diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/apiv2/01-basic.at | 3 | ||||
-rw-r--r-- | test/apiv2/10-images.at | 6 | ||||
-rw-r--r-- | test/apiv2/20-containers.at | 16 | ||||
-rw-r--r-- | test/apiv2/40-pods.at | 20 | ||||
-rwxr-xr-x | test/apiv2/test-apiv2 | 83 | ||||
-rw-r--r-- | test/e2e/run_volume_test.go | 24 |
6 files changed, 107 insertions, 45 deletions
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at index e87ec534c..a54063260 100644 --- a/test/apiv2/01-basic.at +++ b/test/apiv2/01-basic.at @@ -27,7 +27,8 @@ t GET /nonesuch 404 t POST /nonesuch '' 404 t GET container/nonesuch/json 404 t GET libpod/containers/nonesuch/json 404 -t GET 'libpod/containers/json?a=b' 400 + +#### FIXME: maybe someday: t GET 'libpod/containers/json?a=b' 400 # Method not allowed t POST /_ping '' 405 diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at index 243b35e9f..42ec028d0 100644 --- a/test/apiv2/10-images.at +++ b/test/apiv2/10-images.at @@ -6,9 +6,9 @@ # FIXME: API doesn't support pull yet, so use podman podman pull -q $IMAGE -# We want the SHA without the "sha256:" prefix -full_iid=$(podman images --no-trunc --format '{{.ID}}' $IMAGE) -iid=${full_iid##sha256:} +t GET libpod/images/json 200 \ + .[0].Id~[0-9a-f]\\{64\\} +iid=$(jq -r '.[0].Id' <<<"$output") t GET libpod/images/$iid/exists 204 t GET libpod/images/$PODMAN_TEST_IMAGE_NAME/exists 204 diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 5f0a145f0..a69e8cc99 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -11,18 +11,22 @@ podman pull $IMAGE &>/dev/null # Ensure clean slate podman rm -a -f &>/dev/null -t GET libpod/containers/json 200 [] +t GET libpod/containers/json 200 length=0 podman run $IMAGE true -t GET libpod/containers/json 200 \ - .[0].ID~[0-9a-f]\\{12\\} \ +t GET libpod/containers/json 200 length=0 + +t GET libpod/containers/json?all=true 200 \ + length=1 \ + .[0].Id~[0-9a-f]\\{12\\} \ .[0].Image=$IMAGE \ - .[0].Command=true \ - .[0].State=4 \ + .[0].Command[0]="true" \ + .[0].State=exited \ + .[0].ExitCode=0 \ .[0].IsInfra=false -cid=$(jq -r '.[0].ID' <<<"$output") +cid=$(jq -r '.[0].Id' <<<"$output") t DELETE libpod/containers/$cid 204 diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at index 1c25a3822..705de94d2 100644 --- a/test/apiv2/40-pods.at +++ b/test/apiv2/40-pods.at @@ -3,19 +3,31 @@ # test pod-related endpoints # +# FIXME! Shouldn't /create give an actual pod ID? +expected_id='machine.slice' +if rootless; then + expected_id=/libpod_parent +fi + t GET libpod/pods/json 200 null -t POST libpod/pods/create name=foo 201 '{"id":"machine.slice"}' # FIXME! +t POST libpod/pods/create name=foo 201 .id=$expected_id t GET libpod/pods/foo/exists 204 t GET libpod/pods/notfoo/exists 404 t GET libpod/pods/foo/json 200 .Config.name=foo .Containers=null t GET libpod/pods/json 200 .[0].Config.name=foo .[0].Containers=null -# Cannot create a dup pod with the same name (FIXME: should that be 409?) -t POST libpod/pods/create name=foo 500 .cause="pod already exists" +# Cannot create a dup pod with the same name +t POST libpod/pods/create name=foo 409 .cause="pod already exists" #t POST libpod/pods/create a=b 400 .cause='bad parameter' # FIXME: unimplemented -t POST libpod/pods/foo/pause '' 204 +if root; then + t POST libpod/pods/foo/pause '' 204 +else + t POST libpod/pods/foo/pause '' 500 \ + .cause="this container does not have a cgroup" \ + .message~".*pause pods containing rootless containers with cgroup V1" +fi t POST libpod/pods/foo/unpause '' 200 t POST libpod/pods/foo/unpause '' 200 # (2nd time) t POST libpod/pods/foo/stop '' 304 diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index 786c976d6..fffd7b085 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -41,6 +41,9 @@ echo 0 >$failures_file # Where the tests live TESTS_DIR=$(realpath $(dirname $0)) +# Path to podman binary +PODMAN_BIN=${PODMAN:-${TESTS_DIR}/../../bin/podman} + # END setup ############################################################################### # BEGIN infrastructure code - the helper functions used in tests themselves @@ -97,7 +100,7 @@ function _show_ok() { local green= local reset= local bold= - if [ -t 3 ]; then + if [ -t 1 ]; then red='\e[31m' green='\e[32m' reset='\e[0m' @@ -107,16 +110,16 @@ function _show_ok() { _bump $testcounter_file count=$(<$testcounter_file) if [ $ok -eq 1 ]; then - echo -e "${green}ok $count $testname${reset}" >&3 + echo -e "${green}ok $count $testname${reset}" return fi # Failed local expect=$3 local actual=$4 - echo -e "${red}not ok $count $testname${reset}" >&3 - echo -e "${red}# expected: $expect${reset}" >&3 - echo -e "${red}# actual: ${bold}$actual${reset}" >&3 + echo -e "${red}not ok $count $testname${reset}" + echo -e "${red}# expected: $expect${reset}" + echo -e "${red}# actual: ${bold}$actual${reset}" _bump $failures_file } @@ -201,17 +204,28 @@ function t() { output=$(< $WORKDIR/curl.result.out) + # Special case: 204/304, by definition, MUST NOT return content (rfc2616) + if [[ $expected_code = 204 || $expected_code = 304 ]]; then + if [ -n "$*" ]; then + die "Internal error: ${expected_code} status returns no output; fix your test." + fi + if [ -n "$output" ]; then + _show_ok 0 "$testname: ${expected_code} status returns no output" "''" "$output" + fi + return + fi + for i; do case "$i" in # Exact match on json field - .