diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/rest_api/test_rest_v2_0_0.py | 45 | ||||
| -rw-r--r-- | test/e2e/create_test.go | 12 | ||||
| -rw-r--r-- | test/e2e/generate_systemd_test.go | 21 | ||||
| -rw-r--r-- | test/e2e/images_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/manifest_test.go | 15 | ||||
| -rw-r--r-- | test/e2e/network_create_test.go | 111 | ||||
| -rw-r--r-- | test/e2e/network_test.go | 35 | ||||
| -rw-r--r-- | test/e2e/prune_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/pull_test.go | 10 | ||||
| -rw-r--r-- | test/e2e/rm_test.go | 34 | ||||
| -rw-r--r-- | test/e2e/rmi_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/search_test.go | 13 | ||||
| -rw-r--r-- | test/e2e/volume_exists_test.go | 50 | ||||
| -rw-r--r-- | test/python/docker/test_images.py | 12 | ||||
| -rw-r--r-- | test/system/040-ps.bats | 7 | ||||
| -rw-r--r-- | test/system/050-stop.bats | 43 | ||||
| -rw-r--r-- | test/system/070-build.bats | 31 | ||||
| -rw-r--r-- | test/system/400-unprivileged-access.bats | 11 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 11 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 41 |
21 files changed, 408 insertions, 101 deletions
diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py index cc66dd5af..77674e81b 100644 --- a/test/apiv2/rest_api/test_rest_v2_0_0.py +++ b/test/apiv2/rest_api/test_rest_v2_0_0.py @@ -356,17 +356,50 @@ class TestApi(unittest.TestCase): self.assertTrue(keys["stream"], "Expected to find stream progress stanza's") def test_search_compat(self): + url = PODMAN_URL + "/v1.40/images/search" # Had issues with this test hanging when repositories not happy - def do_search(): - r = requests.get(PODMAN_URL + "/v1.40/images/search?term=alpine", timeout=5) + def do_search1(): + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, timeout=5) self.assertEqual(r.status_code, 200, r.text) objs = json.loads(r.text) self.assertIn(type(objs), (list,)) - search = Process(target=do_search) - search.start() - search.join(timeout=10) - self.assertFalse(search.is_alive(), "/images/search took too long") + def do_search2(): + payload = {'term': 'alpine', 'limit': 1} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + self.assertEqual(len(objs), 1) + + def do_search3(): + payload = {'term': 'alpine', 'filters': '{"is-official":["true"]}'} + r = requests.get(url, params=payload, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + objs = json.loads(r.text) + self.assertIn(type(objs), (list,)) + # There should be only one offical image + self.assertEqual(len(objs), 1) + + def do_search4(): + headers = {'X-Registry-Auth': 'null'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 200, r.text) + + def do_search5(): + headers = {'X-Registry-Auth': 'invalid value'} + payload = {'term': 'alpine'} + r = requests.get(url, params=payload, headers=headers, timeout=5) + self.assertEqual(r.status_code, 400, r.text) + + search_methods = [do_search1, do_search2, do_search3, do_search4, do_search5] + for search_method in search_methods: + search = Process(target=search_method) + search.start() + search.join(timeout=10) + self.assertFalse(search.is_alive(), "/images/search took too long") def test_ping(self): required_headers = ( diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index a4931ff2d..73d92e5a0 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -282,7 +282,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list by tag", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINELISTTAG}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINELISTTAG}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -296,7 +296,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINELISTDIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINELISTDIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -310,7 +310,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using image list instance by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -324,7 +324,7 @@ var _ = Describe("Podman create", func() { }) It("podman create using cross-arch image list instance by digest", func() { - session := podmanTest.Podman([]string{"create", "--pull=always", "--override-arch=arm64", "--name=foo", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"create", "--pull=always", "--arch=arm64", "--name=foo", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To((Equal(0))) session = podmanTest.Podman([]string{"inspect", "--format", "{{.Image}}", "foo"}) @@ -652,10 +652,10 @@ var _ = Describe("Podman create", func() { expectedError := "no image found in manifest list for architecture bogus" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) - session = podmanTest.Podman([]string{"create", "--platform=linux/arm64", "--override-os", "windows", ALPINE}) + session = podmanTest.Podman([]string{"create", "--platform=linux/arm64", "--os", "windows", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) - expectedError = "--platform option can not be specified with --override-arch or --override-os" + expectedError = "--platform option can not be specified with --arch or --os" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) session = podmanTest.Podman([]string{"create", "-q", "--platform=linux/arm64", ALPINE}) diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index be9727591..606d756b0 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -355,4 +355,25 @@ var _ = Describe("Podman generate systemd", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.IsJSONOutputValid()).To(BeTrue()) }) + + It("podman generate systemd --new create command with double curly braces", func() { + // Regression test for #9034 + session := podmanTest.Podman([]string{"create", "--name", "foo", "--log-driver=journald", "--log-opt=tag={{.Name}}", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"generate", "systemd", "--new", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(" --log-opt=tag={{.Name}} ")) + + session = podmanTest.Podman([]string{"pod", "create", "--name", "pod", "--label", "key={{someval}}"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"generate", "systemd", "--new", "pod"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring(" --label key={{someval}}")) + }) }) diff --git a/test/e2e/images_test.go b/test/e2e/images_test.go index 2dab4858e..7c0d1cf78 100644 --- a/test/e2e/images_test.go +++ b/test/e2e/images_test.go @@ -319,7 +319,6 @@ WORKDIR /test }) It("podman images --all flag", func() { - SkipIfRemote("FIXME This should work on podman-remote, problem is with podman-remote build") dockerfile := `FROM quay.io/libpod/alpine:latest RUN mkdir hello RUN touch test.txt @@ -350,7 +349,6 @@ LABEL "com.example.vendor"="Example Vendor" }) It("podman with images with no layers", func() { - SkipIfRemote("FIXME This should work on podman-remote, problem is with podman-remote build") dockerfile := strings.Join([]string{ `FROM scratch`, `LABEL org.opencontainers.image.authors="<somefolks@example.org>"`, diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 3e13057d3..e6ac83aea 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -251,4 +251,19 @@ var _ = Describe("Podman manifest", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Not(Equal(0))) }) + + It("podman manifest exists", func() { + manifestList := "manifest-list" + session := podmanTest.Podman([]string{"manifest", "create", manifestList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"manifest", "exists", manifestList}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"manifest", "exists", "no-manifest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + }) }) diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 7e9a18ab2..1bf2a2691 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -10,6 +10,7 @@ import ( cniversion "github.com/containernetworking/cni/pkg/version" "github.com/containers/podman/v2/libpod/network" . "github.com/containers/podman/v2/test/utils" + "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/pkg/errors" @@ -116,18 +117,19 @@ var _ = Describe("Podman network create", func() { results []network.NcList ) - nc := podmanTest.Podman([]string{"network", "create", "newname"}) + netName := "inspectnet-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", netName}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("newname") - inspect := podmanTest.Podman([]string{"network", "inspect", "newname"}) + inspect := podmanTest.Podman([]string{"network", "inspect", netName}) inspect.WaitWithDefaultTimeout() err := json.Unmarshal([]byte(inspect.OutputToString()), &results) Expect(err).To(BeNil()) result := results[0] - Expect(result["name"]).To(Equal("newname")) + Expect(result["name"]).To(Equal(netName)) }) @@ -135,21 +137,21 @@ var _ = Describe("Podman network create", func() { var ( results []network.NcList ) - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "newnetwork"}) + netName := "subnet-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", netName}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("newnetwork") - // Inspect the network configuration - inspect := podmanTest.Podman([]string{"network", "inspect", "newnetwork"}) + inspect := podmanTest.Podman([]string{"network", "inspect", netName}) inspect.WaitWithDefaultTimeout() // JSON the network configuration into something usable err := json.Unmarshal([]byte(inspect.OutputToString()), &results) Expect(err).To(BeNil()) result := results[0] - Expect(result["name"]).To(Equal("newnetwork")) + Expect(result["name"]).To(Equal(netName)) // JSON the bridge info bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge") @@ -161,7 +163,7 @@ var _ = Describe("Podman network create", func() { // best we can defer removeNetworkDevice(bridgePlugin.BrName) - try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newnetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"}) + try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"}) try.WaitWithDefaultTimeout() _, subnet, err := net.ParseCIDR("10.11.12.0/24") @@ -178,21 +180,21 @@ var _ = Describe("Podman network create", func() { var ( results []network.NcList ) - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", "newIPv6network"}) + netName := "ipv6-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:1:2:3:4::/64", netName}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("newIPv6network") - // Inspect