diff options
Diffstat (limited to 'test')
54 files changed, 3916 insertions, 0 deletions
diff --git a/test/README.md b/test/README.md new file mode 100644 index 000000000..1dd2e3c76 --- /dev/null +++ b/test/README.md @@ -0,0 +1,106 @@ +# CRIO Integration Tests + +Integration tests provide end-to-end testing of CRIO. + +Note that integration tests do **not** replace unit tests. + +As a rule of thumb, code should be tested thoroughly with unit tests. +Integration tests on the other hand are meant to test a specific feature end +to end. + +Integration tests are written in *bash* using the +[bats](https://github.com/sstephenson/bats) framework. + +## Running integration tests + +### Containerized tests + +The easiest way to run integration tests is with Docker: +``` +$ make integration +``` + +To run a single test bucket: +``` +$ make integration TESTFLAGS="runtimeversion.bats" +``` + +### On your host + +To run the integration tests on your host, you will first need to setup a development environment plus +[bats](https://github.com/sstephenson/bats#installing-bats-from-source) +For example: +``` +$ cd ~/go/src/github.com +$ git clone https://github.com/sstephenson/bats.git +$ cd bats +$ ./install.sh /usr/local +``` + +You will also need to install the [CNI](https://github.com/containernetworking/cni) plugins as +the the default pod test template runs without host networking: + +``` +$ go get github.com/containernetworking/cni +$ cd "$GOPATH/src/github.com/containernetworking/cni" +$ git checkout -q d4bbce1865270cd2d2be558d6a23e63d314fe769 +$ ./build.sh \ +$ mkdir -p /opt/cni/bin \ +$ cp bin/* /opt/cni/bin/ +``` + +Then you can run the tests on your host: +``` +$ sudo make localintegration +``` + +To run a single test bucket: +``` +$ make localintegration TESTFLAGS="runtimeversion.bats" +``` + +Or you can just run them directly using bats +``` +$ sudo bats test +``` + +#### Runtime selection +Tests on the host will run with `runc` as the default runtime. +However you can select other OCI compatible runtimes by setting +the `RUNTIME` environment variable. + +For example one could use the [Clear Containers](https://github.com/01org/cc-oci-runtime/wiki/Installation) +runtime instead of `runc`: + +``` +make localintegration RUNTIME=cc-oci-runtime +``` + +## Writing integration tests + +[Helper functions] +(https://github.com/kubernetes-incubator/crio/blob/master/test/helpers.bash) +are provided in order to facilitate writing tests. + +```sh +#!/usr/bin/env bats + +# This will load the helpers. +load helpers + +# setup is called at the beginning of every test. +function setup() { +} + +# teardown is called at the end of every test. +function teardown() { + cleanup_test +} + +@test "crioctl runtimeversion" { + start_crio + crioctl runtimeversion + [ "$status" -eq 0 ] +} + +``` diff --git a/test/bin2img/bin2img.go b/test/bin2img/bin2img.go new file mode 100644 index 000000000..b75289458 --- /dev/null +++ b/test/bin2img/bin2img.go @@ -0,0 +1,226 @@ +package main + +import ( + "archive/tar" + "bytes" + "encoding/json" + "io" + "os" + "runtime" + + "github.com/containers/image/storage" + "github.com/containers/image/types" + sstorage "github.com/containers/storage" + "github.com/containers/storage/pkg/reexec" + digest "github.com/opencontainers/go-digest" + specs "github.com/opencontainers/image-spec/specs-go" + "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/sirupsen/logrus" + "github.com/urfave/cli" +) + +func main() { + if reexec.Init() { + return + } + + app := cli.NewApp() + app.Name = "bin2img" + app.Usage = "barebones image builder" + app.Version = "0.0.1" + + app.Flags = []cli.Flag{ + cli.BoolFlag{ + Name: "debug", + Usage: "turn on debug logging", + }, + cli.StringFlag{ + Name: "root", + Usage: "graph root directory", + }, + cli.StringFlag{ + Name: "runroot", + Usage: "run root directory", + }, + cli.StringFlag{ + Name: "storage-driver", + Usage: "storage driver", + }, + cli.StringSliceFlag{ + Name: "storage-opt", + Usage: "storage option", + }, + cli.StringFlag{ + Name: "image-name", + Usage: "set image name", + Value: "kubernetes/pause", + }, + cli.StringFlag{ + Name: "source-binary", + Usage: "source binary", + Value: "../../pause/pause", + }, + cli.StringFlag{ + Name: "image-binary", + Usage: "image binary", + Value: "/pause", + }, + } + + app.Action = func(c *cli.Context) error { + debug := c.GlobalBool("debug") + rootDir := c.GlobalString("root") + runrootDir := c.GlobalString("runroot") + storageDriver := c.GlobalString("storage-driver") + storageOptions := c.GlobalStringSlice("storage-opt") + imageName := c.GlobalString("image-name") + sourceBinary := c.GlobalString("source-binary") + imageBinary := c.GlobalString("image-binary") + + if debug { + logrus.SetLevel(logrus.DebugLevel) + } else { + logrus.SetLevel(logrus.ErrorLevel) + } + if rootDir == "" && runrootDir != "" { + logrus.Errorf("must set --root and --runroot, or neither") + os.Exit(1) + } + if rootDir != "" && runrootDir == "" { + logrus.Errorf("must set --root and --runroot, or neither") + os.Exit(1) + } + storeOptions := sstorage.DefaultStoreOptions + if rootDir != "" && runrootDir != "" { + storeOptions.GraphDriverName = storageDriver + storeOptions.GraphDriverOptions = storageOptions + storeOptions.GraphRoot = rootDir + storeOptions.RunRoot = runrootDir + } + store, err := sstorage.GetStore(storeOptions) + if err != nil { + logrus.Errorf("error opening storage: %v", err) + os.Exit(1) + } + defer func() { + _, _ = store.Shutdown(false) + }() + + layerBuffer := &bytes.Buffer{} + binary, err := os.Open(sourceBinary) + if err != nil { + logrus.Errorf("error opening image binary: %v", err) + os.Exit(1) + } + binInfo, err := binary.Stat() + if err != nil { + logrus.Errorf("error statting image binary: %v", err) + os.Exit(1) + } + archive := tar.NewWriter(layerBuffer) + err = archive.WriteHeader(&tar.Header{ + Name: imageBinary, + Size: binInfo.Size(), + Mode: 0555, + ModTime: binInfo.ModTime(), + Typeflag: tar.TypeReg, + Uname: "root", + Gname: "root", + }) + if err != nil { + logrus.Errorf("error writing archive header: %v", err) + os.Exit(1) + } + _, err = io.Copy(archive, binary) + if err != nil { + logrus.Errorf("error archiving image binary: %v", err) + os.Exit(1) + } + archive.Close() + binary.Close() + layerInfo := types.BlobInfo{ + Digest: digest.Canonical.FromBytes(layerBuffer.Bytes()), + Size: int64(layerBuffer.Len()), + } + + ref, err := storage.Transport.ParseStoreReference(store, imageName) + if err != nil { + logrus.Errorf("error parsing image name: %v", err) + os.Exit(1) + } + img, err := ref.NewImageDestination(nil) + if err != nil { + logrus.Errorf("error preparing to write image: %v", err) + os.Exit(1) + } + defer img.Close() + layer, err := img.PutBlob(layerBuffer, layerInfo) + if err != nil { + logrus.Errorf("error preparing to write image: %v", err) + os.Exit(1) + } + config := &v1.Image{ + Architecture: runtime.GOARCH, + OS: runtime.GOOS, + Config: v1.ImageConfig{ + User: "root", + Entrypoint: []string{imageBinary}, + }, + RootFS: v1.RootFS{ + Type: "layers", + DiffIDs: []digest.Digest{ + layer.Digest, + }, + }, + } + cbytes, err := json.Marshal(config) + if err != nil { + logrus.Errorf("error encoding configuration: %v", err) + os.Exit(1) + } + configInfo := types.BlobInfo{ + Digest: digest.Canonical.FromBytes(cbytes), + Size: int64(len(cbytes)), + } + configInfo, err = img.PutBlob(bytes.NewBuffer(cbytes), configInfo) + if err != nil { + logrus.Errorf("error saving configuration: %v", err) + os.Exit(1) + } + manifest := &v1.Manifest{ + Versioned: specs.Versioned{ + SchemaVersion: 2, + }, + Config: v1.Descriptor{ + MediaType: v1.MediaTypeImageConfig, + Digest: configInfo.Digest, + Size: int64(len(cbytes)), + }, + Layers: []v1.Descriptor{{ + MediaType: v1.MediaTypeImageLayer, + Digest: layer.Digest, + Size: layer.Size, + }}, + } + mbytes, err := json.Marshal(manifest) + if err != nil { + logrus.Errorf("error encoding manifest: %v", err) + os.Exit(1) + } + err = img.PutManifest(mbytes) + if err != nil { + logrus.Errorf("error saving manifest: %v", err) + os.Exit(1) + } + err = img.Commit() + if err != nil { + logrus.Errorf("error committing image: %v", err) + os.Exit(1) + } + return nil + } + + if err := app.Run(os.Args); err != nil { + logrus.Fatal(err) + } +} diff --git a/test/checkseccomp/checkseccomp.go b/test/checkseccomp/checkseccomp.go new file mode 100644 index 000000000..ec7ee1020 --- /dev/null +++ b/test/checkseccomp/checkseccomp.go @@ -0,0 +1,18 @@ +package main + +import ( + "os" + + "golang.org/x/sys/unix" +) + +func main() { + // Check if Seccomp is supported, via CONFIG_SECCOMP. + if err := unix.Prctl(unix.PR_GET_SECCOMP, 0, 0, 0, 0); err != unix.EINVAL { + // Make sure the kernel has CONFIG_SECCOMP_FILTER. + if err := unix.Prctl(unix.PR_SET_SECCOMP, unix.SECCOMP_MODE_FILTER, 0, 0, 