summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/apiv2/01-basic.at3
-rw-r--r--test/apiv2/10-images.at6
-rw-r--r--test/apiv2/20-containers.at16
-rw-r--r--test/apiv2/40-pods.at20
-rwxr-xr-xtest/apiv2/test-apiv283
-rw-r--r--test/e2e/run_volume_test.go24
6 files changed, 107 insertions, 45 deletions
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at
index e87ec534c..a54063260 100644
--- a/test/apiv2/01-basic.at
+++ b/test/apiv2/01-basic.at
@@ -27,7 +27,8 @@ t GET /nonesuch 404
t POST /nonesuch '' 404
t GET container/nonesuch/json 404
t GET libpod/containers/nonesuch/json 404
-t GET 'libpod/containers/json?a=b' 400
+
+#### FIXME: maybe someday: t GET 'libpod/containers/json?a=b' 400
# Method not allowed
t POST /_ping '' 405
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index 243b35e9f..42ec028d0 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -6,9 +6,9 @@
# FIXME: API doesn't support pull yet, so use podman
podman pull -q $IMAGE
-# We want the SHA without the "sha256:" prefix
-full_iid=$(podman images --no-trunc --format '{{.ID}}' $IMAGE)
-iid=${full_iid##sha256:}
+t GET libpod/images/json 200 \
+ .[0].Id~[0-9a-f]\\{64\\}
+iid=$(jq -r '.[0].Id' <<<"$output")
t GET libpod/images/$iid/exists 204
t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 5f0a145f0..a69e8cc99 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -11,18 +11,22 @@ podman pull $IMAGE &>/dev/null
# Ensure clean slate
podman rm -a -f &>/dev/null
-t GET libpod/containers/json 200 []
+t GET libpod/containers/json 200 length=0
podman run $IMAGE true
-t GET libpod/containers/json 200 \
- .[0].ID~[0-9a-f]\\{12\\} \
+t GET libpod/containers/json 200 length=0
+
+t GET libpod/containers/json?all=true 200 \
+ length=1 \
+ .[0].Id~[0-9a-f]\\{12\\} \
.[0].Image=$IMAGE \
- .[0].Command=true \
- .[0].State=4 \
+ .[0].Command[0]="true" \
+ .[0].State=exited \
+ .[0].ExitCode=0 \
.[0].IsInfra=false
-cid=$(jq -r '.[0].ID' <<<"$output")
+cid=$(jq -r '.[0].Id' <<<"$output")
t DELETE libpod/containers/$cid 204
diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at
index 1c25a3822..705de94d2 100644
--- a/test/apiv2/40-pods.at
+++ b/test/apiv2/40-pods.at
@@ -3,19 +3,31 @@
# test pod-related endpoints
#
+# FIXME! Shouldn't /create give an actual pod ID?
+expected_id='machine.slice'
+if rootless; then
+ expected_id=/libpod_parent
+fi
+
t GET libpod/pods/json 200 null
-t POST libpod/pods/create name=foo 201 '{"id":"machine.slice"}' # FIXME!
+t POST libpod/pods/create name=foo 201 .id=$expected_id
t GET libpod/pods/foo/exists 204
t GET libpod/pods/notfoo/exists 404
t GET libpod/pods/foo/json 200 .Config.name=foo .Containers=null
t GET libpod/pods/json 200 .[0].Config.name=foo .[0].Containers=null
-# Cannot create a dup pod with the same name (FIXME: should that be 409?)
-t POST libpod/pods/create name=foo 500 .cause="pod already exists"
+# Cannot create a dup pod with the same name
+t POST libpod/pods/create name=foo 409 .cause="pod already exists"
#t POST libpod/pods/create a=b 400 .cause='bad parameter' # FIXME: unimplemented
-t POST libpod/pods/foo/pause '' 204
+if root; then
+ t POST libpod/pods/foo/pause '' 204
+else
+ t POST libpod/pods/foo/pause '' 500 \
+ .cause="this container does not have a cgroup" \
+ .message~".*pause pods containing rootless containers with cgroup V1"
+fi
t POST libpod/pods/foo/unpause '' 200
t POST libpod/pods/foo/unpause '' 200 # (2nd time)
t POST libpod/pods/foo/stop '' 304
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index 786c976d6..fffd7b085 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -41,6 +41,9 @@ echo 0 >$failures_file
# Where the tests live
TESTS_DIR=$(realpath $(dirname $0))
+# Path to podman binary
+PODMAN_BIN=${PODMAN:-${TESTS_DIR}/../../bin/podman}
+
# END setup
###############################################################################
# BEGIN infrastructure code - the helper functions used in tests themselves
@@ -97,7 +100,7 @@ function _show_ok() {
local green=
local reset=
local bold=
- if [ -t 3 ]; then
+ if [ -t 1 ]; then
red='\e[31m'
green='\e[32m'
reset='\e[0m'
@@ -107,16 +110,16 @@ function _show_ok() {
_bump $testcounter_file
count=$(<$testcounter_file)
if [ $ok -eq 1 ]; then
- echo -e "${green}ok $count $testname${reset}" >&3
+ echo -e "${green}ok $count $testname${reset}"
return
fi
# Failed
local expect=$3
local actual=$4
- echo -e "${red}not ok $count $testname${reset}" >&3
- echo -e "${red}# expected: $expect${reset}" >&3
- echo -e "${red}# actual: ${bold}$actual${reset}" >&3
+ echo -e "${red}not ok $count $testname${reset}"
+ echo -e "${red}# expected: $expect${reset}"
+ echo -e "${red}# actual: ${bold}$actual${reset}"
_bump $failures_file
}
@@ -201,17 +204,28 @@ function t() {
output=$(< $WORKDIR/curl.result.out)
+ # Special case: 204/304, by definition, MUST NOT return content (rfc2616)
+ if [[ $expected_code = 204 || $expected_code = 304 ]]; then
+ if [ -n "$*" ]; then
+ die "Internal error: ${expected_code} status returns no output; fix your test."