the network configuration - inspect := podmanTest.Podman([]string{"network", "inspect", "newIPv6network"}) + inspect := podmanTest.Podman([]string{"network", "inspect", netName}) inspect.WaitWithDefaultTimeout() // JSON the network configuration into something usable err := json.Unmarshal([]byte(inspect.OutputToString()), &results) Expect(err).To(BeNil()) result := results[0] - Expect(result["name"]).To(Equal("newIPv6network")) + Expect(result["name"]).To(Equal(netName)) // JSON the bridge info bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge") @@ -203,7 +205,7 @@ var _ = Describe("Podman network create", func() { // best we can defer removeNetworkDevice(bridgePlugin.BrName) - try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newIPv6network", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"}) + try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"}) try.WaitWithDefaultTimeout() _, subnet, err := net.ParseCIDR("fd00:1:2:3:4::/64") @@ -219,21 +221,21 @@ var _ = Describe("Podman network create", func() { var ( results []network.NcList ) - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", "newDualStacknetwork"}) + netName := "dual-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", netName}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("newDualStacknetwork") - // Inspect the network configuration - inspect := podmanTest.Podman([]string{"network", "inspect", "newDualStacknetwork"}) + inspect := podmanTest.Podman([]string{"network", "inspect", netName}) inspect.WaitWithDefaultTimeout() // JSON the network configuration into something usable err := json.Unmarshal([]byte(inspect.OutputToString()), &results) Expect(err).To(BeNil()) result := results[0] - Expect(result["name"]).To(Equal("newDualStacknetwork")) + Expect(result["name"]).To(Equal(netName)) // JSON the bridge info bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge") @@ -245,7 +247,7 @@ var _ = Describe("Podman network create", func() { // best we can defer removeNetworkDevice(bridgePlugin.BrName) - try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"}) + try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"}) try.WaitWithDefaultTimeout() _, subnet, err := net.ParseCIDR("fd00:4:3:2:1::/64") @@ -255,7 +257,7 @@ var _ = Describe("Podman network create", func() { // Ensure that the IP the container got is within the subnet the user asked for Expect(subnet.Contains(containerIP)).To(BeTrue()) // verify the container has an IPv4 address too (the IPv4 subnet is autogenerated) - try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"}) + try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", netName, ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"}) try.WaitWithDefaultTimeout() containerIP, _, err = net.ParseCIDR(try.OutputToString()) Expect(err).To(BeNil()) @@ -263,66 +265,73 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with invalid subnet", func() { - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"}) + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", stringid.GenerateNonCryptoID()}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) It("podman network create with ipv4 subnet and ipv6 flag", func() { - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", "fail"}) + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", stringid.GenerateNonCryptoID()}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) It("podman network create with empty subnet and ipv6 flag", func() { - nc := podmanTest.Podman([]string{"network", "create", "--ipv6", "fail"}) + nc := podmanTest.Podman([]string{"network", "create", "--ipv6", stringid.GenerateNonCryptoID()}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) It("podman network create with invalid IP", func() { - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", "fail"}) + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", stringid.GenerateNonCryptoID()}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) It("podman network create with invalid gateway for subnet", func() { - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", "fail"}) + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--gateway", "192.168.1.1", stringid.GenerateNonCryptoID()}) nc.WaitWithDefaultTimeout() Expect(nc).To(ExitWithError()) }) It("podman network create two networks with same name should fail", func() { - nc := podmanTest.Podman([]string{"network", "create", "samename"}) + netName := "same-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", netName}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("samename") - ncFail := podmanTest.Podman([]string{"network", "create", "samename"}) + ncFail := podmanTest.Podman([]string{"network", "create", netName}) ncFail.WaitWithDefaultTimeout() Expect(ncFail).To(ExitWithError()) }) It("podman network create two networks with same subnet should fail", func() { - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet1"}) + netName1 := "sub1-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName1}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName1) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("subnet1") - ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet2"}) + netName2 := "sub2-" + stringid.GenerateNonCryptoID() + ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", netName2}) ncFail.