARTIFACTS_PATH"/redis-image-digest --signature-policy="$INTEGRATION_ROOT"/policy.json - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=mrunalp/oom --import-from=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/mrunalp/image-volume-test --import-from=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/busybox:latest --import-from=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json - "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/runcom/stderr-test:latest --import-from=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json - "$CRIO_BINARY" ${DEFAULT_MOUNTS_OPTS} ${HOOKS_OPTS} --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --cgroup-manager "$CGROUP_MANAGER" --registry "docker.io" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTIONS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --cni-plugin-dir "$CRIO_CNI_PLUGIN" --signature-policy "$INTEGRATION_ROOT"/policy.json --image-volumes "$IMAGE_VOLUMES" --pids-limit "$PIDS_LIMIT" --log-size-max "$LOG_SIZE_MAX_LIMIT" --config /dev/null config >$CRIO_CONFIG - - # Prepare the CNI configuration files, we're running with non host networking by default - if [[ -n "$4" ]]; then - netfunc="$4" - else - netfunc="prepare_network_conf" - fi - ${netfunc} $POD_CIDR - - "$CRIO_BINARY" --log-level debug --config "$CRIO_CONFIG" & CRIO_PID=$! - wait_until_reachable - - run crictl inspecti redis:alpine - if [ "$status" -ne 0 ] ; then - crictl pull redis:alpine - fi - REDIS_IMAGEID=$(crictl inspecti redis:alpine | head -1 | sed -e "s/ID: //g") - run crictl inspecti redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b - if [ "$status" -ne 0 ] ; then - crictl pull redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b - fi - REDIS_IMAGEID_DIGESTED=$(crictl inspecti redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b | head -1 | sed -e "s/ID: //g") - run crictl inspecti mrunalp/oom - if [ "$status" -ne 0 ] ; then - crictl pull mrunalp/oom - fi - OOM_IMAGEID=$(crictl inspecti mrunalp/oom | head -1 | sed -e "s/ID: //g") - run crioctl image status --id=runcom/stderr-test - if [ "$status" -ne 0 ] ; then - crictl pull runcom/stderr-test:latest - fi - STDERR_IMAGEID=$(crictl inspecti runcom/stderr-test | head -1 | sed -e "s/ID: //g") - run crictl inspecti busybox - if [ "$status" -ne 0 ] ; then - crictl pull busybox:latest - fi - BUSYBOX_IMAGEID=$(crictl inspecti busybox | head -1 | sed -e "s/ID: //g") - run crictl inspecti mrunalp/image-volume-test - if [ "$status" -ne 0 ] ; then - crictl pull mrunalp/image-volume-test:latest - fi - VOLUME_IMAGEID=$(crictl inspecti mrunalp/image-volume-test | head -1 | sed -e "s/ID: //g") -} - -function cleanup_ctrs() { - run crictl ps --quiet - if [ "$status" -eq 0 ]; then - if [ "$output" != "" ]; then - printf '%s\n' "$output" | while IFS= read -r line - do - crictl stop "$line" - crictl rm "$line" - done - fi - fi - rm -f /run/hookscheck -} - -function cleanup_images() { - run crictl images --quiet - if [ "$status" -eq 0 ]; then - if [ "$output" != "" ]; then - printf '%s\n' "$output" | while IFS= read -r line - do - crictl rmi "$line" - done - fi - fi -} - -function cleanup_pods() { - run crictl sandboxes --quiet - if [ "$status" -eq 0 ]; then - if [ "$output" != "" ]; then - printf '%s\n' "$output" | while IFS= read -r line - do - crictl stops "$line" - crictl rms "$line" - done - fi - fi -} - -# Stop crio. -function stop_crio() { - if [ "$CRIO_PID" != "" ]; then - kill "$CRIO_PID" >/dev/null 2>&1 - wait "$CRIO_PID" - rm -f "$CRIO_CONFIG" - fi - - cleanup_network_conf -} - -function restart_crio() { - if [ "$CRIO_PID" != "" ]; then - kill "$CRIO_PID" >/dev/null 2>&1 - wait "$CRIO_PID" - start_crio - else - echo "you must start crio first" - exit 1 - fi -} - function cleanup_test() { rm -rf "$TESTDIR" } diff --git a/test/hooks.bats b/test/hooks.bats deleted file mode 100644 index 92aa725fc..000000000 --- a/test/hooks.bats +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -cp hooks/checkhook.sh ${HOOKSDIR} -sed "s|HOOKSDIR|${HOOKSDIR}|" hooks/checkhook.json > ${HOOKSDIR}/checkhook.json - -@test "pod test hooks" { - rm -f /run/hookscheck - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run cat /run/hookscheck - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/image.bats b/test/image.bats deleted file mode 100644 index 5458fe134..000000000 --- a/test/image.bats +++ /dev/null @@ -1,250 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -IMAGE=kubernetes/pause -SIGNED_IMAGE=registry.access.redhat.com/rhel7-atomic:latest -UNSIGNED_IMAGE=docker.io/library/hello-world:latest - -function teardown() { - cleanup_test -} - -@test "run container in pod with image ID" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - sed -e "s/%VALUE%/$REDIS_IMAGEID/g" "$TESTDATA"/container_config_by_imageid.json > "$TESTDIR"/ctr_by_imageid.json - run crioctl ctr create --config "$TESTDIR"/ctr_by_imageid.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "container status return image:tag if created by image ID" { - start_crio - - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - sed -e "s/%VALUE%/$REDIS_IMAGEID/g" "$TESTDATA"/container_config_by_imageid.json > "$TESTDIR"/ctr_by_imageid.json - - run crioctl ctr create --config "$TESTDIR"/ctr_by_imageid.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Image: redis:alpine" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "container status return image@digest if created by image ID" { - start_crio - - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - sed -e "s/%VALUE%/$REDIS_IMAGEID_DIGESTED/g" "$TESTDATA"/container_config_by_imageid.json > "$TESTDIR"/ctr_by_imageid.json - - run crioctl ctr create --config "$TESTDIR"/ctr_by_imageid.