0); err != unix.EINVAL { + os.Exit(0) + } + } + os.Exit(1) +} diff --git a/test/copyimg/copyimg.go b/test/copyimg/copyimg.go new file mode 100644 index 000000000..f83f92766 --- /dev/null +++ b/test/copyimg/copyimg.go @@ -0,0 +1,202 @@ +package main + +import ( + "os" + + "github.com/containers/image/copy" + "github.com/containers/image/signature" + "github.com/containers/image/storage" + "github.com/containers/image/transports/alltransports" + "github.com/containers/image/types" + sstorage "github.com/containers/storage" + "github.com/containers/storage/pkg/reexec" + "github.com/sirupsen/logrus" + "github.com/urfave/cli" +) + +func main() { + if reexec.Init() { + return + } + + app := cli.NewApp() + app.Name = "copyimg" + app.Usage = "barebones image copier" + app.Version = "0.0.1" + + app.Flags = []cli.Flag{ + cli.BoolFlag{ + Name: "debug", + Usage: "turn on debug logging", + }, + cli.StringFlag{ + Name: "root", + Usage: "graph root directory", + }, + cli.StringFlag{ + Name: "runroot", + Usage: "run root directory", + }, + cli.StringFlag{ + Name: "storage-driver", + Usage: "storage driver", + }, + cli.StringSliceFlag{ + Name: "storage-opt", + Usage: "storage option", + }, + cli.StringFlag{ + Name: "signature-policy", + Usage: "signature policy", + }, + cli.StringFlag{ + Name: "image-name", + Usage: "set image name", + }, + cli.StringFlag{ + Name: "add-name", + Usage: "name to add to image", + }, + cli.StringFlag{ + Name: "import-from", + Usage: "import source", + }, + cli.StringFlag{ + Name: "export-to", + Usage: "export target", + }, + } + + app.Action = func(c *cli.Context) error { + var store sstorage.Store + var ref, importRef, exportRef types.ImageReference + var err error + + debug := c.GlobalBool("debug") + rootDir := c.GlobalString("root") + runrootDir := c.GlobalString("runroot") + storageDriver := c.GlobalString("storage-driver") + storageOptions := c.GlobalStringSlice("storage-opt") + signaturePolicy := c.GlobalString("signature-policy") + imageName := c.GlobalString("image-name") + addName := c.GlobalString("add-name") + importFrom := c.GlobalString("import-from") + exportTo := c.GlobalString("export-to") + + if debug { + logrus.SetLevel(logrus.DebugLevel) + } else { + logrus.SetLevel(logrus.ErrorLevel) + } + + if imageName != "" { + if rootDir == "" && runrootDir != "" { + logrus.Errorf("must set --root and --runroot, or neither") + os.Exit(1) + } + if rootDir != "" && runrootDir == "" { + logrus.Errorf("must set --root and --runroot, or neither") + os.Exit(1) + } + storeOptions := sstorage.DefaultStoreOptions + if rootDir != "" && runrootDir != "" { + storeOptions.GraphDriverName = storageDriver + storeOptions.GraphDriverOptions = storageOptions + storeOptions.GraphRoot = rootDir + storeOptions.RunRoot = runrootDir + } + store, err = sstorage.GetStore(storeOptions) + if err != nil { + logrus.Errorf("error opening storage: %v", err) + os.Exit(1) + } + defer func() { + _, _ = store.Shutdown(false) + }() + + storage.Transport.SetStore(store) + ref, err = storage.Transport.ParseStoreReference(store, imageName) + if err != nil { + logrus.Errorf("error parsing image name: %v", err) + os.Exit(1) + } + } + + systemContext := types.SystemContext{ + SignaturePolicyPath: signaturePolicy, + } + policy, err := signature.DefaultPolicy(&systemContext) + if err != nil { + logrus.Errorf("error loading signature policy: %v", err) + os.Exit(1) + } + policyContext, err := signature.NewPolicyContext(policy) + if err != nil { + logrus.Errorf("error loading signature policy: %v", err) + os.Exit(1) + } + defer func() { + _ = policyContext.Destroy() + }() + options := ©.Options{} + + if importFrom != "" { + importRef, err = alltransports.ParseImageName(importFrom) + if err != nil { + logrus.Errorf("error parsing image name %v: %v", importFrom, err) + os.Exit(1) + } + } + + if exportTo != "" { + exportRef, err = alltransports.ParseImageName(exportTo) + if err != nil { + logrus.Errorf("error parsing image name %v: %v", exportTo, err) + os.Exit(1) + } + } + + if imageName != "" { + if importFrom != "" { + err = copy.Image(policyContext, ref, importRef, options) + if err != nil { + logrus.Errorf("error importing %s: %v", importFrom, err) + os.Exit(1) + } + } + if addName != "" { + destImage, err1 := storage.Transport.GetStoreImage(store, ref) + if err1 != nil { + logrus.Errorf("error finding image: %v", err1) + os.Exit(1) + } + names := append(destImage.Names, imageName, addName) + err = store.SetNames(destImage.ID, names) + if err != nil { + logrus.Errorf("error adding name to %s: %v", imageName, err) + os.Exit(1) + } + } + if exportTo != "" { + err = copy.Image(policyContext, exportRef, ref, options) + if err != nil { + logrus.Errorf("error exporting %s: %v", exportTo, err) + os.Exit(1) + } + } + } else { + if importFrom != "" && exportTo != "" { + err = copy.Image(policyContext, exportRef, importRef, options) + if err != nil { + logrus.Errorf("error copying %s to %s: %v", importFrom, exportTo, err) + os.Exit(1) + } + } + } + return nil + } + + if err := app.Run(os.Args); err != nil { + logrus.Fatal(err) + } +} diff --git a/test/helpers.bash b/test/helpers.bash new file mode 100644 index 000000000..428336268 --- /dev/null +++ b/test/helpers.bash @@ -0,0 +1,333 @@ +#!/bin/bash + +# Root directory of integration tests. +INTEGRATION_ROOT=$(dirname "$(readlink -f "$BASH_SOURCE")") + +# Test data path. +TESTDATA="${INTEGRATION_ROOT}/testdata" + +# Root directory of the repository. +CRIO_ROOT=${CRIO_ROOT:-$(cd "$INTEGRATION_ROOT/../.."; pwd -P)} + +KPOD_BINARY=${KPOD_BINARY:-${CRIO_ROOT}/libpod/bin/kpod} +# Path of the conmon binary. +CONMON_BINARY=${CONMON_BINARY:-${CRIO_ROOT}/libpod/bin/conmon} +# Path of the default seccomp profile. +SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/libpod/seccomp.json} +# Name of the default apparmor profile. +APPARMOR_PROFILE=${APPARMOR_PROFILE:-crio-default} +# Runtime +RUNTIME=${RUNTIME:-runc} +RUNTIME_PATH=$(command -v $RUNTIME || true) +RUNTIME_BINARY=${RUNTIME_PATH:-/usr/local/sbin/runc} +# Path of the apparmor_parser binary. +APPARMOR_PARSER_BINARY=${APPARMOR_PARSER_BINARY:-/sbin/apparmor_parser} +# Path of the apparmor profile for test. +APPARMOR_TEST_PROFILE_PATH=${APPARMOR_TEST_PROFILE_PATH:-${TESTDATA}/apparmor_test_deny_write} +# Path of the apparmor profile for unloading crio-default. +FAKE_CRIO_DEFAULT_PROFILE_PATH=${FAKE_CRIO_DEFAULT_PROFILE_PATH:-${TESTDATA}/fake_crio_default} +# Name of the apparmor profile for test. +APPARMOR_TEST_PROFILE_NAME=${APPARMOR_TEST_PROFILE_NAME:-apparmor-test-deny-write} +# Path of boot config. +BOOT_CONFIG_FILE_PATH=${BOOT_CONFIG_FILE_PATH:-/boot/config-`uname -r`} +# Path of apparmor parameters file. +APPARMOR_PARAMETERS_FILE_PATH=${APPARMOR_PARAMETERS_FILE_PATH:-/sys/module/apparmor/parameters/enabled} +# Path of the bin2img binary. +BIN2IMG_BINARY=${BIN2IMG_BINARY:-${CRIO_ROOT}/libpod/test/bin2img/bin2img} +# Path of the copyimg binary. +COPYIMG_BINARY=${COPYIMG_BINARY:-${CRIO_ROOT}/libpod/test/copyimg/copyimg} +# Path of tests artifacts. +ARTIFACTS_PATH=${ARTIFACTS_PATH:-${CRIO_ROOT}/libpod/.artifacts} +# Path of the checkseccomp binary. +CHECKSECCOMP_BINARY=${CHECKSECCOMP_BINARY:-${CRIO_ROOT}/libpod/test/checkseccomp/checkseccomp} +# XXX: This is hardcoded inside cri-o at the moment. +DEFAULT_LOG_PATH=/var/log/crio/pods +# Cgroup manager to be used +CGROUP_MANAGER=${CGROUP_MANAGER:-cgroupfs} +# Image volumes handling +IMAGE_VOLUMES=${IMAGE_VOLUMES:-mkdir} +# Container pids limit +PIDS_LIMIT=${PIDS_LIMIT:-1024} +# Log size max limit +LOG_SIZE_MAX_LIMIT=${LOG_SIZE_MAX_LIMIT:--1} + +TESTDIR=$(mktemp -d) + +# kpod pull needs a configuration file for shortname pulls +export REGISTRIES_CONFIG_PATH="$INTEGRATION_ROOT/registries.conf" + +# Setup default hooks dir +HOOKSDIR=$TESTDIR/hooks +mkdir ${HOOKSDIR} +HOOKS_OPTS="--hooks-dir-path=$HOOKSDIR" + +# Setup default secrets mounts +MOUNT_PATH="$TESTDIR/secrets" +mkdir ${MOUNT_PATH} +MOUNT_FILE="${MOUNT_PATH}/test.txt" +touch ${MOUNT_FILE} +echo "Testing secrets mounts!" > ${MOUNT_FILE} + +DEFAULT_MOUNTS_OPTS="--default-mounts=${MOUNT_PATH}:/container/path1" + +# We may need to set some default storage options. +case "$(stat -f -c %T ${TESTDIR})" in + aufs) + # None of device mapper, overlay, or aufs can be used dependably over aufs, and of course btrfs and zfs can't, + # and we have to explicitly specify the "vfs" driver in order to use it, so do that now. + STORAGE_OPTIONS=${STORAGE_OPTIONS:---storage-driver vfs} + ;; +esac + +if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then + . /etc/selinux/config + filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts) + chcon -R ${filelabel} $TESTDIR +fi +CRIO_CONFIG="$TESTDIR/crio.conf" +CRIO_CNI_CONFIG="$TESTDIR/cni/net.d/" +CRIO_CNI_PLUGIN=${CRIO_CNI_PLUGIN:-/opt/cni/bin/} +POD_CIDR="10.88.0.0/16" +POD_CIDR_MASK="10.88.