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName2) Expect(ncFail).To(ExitWithError()) }) It("podman network create two IPv6 networks with same subnet should fail", func() { SkipIfRootless("FIXME It needs the ip6tables modules loaded") - nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet1v6"}) + netName1 := "subipv61-" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName1}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName1) Expect(nc.ExitCode()).To(BeZero()) - defer podmanTest.removeCNINetwork("subnet1v6") - ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet2v6"}) + netName2 := "subipv62-" + stringid.GenerateNonCryptoID() + ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", netName2}) ncFail.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(netName2) Expect(ncFail).To(ExitWithError()) }) @@ -333,11 +342,11 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with mtu option", func() { - net := "mtu-test" + net := "mtu-test" + stringid.GenerateNonCryptoID() nc := podmanTest.Podman([]string{"network", "create", "--opt", "mtu=9000", net}) nc.WaitWithDefaultTimeout() - Expect(nc.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(net) + Expect(nc.ExitCode()).To(BeZero()) nc = podmanTest.Podman([]string{"network", "inspect", net}) nc.WaitWithDefaultTimeout() @@ -346,11 +355,11 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with vlan option", func() { - net := "vlan-test" + net := "vlan-test" + stringid.GenerateNonCryptoID() nc := podmanTest.Podman([]string{"network", "create", "--opt", "vlan=9", net}) nc.WaitWithDefaultTimeout() - Expect(nc.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(net) + Expect(nc.ExitCode()).To(BeZero()) nc = podmanTest.Podman([]string{"network", "inspect", net}) nc.WaitWithDefaultTimeout() @@ -359,10 +368,28 @@ var _ = Describe("Podman network create", func() { }) It("podman network create with invalid option", func() { - net := "invalid-test" + net := "invalid-test" + stringid.GenerateNonCryptoID() nc := podmanTest.Podman([]string{"network", "create", "--opt", "foo=bar", net}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net) Expect(nc).To(ExitWithError()) }) + It("podman network create with internal should not have dnsname", func() { + net := "internal-test" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--internal", net}) + nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net) + Expect(nc.ExitCode()).To(BeZero()) + // Not performing this check on remote tests because it is a logrus error which does + // not come back via stderr on the remote client. + if !IsRemote() { + Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible")) + } + nc = podmanTest.Podman([]string{"network", "inspect", net}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname")) + }) + }) diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go index 98512f01a..e2080244b 100644 --- a/test/e2e/network_test.go +++ b/test/e2e/network_test.go @@ -238,11 +238,11 @@ var _ = Describe("Podman network", func() { }) It("podman inspect container single CNI network", func() { - netName := "testNetSingleCNI" + netName := "net-" + stringid.GenerateNonCryptoID() network := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.50.0/24", netName}) network.WaitWithDefaultTimeout() - Expect(network.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName) + Expect(network.ExitCode()).To(BeZero()) ctrName := "testCtr" container := podmanTest.Podman([]string{"run", "-dt", "--network", netName, "--name", ctrName, ALPINE, "top"}) @@ -268,17 +268,17 @@ var _ = Describe("Podman network", func() { }) It("podman inspect container two CNI networks (container not running)", func() { - netName1 := "testNetThreeCNI1" + netName1 := "net1-" + stringid.GenerateNonCryptoID() network1 := podmanTest.Podman([]string{"network", "create", netName1}) network1.WaitWithDefaultTimeout() - Expect(network1.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName1) + Expect(network1.ExitCode()).To(BeZero()) - netName2 := "testNetThreeCNI2" + netName2 := "net2-" + stringid.GenerateNonCryptoID() network2 := podmanTest.Podman([]string{"network", "create", netName2}) network2.WaitWithDefaultTimeout() - Expect(network2.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName2) + Expect(network2.ExitCode()).To(BeZero()) ctrName := "testCtr" container := podmanTest.Podman([]string{"create", "--network", fmt.Sprintf("%s,%s", netName1, netName2), "--name", ctrName, ALPINE, "top"}) @@ -305,17 +305,17 @@ var _ = Describe("Podman network", func() { }) It("podman inspect container two CNI networks", func() { - netName1 := "testNetTwoCNI1" + netName1 := "net1-" + stringid.GenerateNonCryptoID() network1 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.0/25", netName1}) network1.WaitWithDefaultTimeout() - Expect(network1.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName1) + Expect(network1.ExitCode()).To(BeZero()) - netName2 := "testNetTwoCNI2" + netName2 := "net2-" + stringid.GenerateNonCryptoID() network2 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.128/26", netName2}) network2.WaitWithDefaultTimeout() - Expect(network2.