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "ImageRef: redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "image pull and list" { - start_crio "" "" --no-pause-image - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl image list --quiet "$IMAGE" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - imageid="$output" - - run crioctl image list --quiet @"$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - - run crioctl image list --quiet "$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - cleanup_images - stop_crio -} - -@test "image pull with signature" { - start_crio "" "" --no-pause-image - run crioctl image pull "$SIGNED_IMAGE" - echo "$output" - [ "$status" -eq 0 ] - cleanup_images - stop_crio -} - -@test "image pull without signature" { - start_crio "" "" --no-pause-image - run crioctl image pull "$UNSIGNED_IMAGE" - echo "$output" - [ "$status" -ne 0 ] - cleanup_images - stop_crio -} - -@test "image pull and list by tag and ID" { - start_crio "" "" --no-pause-image - run crioctl image pull "$IMAGE:go" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl image list --quiet "$IMAGE:go" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - imageid="$output" - - run crioctl image list --quiet @"$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - - run crioctl image list --quiet "$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - cleanup_images - stop_crio -} - -@test "image pull and list by digest and ID" { - start_crio "" "" --no-pause-image - run crioctl image pull nginx@sha256:33eb1ed1e802d4f71e52421f56af028cdf12bb3bfff5affeaf5bf0e328ffa1bc - echo "$output" - [ "$status" -eq 0 ] - - run crioctl image list --quiet nginx@sha256:33eb1ed1e802d4f71e52421f56af028cdf12bb3bfff5affeaf5bf0e328ffa1bc - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - imageid="$output" - - run crioctl image list --quiet @"$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - - run crioctl image list --quiet "$imageid" - [ "$status" -eq 0 ] - echo "$output" - [ "$output" != "" ] - - cleanup_images - stop_crio -} - -@test "image list with filter" { - start_crio "" "" --no-pause-image - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - run crioctl image list --quiet "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - printf '%s\n' "$output" | while IFS= read -r id; do - run crioctl image remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - done - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - printf '%s\n' "$output" | while IFS= read -r id; do - echo "$id" - status=1 - done - cleanup_images - stop_crio -} - -@test "image list/remove" { - start_crio "" "" --no-pause-image - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - printf '%s\n' "$output" | while IFS= read -r id; do - run crioctl image remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - done - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = "" ] - printf '%s\n' "$output" | while IFS= read -r id; do - echo "$id" - status=1 - done - cleanup_images - stop_crio -} - -@test "image status/remove" { - start_crio "" "" --no-pause-image - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - printf '%s\n' "$output" | while IFS= read -r id; do - run crioctl image status --id "$id" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - run crioctl image remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - done - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = "" ] - printf '%s\n' "$output" | while IFS= read -r id; do - echo "$id" - status=1 - done - cleanup_images - stop_crio -} diff --git a/test/image_remove.bats b/test/image_remove.bats deleted file mode 100644 index ca2017d00..000000000 --- a/test/image_remove.bats +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -IMAGE=docker.io/kubernetes/pause - -function teardown() { - cleanup_test -} - -@test "image remove with multiple names, by name" { - start_crio "" "" --no-pause-image - # Pull the image, giving it one name. - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - # Add a second name to the image. - run "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name="$IMAGE":latest --add-name="$IMAGE":othertag --signature-policy="$INTEGRATION_ROOT"/policy.json - echo "$output" - [ "$status" -eq 0 ] - # Get the list of image names and IDs. - run crioctl image list - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - # Cycle through each name, removing it by name. The image that we assigned a second - # name to should still be around when we get to removing its second name. - grep ^Tag: <<< "$output" | while read -r header tag ; do - run crioctl image remove --id "$tag" - echo "$output" - [ "$status" -eq 0 ] - done - # List all images and their names. There should be none now. - run crioctl image list --quiet - echo "$output" - [ "$status" -eq 0 ] - [ "$output" = "" ] - printf '%s\n' "$output" | while IFS= read -r id; do - echo "$id" - done - # All done. - cleanup_images - stop_crio -} - -@test "image remove with multiple names, by ID" { - start_crio "" "" --no-pause-image - # Pull the image, giving it one name. - run crioctl image pull "$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - # Add a second name to the image. - run "$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name="$IMAGE":latest --add-name="$IMAGE":othertag --signature-policy="$INTEGRATION_ROOT"/policy.json - echo "$output" - [ "$status" -eq 0 ] - # Get the image ID of the image we just saved. - run crioctl image