*.*" + +KPOD_OPTIONS="--root $TESTDIR/crio $STORAGE_OPTIONS --runroot $TESTDIR/crio-run --runtime ${RUNTIME_BINARY}" + +cp "$CONMON_BINARY" "$TESTDIR/conmon" + +PATH=$PATH:$TESTDIR + +# Make sure we have a copy of the redis:alpine image. +if ! [ -d "$ARTIFACTS_PATH"/redis-image ]; then + mkdir -p "$ARTIFACTS_PATH"/redis-image + if ! "$COPYIMG_BINARY" --import-from=docker://redis:alpine --export-to=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://redis" + rm -fr "$ARTIFACTS_PATH"/redis-image + exit 1 + fi +fi + +# TODO: remove the code below for pulling redis:alpine using a canonical reference once +# https://github.com/kubernetes-incubator/cri-o/issues/531 is complete and we can +# pull the image using a tagged reference and then subsequently find the image without +# having to explicitly record the canonical reference as one of the image's names +if ! [ -d "$ARTIFACTS_PATH"/redis-image-digest ]; then + mkdir -p "$ARTIFACTS_PATH"/redis-image-digest + if ! "$COPYIMG_BINARY" --import-from=docker://redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b --export-to=dir:"$ARTIFACTS_PATH"/redis-image-digest --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b" + rm -fr "$ARTIFACTS_PATH"/redis-image-digest + exit 1 + fi +fi + +# Make sure we have a copy of the runcom/stderr-test image. +if ! [ -d "$ARTIFACTS_PATH"/stderr-test ]; then + mkdir -p "$ARTIFACTS_PATH"/stderr-test + if ! "$COPYIMG_BINARY" --import-from=docker://runcom/stderr-test:latest --export-to=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://stderr-test" + rm -fr "$ARTIFACTS_PATH"/stderr-test + exit 1 + fi +fi + +# Make sure we have a copy of the busybox:latest image. +if ! [ -d "$ARTIFACTS_PATH"/busybox-image ]; then + mkdir -p "$ARTIFACTS_PATH"/busybox-image + if ! "$COPYIMG_BINARY" --import-from=docker://busybox --export-to=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://busybox" + rm -fr "$ARTIFACTS_PATH"/busybox-image + exit 1 + fi +fi + +# Make sure we have a copy of the mrunalp/oom:latest image. +if ! [ -d "$ARTIFACTS_PATH"/oom-image ]; then + mkdir -p "$ARTIFACTS_PATH"/oom-image + if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/oom --export-to=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://mrunalp/oom" + rm -fr "$ARTIFACTS_PATH"/oom-image + exit 1 + fi +fi + +# Make sure we have a copy of the mrunalp/image-volume-test:latest image. +if ! [ -d "$ARTIFACTS_PATH"/image-volume-test-image ]; then + mkdir -p "$ARTIFACTS_PATH"/image-volume-test-image + if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/image-volume-test --export-to=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then + echo "Error pulling docker://mrunalp/image-volume-test-image" + rm -fr "$ARTIFACTS_PATH"/image-volume-test-image + exit 1 + fi +fi + +# Communicate with Docker on the host machine. +# Should rarely use this. +function docker_host() { + command docker "$@" +} + +# Retry a command $1 times until it succeeds. Wait $2 seconds between retries. +function retry() { + local attempts=$1 + shift + local delay=$1 + shift + local i + + for ((i=0; i < attempts; i++)); do + run "$@" + if [[ "$status" -eq 0 ]] ; then + return 0 + fi + sleep $delay + done + + echo "Command \"$@\" failed $attempts times. Output: $output" + false +} + +# Waits until the given crio becomes reachable. +function wait_until_reachable() { + retry 15 1 crictl status +} + +function cleanup_test() { + rm -rf "$TESTDIR" +} + + +function load_apparmor_profile() { + "$APPARMOR_PARSER_BINARY" -r "$1" +} + +function remove_apparmor_profile() { + "$APPARMOR_PARSER_BINARY" -R "$1" +} + +function is_seccomp_enabled() { + if ! "$CHECKSECCOMP_BINARY" ; then + echo 0 + return + fi + echo 1 +} + +function is_apparmor_enabled() { + if [[ -f "$APPARMOR_PARAMETERS_FILE_PATH" ]]; then + out=$(cat "$APPARMOR_PARAMETERS_FILE_PATH") + if [[ "$out" =~ "Y" ]]; then + echo 1 + return + fi + fi + echo 0 +} + +function prepare_network_conf() { + mkdir -p $CRIO_CNI_CONFIG + cat >$CRIO_CNI_CONFIG/10-crio.conf <<-EOF +{ + "cniVersion": "0.2.0", + "name": "crionet", + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "$1", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } +} +EOF + + cat >$CRIO_CNI_CONFIG/99-loopback.conf <<-EOF +{ + "cniVersion": "0.2.0", + "type": "loopback" +} +EOF + + echo 0 +} + +function prepare_plugin_test_args_network_conf() { + mkdir -p $CRIO_CNI_CONFIG + cat >$CRIO_CNI_CONFIG/10-plugin-test-args.conf <<-EOF +{ + "cniVersion": "0.2.0", + "name": "crionet_test_args", + "type": "bridge-custom", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "$1", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } +} +EOF + + echo 0 +} + +function check_pod_cidr() { + run crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 + echo "$output" + [ "$status" -eq 0 ] + [[ "$output" =~ $POD_CIDR_MASK ]] +} + +function parse_pod_ip() { + for arg + do + cidr=`echo "$arg" | grep $POD_CIDR_MASK` + if [ "$cidr" == "$arg" ] + then + echo `echo "$arg" | sed "s/\/[0-9][0-9]//"` + fi + done +} + +function get_host_ip() { + gateway_dev=`ip -o route show default 0.0.0.0/0 | sed 's/.*dev \([^[:space:]]*\).*/\1/'` + [ "$gateway_dev" ] + host_ip=`ip -o -4 addr show dev $gateway_dev scope global | sed 's/.*inet \([0-9.]*\).*/\1/'` +} + +function ping_pod() { + inet=`crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 | grep inet` + + IFS=" " + ip=`parse_pod_ip $inet` + + ping -W 1 -c 5 $ip + + echo $? +} + +function ping_pod_from_pod() { + inet=`crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 | grep inet` + + IFS=" " + ip=`parse_pod_ip $inet` + + run crioctl ctr execsync --id $2 ping -W 1 -c 2 $ip + echo "$output" + [ "$status" -eq 0 ] +} + + +function cleanup_network_conf() { + rm -rf $CRIO_CNI_CONFIG + + echo 0 +} + +function temp_sandbox_conf() { + sed -e s/\"namespace\":.*/\"namespace\":\ \"$1\",/g "$TESTDATA"/sandbox_config.json > $TESTDIR/sandbox_config_$1.json +} diff --git a/test/hooks/checkhook.json b/test/hooks/checkhook.json new file mode 100644 index 000000000..50ff23727 --- /dev/null +++ b/test/hooks/checkhook.json @@ -0,0 +1,5 @@ +{ + "cmd" : [".*"], + "hook" : "HOOKSDIR/checkhook.sh", + "stage" : [ "prestart" ] +} diff --git a/test/hooks/checkhook.sh b/test/hooks/checkhook.sh new file mode 100755 index 000000000..8b755cb40 --- /dev/null +++ b/test/hooks/checkhook.sh @@ -0,0 +1,4 @@ +#!/bin/sh +echo $@ >> /run/hookscheck +read line +echo $line >> /run/hookscheck diff --git a/test/kpod_diff.bats b/test/kpod_diff.bats new file mode 100644 index 000000000..53a94d01e --- /dev/null +++ b/test/kpod_diff.bats @@ -0,0 +1,40 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "test diff of image and parent" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS diff $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "test diff on non-existent layer" { + run ${KPOD_BINARY} $KPOD_OPTIONS diff "abc123" + echo "$output" + [ "$status" -ne 0 ] +} + +@test "test diff with json output" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + # run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} diff --format json $IMAGE | python -m json.tool" + run ${KPOD_BINARY} $KPOD_OPTIONS diff --format json $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_export.bats b/test/kpod_export.bats new file mode 100644 index 000000000..a3e58c498 --- /dev/null +++ b/test/kpod_export.bats @@ -0,0 +1,32 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +function teardown() { + cleanup_test +} + +@test "kpod export output flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} export -o container.tar "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio + rm -f container.tar +} diff --git a/test/kpod_history.bats b/test/kpod_history.bats new file mode 100644 index 000000000..aa89cfe65 --- /dev/null +++ b/test/kpod_history.bats @@ -0,0 +1,80 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod history default" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} history $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod history with Go template format" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} history --format "{{.ID}} {{.Created}}" $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod history human flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} history --human=false $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod history quiet flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} history -q $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod history no-trunc flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} history --no-trunc $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod history json flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} history --format json $IMAGE | python -m json.tool" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_images.bats b/test/kpod_images.bats new