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName2) + Expect(network2.ExitCode()).To(BeZero()) ctrName := "testCtr" container := podmanTest.Podman([]string{"run", "-dt", "--network", fmt.Sprintf("%s,%s", netName1, netName2), "--name", ctrName, ALPINE, "top"}) @@ -352,11 +352,11 @@ var _ = Describe("Podman network", func() { }) It("podman network remove --force with pod", func() { - netName := "testnet" + netName := "net-" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName) + Expect(session.ExitCode()).To(BeZero()) session = podmanTest.Podman([]string{"pod", "create", "--network", netName}) session.WaitWithDefaultTimeout() @@ -388,17 +388,17 @@ var _ = Describe("Podman network", func() { }) It("podman network remove with two networks", func() { - netName1 := "net1" + netName1 := "net1-" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName1}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName1) + Expect(session.ExitCode()).To(BeZero()) - netName2 := "net2" + netName2 := "net2-" + stringid.GenerateNonCryptoID() session = podmanTest.Podman([]string{"network", "create", netName2}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName2) + Expect(session.ExitCode()).To(BeZero()) session = podmanTest.Podman([]string{"network", "rm", netName1, netName2}) session.WaitWithDefaultTimeout() @@ -413,8 +413,8 @@ var _ = Describe("Podman network", func() { netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(BeZero()) defer podmanTest.removeCNINetwork(netName) + Expect(session.ExitCode()).To(BeZero()) top := podmanTest.Podman([]string{"run", "-dt", "--name=web", "--network=" + netName, "--network-alias=web1", "--network-alias=web2", nginx}) top.WaitWithDefaultTimeout() @@ -450,6 +450,7 @@ var _ = Describe("Podman network", func() { net := "macvlan" + stringid.GenerateNonCryptoID() nc := podmanTest.Podman([]string{"network", "create", "--macvlan", "lo", net}) nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net) Expect(nc.ExitCode()).To(Equal(0)) nc = podmanTest.Podman([]string{"network", "rm", net}) diff --git a/test/e2e/prune_test.go b/test/e2e/prune_test.go index 3bc1012df..f84312103 100644 --- a/test/e2e/prune_test.go +++ b/test/e2e/prune_test.go @@ -88,7 +88,6 @@ var _ = Describe("Podman prune", func() { }) It("podman image prune skip cache images", func() { - SkipIfRemote("FIXME: podman-remote build is not working the same as local build") podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true") none := podmanTest.Podman([]string{"images", "-a"}) @@ -110,7 +109,6 @@ var _ = Describe("Podman prune", func() { }) It("podman image prune dangling images", func() { - SkipIfRemote("FIXME: podman-remote build is not working the same as local build") podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true") podmanTest.BuildImage(pruneImage, "alpine_bash:latest", "true") diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 7099a2904..4b73004da 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -92,7 +92,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by digest (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINELISTDIGEST}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINELISTDIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the digest of the list @@ -135,7 +135,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by instance digest (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINEARM64DIGEST}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINEARM64DIGEST}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the digest of the list @@ -175,7 +175,7 @@ var _ = Describe("Podman pull", func() { }) It("podman pull by tag (image list)", func() { - session := podmanTest.Podman([]string{"pull", "--override-arch=arm64", ALPINELISTTAG}) + session := podmanTest.Podman([]string{"pull", "--arch=arm64", ALPINELISTTAG}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) // inspect using the tag we used for pulling @@ -503,10 +503,10 @@ var _ = Describe("Podman pull", func() { expectedError := "no image found in manifest list for architecture bogus" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) - session = podmanTest.Podman([]string{"pull", "--platform=linux/arm64", "--override-os", "windows", ALPINE}) + session = podmanTest.Podman([]string{"pull", "--platform=linux/arm64", "--os", "windows", ALPINE}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) - expectedError = "--platform option can not be specified with --override-arch or --override-os" + expectedError = "--platform option can not be specified with --arch or --os" Expect(session.ErrorToString()).To(ContainSubstring(expectedError)) session = podmanTest.Podman([]string{"pull", "-q", "--platform=linux/arm64", ALPINE}) diff --git a/test/e2e/rm_test.go b/test/e2e/rm_test.go index 524c07cc6..ca142d7f3 100644 --- a/test/e2e/rm_test.go +++ b/test/e2e/rm_test.go @@ -215,6 +215,40 @@ var _ = Describe("Podman rm", func() { Expect(result.ExitCode()).To(Equal(125)) }) + It("podman rm --all", func() { + session := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session = podmanTest.Podman([]string{"create", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(2)) + + session = podmanTest.Podman([]string{"rm", "--all"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + }) + + It("podman rm --ignore", func() { + session := podmanTest.Podman([]string{"create", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + cid := session.OutputToStringArray()[0] + Expect(podmanTest.NumberOfContainers()).To(Equal(1)) + + session = podmanTest.Podman([]string{"rm", "bogus", cid}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + + session = podmanTest.Podman([]string{"rm", "--ignore", "bogus", cid}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + }) + It("podman rm bogus container", func() { session := podmanTest.Podman([]string{"rm", "bogus"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/rmi_test.go b/test/e2e/rmi_test.go index 1f40e4928..4833a282e 100644 --- a/test/e2e/rmi_test.go +++ b/test/e2e/rmi_test.go @@ -181,7 +181,6 @@ var _ = Describe("Podman rmi", func() { }) It("podman rmi with cached images", func() { - SkipIfRemote("FIXME This should work on podman-remote, problem is with podman-remote build") podmanTest.AddImageToRWStore(cirros) dockerfile := `FROM quay.io/libpod/cirros:latest RUN mkdir hello diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 19060ecdc..caeaf190e 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -669,7 +669,7 @@ USER bin` }) It("podman run with secrets", func() { - SkipIfRemote("--default-mount-file option is not supported in podman-remote") + SkipIfRemote("--default-mounts-file option is not supported in podman-remote") containersDir := filepath.Join(podmanTest.TempDir, "containers") err := os.MkdirAll(containersDir, 0755) Expect(err).To(BeNil()) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index 1d86ae744..4a11802c3 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -299,7 +299,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if force secure is true", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -324,15 +323,11 @@ registries = ['{{.Host}}:{{.Port}}']` registryFileTmpl.Execute(&buffer, registryEndpoints[5]) podmanTest.setRegistriesConfigEnv(buffer.Bytes()) ioutil.WriteFile(fmt.Sprintf("%s/registry5.conf", tempdir), buffer.Bytes(), 0644) - if IsRemote() { - podmanTest.RestartRemoteService() - defer podmanTest.RestartRemoteService() - } search := podmanTest.Podman([]string{"search", image, "--tls-verify=true"}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) @@ -342,7 +337,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if registry is not listed as insecure", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -376,7 +370,7 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", image}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) @@ -386,7 +380,6 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search doesn't attempt HTTP if one registry is not listed as insecure", func() { - SkipIfRemote("FIXME This should work on podman-remote") if podmanTest.Host.Arch == "ppc64le" { Skip("No registry image for ppc64le") } @@ -431,7 +424,7 @@ registries = ['{{.Host}}:{{.Port}}']` search := podmanTest.Podman([]string{"search", "my-alpine"}) search.WaitWithDefaultTimeout() - Expect(search.ExitCode()).To(Equal(0)) + Expect(search.ExitCode()).To(Equal(125)) Expect(search.OutputToString()).Should(BeEmpty()) match, _ := search.ErrorGrepString("error") Expect(match).Should(BeTrue()) diff --git a/test/e2e/volume_exists_test.go b/test/e2e/volume_exists_test.go new file mode 100644 index 000000000..6073c6d90 --- /dev/null +++ b/test/e2e/volume_exists_test.go @@ -0,0 +1,50 @@ +package integration + +import ( + "os" + + . "github.com/containers/podman/v2/test/utils" + "github.com/containers/storage/pkg/stringid" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var _ = Describe("Podman volume exists", func() { + var ( + tempdir string + err error + podmanTest *PodmanTestIntegration + ) + + BeforeEach(func() { + tempdir, err = CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } + podmanTest = PodmanTestCreate(tempdir) + podmanTest.Setup() + podmanTest.SeedImages() + }) + + AfterEach(func() { + podmanTest.CleanupVolume() + f := CurrentGinkgoTestDescription() + processTestResult(f) + + }) + + It("podman volume exists", func() { + vol := "vol" + stringid.GenerateNonCryptoID() + session := podmanTest.Podman([]string{"volume", "create", vol}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(BeZero()) + + session = podmanTest.Podman([]string{"volume", "exists", vol}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"volume", "exists", stringid.GenerateNonCryptoID()}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(1)) + }) +}) diff --git a/test/python/docker/test_images.py b/test/python/docker/test_images.py index 1fa4aade9..f2b6a5190 100644 --- a/test/python/docker/test_images.py +++ b/test/python/docker/test_images.py @@ -82,8 +82,16 @@ class TestImages(unittest.TestCase): def test_search_image(self): """Search for image""" - for r in self.client.images.search("libpod/alpine"): - self.assertIn("quay.io/libpod/alpine", r["Name"]) + for