status --id="$IMAGE" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - # Try to remove the image using its ID. That should succeed because removing by ID always works. - grep ^ID: <<< "$output" | while read -r header id ; do - run crioctl image remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - done - # The image should be gone. - run crioctl image status --id="$IMAGE" - echo "$output" - [ "$status" -ne 0 ] - # All done. - cleanup_images - stop_crio -} diff --git a/test/image_volume.bats b/test/image_volume.bats deleted file mode 100644 index ff05e9cda..000000000 --- a/test/image_volume.bats +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "image volume ignore" { - IMAGE_VOLUMES=ignore start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - image_volume_config=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "mrunalp/image-volume-test"; obj["command"] = ["/bin/sleep", "600"]; json.dump(obj, sys.stdout)') - echo "$image_volume_config" > "$TESTDIR"/container_image_volume.json - run crioctl ctr create --config "$TESTDIR"/container_image_volume.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" ls /imagevolume - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - [[ "$output" =~ "ls: /imagevolume: No such file or directory" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "image volume bind" { - IMAGE_VOLUMES=bind start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - image_volume_config=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "mrunalp/image-volume-test"; obj["command"] = ["/bin/sleep", "600"]; json.dump(obj, sys.stdout)') - echo "$image_volume_config" > "$TESTDIR"/container_image_volume.json - run crioctl ctr create --config "$TESTDIR"/container_image_volume.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" touch /imagevolume/test_file - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 0" ]] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/inspect.bats b/test/inspect.bats deleted file mode 100644 index c63a688e3..000000000 --- a/test/inspect.bats +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "info inspect" { - start_crio - out=`echo -e "GET /info HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET` - echo "$out" - [[ "$out" =~ "\"cgroup_driver\":\"$CGROUP_MANAGER\"" ]] - [[ "$out" =~ "\"storage_root\":\"$TESTDIR/crio\"" ]] - run crioctl info - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "\"cgroup_driver\": \"$CGROUP_MANAGER\"" ]] - [[ "$output" =~ "\"storage_root\": \"$TESTDIR/crio\"" ]] - - stop_crio -} - -@test "ctr inspect" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - out=`echo -e "GET /containers/$ctr_id HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET` - echo "$out" - [[ "$out" =~ "\"sandbox\":\"$pod_id\"" ]] - [[ "$out" =~ "\"image\":\"redis:alpine\"" ]] - - run crioctl ctr inspect --id $ctr_id - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "\"sandbox\": \"$pod_id\"" ]] - [[ "$output" =~ "\"image\": \"redis:alpine\"" ]] - - inet=`crioctl ctr execsync --id $ctr_id ip addr show dev eth0 scope global 2>&1 | grep inet` - - IFS=" " - ip=`parse_pod_ip $inet` - [[ "$out" =~ "\"ip_address\":\"$ip\"" ]] - [[ "$out" =~ "\"name\":\"k8s_container1_podsandbox1_redhat.test.crio_redhat-test-crio_1\"" ]] - [[ "$output" =~ "\"ip_address\": \"$ip\"" ]] - [[ "$output" =~ "\"name\": \"k8s_container1_podsandbox1_redhat.test.crio_redhat-test-crio_1\"" ]] - - -# TODO: add some other check based on the json below: -# -# {"name":"k8s_container1_podsandbox1_redhat.test.crio_redhat-test-crio_1","pid":27477,"image":"redis:alpine","created_time":1505223601111546169,"labels":{"batch":"no","type":"small"},"annotations":{"daemon":"crio","owner":"dragon"},"log_path":"/var/log/crio/pods/297d014ba2c54236779da0c2f80dfba45dc31b106e4cd126a1c3c6d78edc2201/81567e9573ea798d6494c9aab156103ee91b72180fd3841a7c24d2ca39886ba2.log","root":"/tmp/tmp.0bkjphWudF/crio/overlay/d7cfc1de83cab9f377a4a1542427d2a019e85a70c1c660a9e6cf9e254df68873/merged","sandbox":"297d014ba2c54236779da0c2f80dfba45dc31b106e4cd126a1c3c6d78edc2201","ip_address":"10.88.9.153"} - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "ctr inspect not found" { - start_crio - out=`echo -e "GET /containers/notexists HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET` - echo "$out" - [[ "$out" =~ "can't find the container with id notexists" ]] - - stop_crio -} diff --git a/test/kpod_export.bats b/test/kpod_export.bats index 9454db399..a3e58c498 100644 --- a/test/kpod_export.bats +++ b/test/kpod_export.bats @@ -9,6 +9,7 @@ function teardown() { } @test "kpod export output flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_kill.bats b/test/kpod_kill.bats index 154875145..15eaef924 100644 --- a/test/kpod_kill.bats +++ b/test/kpod_kill.bats @@ -19,6 +19,7 @@ function start_sleep_container () { } @test "kill a running container by id" { + skip "Test needs to be converted to kpod run" start_crio ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest ctr_id=$( start_sleep_container ) @@ -35,6 +36,7 @@ function start_sleep_container () { } @test "kill a running container by id with TERM" { + skip "Test needs to be converted to kpod run" start_crio ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest ctr_id=$( start_sleep_container ) @@ -51,6 +53,7 @@ function start_sleep_container () { } @test "kill a running container by name" { + skip "Test needs to be converted to kpod run" start_crio ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest ctr_id=$( start_sleep_container ) @@ -68,6 +71,7 @@ function start_sleep_container () { } @test "kill a