file mode 100644 index 000000000..0448d61b2 --- /dev/null +++ b/test/kpod_images.bats @@ -0,0 +1,47 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="debian:6.0.10" + +function teardown() { + cleanup_test +} + +@test "kpod images" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} images + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod images test valid json" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} images --format json + echo "$output" | python -m json.tool + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod images check name json output" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} images --format json + echo "$output" + [ "$status" -eq 0 ] + name=$(echo $output | python -c 'import sys; import json; print(json.loads(sys.stdin.read())[0])["names"][0]') + [ "$name" = "docker.io/library/${IMAGE}" ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_inspect.bats b/test/kpod_inspect.bats new file mode 100644 index 000000000..ca4b7c8eb --- /dev/null +++ b/test/kpod_inspect.bats @@ -0,0 +1,58 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +function teardown() { + cleanup_test +} + +@test "kpod inspect image" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} $KPOD_OPTIONS inspect ${IMAGE} | python -m json.tool" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} + + +@test "kpod inspect non-existent container" { + run ${KPOD_BINARY} $KPOD_OPTIONS inspect 14rcole/non-existent + echo "$output" + [ "$status" -ne 0 ] +} + +@test "kpod inspect with format" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS inspect --format {{.ID}} ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + inspectOutput="$output" + run ${KPOD_BINARY} $KPOD_OPTIONS images --no-trunc --quiet ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + [ "$output" = "$inspectOutput" ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod inspect specified type" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} $KPOD_OPTIONS inspect --type image ${IMAGE} | python -m json.tool" + echo "$output" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi ${IMAGE} + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_kill.bats b/test/kpod_kill.bats new file mode 100644 index 000000000..15eaef924 --- /dev/null +++ b/test/kpod_kill.bats @@ -0,0 +1,87 @@ +#!/usr/bin/env bats + +load helpers + +function teardown() { + cleanup_test +} + +function start_sleep_container () { + pod_id=$(crioctl pod run --config "$TESTDATA"/sandbox_config.json) + ctr_id=$(crioctl ctr create --config "$TESTDATA"/container_config_sleep.json --pod "$pod_id") + crioctl ctr start --id "$ctr_id" +} + +@test "kill a bogus container" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} kill foobar + echo "$output" + [ "$status" -ne 0 ] +} + +@test "kill a running container by id" { + skip "Test needs to be converted to kpod run" + start_crio + ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + ctr_id=$( start_sleep_container ) + crioctl ctr status --id "$ctr_id" + ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a + ${KPOD_BINARY} ${KPOD_OPTIONS} logs "$ctr_id" + crioctl ctr status --id "$ctr_id" + run ${KPOD_BINARY} ${KPOD_OPTIONS} kill "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kill a running container by id with TERM" { + skip "Test needs to be converted to kpod run" + start_crio + ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + ctr_id=$( start_sleep_container ) + crioctl ctr status --id "$ctr_id" + ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a + ${KPOD_BINARY} ${KPOD_OPTIONS} logs "$ctr_id" + crioctl ctr status --id "$ctr_id" + run ${KPOD_BINARY} ${KPOD_OPTIONS} kill -s TERM "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kill a running container by name" { + skip "Test needs to be converted to kpod run" + start_crio + ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + ctr_id=$( start_sleep_container ) + crioctl ctr status --id "$ctr_id" + ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a + ${KPOD_BINARY} ${KPOD_OPTIONS} logs "$ctr_id" + crioctl ctr status --id "$ctr_id" + ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a + run ${KPOD_BINARY} ${KPOD_OPTIONS} kill "k8s_container999_podsandbox1_redhat.test.crio_redhat-test-crio_1" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kill a running container by id with a bogus signal" { + skip "Test needs to be converted to kpod run" + start_crio + ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + ctr_id=$( start_sleep_container ) + crioctl ctr status --id "$ctr_id" + ${KPOD_BINARY} ${KPOD_OPTIONS} logs "$ctr_id" + crioctl ctr status --id "$ctr_id" + run ${KPOD_BINARY} ${KPOD_OPTIONS} kill -s foobar "$ctr_id" + echo "$output" + [ "$status" -ne 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_load.bats b/test/kpod_load.bats new file mode 100644 index 000000000..e3896b2ae --- /dev/null +++ b/test/kpod_load.bats @@ -0,0 +1,84 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod load input flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} load -i alpine.tar + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod load oci-archive image" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} load -i alpine.tar + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] +} + +@test "kpod load oci-archive image with signature-policy" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] + cp /etc/containers/policy.json /tmp + run ${KPOD_BINARY} ${KPOD_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar + echo "$output" + [ "$status" -eq 0 ] + rm -f /tmp/policy.json + rm -f alpine.tar + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] +} + +@test "kpod load using quiet flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} load -q -i alpine.tar + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + [ "$status" -eq 0 ] +} + +@test "kpod load non-existent file" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} load -i alpine.tar + echo "$output" + [ "$status" -ne 0 ] +} diff --git a/test/kpod_logs.bats b/test/kpod_logs.bats new file mode 100644 index 000000000..a2d74605d --- /dev/null +++ b/test/kpod_logs.bats @@ -0,0 +1,77 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "display logs for container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS logs "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "tail three lines of logs for container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS logs --tail 3 $ctr_id + echo "$output" + lines=$(echo "$output" | wc -l) + [ "$status" -eq 0 ] + [[ $(wc -l < "$output" ) -le 3 ]] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "display logs for container since a given time" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS logs --since 2017-08-07T10:10:09.056611202-04:00 $ctr_id + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_mount.bats b/test/kpod_mount.bats new file mode 100644 index 000000000..446ec1d8d --- /dev/null +++ b/test/kpod_mount.bats @@ -0,0 +1,49 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +function teardown() { + cleanup_test +} + +@test "mount" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} mount $ctr_id + echo "$output" + echo ${KPOD_BINARY} ${KPOD_OPTIONS} mount $ctr_id + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} mount --notruncate | grep $ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unmount $ctr_id + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} mount $ctr_id + echo "$output" + [ "$status" -eq 0 ] + root="$output" + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} mount --format=json | python -m json.tool | grep $ctr_id" + echo "$output" + [ "$status" -eq 0 ] + touch $root/foobar + run ${KPOD_BINARY} ${KPOD_OPTIONS} unmount $ctr_id + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_pause.bats b/test/kpod_pause.bats new file mode 100644 index 000000000..c756c6785 --- /dev/null +++ b/test/kpod_pause.bats @@ -0,0 +1,174 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +function teardown() { + cleanup_test +} + +@test "pause a bogus container" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause foobar + echo "$output" + [ "$status" -eq 1 ] +} + +@test "unpause a bogus container" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause foobar + echo "$output" + [ "$status" -eq 1 ] +} + +@test "pause a created container by id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter id="$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "pause a running container by id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause "$id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause "$id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter id="$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "pause a running container by name" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause "k8s_podsandbox1-redis_podsandbox1_redhat.test.crio_redhat-test-crio_0" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause "k8s_podsandbox1-redis_podsandbox1_redhat.test.crio_redhat-test-crio_0" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter id="k8s_podsandbox1-redis_podsandbox1_redhat.test.crio_redhat-test-crio_0" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "remove a paused container by id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + id="$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause "$id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rm "$id" + echo "$output" + [ "$status" -eq 1 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rm --force "$id" + echo "$output" + [ "$status" -eq 1 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause "$id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} stop "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rm "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "stop a paused container created by id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} pause "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} stop "$ctr_id" + echo "$output" + [ "$status" -eq 1 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} unpause "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter id="$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} diff --git a/test/kpod_ps.bats b/test/kpod_ps.bats new file mode 100644 index 000000000..12f13fe5b --- /dev/null +++ b/test/kpod_ps.bats @@ -0,0 +1,327 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +@test "kpod ps with no containers" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod ps default" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps all flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps --all + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps size flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a -s + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --size + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps quiet flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a -q + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --quiet + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps latest flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps --latest + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -l + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps last flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps --last 2 + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -n 2 + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps no-trunc flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --no-trunc + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps namespace flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --ns + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps --all --namespace + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps namespace flag and format flag = json" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --ns --format json | python -m json.tool | grep namespace" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps without namespace flag and format flag = json" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --format json | python -m json.tool | grep namespace" + echo "$output" + [ "$status" -eq 1 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps format flag = go template" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --format "table {{.ID}} {{.Image}} {{.Labels}}" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps filter flag - ancestor" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter ancestor=${IMAGE} + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps filter flag - id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter id="$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "kpod ps filter flag - status" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl image pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} ps -a --filter status=running + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_pull.bats b/test/kpod_pull.bats new file mode 100644 index 000000000..c12c62413 --- /dev/null +++ b/test/kpod_pull.bats @@ -0,0 +1,138 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod pull from docker with tag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull debian:6.0.10 + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi debian:6.0.10 + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from docker without tag" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull debian + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi debian + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from a non-docker registry with tag" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull registry.fedoraproject.org/fedora:rawhide + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi registry.fedoraproject.org/fedora:rawhide + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from a non-docker registry without tag" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull registry.fedoraproject.org/fedora + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi registry.fedoraproject.org/fedora + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull using digest" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull alpine@sha256:1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi alpine:latest + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from a non existent image" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull umohnani/get-started + echo "$output" + [ "$status" -ne 0 ] +} + +@test "kpod pull from docker with shortname" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull debian + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi docker.io/debian:latest + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from docker with shortname and tag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull debian:6.0.10 + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi docker.io/debian:6.0.10 + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod pull from docker-archive" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alp.tar alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker-archive:alp.tar + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi alpine + echo "$output" + [ "$status" -eq 0 ] + rm -f alp.tar +} + +@test "kpod pull from oci-archive" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save --format oci-archive -o oci-alp.tar alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull oci-archive:oci-alp.tar + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi alpine + echo "$output" + [ "$status" -eq 0 ] + rm -f oci-alp.tar +} + +@test "kpod pull from local directory" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull alpine + echo "$output" + [ "$status" -eq 0 ] + run mkdir test_pull_dir + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} push alpine dir:test_pull_dir + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi alpine + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull dir:test_pull_dir + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi test_pull_dir + echo "$output" + [ "$status" -eq 0 ] + rm -rf test_pull_dir +} diff --git a/test/kpod_push.bats b/test/kpod_push.bats new file mode 100644 index 000000000..e8fe4fdbc --- /dev/null +++ b/test/kpod_push.bats @@ -0,0 +1,90 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod push to containers/storage" { + echo # Pull down the image: it gets the name $IMAGE. + run ${KPOD_BINARY} $KPOD_OPTIONS --log-level=debug pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + echo # Push the image right back into storage: it now has two names. + run ${KPOD_BINARY} $KPOD_OPTIONS --log-level=debug push "$IMAGE" containers-storage:busybox:test + echo "$output" + [ "$status" -eq 0 ] + echo # Try to remove it using the first name. Should be refused. + run ${KPOD_BINARY} $KPOD_OPTIONS --log-level=debug rmi "$IMAGE" + echo "$output" + [ "$status" -ne 0 ] + echo # Try to remove it using the second name. Should also be refused. + run ${KPOD_BINARY} $KPOD_OPTIONS --log-level=debug rmi busybox:test + echo "$output" + [ "$status" -ne 0 ] + echo # Force removal despite having multiple names. Should succeed. + run ${KPOD_BINARY} $KPOD_OPTIONS --log-level=debug rmi -f busybox:test + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod push to directory" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run mkdir /tmp/busybox + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS push "$IMAGE" dir:/tmp/busybox + echo "$output" + [ "$status" -eq 0 ] + rm -rf /tmp/busybox + run ${KPOD_BINARY} $KPOD_OPTIONS rmi "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod push to docker archive" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS push "$IMAGE" docker-archive:/tmp/busybox-archive:1.26 + echo "$output" + [ "$status" -eq 0 ] + rm /tmp/busybox-archive + run ${KPOD_BINARY} $KPOD_OPTIONS rmi "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod push to oci-archive without compression" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS push "$IMAGE" oci-archive:/tmp/oci-busybox.tar:alpine + echo "$output" + [ "$status" -eq 0 ] + rm -f /tmp/oci-busybox.tar + run ${KPOD_BINARY} $KPOD_OPTIONS rmi "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] +} + +@test "kpod push without signatures" { + run ${KPOD_BINARY} $KPOD_OPTIONS pull "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] + run mkdir /tmp/busybox + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS push --remove-signatures "$IMAGE" dir:/tmp/busybox + echo "$output" + [ "$status" -eq 0 ] + rm -rf /tmp/busybox + run ${KPOD_BINARY} $KPOD_OPTIONS rmi "$IMAGE" + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_rename.bats b/test/kpod_rename.bats new file mode 100644 index 000000000..63b723ae2 --- /dev/null +++ b/test/kpod_rename.bats @@ -0,0 +1,34 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +function teardown() { + cleanup_test +} + +@test "kpod rename successful" { + skip "Test needs to be converted to kpod run" + start_crio + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + pod_id="$output" + [ "$status" -eq 0 ] + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + ctr_id="$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rename "$ctr_id" "$NEW_NAME" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS inspect "$ctr_id" --format {{.Name}} + echo "$output" + [ "$status" -eq 0 ] + [ "$output" == "$NEW_NAME" ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_rm.bats b/test/kpod_rm.bats new file mode 100644 index 000000000..30a8a9ab0 --- /dev/null +++ b/test/kpod_rm.bats @@ -0,0 +1,94 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "remove a stopped container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run crioctl ctr stop --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rm "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "refuse to remove a running container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rm "$ctr_id" + echo "$output" + [ "$status" -ne 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "remove a created container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} $KPOD_OPTIONS rm -f "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "remove a running container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rm -f "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} diff --git a/test/kpod_save.bats b/test/kpod_save.bats new file mode 100644 index 000000000..d8c581a5c --- /dev/null +++ b/test/kpod_save.bats @@ -0,0 +1,65 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod save output flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar +} + +@test "kpod save oci flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + [ "$status" -eq 0 ] + rm -f alpine.tar +} + +@test "kpod save using stdout" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save > alpine.tar $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar +} + +@test "kpod save quiet flag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -q -o alpine.tar $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi $IMAGE + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar +} + +@test "kpod save non-existent image" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar $IMAGE + echo "$output" + [ "$status" -ne 0 ] +} diff --git a/test/kpod_stats.bats b/test/kpod_stats.bats new file mode 100644 index 000000000..94215a15c --- /dev/null +++ b/test/kpod_stats.bats @@ -0,0 +1,109 @@ +#!/usr/bin/env bats + +load helpers + +function teardown() { + cleanup_test +} + +@test "stats single output" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} stats --no-stream "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "stats does not output stopped container" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} stats --no-stream + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "stats outputs stopped container with all flag" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run ${KPOD_BINARY} ${KPOD_OPTIONS} stats --no-stream --all + echo "$output" + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "stats output only id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} stats --no-stream --format {{.ID}} "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + # once ps is implemented, run ps -q and see if that equals the output from above + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "stats streaming output" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run timeout 5s bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} stats --all" + echo "$output" + [ "$status" -eq 124 ] #124 is the status set by timeout when it has to kill the command at the end of the given time + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/kpod_stop.bats b/test/kpod_stop.bats new file mode 100644 index 000000000..2dbe404b2 --- /dev/null +++ b/test/kpod_stop.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats + +load helpers + +function teardown() { + cleanup_test +} + +@test "stop a bogus container" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} stop foobar + echo "$output" + [ "$status" -eq 1 ] +} + +@test "stop a running container by id" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + echo "$output" + id="$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} stop "$id" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} + +@test "stop a running container by name" { + skip "Test needs to be converted to kpod run" + start_crio + run crioctl pod run --config "$TESTDATA"/sandbox_config.json + echo "$output" + [ "$status" -eq 0 ] + pod_id="$output" + run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_id="$output" + run crioctl ctr start --id "$ctr_id" + [ "$status" -eq 0 ] + run crioctl ctr inspect --id "$ctr_id" + echo "$output" + [ "$status" -eq 0 ] + ctr_name=$(python -c 'import json; import sys; print json.load(sys.stdin)["crio_annotations"]["io.kubernetes.cri-o.Name"]' <<< "$output") + echo container name is \""$ctr_name"\" + run ${KPOD_BINARY} ${KPOD_OPTIONS} stop "$ctr_name" + echo "$output" + [ "$status" -eq 0 ] + cleanup_pods + stop_crio +} diff --git a/test/kpod_tag.bats b/test/kpod_tag.bats new file mode 100644 index 000000000..93109db52 --- /dev/null +++ b/test/kpod_tag.bats @@ -0,0 +1,50 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="alpine:latest" + +function teardown() { + cleanup_test +} + +@test "kpod tag with shortname:latest" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} tag $IMAGE foobar:latest + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} inspect foobar:latest + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi --force foobar:latest + [ "$status" -eq 0 ] +} + +@test "kpod tag with shortname" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} tag $IMAGE foobar + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} inspect foobar:latest + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi --force foobar:latest + [ "$status" -eq 0 ] +} + +@test "kpod tag with shortname:tag" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} tag $IMAGE foobar:v + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} inspect foobar:v + echo "$output" + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} rmi --force foobar:v + [ "$status" -eq 0 ] +} diff --git a/test/kpod_version.bats b/test/kpod_version.bats new file mode 100644 index 000000000..e6c062b80 --- /dev/null +++ b/test/kpod_version.bats @@ -0,0 +1,13 @@ +#!/usr/bin/env bats + +load helpers + +function teardown() { + cleanup_test +} + +@test "kpod version test" { + run ${KPOD_BINARY} version + echo "$output" + [ "$status" -eq 0 ] +} diff --git a/test/kpod_wait.bats b/test/kpod_wait.bats new file mode 100644 index 000000000..8d11e634d --- /dev/null +++ b/test/kpod_wait.bats @@ -0,0 +1,72 @@ +#!