diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 4 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 1 | ||||
| -rw-r--r-- | test/apiv2/60-auth.at | 29 | ||||
| -rw-r--r-- | test/apiv2/rest_api/__init__.py | 4 | ||||
| -rwxr-xr-x | test/apiv2/test-apiv2 | 115 | ||||
| -rw-r--r-- | test/e2e/cp_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/generate_kube_test.go | 32 | ||||
| -rw-r--r-- | test/e2e/libpod_suite_remote_test.go | 6 | ||||
| -rw-r--r-- | test/e2e/libpod_suite_test.go | 6 | ||||
| -rw-r--r-- | test/e2e/login_logout_test.go | 8 | ||||
| -rw-r--r-- | test/python/docker/__init__.py | 4 | ||||
| -rw-r--r-- | test/system/050-stop.bats | 2 | ||||
| -rw-r--r-- | test/system/065-cp.bats | 119 | ||||
| -rw-r--r-- | test/system/070-build.bats | 114 | ||||
| -rw-r--r-- | test/system/120-load.bats | 7 |
15 files changed, 400 insertions, 52 deletions
diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index 4f3ddf925..ce3049106 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -46,6 +46,10 @@ t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 # Untag the image t POST "libpod/images/$iid/untag?repo=localhost:5000/myrepo&tag=mytag" '' 201 +# Try to push non-existing image +t POST "images/localhost:5000/idonotexist/push?tlsVerify=false" '' 200 +jq -re 'select(.errorDetail)' <<<"$output" &>/dev/null || echo -e "${red}not ok: error message not found in output${nc}" 1>&2 + t GET libpod/images/$IMAGE/json 200 \ .RepoTags[-1]=$IMAGE diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index f73d03123..383d92ef3 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -162,6 +162,7 @@ t DELETE images/localhost/newrepo:v1?force=true 200 t DELETE images/localhost/newrepo:v2?force=true 200 t DELETE libpod/containers/$cid 204 t DELETE libpod/containers/myctr 204 +t DELETE libpod/containers/bogus 404 # test apiv2 create container with correct entrypoint and cmd diff --git a/test/apiv2/60-auth.at b/test/apiv2/60-auth.at new file mode 100644 index 000000000..378955cd7 --- /dev/null +++ b/test/apiv2/60-auth.at @@ -0,0 +1,29 @@ +# -*- sh -*- +# +# registry-related tests +# + +start_registry + +# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589 +if false; then + +# FIXME FIXME: please forgive the horrible POST params format; I have an +# upcoming PR which should fix that. + +# Test with wrong password. Confirm bad status and appropriate error message +t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ + 400 \ + .Status~'.* invalid username/password' + +# Test with the right password. Confirm status message and reasonable token +t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ + 200 \ + .Status="Login Succeeded" \ + .IdentityToken~[a-zA-Z0-9] + +# FIXME: now what? Try something-something using that token? +token=$(jq -r .IdentityToken <<<"$output") +# ... + +fi # FIXME FIXME FIXME: remove when working diff --git a/test/apiv2/rest_api/__init__.py b/test/apiv2/rest_api/__init__.py index db0257f03..b7b8a7649 100644 --- a/test/apiv2/rest_api/__init__.py +++ b/test/apiv2/rest_api/__init__.py @@ -27,7 +27,7 @@ class Podman(object): self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio")) self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run")) - os.environ["REGISTRIES_CONFIG_PATH"] = os.path.join(self.anchor_directory, "registry.conf") + os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join(self.anchor_directory, "registry.conf") p = configparser.ConfigParser() p.read_dict( { @@ -36,7 +36,7 @@ class Podman(object): "registries.block": {"registries": "[]"}, } ) - with open(os.environ["REGISTRIES_CONFIG_PATH"], "w") as w: + with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w: p.write(w) os.environ["CNI_CONFIG_PATH"] = os.path.join(self.anchor_directory, "cni", "net.d") diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index d545df245..e32d6bc62 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -17,6 +17,8 @@ PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODM IMAGE=$PODMAN_TEST_IMAGE_FQN +REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry:2.7" + # END stuff you can but probably shouldn't customize ############################################################################### # BEGIN setup @@ -313,13 +315,115 @@ function start_service() { die "Cannot start service on non-localhost ($HOST)" fi - $PODMAN_BIN --root $WORKDIR system service --time 15 tcp:127.0.0.1:$PORT \ + $PODMAN_BIN --root $WORKDIR/server_root system service \ + --time 15 \ + tcp:127.0.0.1:$PORT \ &> $WORKDIR/server.log & service_pid=$! wait_for_port $HOST $PORT } +function stop_service() { + # Stop the server + if [[ -n $service_pid ]]; then + kill $service_pid + wait $service_pid + fi +} + +#################### +# start_registry # Run a local registry +#################### +REGISTRY_PORT= +REGISTRY_USERNAME= +REGISTRY_PASSWORD= +function start_registry() { + # We can be invoked multiple times, e.g. from different subtests, but + # let's assume that once started we only kill it at the end of tests. + if [[ -n "$REGISTRY_PORT" ]]; then + return + fi + + REGISTRY_PORT=$(random_port) + REGISTRY_USERNAME=u$(random_string 7) + REGISTRY_PASSWORD=p$(random_string 7) + + local REGDIR=$WORKDIR/registry + local AUTHDIR=$REGDIR/auth + mkdir -p $AUTHDIR + + mkdir -p ${REGDIR}/{root,runroot} + local PODMAN_REGISTRY_ARGS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot" + + # Give it three tries, to compensate for network flakes + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE || + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE || + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE + + # Create a local cert and credentials + # FIXME: is there a hidden "--quiet" flag? This is too noisy. + openssl req -newkey rsa:4096 -nodes -sha256 \ + -keyout $AUTHDIR/domain.key -x509 -days 2 \ + -out $AUTHDIR/domain.crt \ + -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \ + -addext subjectAltName=DNS:localhost + htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \ + > $AUTHDIR/htpasswd + + # Run the registry, and wait for it to come up + podman ${PODMAN_REGISTRY_ARGS} run -d \ + -p ${REGISTRY_PORT}:5000 \ + --name registry \ + -v $AUTHDIR:/auth:Z \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \ + ${REGISTRY_IMAGE} + + wait_for_port localhost $REGISTRY_PORT +} + +function stop_registry() { + local REGDIR=${WORKDIR}/registry + if [[ -d $REGDIR ]]; then + local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot" + podman $OPTS stop -f -t 0 -a + + # rm/rmi are important when running rootless: without them we + # get EPERMS in tmpdir cleanup because files are owned by subuids. + podman $OPTS rm -f -a + podman $OPTS rmi -f -a + fi +} + +################# +# random_port # Random open port; arg is range (min-max), default 5000-5999 +################# +function random_port() { + local range=${1:-5000-5999} + + local port + for port in $(shuf -i ${range}); do + if ! { exec 5<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then + echo $port + return + fi + done + + die "Could not find open port in range $range" +} + +################### +# random_string # Pseudorandom alphanumeric string of given length +################### +function random_string() { + local length=${1:-10} + head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length +} + ################### # wait_for_port # Returns once port is available on host ################### @@ -341,8 +445,8 @@ function wait_for_port() { # podman # Needed by some test scripts to invoke the actual podman binary ############ function podman() { - echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log - $PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1 + echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log + $PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1 } #################### @@ -412,9 +516,8 @@ if [ -n "$service_pid" ]; then podman rm -a podman rmi -af - # Stop the server - kill $service_pid - wait $service_pid + stop_registry + stop_service fi test_count=$(<$testcounter_file) diff --git a/test/e2e/cp_test.go b/test/e2e/cp_test.go index c0fb61544..c0fb3f887 100644 --- a/test/e2e/cp_test.go +++ b/test/e2e/cp_test.go @@ -212,7 +212,6 @@ var _ = Describe("Podman cp", func() { // Copy the root dir "/" of a container to the host. It("podman cp the root directory from the ctr to an existing directory on the host ", func() { - SkipIfRootless("cannot copy tty devices in rootless mode") container := "copyroottohost" session := podmanTest.RunTopContainer(container) session.WaitWithDefaultTimeout() diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index d7c697f28..21e006c20 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -734,4 +734,36 @@ ENTRYPOINT /bin/sleep` kube.WaitWithDefaultTimeout() Expect(kube.ExitCode()).To(Equal(0)) }) + + It("podman generate kube based