running container by id with a bogus signal" { + skip "Test needs to be converted to kpod run" start_crio ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest ctr_id=$( start_sleep_container ) diff --git a/test/kpod_logs.bats b/test/kpod_logs.bats index 1e3015566..a2d74605d 100644 --- a/test/kpod_logs.bats +++ b/test/kpod_logs.bats @@ -9,6 +9,7 @@ function teardown() { } @test "display logs for container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -30,6 +31,7 @@ function teardown() { } @test "tail three lines of logs for container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -53,6 +55,7 @@ function teardown() { } @test "display logs for container since a given time" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_mount.bats b/test/kpod_mount.bats index 237dd5848..446ec1d8d 100644 --- a/test/kpod_mount.bats +++ b/test/kpod_mount.bats @@ -9,6 +9,7 @@ function teardown() { } @test "mount" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_pause.bats b/test/kpod_pause.bats index 84321beb3..c756c6785 100644 --- a/test/kpod_pause.bats +++ b/test/kpod_pause.bats @@ -21,6 +21,7 @@ function teardown() { } @test "pause a created container by id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -46,6 +47,7 @@ function teardown() { } @test "pause a running container by id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -75,6 +77,7 @@ function teardown() { } @test "pause a running container by name" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -103,6 +106,7 @@ function teardown() { } @test "remove a paused container by id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -141,6 +145,7 @@ function teardown() { } @test "stop a paused container created by id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_ps.bats b/test/kpod_ps.bats index a4a7b6cbc..12f13fe5b 100644 --- a/test/kpod_ps.bats +++ b/test/kpod_ps.bats @@ -11,6 +11,7 @@ IMAGE="redis:alpine" } @test "kpod ps default" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -35,6 +36,7 @@ IMAGE="redis:alpine" } @test "kpod ps all flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -58,6 +60,7 @@ IMAGE="redis:alpine" } @test "kpod ps size flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -81,6 +84,7 @@ IMAGE="redis:alpine" } @test "kpod ps quiet flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -104,6 +108,7 @@ IMAGE="redis:alpine" } @test "kpod ps latest flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -127,6 +132,7 @@ IMAGE="redis:alpine" } @test "kpod ps last flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -150,6 +156,7 @@ IMAGE="redis:alpine" } @test "kpod ps no-trunc flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -170,6 +177,7 @@ IMAGE="redis:alpine" } @test "kpod ps namespace flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -192,6 +200,7 @@ IMAGE="redis:alpine" } @test "kpod ps namespace flag and format flag = json" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -212,6 +221,7 @@ IMAGE="redis:alpine" } @test "kpod ps without namespace flag and format flag = json" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -231,6 +241,7 @@ IMAGE="redis:alpine" } @test "kpod ps format flag = go template" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -251,6 +262,7 @@ IMAGE="redis:alpine" } @test "kpod ps filter flag - ancestor" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -271,6 +283,7 @@ IMAGE="redis:alpine" } @test "kpod ps filter flag - id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -292,6 +305,7 @@ IMAGE="redis:alpine" } @test "kpod ps filter flag - status" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_rename.bats b/test/kpod_rename.bats index ed3fdada1..63b723ae2 100644 --- a/test/kpod_rename.bats +++ b/test/kpod_rename.bats @@ -9,6 +9,7 @@ function teardown() { } @test "kpod rename successful" { + skip "Test needs to be converted to kpod run" start_crio run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE echo "$output" diff --git a/test/kpod_rm.bats b/test/kpod_rm.bats index 022e3efc2..30a8a9ab0 100644 --- a/test/kpod_rm.bats +++ b/test/kpod_rm.bats @@ -9,6 +9,7 @@ function teardown() { } @test "remove a stopped container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -32,6 +33,7 @@ function teardown() { } @test "refuse to remove a running container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -53,6 +55,7 @@ function teardown() { } @test "remove a created container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -70,6 +73,7 @@ function teardown() { } @test "remove a running container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_stats.bats b/test/kpod_stats.bats index a4b8e61e6..94215a15c 100644 --- a/test/kpod_stats.bats +++ b/test/kpod_stats.bats @@ -7,6 +7,7 @@ function teardown() { } @test "stats single output" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -28,6 +29,7 @@ function teardown() { } @test "stats does not output stopped container" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -46,6 +48,7 @@ function teardown() { } @test "stats outputs stopped container with all flag" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -64,6 +67,7 @@ function teardown() { } @test "stats output only id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -86,6 +90,7 @@ function teardown() { } @test "stats streaming output" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_stop.bats b/test/kpod_stop.bats index 72e818d40..2dbe404b2 100644 --- a/test/kpod_stop.bats +++ b/test/kpod_stop.bats @@ -13,6 +13,7 @@ function teardown() { } @test "stop a running container by id" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" @@ -34,6 +35,7 @@ function teardown() { } @test "stop a running container by name" { + skip "Test needs to be converted to kpod run" start_crio run crioctl pod run --config "$TESTDATA"/sandbox_config.json echo "$output" diff --git a/test/kpod_wait.bats b/test/kpod_wait.bats index ba7556b2e..8d11e634d 100644 --- a/test/kpod_wait.bats +++ b/test/kpod_wait.bats @@ -24,6 +24,7 @@ function container_start() { } @test "wait on a bogus container" { + skip "Needs to be converted to kpod run" start_crio run ${KPOD_BINARY} ${KPOD_OPTIONS} wait 12343 echo $output @@ -32,6 +33,7 @@ function container_start() { } @test "wait on a stopped container" { + skip "Needs to be converted to kpod run" run ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest echo $output [ "$status" -eq 0 ] @@ -49,6 +51,7 @@ function container_start() { } @test "wait on a sleeping container" { + skip "Needs to be converted to kpod run" run ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest echo $output [ "$status" -eq 0 ] diff --git a/test/network.bats b/test/network.bats deleted file mode 100644 index dc8143c26..000000000 --- a/test/network.bats +++ /dev/null @@ -1,186 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_ctrs - cleanup_pods - stop_crio - rm -f /var/lib/cni/networks/crionet_test_args/* - chmod 0755 $CONMON_BINARY - cleanup_test -} - -@test "ensure correct hostname" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl ctr execsync --id "$ctr_id" sh -c "hostname" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "crioctl_host" ]] - run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "crioctl_host" ]] - run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "crioctl_host" ]] -} - -@test "ensure correct hostname for hostnetwork:true" { - start_crio - hostnetworkconfig=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["namespace_options"]["host_network"] = True; obj["annotations"] = {}; obj["hostname"] = ""; json.dump(obj, sys.stdout)') - echo "$hostnetworkconfig" > "$TESTDIR"/sandbox_hostnetwork_config.json - run crioctl pod run --config "$TESTDIR"/sandbox_hostnetwork_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl ctr execsync --id "$ctr_id" sh -c "hostname" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "$HOSTNAME" ]] - run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "$HOSTNAME" ]] - run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "$HOSTNAME" ]] -} - -@test "Check for valid pod netns CIDR" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - check_pod_cidr $ctr_id -} - -@test "Ping pod from the host" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - ping_pod $ctr_id -} - -@test "Ping pod from another pod" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod1_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - ctr1_id="$output" - - temp_sandbox_conf cni_test - - run crioctl pod run --config "$TESTDIR"/sandbox_config_cni_test.json - echo "$output" - [ "$status" -eq 0 ] - pod2_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - ctr2_id="$output" - - ping_pod_from_pod $ctr1_id $ctr2_id - - ping_pod_from_pod $ctr2_id $ctr1_id -} - -@test "Ensure correct CNI plugin namespace/name/container-id arguments" { - start_crio "" "" "" "prepare_plugin_test_args_network_conf" - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - [ "$status" -eq 0 ] - - . /tmp/plugin_test_args.out - - [ "$FOUND_CNI_CONTAINERID" != "redhat.test.crio" ] - [ "$FOUND_CNI_CONTAINERID" != "podsandbox1" ] - [ "$FOUND_K8S_POD_NAMESPACE" = "redhat.test.crio" ] - [ "$FOUND_K8S_POD_NAME" = "podsandbox1" ] - - rm -rf /tmp/plugin_test_args.out -} - -@test "Connect to pod hostport from the host" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config_hostport.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - get_host_ip - echo $host_ip - - run crioctl ctr create --config "$TESTDATA"/container_config_hostport.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run nc -w 5 $host_ip 4888 </dev/null - echo "$output" - [ "$output" = "crioctl_host" ] - [ "$status" -eq 0 ] - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] -} - -@test "Clean up network if pod sandbox fails" { - start_crio "" "" "" "prepare_plugin_test_args_network_conf" - - # make conmon non-executable to cause the sandbox setup to fail after - # networking has been configured - chmod 0644 $CONMON_BINARY - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - chmod 0755 $CONMON_BINARY - echo "$output" - [ "$status" -ne 0 ] - - # ensure that the server cleaned up sandbox networking if the sandbox - # failed after network setup - rm -f /var/lib/cni/networks/crionet_test_args/last_reserved_ip - num_allocated=$(ls /var/lib/cni/networks/crionet_test_args | wc -l) - [[ "${num_allocated}" == "0" ]] -} diff --git a/test/pod.bats b/test/pod.bats deleted file mode 100644 index 2b5837903..000000000 --- a/test/pod.bats +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -# PR#59 -@test "pod release name on remove" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - id="$output" - run crioctl pod stop --id "$id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - id="$output" - run crioctl pod stop --id "$id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "pod remove" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "pod stop ignores not found sandboxes" { - start_crio - - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "pod list filtering" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json -name pod1 --label "a=b" --label "c=d" --label "e=f" - echo "$output" - [ "$status" -eq 0 ] - pod1_id="$output" - run crioctl pod run --config "$TESTDATA"/sandbox_config.json -name pod2 --label "a=b" --label "c=d" - echo "$output" - [ "$status" -eq 0 ] - pod2_id="$output" - run crioctl pod run --config "$TESTDATA"/sandbox_config.json -name pod3 --label "a=b" - echo "$output" - [ "$status" -eq 0 ] - pod3_id="$output" - run crioctl pod list --label "a=b" --label "c=d" --label "e=f" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - run crioctl pod list --label "g=h" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == "" ]] - run crioctl pod list --label "a=b" --label "c=d" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - [[ "$output" =~ "$pod2_id" ]] - run crioctl pod list --label "a=b" --quiet - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - [[ "$output" =~ "$pod2_id" ]] - [[ "$output" =~ "$pod3_id" ]] - run crioctl pod list --id "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - # filter by truncated id should work as well - run crioctl pod list --id "${pod1_id:0:4}" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - run crioctl pod list --id "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod2_id" ]] - run crioctl pod list --id "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod3_id" ]] - run crioctl pod list --id "$pod1_id" --label "a=b" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod1_id" ]] - run crioctl pod list --id "$pod2_id" --label "a=b" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod2_id" ]] - run crioctl pod list --id "$pod3_id" --label "a=b" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" != "" ]] - [[ "$output" =~ "$pod3_id" ]] - run crioctl pod list --id "$pod3_id" --label "c=d" - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" == "" ]] - run crioctl pod stop --id "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod1_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod2_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod3_id" - echo "$output" - [ "$status" -eq 0 ] - cleanup_pods - stop_crio -} - -@test "pod metadata in list & status" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl pod list --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - # TODO: expected value should not hard coded here - [[ "$output" =~ "Name: podsandbox1" ]] - [[ "$output" =~ "UID: redhat-test-crio" ]] - [[ "$output" =~ "Namespace: redhat.test.crio" ]] - [[ "$output" =~ "Attempt: 1" ]] - - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - # TODO: expected value should not hard coded here - [[ "$output" =~ "Name: podsandbox1" ]] - [[ "$output" =~ "UID: redhat-test-crio" ]] - [[ "$output" =~ "Namespace: redhat.test.crio" ]] - [[ "$output" =~ "Attempt: 1" ]] - - cleanup_pods - stop_crio -} - -@test "pass pod sysctls to runtime" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl ctr create --pod "$pod_id" --config "$TESTDATA"/container_redis.json - echo "$output" - [ "$status" -eq 0 ] - container_id="$output" - - run crioctl ctr start --id "$container_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl ctr execsync --id "$container_id" sysctl kernel.shm_rmid_forced - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "kernel.shm_rmid_forced = 1" ]] - - run crioctl ctr execsync --id "$container_id" sysctl kernel.msgmax - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "kernel.msgmax = 8192" ]] - - run crioctl ctr execsync --id "$container_id" sysctl net.ipv4.ip_local_port_range - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "net.ipv4.ip_local_port_range = 1024 65000" ]] - - cleanup_pods - stop_crio -} - -@test "pod stop idempotent" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "pod remove idempotent" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "pod stop idempotent with ctrs already stopped" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "restart crio and still get pod status" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - restart_crio - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - [ "$output" != "" ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "invalid systemd cgroup_parent fail" { - if [[ "$CGROUP_MANAGER" != "systemd" ]]; then - skip "need systemd cgroup manager" - fi - - wrong_cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "podsandbox1.slice:container:infra"; json.dump(obj, sys.stdout)') - echo "$wrong_cgroup_parent_config" > "$TESTDIR"/sandbox_wrong_cgroup_parent.json - - start_crio - run crioctl pod run --config "$TESTDIR"/sandbox_wrong_cgroup_parent.json - echo "$output" - [ "$status" -eq 1 ] - - stop_crio -} - -@test "systemd cgroup_parent correctly set" { - if [[ "$CGROUP_MANAGER" != "systemd" ]]; then - skip "need systemd cgroup manager" - fi - - cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "/Burstable/pod_integration_tests-123"; json.dump(obj, sys.stdout)') - echo "$cgroup_parent_config" > "$TESTDIR"/sandbox_systemd_cgroup_parent.json - - start_crio - run crioctl pod run --config "$TESTDIR"/sandbox_systemd_cgroup_parent.