r in self.client.images.search("alpine"): + self.assertIn("alpine", r["Name"]) + + def test_search_bogus_image(self): + """Search for bogus image should throw exception""" + try: + r = self.client.images.search("bogus/bogus") + except: + return + self.assertTrue(len(r)==0) def test_remove_image(self): """Remove image""" diff --git a/test/system/040-ps.bats b/test/system/040-ps.bats index 0447122b1..0ae8b0ce0 100644 --- a/test/system/040-ps.bats +++ b/test/system/040-ps.bats @@ -111,8 +111,11 @@ EOF run_podman ps --storage -a is "${#lines[@]}" "2" "podman ps -a --storage sees buildah container" - # This is what deletes the container - # FIXME: why doesn't "podman rm --storage $cid" do anything? + # We can't rm it without -f, but podman should issue a helpful message + run_podman 2 rm "$cid" + is "$output" "Error: container .* is mounted and cannot be removed without using force: container state improper" "podman rm <buildah container> without -f" + + # With -f, we can remove it. run_podman rm -f "$cid" run_podman ps --storage -a diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index 548fd56ee..7d9f1fcb3 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -30,6 +30,49 @@ load helpers run_podman rm $cid } +# #9051 : podman stop --all was not working with podman-remote +@test "podman stop --all" { + # Start three containers, create (without running) a fourth + run_podman run -d --name c1 $IMAGE sleep 20 + run_podman run -d --name c2 $IMAGE sleep 40 + run_podman run -d --name c3 $IMAGE sleep 60 + run_podman create --name c4 $IMAGE sleep 80 + + # podman ps (without -a) should show the three running containers + run_podman ps --sort names --format '{{.Names}}--{{.Status}}' + is "${#lines[*]}" "3" "podman ps shows exactly three containers" + is "${lines[0]}" "c1--Up.*" "podman ps shows running container (1)" + is "${lines[1]}" "c2--Up.*" "podman ps shows running container (2)" + is "${lines[2]}" "c3--Up.*" "podman ps shows running container (3)" + + # Stop -a + run_podman stop -a -t 1 + + # Now podman ps (without -a) should show nothing. + run_podman ps --format '{{.Names}}' + is "$output" "" "podman ps, after stop -a, shows no running containers" + + # ...but with -a, containers are shown + run_podman ps -a --sort names --format '{{.Names}}--{{.Status}}' + is "${#lines[*]}" "4" "podman ps -a shows exactly four containers" + is "${lines[0]}" "c1--Exited.*" "ps -a, first stopped container" + is "${lines[1]}" "c2--Exited.*" "ps -a, second stopped container" + is "${lines[2]}" "c3--Exited.*" "ps -a, third stopped container" + is "${lines[3]}" "c4--Created.*" "ps -a, created container (unaffected)" +} + +# #9051 : podman stop --ignore was not working with podman-remote +@test "podman stop --ignore" { + name=thiscontainerdoesnotexist + run_podman 125 stop $name + is "$output" \ + "Error: no container with name or ID $name found: no such container" \ + "podman stop nonexistent container" + + run_podman stop --ignore $name + is "$output" "" "podman stop nonexistent container, with --ignore" +} + # Test fallback diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 0e83a184b..05518d8fc 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -126,6 +126,23 @@ EOF label_name=l$(random_string 8) label_value=$(random_string 12) + # #8679: Create a secrets directory, and mount it in the container + # (can only test locally; podman-remote has no --default-mounts-file opt) + MOUNTS_CONF= + secret_contents="ceci nest pas un secret" + CAT_SECRET="echo $secret_contents" + if ! is_remote; then + mkdir $tmpdir/secrets + echo $tmpdir/secrets:/run/secrets > $tmpdir/mounts.conf + + secret_filename=secretfile-$(random_string 20) + secret_contents=shhh-$(random_string 30)-shhh + echo $secret_contents >$tmpdir/secrets/$secret_filename + + MOUNTS_CONF=--default-mounts-file=$tmpdir/mounts.conf + CAT_SECRET="cat /run/secrets/$secret_filename" + fi + # Command to run on container startup with no args cat >$tmpdir/mycmd <<EOF #!/bin/sh @@ -133,6 +150,7 @@ PATH=/usr/bin:/bin pwd echo "\$1" printenv | grep MYENV | sort | sed -e 's/^MYENV.=//' +$CAT_SECRET EOF # For overriding with --env-file; using multiple files confirms that @@ -169,14 +187,20 @@ ENV ftp_proxy ftp-proxy-in-image ADD mycmd /bin/mydefaultcmd RUN chmod 755 /bin/mydefaultcmd RUN chown 2:3 /bin/mydefaultcmd + +RUN $CAT_SECRET + CMD ["/bin/mydefaultcmd","$s_echo"] EOF # cd to the dir, so we test relative paths (important for podman-remote) cd $PODMAN_TMPDIR - run_podman build -t build_test -f build-test/Containerfile build-test + run_podman ${MOUNTS_CONF} build \ + -t build_test -f build-test/Containerfile build-test local iid="${lines[-1]}" + # Make sure 'podman build' had the secret mounted + is "$output" ".*$secret_contents.