/usr/bin/env bats + +load helpers + +IMAGE="redis:alpine" + +# Returns the POD ID +function pod_run_from_template(){ + #1=name, 2=uid, 3=namespace) { + NAME=$1 CUID=$2 NAMESPACE=$3 envsubst < ${TESTDATA}/template_sandbox_config.json > ${TESTDIR}/pod-${1}.json + crioctl pod run --config ${TESTDIR}/pod-${1}.json +} + +# Returns the container ID +function container_create_from_template() { + #1=name, 2=image, 3=command, 4=id) { + NAME=$1 IMAGE=$2 COMMAND=$3 envsubst < ${TESTDATA}/template_container_config.json > ${TESTDIR}/ctr-${1}.json + crioctl ctr create --config ${TESTDIR}/ctr-${1}.json --pod "$4" +} + +function container_start() { + #1=id + crioctl ctr start --id "$1" + +} +@test "wait on a bogus container" { + skip "Needs to be converted to kpod run" + start_crio + run ${KPOD_BINARY} ${KPOD_OPTIONS} wait 12343 + echo $output + [ "$status" -eq 1 ] + stop_crio +} + +@test "wait on a stopped container" { + skip "Needs to be converted to kpod run" + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + echo $output + [ "$status" -eq 0 ] + start_crio + pod_id=$( pod_run_from_template "test" "test" "test1-1" ) + echo $pod_id + ctr_id=$(container_create_from_template "test-CTR" "docker.io/library/busybox:latest" '["ls"]' "${pod_id}") + echo $ctr_id + container_start $ctr_id + run ${KPOD_BINARY} ${KPOD_OPTIONS} wait $ctr_id + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} + +@test "wait on a sleeping container" { + skip "Needs to be converted to kpod run" + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull docker.io/library/busybox:latest + echo $output + [ "$status" -eq 0 ] + start_crio + pod_id=$( pod_run_from_template "test" "test" "test1-1" ) + echo $pod_id + ctr_id=$(container_create_from_template "test-CTR" "docker.io/library/busybox:latest" '["sleep", "5"]' "${pod_id}") + echo $ctr_id + run container_start $ctr_id + echo $output + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} wait $ctr_id + echo $output + [ "$status" -eq 0 ] + cleanup_ctrs + cleanup_pods + stop_crio +} diff --git a/test/policy.json b/test/policy.json new file mode 100644 index 000000000..ddc46e1a6 --- /dev/null +++ b/test/policy.json @@ -0,0 +1,23 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": { + "docker": { + "docker.io/library/hello-world": [ + { + "type": "reject" + } + ], + "registry.access.redhat.com": [ + { + "keyType": "GPGKeys", + "type": "signedBy", + "keyData": "VGhlIGZvbGxvd2luZyBwdWJsaWMga2V5IGNhbiBiZSB1c2VkIHRvIHZlcmlmeSBSUE0gcGFja2FnZXMgYnVpbHQgYW5kCnNpZ25lZCBieSBSZWQgSGF0LCBJbmMuICBUaGlzIGtleSBpcyB1c2VkIGZvciBwYWNrYWdlcyBpbiBSZWQgSGF0CnByb2R1Y3RzIHNoaXBwZWQgYWZ0ZXIgTm92ZW1iZXIgMjAwOSwgYW5kIGZvciBhbGwgdXBkYXRlcyB0byB0aG9zZQpwcm9kdWN0cy4KClF1ZXN0aW9ucyBhYm91dCB0aGlzIGtleSBzaG91bGQgYmUgc2VudCB0byBzZWN1cml0eUByZWRoYXQuY29tLgoKcHViICA0MDk2Ui9GRDQzMUQ1MSAyMDA5LTEwLTIyIFJlZCBIYXQsIEluYy4gKHJlbGVhc2Uga2V5IDIpIDxzZWN1cml0eUByZWRoYXQuY29tPgoKLS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tClZlcnNpb246IEdudVBHIHYxLjIuNiAoR05VL0xpbnV4KQoKbVFJTkJFcmdTVHNCRUFDaDJBNGIwTzl0K3Z6QzlWclZ0TDFBS3ZVV2k5T1BDamt2UjdYZDhEdEp4ZWVNWjVlRgowSHR6SUc1OHFEUnlid1VlODlGWnByQjFmZnVVS3pkRStIY0wzRmJOV1NTT1hWalpJZXJzZFh5SDNOdm5MTExGCjBETlJCMml4M2JYRzlSaC9SWHBGc054RHAyQ0VNZFV2YllDekU3OUsxRW5VVFZoMUwwT2YwMjNGdFBTWlhYMGMKdTdQYjVESTVsWDVZZW9YTzZSb29kcklHWUpzVkJRV25yV3c0eE5UY29uVWZOUGswRUdadEVuenZIMnp5UG9KaApYR0YrTmN1OVh3YmFsbllkZTEwT0N2U1dBWjV6VENwb0xNVHZRaldwYkNkV1hKekNtNkcrL2h4OXVwa2U1NDZICjVJanRZbTRkVElWVG5jM3d2RGlPRGdCS1J6T2w5ckVPQ0lnT3VHdER4UnhjUWtqckMreHZnNVZrcW43dkJVeVcKOXBIZWRPVStQb0YzREdPTStkcXYrZU5LQnZoOVlGOXVnRkFRQmtjRzd2aVpndkdFTUdHVXB6TmdON1huUzFnagovRFBvOW1aRVNPWW5LY2V2ZTJ0SUM4N3AyaHFqcnhPSHVJN2ZrWlllTkljQW9hODNyQmx0RlhhQkRZaFdBS1MxClBjWFMxLzdKelAwa3k3ZDBMNlhidS9JZjVrcVdRcEt3VUluWHR5U1JrdXJhVmZ1SzNCcGErWDFYZWNXaTI0SlkKSFZ0bE5YMDI1eHgxZXdWekdOQ1RsV24xc2tRTjJPT29RVFY0QzgvcUZwVFc2RFRXWXVyZDQrZkUwT0pGSlpRRgpidWhmWFl3bVJsVk9nTjVpNzdOVElKWkpRZllGajM4Yy9JdjV2WkJQb2tPNm1mZnJPVHYzTUhXVmdRQVJBUUFCCnRETlNaV1FnU0dGMExDQkpibU11SUNoeVpXeGxZWE5sSUd0bGVTQXlLU0E4YzJWamRYSnBkSGxBY21Wa2FHRjAKTG1OdmJUNkpBallFRXdFQ0FDQUZBa3JnU1RzQ0d3TUdDd2tJQndNQ0JCVUNDQU1FRmdJREFRSWVBUUlYZ0FBSwpDUkFabmkrUi9VTWRVV3pwRC85czVTRlIvWkYzeWpZNVZMVUZMTVhJS1V6dE5OM29jNDVmeUxkVEkzK1VDbEtDCjJ0RXJ1ellqcU5IaHFBRVhhMnNOMWZNcnN1S2VjNjFMbDJOZnZKamtMS0R2Z1ZJaDdrTTdhc2xOWVZPUDZCVGYKQy9KSjcvdWZ6M1VabXlWaUgvV0RsK0FZZGdrM0pxQ0lPNXc1cnlyQzlJeUJ6WXYybTBIcVliV2ZwaFkzdUh3NQp1bjNuZExKY3U4K0JHUDVGK09OUUVHbCtEUkg1OElsOUpwM0h3YlJhN2R2a1BnRWhmRlIrMWhJK0J0dGEyQzdFCjAvMk5LekN4Wnc3THgzUEJSY1U5MllLeWFFaWhmeS9hUUtaQ0F1eWZLaU12c216cys0cG9JWDdJOU5RQ0pweUUKSUdmSU5vWjdWeHFId1JuL2Q1bXcyTVpUSmpielNmK1VtOVlKeUEwaUVFeUQ2cWpyaVdRUmJ1eHBRWG1sQUpiaAo4b2taNGdiVkZ2MUY4TXpLKzRSOFZ2V0owWHhndGlrU283MmZIandoYTdNQWpxRm5PcTZlbzZmRUMvNzVnM05MCkdodDVWZHBHdUhrMHZiZEVOSE1DOHdTOTllNXFYR05EdWVkM2hsVGF2RE1sRUFIbDM0cTJIOW5ha1RHUkY1S2kKSlVmTmgzRFZSR2hnOGNNSXRpMjFuamlSaDdneUZJMk9jY0FUWTdiQlNyNzlKaHVOd2VsSHV4THJDRnBZN1YyNQpPRmt0bDE1alpKYU14dVFCcVlkQmdTYXkyRzBVNkQxKzdWc1d1ZnB6ZC9BYngxL2Mzb2k5WmFKdlcyMmtBZ2dxCmR6ZEEyN1VVWWpXdng0Mnc5bWVuSndoLzBqZVFjVGVjSVVkMGQwckZjdy9jMXB2Z01NbC9RNzN5ektnS1l3PT0KPXpiSEUKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQpUaGUgZm9sbG93aW5nIHB1YmxpYyBrZXkgY2FuIGJlIHVzZWQgdG8gdmVyaWZ5IFJQTSBwYWNrYWdlcyBidWlsdCBhbmQKc2lnbmVkIGJ5IFJlZCBIYXQsIEluYy4gIFRoaXMga2V5IGlzIGEgc3VwcG9ydGluZyAoYXV4aWxpYXJ5KSBrZXkgZm9yClJlZCBIYXQgcHJvZHVjdHMgc2hpcHBlZCBhZnRlciBOb3ZlbWJlciAyMDA2IGFuZCBmb3IgYWxsIHVwZGF0ZXMgdG8KdGhvc2UgcHJvZHVjdHMuCgpRdWVzdGlvbnMgYWJvdXQgdGhpcyBrZXkgc2hvdWxkIGJlIHNlbnQgdG8gc2VjdXJpdHlAcmVkaGF0LmNvbS4KCi0tLS0tQkVHSU4gUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQpWZXJzaW9uOiBHbnVQRyB2MS4yLjYgKEdOVS9MaW51eCkKCm1RR2lCRVZ3REdrUkJBQ3dQaFpJcHZrakk4d1Y5c0ZURG9xeVBMeDF1YjhTZC93K1l1STVPdm00OW12dkVRVlQKVkxnOEZnRTVKbFNUNTlBYnNMRHlWdFJhOUN4SXZONXN5QlZyV1dXdEh0RG5ueWxGQmNxRy9BNkozYkk0RTkvQQpVdFNMNVp4YmF2MCt1dFA2ZjN3T3B4UXJ4YytXSURWZ3B1cmRCS0FRM2Rzb2JHQnF5cGVYNkZYWjV3Q2dvdTZDCnlacEdJQnFvc0phRFdMek5lT2ZiLzcwRC8xdGhMa1F5aFczSko2Y0hDWUpITmZCU2h2YkxXQmY2UzIzMW1nbXUKTXlNbHQ4S21pcGM5Yncrc2FhQWtTa1ZzUS9aYmZqcldCN2U1a2JNcnVLTFZySCtuR2hhbWxIWVVHeUFQdHNQZwpVai9OVVNqNUJtckNzT2tNcG40M25nVExzc0U5TUxoU1BqMm5JSEdGdjlCK2lWTHZvbURkd25hQlJnUTFhSzh6Cno2TUFBLzQwNnlmNXlWSi9NbFRXczEvNjhWd0Rob3NjOUJ0VTFWNUlFME5YZ1pVQWZCSnp6ZlZ6ektRcTZ6SjIKZVpzTUxocjk2d2JzVzEzelVadDFpbmcrdWx3aDJlZTRtZXVKcTZoLzk3MUpzcEZZL1hCaGNmcTRxQ05xVmpzcQpTWm5Xb0dkQ082SjhDeFBJZW1EMklVSHpqb3l5ZUVqM1JWeWR1cDZwY1daQW1oemtLclF6VW1Wa0lFaGhkQ3dnClNXNWpMaUFvWVhWNGFXeHBZWEo1SUd0bGVTa2dQSE5sWTNWeWFYUjVRSEpsWkdoaGRDNWpiMjAraUY0RUV4RUMKQUI0RkFrVndER2tDR3dNR0N3a0lCd01DQXhVQ0F3TVdBZ0VDSGdFQ0Y0QUFDZ2tRUldpY2lDK21XT0MxclFDZwpvb05MQ0ZPek5QY3ZoZDlaYThDODAxSG1uc1lBbmlDdzN5enJDcXRqWW54RER4bHVmSDBGVlR3WAo9ZC9ibQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg==" + } + ] + } + } +} diff --git a/test/redhat_sigstore.yaml b/test/redhat_sigstore.yaml new file mode 100644 index 000000000..835528538 --- /dev/null +++ b/test/redhat_sigstore.yaml @@ -0,0 +1,3 @@ +docker: + registry.access.redhat.com: + sigstore: https://access.redhat.com/webassets/docker/content/sigstore diff --git a/test/registries.conf b/test/registries.conf new file mode 100644 index 000000000..f3bf092b0 --- /dev/null +++ b/test/registries.conf @@ -0,0 +1,9 @@ +[registries.search] +registries = ['registry.access.redhat.com', 'registry.fedoraproject.org', 'docker.io'] + +[registries.insecure] +registries = [] + +#blocked (docker only) +[registries.block] +registries = [] diff --git a/test/test_runner.sh b/test/test_runner.sh new file mode 100755 index 000000000..868df60e3 --- /dev/null +++ b/test/test_runner.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +set -e + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +# Load the helpers. +. helpers.bash + +function execute() { + >&2 echo "++ $@" + eval "$@" +} + +# Tests to run. Defaults to all. +TESTS=${@:-.} + +# Run the tests. +execute time bats --tap $TESTS diff --git a/test/testdata/README.md b/test/testdata/README.md new file mode 100644 index 000000000..afc6b32f0 --- /dev/null +++ b/test/testdata/README.md @@ -0,0 +1,15 @@ +In terminal 1: +``` +sudo ./crio +``` + +In terminal 2: +``` +sudo ./crioctl runtimeversion + +sudo rm -rf /var/lib/containers/storage/sandboxes/podsandbox1 +sudo ./crioctl pod run --config testdata/sandbox_config.json + +sudo rm -rf /var/lib/containers/storage/containers/container1 +sudo ./crioctl container create --pod podsandbox1 --config testdata/container_config.json +``` diff --git a/test/testdata/apparmor_test_deny_write b/test/testdata/apparmor_test_deny_write new file mode 100644 index 000000000..55311aaf5 --- /dev/null +++ b/test/testdata/apparmor_test_deny_write @@ -0,0 +1,10 @@ +#include <tunables/global> + +profile apparmor-test-deny-write flags=(attach_disconnected) { + #include <abstractions/base> + + file, + + # Deny all file writes. + deny /** w, +} diff --git a/test/testdata/container_config.json b/test/testdata/container_config.json new file mode 100644 index 000000000..d8ef76a56 --- /dev/null +++ b/test/testdata/container_config.json @@ -0,0 +1,70 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "/bin/ls" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/container_config_by_imageid.json b/test/testdata/container_config_by_imageid.json new file mode 100644 index 000000000..d953efb3c --- /dev/null +++ b/test/testdata/container_config_by_imageid.json @@ -0,0 +1,70 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "%VALUE%" + }, + "command": [ + "/bin/ls" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_hostport.json b/test/testdata/container_config_hostport.json new file mode 100644 index 000000000..e5a0ca67a --- /dev/null +++ b/test/testdata/container_config_hostport.