+ fi
+ if [ -n "$output" ]; then
+ _show_ok 0 "$testname: ${expected_code} status returns no output" "''" "$output"
+ fi
+ return
+ fi
+
for i; do
case "$i" in
# Exact match on json field
- .*=*)
+ *=*)
json_field=$(expr "$i" : "\([^=]*\)=")
expect=$(expr "$i" : '[^=]*=\(.*\)')
actual=$(jq -r "$json_field" <<<"$output")
is "$actual" "$expect" "$testname : $json_field"
;;
# regex match on json field
- .*~*)
+ *~*)
json_field=$(expr "$i" : "\([^~]*\)~")
expect=$(expr "$i" : '[^~]*~\(.*\)')
actual=$(jq -r "$json_field" <<<"$output")
@@ -231,35 +245,51 @@ function t() {
service_pid=
function start_service() {
# If there's a listener on the port, nothing for us to do
- echo -n >/dev/tcp/$HOST/$PORT &>/dev/null && return
+ { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null && return
+
+ test -x $PODMAN_BIN || die "Not found: $PODMAN_BIN"
if [ "$HOST" != "localhost" ]; then
die "Cannot start service on non-localhost ($HOST)"
fi
- if [ $(id -u) -ne 0 ]; then
- echo "$ME: WARNING: running service rootless is unlikely to work!" >&2
- fi
-
- # Find the binary
- SERVICE_BIN=${SERVICE_BIN:-${TESTS_DIR}/../../bin/service}
- test -x $SERVICE_BIN || die "Not found: $SERVICE_BIN"
-
- systemd-socket-activate -l 127.0.0.1:$PORT \
- $SERVICE_BIN --root $WORKDIR/root \
+ $PODMAN_BIN --root $WORKDIR system service --timeout 15000 tcp:127.0.0.1:$PORT \
&> $WORKDIR/server.log &
service_pid=$!
# Wait
local _timeout=5
while [ $_timeout -gt 0 ]; do
- echo -n >/dev/tcp/$HOST/$PORT &>/dev/null && return
+ { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null && return
sleep 1
_timeout=$(( $_timeout - 1 ))
done
die "Timed out waiting for service"
}
+############
+# podman # Needed by some test scripts to invoke the actual podman binary
+############
+function podman() {
+ echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log
+ $PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1
+}
+
+####################
+# root, rootless # Is server rootless?
+####################
+ROOTLESS=
+function root() {
+ ! rootless
+}
+
+function rootless() {
+ if [[ -z $ROOTLESS ]]; then
+ ROOTLESS=$(curl -s http://$HOST:$PORT/v1.40/info | jq .Rootless)
+ fi
+ test "$ROOTLESS" = "true"
+}
+
# END infrastructure code
###############################################################################
# BEGIN sanity checks
@@ -288,10 +318,6 @@ else
tests_to_run=($TESTS_DIR/*.at)
fi
-# Because subtests may run podman or other commands that emit stderr;
-# redirect all those and use fd 3 for all output
-exec 3>&1 &>$WORKDIR/output.log
-
start_service
for i in ${tests_to_run[@]}; do
@@ -304,22 +330,17 @@ done
# Clean up
if [ -n "$service_pid" ]; then
- # Yep, has to be -9. It ignores everything else.
- kill -9 $service_pid
+ kill $service_pid
+ wait -f $service_pid
fi
test_count=$(<$testcounter_file)
failure_count=$(<$failures_file)
-if [ $failure_count -gt 0 -a -s "$WORKDIR/output.log" ]; then
- echo "# Collected stdout/stderr:" >&3
- sed -e 's/^/# /' < $WORKDIR/output.log >&3
-fi
-
if [ -z "$PODMAN_TESTS_KEEP_WORKDIR" ]; then
rm -rf $WORKDIR
fi
-echo "1..${test_count}" >&3
+echo "1..${test_count}"
exit $failure_count
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 0c2389e40..46c27dc2e 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -397,4 +397,28 @@ var _ = Describe("Podman run with volumes", func() {
volMount.WaitWithDefaultTimeout()
Expect(volMount.ExitCode()).To(Not(Equal(0)))
})
+
+ It("Podman fix for CVE-2020-1726", func() {
+ volName := "testVol"
+ volCreate := podmanTest.Podman([]string{"volume", "create", volName})
+ volCreate.WaitWithDefaultTimeout()
+ Expect(volCreate.ExitCode()).To(Equal(0))
+
+ volPath := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{.Mountpoint}}", volName})
+ volPath.WaitWithDefaultTimeout()
+ Expect(volPath.ExitCode()).To(Equal(0))
+ path := volPath.OutputToString()
+
+ fileName := "thisIsATestFile"
+ file, err := os.Create(filepath.Join(path, fileName))
+ Expect(err).To(BeNil())
+ defer file.Close()
+
+ runLs := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "-v", fmt.Sprintf("%v:/etc/ssl", volName), ALPINE, "ls", "-1", "/etc/ssl"})
+ runLs.WaitWithDefaultTimeout()
+ Expect(runLs.ExitCode()).To(Equal(0))
+ outputArr := runLs.OutputToStringArray()
+ Expect(len(outputArr)).To(Equal(1))
+ Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue())
+ })
})