*" "podman build has /run/secrets mounted" if is_remote; then ENVHOST="" @@ -187,7 +211,7 @@ EOF # Run without args - should run the above script. Verify its output. export MYENV2="$s_env2" export MYENV3="env-file-should-override-env-host!" - run_podman run --rm \ + run_podman ${MOUNTS_CONF} run --rm \ --env-file=$PODMAN_TMPDIR/env-file1 \ --env-file=$PODMAN_TMPDIR/env-file2 \ ${ENVHOST} \ @@ -207,6 +231,9 @@ EOF is "${lines[4]}" "$s_env3" "container default command: env3 (from envfile)" is "${lines[5]}" "$s_env4" "container default command: env4 (from cmdline)" + is "${lines[6]}" "$secret_contents" \ + "Contents of /run/secrets/$secret_filename in container" + # Proxies - environment should override container, but not env-file http_proxy=http-proxy-from-env ftp_proxy=ftp-proxy-from-env \ run_podman run --rm \ diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 6a89247e6..f26c97d1e 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -132,7 +132,11 @@ EOF # Run 'stat' on all the files, plus /dev/null. Get path, file type, # number of links, major, and minor (see below for why). Do it all # in one go, to avoid multiple podman-runs - run_podman run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + run_podman '?' run --rm $IMAGE stat -c'%n:%F:%h:%T:%t' /dev/null ${subset[@]} + if [[ $status -gt 1 ]]; then + die "Unexpected exit status $status: expected 0 or 1" + fi + local devnull= for result in "${lines[@]}"; do # e.g. /proc/acpi:character special file:1:3:1 @@ -161,6 +165,11 @@ EOF # If you can think of a better way to do this check, # please feel free to fix it. is "$nlinks" "2" "$path: directory link count" + elif [[ $result =~ stat:.*No.such.file.or.directory ]]; then + # No matter what the path is, this is OK. It has to do with #8949 + # and RHEL8 and rootless and cgroups v1. Bottom line, what we care + # about is that the path not be available inside the container. + : else die "$path: Unknown file type '$type'" fi diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index 1e44fe06c..7482d3e55 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -171,4 +171,15 @@ function check_label() { run_podman pod rm myselinuxpod } +# #8946 - better diagnostics for nonexistent attributes +@test "podman with nonexistent labels" { + skip_if_no_selinux + + # The '.*' in the error below is for dealing with podman-remote, which + # includes "error preparing container <sha> for attach" in output. + run_podman 126 run --security-opt label=type:foo.bar $IMAGE true + is "$output" "Error.*: \`/proc/thread-self/attr/exec\`: OCI runtime error: unable to assign security attribute" "useful diagnostic" +} + + # vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index a824ebcd7..0d976a6af 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -65,8 +65,13 @@ load helpers myport=54321 # Container will exit as soon as 'nc' receives input + # We use '-n -v' to give us log messages showing an incoming connection + # and its IP address; the purpose of that is guaranteeing that the + # remote IP is not 127.0.0.1 (podman PR #9052). + # We could get more parseable output by using $NCAT_REMOTE_ADDR, + # but busybox nc doesn't support that. run_podman run -d --userns=keep-id -p 127.0.0.1:$myport:$myport \ - $IMAGE nc -l -p $myport + $IMAGE nc -l -n -v -p $myport cid="$output" # emit random string, and check it @@ -74,7 +79,17 @@ load helpers echo "$teststring" | nc 127.0.0.1 $myport run_podman logs $cid - is "$output" "$teststring" "test string received on container" + # Sigh. We can't check line-by-line, because 'nc' output order is + # unreliable. We usually get the 'connect to' line before the random + # string, but sometimes we get it after. So, just do substring checks. + is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port" + + # This is the truly important check: make sure the remote IP is + # in the 10.X range, not 127.X. + is "$output" \ + ".*connect to \[::ffff:10\..*\]:$myport from \[::ffff:10\..*\]:.*" \ + "nc -v shows remote IP address in 10.X space (not 127.0.0.1)" + is "$output" ".*${teststring}.*" "test string received on container" # Clean up run_podman rm $cid @@ -83,6 +98,7 @@ load helpers # "network create" now works rootless, with the help of a special container @test "podman network create" { skip_if_remote "FIXME: pending #7808" + myport=54322 local mynetname=testnet-$(random_string 10) local mysubnet=$(random_rfc1918_subnet) @@ -100,6 +116,27 @@ load helpers is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ "sdfsdf" + run_podman run --rm -d --network $mynetname -p 127.0.0.1:$myport:$myport \ + $IMAGE nc -l -n -v -p $myport + cid="$output" + + # emit random string, and check it + teststring=$(random_string 30) + echo "$teststring" | nc 127.0.0.1 $myport + + run_podman logs $cid + # Sigh. We can't check line-by-line, because 'nc' output order is + # unreliable. We usually get the 'connect to' line before the random + # string, but sometimes we get it after. So, just do substring checks. + is "$output" ".*listening on \[::\]:$myport .*" "nc -v shows right port" + + # This is the truly important check: make sure the remote IP is + # in the 172.X range, not 127.X. + is "$output" \ + ".*connect to \[::ffff:172\..*\]:$myport from \[::ffff:172\..*\]:.*" \ + "nc -v shows remote IP address in 172.X space (not 127.0.0.1)" + is "$output" ".*${teststring}.*" "test string received on container" + # Cannot create network with the same name run_podman 125 network create $mynetname is "$output" "Error: the network name $mynetname is already used" \ |