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run systemctl list-units --type=slice - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Burstable-pod_integration_tests_123.slice" ]] - - cleanup_pods - stop_crio -} diff --git a/test/restore.bats b/test/restore.bats deleted file mode 100644 index 264096ed8..000000000 --- a/test/restore.bats +++ /dev/null @@ -1,267 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "crio restore" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl pod list --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - pod_list_info="$output" - - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - pod_status_info="$output" - - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr list --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_list_info="$output" - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_status_info="$output" - - stop_crio - - start_crio - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" != "" ]] - [[ "${output}" =~ "${pod_id}" ]] - - run crioctl pod list --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" == "${pod_list_info}" ]] - - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" == "${pod_status_info}" ]] - - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" != "" ]] - [[ "${output}" =~ "${ctr_id}" ]] - - run crioctl ctr list --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" == "${ctr_list_info}" ]] - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" == "${ctr_status_info}" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "crio restore with bad state and pod stopped" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - stop_crio - - # simulate reboot with runc state going away - for i in $("$RUNTIME" list -q | xargs); do "$RUNTIME" delete -f $i; done - - start_crio - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_pods - stop_crio -} - -@test "crio restore with bad state and ctr stopped" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - stop_crio - - # simulate reboot with runc state going away - for i in $("$RUNTIME" list -q | xargs); do "$RUNTIME" delete -f $i; done - - start_crio - - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "crio restore with bad state and ctr removed" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl ctr remove --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - stop_crio - - # simulate reboot with runc state going away - for i in $("$RUNTIME" list -q | xargs); do "$RUNTIME" delete -f $i; done - - start_crio - - run crioctl ctr stop --id "$ctr_id" - echo "$output" - [ "$status" -eq 1 ] - [[ "${output}" =~ "not found" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -@test "crio restore with bad state and pod removed" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - stop_crio - - # simulate reboot with runc state going away - for i in $("$RUNTIME" list -q | xargs); do "$RUNTIME" delete -f $i; done - - start_crio - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_pods - stop_crio -} - -@test "crio restore with bad state" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" =~ "SANDBOX_READY" ]] - - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" =~ "CONTAINER_CREATED" ]] - - stop_crio - - # simulate reboot with runc state going away - for i in $("$RUNTIME" list -q | xargs); do "$RUNTIME" delete -f $i; done - - start_crio - run crioctl pod list - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" != "" ]] - [[ "${output}" =~ "${pod_id}" ]] - - run crioctl pod status --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" =~ "SANDBOX_NOTREADY" ]] - - run crioctl ctr list - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" != "" ]] - [[ "${output}" =~ "${ctr_id}" ]] - - run crioctl ctr status --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - [[ "${output}" =~ "CONTAINER_EXITED" ]] - [[ "${output}" =~ "Exit Code: 255" ]] - - run crioctl pod stop --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl pod remove --id "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/runtimeversion.bats b/test/runtimeversion.bats deleted file mode 100644 index f0d2a4367..000000000 --- a/test/runtimeversion.bats +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "crioctl runtimeversion" { - start_crio - run crioctl runtimeversion - echo "$output" - [ "$status" -eq 0 ] - stop_crio -} diff --git a/test/seccomp.bats b/test/seccomp.bats deleted file mode 100644 index b77a7f8cf..000000000 --- a/test/seccomp.bats +++ /dev/null @@ -1,368 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -# 1. test running with ctr unconfined -# test that we can run with a syscall which would be otherwise blocked -@test "ctr seccomp profiles unconfined" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/testname": "unconfined"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp1.json - run crioctl pod run --name seccomp1 --config "$TESTDIR"/seccomp1.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 2. test running with ctr runtime/default -# test that we cannot run with a syscall blocked by the default seccomp profile -@test "ctr seccomp profiles runtime/default" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/testname2": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp2.json - run crioctl pod run --name seccomp2 --config "$TESTDIR"/seccomp2.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname2 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - [[ "$output" =~ "Operation not permitted" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 3. test running with ctr wrong profile name -@test "ctr seccomp profiles wrong profile name" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/testname3": "notgood"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp3.json - run crioctl pod run --name seccomp3 --config "$TESTDIR"/seccomp3.