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "busybox:latest" + }, + "command": [ + "/bin/nc", "-ll", "-p", "80", "-e" + ], + "args": [ + "/bin/hostname" + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_logging.json b/test/testdata/container_config_logging.json new file mode 100644 index 000000000..8e8d0da44 --- /dev/null +++ b/test/testdata/container_config_logging.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "busybox:latest" + }, + "command": [ + "/bin/sh", "-c" + ], + "args": [ + "%shellcommand%" + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_resolvconf.json b/test/testdata/container_config_resolvconf.json new file mode 100644 index 000000000..52b77e082 --- /dev/null +++ b/test/testdata/container_config_resolvconf.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "sh", + "-c", + "echo test >> /etc/resolv.conf" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_resolvconf_ro.json b/test/testdata/container_config_resolvconf_ro.json new file mode 100644 index 000000000..7e121c079 --- /dev/null +++ b/test/testdata/container_config_resolvconf_ro.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "sh", + "-c", + "echo test >> /etc/resolv.conf" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": true, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_seccomp.json b/test/testdata/container_config_seccomp.json new file mode 100644 index 000000000..582132b0e --- /dev/null +++ b/test/testdata/container_config_seccomp.json @@ -0,0 +1,72 @@ +{ + "metadata": { + "name": "container1", + "attempt": 1 + }, + "image": { + "image": "redis:alpine" + }, + "command": [ + "/bin/bash" + ], + "args": [ + "/bin/chmod", "777", "." + ], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/container_config_sleep.json b/test/testdata/container_config_sleep.json new file mode 100644 index 000000000..c86ff7011 --- /dev/null +++ b/test/testdata/container_config_sleep.json @@ -0,0 +1,71 @@ +{ + "metadata": { + "name": "container999", + "attempt": 1 + }, + "image": { + "image": "docker.io/library/busybox:latest" + }, + "command": [ + "sleep", + "9999" + ], + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/container_exit_test.json b/test/testdata/container_exit_test.json new file mode 100644 index 000000000..6ead905a6 --- /dev/null +++ b/test/testdata/container_exit_test.json @@ -0,0 +1,22 @@ +{ + "metadata": { + "name": "podsandbox1-exit-test" + }, + "image": { + "image": "docker://mrunalp/exit_test:latest" + }, + "args": [ + "/exit_test" + ], + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + } + ], + "readonly_rootfs": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false +} diff --git a/test/testdata/container_redis.json b/test/testdata/container_redis.json new file mode 100644 index 000000000..638aba4fc --- /dev/null +++ b/test/testdata/container_redis.json @@ -0,0 +1,61 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/container_redis_default_mounts.json b/test/testdata/container_redis_default_mounts.json new file mode 100644 index 000000000..dff3db5a7 --- /dev/null +++ b/test/testdata/container_redis_default_mounts.json @@ -0,0 +1,67 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "mounts": [ + { + "container_path": "%CPATH%", + "host_path": "%HPATH%" + } + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/container_redis_device.json b/test/testdata/container_redis_device.json new file mode 100644 index 000000000..2a2495515 --- /dev/null +++ b/test/testdata/container_redis_device.json @@ -0,0 +1,68 @@ +{ + "metadata": { + "name": "podsandbox1-redis" + }, + "image": { + "image": "redis:alpine" + }, + "args": [ + "docker-entrypoint.sh", + "redis-server" + ], + "working_dir": "/data", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "REDIS_VERSION", + "value": "3.2.3" + }, + { + "key": "REDIS_DOWNLOAD_URL", + "value": "http://download.redis.io/releases/redis-3.2.3.tar.gz" + }, + { + "key": "REDIS_DOWNLOAD_SHA1", + "value": "92d6d93ef2efc91e595c8bf578bf72baff397507" + } + ], + "devices": [ + { + "host_path": "/dev/null", + "container_path": "/dev/mynull", + "permissions": "rwm" + } + ], + "labels": { + "tier": "backend" + }, + "annotations": { + "pod": "podsandbox1" + }, + "readonly_rootfs": false, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "capabilities": { + "add_capabilities": [ + "sys_admin" + ] + } + } + } +} diff --git a/test/testdata/fake_ocid_default b/test/testdata/fake_ocid_default new file mode 100644 index 000000000..915fb17dd --- /dev/null +++ b/test/testdata/fake_ocid_default @@ -0,0 +1 @@ +profile crio-default flags=(attach_disconnected) {} diff --git a/test/testdata/sandbox_config.json b/test/testdata/sandbox_config.json new file mode 100644 index 000000000..57e211bd6 --- /dev/null +++ b/test/testdata/sandbox_config.json @@ -0,0 +1,51 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/sandbox_config_hostnet.json b/test/testdata/sandbox_config_hostnet.json new file mode 100644 index 000000000..99a7560dc --- /dev/null +++ b/test/testdata/sandbox_config_hostnet.json @@ -0,0 +1,48 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": true, + "host_pid": false, + "host_ipc": false + } + } + } +} diff --git a/test/testdata/sandbox_config_hostport.json b/test/testdata/sandbox_config_hostport.json new file mode 100644 index 000000000..5feda8668 --- /dev/null +++ b/test/testdata/sandbox_config_hostport.json @@ -0,0 +1,55 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [ + { + "protocol": 0, + "container_port": 80, + "host_port": 4888 + } + ], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + } + } + } +} diff --git a/test/testdata/sandbox_config_seccomp.json b/test/testdata/sandbox_config_seccomp.json new file mode 100644 index 000000000..8e440b164 --- /dev/null +++ b/test/testdata/sandbox_config_seccomp.json @@ -0,0 +1,53 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_options": { + "servers": [ + "server1.redhat.com", + "server2.redhat.com" + ], + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng" + %VALUE% + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} diff --git a/test/testdata/sandbox_config_selinux.json b/test/testdata/sandbox_config_selinux.json new file mode 100644 index 000000000..916a10ecd --- /dev/null +++ b/test/testdata/sandbox_config_selinux.json @@ -0,0 +1,48 @@ +{ + "metadata": { + "name": "podsandbox1", + "uid": "redhat-test-crio", + "namespace": "redhat.test.crio", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "level": "s0" + } + } + } +} diff --git a/test/testdata/template_container_config.json b/test/testdata/template_container_config.json new file mode 100644 index 000000000..a770a7c9d --- /dev/null +++ b/test/testdata/template_container_config.json @@ -0,0 +1,68 @@ +{ + "metadata": { + "name": "${NAME}", + "attempt": 1 + }, + "image": { + "image": "${IMAGE}" + }, + "command": ${COMMAND}, + "args": [], + "working_dir": "/", + "envs": [ + { + "key": "PATH", + "value": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + }, + { + "key": "TERM", + "value": "xterm" + }, + { + "key": "TESTDIR", + "value": "test/dir1" + }, + { + "key": "TESTFILE", + "value": "test/file1" + } + ], + "labels": { + "type": "small", + "batch": "no" + }, + "annotations": { + "owner": "dragon", + "daemon": "crio" + }, + "privileged": true, + "log_path": "", + "stdin": false, + "stdin_once": false, + "tty": false, + "linux": { + "resources": { + "cpu_period": 10000, + "cpu_quota": 20000, + "cpu_shares": 512, + "oom_score_adj": 30 + }, + "security_context": { + "readonly_rootfs": false, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + }, + "capabilities": { + "add_capabilities": [ + "setuid", + "setgid" + ], + "drop_capabilities": [ + ] + } + } + } +} diff --git a/test/testdata/template_sandbox_config.json b/test/testdata/template_sandbox_config.json new file mode 100644 index 000000000..f43ffb0d6 --- /dev/null +++ b/test/testdata/template_sandbox_config.json @@ -0,0 +1,51 @@ +{ + "metadata": { + "name": "${NAME}", + "uid": "${CUID}", + "namespace": "${NAMESPACE}", + "attempt": 1 + }, + "hostname": "crioctl_host", + "log_directory": "", + "dns_config": { + "searches": [ + "8.8.8.8" + ] + }, + "port_mappings": [], + "resources": { + "cpu": { + "limits": 3, + "requests": 2 + }, + "memory": { + "limits": 50000000, + "requests": 2000000 + } + }, + "labels": { + "group": "test" + }, + "annotations": { + "owner": "hmeng", + "security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000", + "security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" , + "security.alpha.kubernetes.io/seccomp/pod": "unconfined" + }, + "linux": { + "cgroup_parent": "/Burstable/pod_123-456", + "security_context": { + "namespace_options": { + "host_network": false, + "host_pid": false, + "host_ipc": false + }, + "selinux_options": { + "user": "system_u", + "role": "system_r", + "type": "svirt_lxc_net_t", + "level": "s0:c4,c5" + } + } + } +} |