*=*) + *=*) json_field=$(expr "$i" : "\([^=]*\)=") expect=$(expr "$i" : '[^=]*=\(.*\)') actual=$(jq -r "$json_field" <<<"$output") is "$actual" "$expect" "$testname : $json_field" ;; # regex match on json field - .*~*) + *~*) json_field=$(expr "$i" : "\([^~]*\)~") expect=$(expr "$i" : '[^~]*~\(.*\)') actual=$(jq -r "$json_field" <<<"$output") @@ -231,35 +245,51 @@ function t() { service_pid= function start_service() { # If there's a listener on the port, nothing for us to do - echo -n >/dev/tcp/$HOST/$PORT &>/dev/null && return + { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null && return + + test -x $PODMAN_BIN || die "Not found: $PODMAN_BIN" if [ "$HOST" != "localhost" ]; then die "Cannot start service on non-localhost ($HOST)" fi - if [ $(id -u) -ne 0 ]; then - echo "$ME: WARNING: running service rootless is unlikely to work!" >&2 - fi - - # Find the binary - SERVICE_BIN=${SERVICE_BIN:-${TESTS_DIR}/../../bin/service} - test -x $SERVICE_BIN || die "Not found: $SERVICE_BIN" - - systemd-socket-activate -l 127.0.0.1:$PORT \ - $SERVICE_BIN --root $WORKDIR/root \ + $PODMAN_BIN --root $WORKDIR system service --timeout 15000 tcp:127.0.0.1:$PORT \ &> $WORKDIR/server.log & service_pid=$! # Wait local _timeout=5 while [ $_timeout -gt 0 ]; do - echo -n >/dev/tcp/$HOST/$PORT &>/dev/null && return + { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null && return sleep 1 _timeout=$(( $_timeout - 1 )) done die "Timed out waiting for service" } +############ +# podman # Needed by some test scripts to invoke the actual podman binary +############ +function podman() { + echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log + $PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1 +} + +#################### +# root, rootless # Is server rootless? +#################### +ROOTLESS= +function root() { + ! rootless +} + +function rootless() { + if [[ -z $ROOTLESS ]]; then + ROOTLESS=$(curl -s http://$HOST:$PORT/v1.40/info | jq .Rootless) + fi + test "$ROOTLESS" = "true" +} + # END infrastructure code ############################################################################### # BEGIN sanity checks @@ -288,10 +318,6 @@ else tests_to_run=($TESTS_DIR/*.at) fi -# Because subtests may run podman or other commands that emit stderr; -# redirect all those and use fd 3 for all output -exec 3>&1 &>$WORKDIR/output.log - start_service for i in ${tests_to_run[@]}; do @@ -304,22 +330,17 @@ done # Clean up if [ -n "$service_pid" ]; then - # Yep, has to be -9. It ignores everything else. - kill -9 $service_pid + kill $service_pid + wait -f $service_pid fi test_count=$(<$testcounter_file) failure_count=$(<$failures_file) -if [ $failure_count -gt 0 -a -s "$WORKDIR/output.log" ]; then - echo "# Collected stdout/stderr:" >&3 - sed -e 's/^/# /' < $WORKDIR/output.log >&3 -fi - if [ -z "$PODMAN_TESTS_KEEP_WORKDIR" ]; then rm -rf $WORKDIR fi -echo "1..${test_count}" >&3 +echo "1..${test_count}" exit $failure_count diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 0c2389e40..46c27dc2e 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -397,4 +397,28 @@ var _ = Describe("Podman run with volumes", func() { volMount.WaitWithDefaultTimeout() Expect(volMount.ExitCode()).To(Not(Equal(0))) }) + + It("Podman fix for CVE-2020-1726", func() { + volName := "testVol" + volCreate := podmanTest.Podman([]string{"volume", "create", volName}) + volCreate.WaitWithDefaultTimeout() + Expect(volCreate.ExitCode()).To(Equal(0)) + + volPath := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{.Mountpoint}}", volName}) + volPath.WaitWithDefaultTimeout() + Expect(volPath.ExitCode()).To(Equal(0)) + path := volPath.OutputToString() + + fileName := "thisIsATestFile" + file, err := os.Create(filepath.Join(path, fileName)) + Expect(err).To(BeNil()) + defer file.Close() + + runLs := podmanTest.Podman([]string{"run", "-t", "-i", "--rm", "-v", fmt.Sprintf("%v:/etc/ssl", volName), ALPINE, "ls", "-1", "/etc/ssl"}) + runLs.WaitWithDefaultTimeout() + Expect(runLs.ExitCode()).To(Equal(0)) + outputArr := runLs.OutputToStringArray() + Expect(len(outputArr)).To(Equal(1)) + Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue()) + }) }) |