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname3 --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -ne 0 ] - [[ "$output" =~ "unknown seccomp profile option:" ]] - [[ "$output" =~ "notgood" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# TODO(runcom): need https://issues.k8s.io/36997 -# 4. test running with ctr localhost/profile_name -@test "ctr seccomp profiles localhost/profile_name" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - #sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - #sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - #sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - #start_crio "$TESTDIR"/seccomp_profile1.json - - skip "need https://issues.k8s.io/36997" -} - -# 5. test running with unkwown ctr profile falls back to pod profile -# unknown ctr -> unconfined -# pod -> runtime/default -# result: fail chmod -@test "ctr seccomp profiles falls back to pod profile" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/redhat\.test\.crio-seccomp2-1-testname2-0-not-exists": "unconfined", "seccomp\.security\.alpha\.kubernetes\.io\/pod": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp5.json - run crioctl pod run --name seccomp5 --config "$TESTDIR"/seccomp5.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - [[ "$output" =~ "Operation not permitted" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 6. test running with unkwown ctr profile and no pod, falls back to unconfined -# unknown ctr -> runtime/default -# pod -> NO -# result: success, running unconfined -@test "ctr seccomp profiles falls back to unconfined" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/redhat\.test\.crio-seccomp6-1-testname6-0-not-exists": "runtime-default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp6.json - run crioctl pod run --name seccomp6 --config "$TESTDIR"/seccomp6.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname6 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 1. test running with pod unconfined -# test that we can run with a syscall which would be otherwise blocked -@test "pod seccomp profiles unconfined" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"seccomp\.security\.alpha\.kubernetes\.io\/pod": "unconfined"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp1.json - run crioctl pod run --name seccomp1 --config "$TESTDIR"/seccomp1.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 2. test running with pod runtime/default -# test that we cannot run with a syscall blocked by the default seccomp profile -@test "pod seccomp profiles runtime/default" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"seccomp\.security\.alpha\.kubernetes\.io\/pod": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp2.json - run crioctl pod run --name seccomp2 --config "$TESTDIR"/seccomp2.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - [[ "$output" =~ "Operation not permitted" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# 3. test running with pod wrong profile name -@test "pod seccomp profiles wrong profile name" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - # 3. test running with pod wrong profile name - sed -e 's/%VALUE%/,"seccomp\.security\.alpha\.kubernetes\.io\/pod": "notgood"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp3.json - run crioctl pod run --name seccomp3 --config "$TESTDIR"/seccomp3.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" - echo "$output" - [ "$status" -ne 0 ] - [[ "$output" =~ "unknown seccomp profile option:" ]] - [[ "$output" =~ "notgood" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} - -# TODO(runcom): need https://issues.k8s.io/36997 -# 4. test running with pod localhost/profile_name -@test "pod seccomp profiles localhost/profile_name" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - #sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - #sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - #sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - #start_crio "$TESTDIR"/seccomp_profile1.json - - skip "need https://issues.k8s.io/36997" -} - -# test running with ctr docker/default -# test that we cannot run with a syscall blocked by the default seccomp profile -@test "ctr seccomp profiles docker/default" { - # this test requires seccomp, so skip this test if seccomp is not enabled. - enabled=$(is_seccomp_enabled) - if [[ "$enabled" -eq 0 ]]; then - skip "skip this test since seccomp is not enabled." - fi - - sed -e 's/"chmod",//' "$CRIO_ROOT"/cri-o/seccomp.json > "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmod",//' "$TESTDIR"/seccomp_profile1.json - sed -i 's/"fchmodat",//g' "$TESTDIR"/seccomp_profile1.json - - start_crio "$TESTDIR"/seccomp_profile1.json - - sed -e 's/%VALUE%/,"container\.seccomp\.security\.alpha\.kubernetes\.io\/testname2": "docker\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/seccomp2.json - run crioctl pod run --name seccomp2 --config "$TESTDIR"/seccomp2.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --name testname2 --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - run crioctl ctr execsync --id "$ctr_id" chmod 777 . - echo "$output" - [ "$status" -eq 0 ] - [[ "$output" =~ "Exit code: 1" ]] - [[ "$output" =~ "Operation not permitted" ]] - - cleanup_ctrs - cleanup_pods - stop_crio -} diff --git a/test/selinux.bats b/test/selinux.bats deleted file mode 100644 index 1617e5546..000000000 --- a/test/selinux.bats +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env bats - -load helpers - -function teardown() { - cleanup_test -} - -@test "ctr termination reason Completed" { - start_crio - run crioctl pod run --config "$TESTDATA"/sandbox_config_selinux.json - echo "$output" - [ "$status" -eq 0 ] - pod_id="$output" - run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" - echo "$output" - [ "$status" -eq 0 ] - ctr_id="$output" - run crioctl ctr start --id "$ctr_id" - echo "$output" - [ "$status" -eq 0 ] - - cleanup_ctrs - cleanup_pods - stop_crio -} |