on user in container", func() { + // Build an image with an entrypoint. + containerfile := `FROM quay.io/libpod/alpine:latest +RUN adduser -u 10001 -S test1 +USER test1` + + targetPath, err := CreateTempDirInTempDir() + Expect(err).To(BeNil()) + containerfilePath := filepath.Join(targetPath, "Containerfile") + err = ioutil.WriteFile(containerfilePath, []byte(containerfile), 0644) + Expect(err).To(BeNil()) + + image := "generatekube:test" + session := podmanTest.Podman([]string{"build", "-f", containerfilePath, "-t", image}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"create", "--pod", "new:testpod", image, "test1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + kube := podmanTest.Podman([]string{"generate", "kube", "testpod"}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + pod := new(v1.Pod) + err = yaml.Unmarshal(kube.Out.Contents(), pod) + Expect(err).To(BeNil()) + Expect(*pod.Spec.Containers[0].SecurityContext.RunAsUser).To(Equal(int64(10001))) + }) + }) diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index a26765ee9..3115c246f 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -48,17 +48,17 @@ func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") - os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) + os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile) } func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { outfile := filepath.Join(p.TempDir, "registries.conf") - os.Setenv("REGISTRIES_CONFIG_PATH", outfile) + os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile) ioutil.WriteFile(outfile, b, 0644) } func resetRegistriesConfigEnv() { - os.Setenv("REGISTRIES_CONFIG_PATH", "") + os.Setenv("CONTAINERS_REGISTRIES_CONF", "") } func PodmanTestCreate(tempDir string) *PodmanTestIntegration { pti := PodmanTestCreateUtil(tempDir, true) diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index 0ae30ca10..cc03ccc96 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -31,17 +31,17 @@ func (p *PodmanTestIntegration) PodmanExtraFiles(args []string, extraFiles []*os func (p *PodmanTestIntegration) setDefaultRegistriesConfigEnv() { defaultFile := filepath.Join(INTEGRATION_ROOT, "test/registries.conf") - os.Setenv("REGISTRIES_CONFIG_PATH", defaultFile) + os.Setenv("CONTAINERS_REGISTRIES_CONF", defaultFile) } func (p *PodmanTestIntegration) setRegistriesConfigEnv(b []byte) { outfile := filepath.Join(p.TempDir, "registries.conf") - os.Setenv("REGISTRIES_CONFIG_PATH", outfile) + os.Setenv("CONTAINERS_REGISTRIES_CONF", outfile) ioutil.WriteFile(outfile, b, 0644) } func resetRegistriesConfigEnv() { - os.Setenv("REGISTRIES_CONFIG_PATH", "") + os.Setenv("CONTAINERS_REGISTRIES_CONF", "") } func PodmanTestCreate(tempDir string) *PodmanTestIntegration { diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 99876de29..6269bb92b 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -125,15 +125,15 @@ var _ = Describe("Podman login and logout", func() { // Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not // run in parallel unless they opt in by calling t.Parallel(). So don’t do that. - oldRCP, hasRCP := os.LookupEnv("REGISTRIES_CONFIG_PATH") + oldRCP, hasRCP := os.LookupEnv("CONTAINERS_REGISTRIES_CONF") defer func() { if hasRCP { - os.Setenv("REGISTRIES_CONFIG_PATH", oldRCP) + os.Setenv("CONTAINERS_REGISTRIES_CONF", oldRCP) } else { - os.Unsetenv("REGISTRIES_CONFIG_PATH") + os.Unsetenv("CONTAINERS_REGISTRIES_CONF") } }() - os.Setenv("REGISTRIES_CONFIG_PATH", registriesConf.Name()) + os.Setenv("CONTAINERS_REGISTRIES_CONF", registriesConf.Name()) session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"}) session.WaitWithDefaultTimeout() diff --git a/test/python/docker/__init__.py b/test/python/docker/__init__.py index da5630eac..59b7987f4 100644 --- a/test/python/docker/__init__.py +++ b/test/python/docker/__init__.py @@ -39,7 +39,7 @@ class Podman(object): self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio")) self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run")) - os.environ["REGISTRIES_CONFIG_PATH"] = os.path.join( + os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join( self.anchor_directory, "registry.conf" ) p = configparser.ConfigParser() @@ -50,7 +50,7 @@ class Podman(object): "registries.block": {"registries": "[]"}, } ) - with open(os.environ["REGISTRIES_CONFIG_PATH"], "w") as w: + with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w: p.write(w) os.environ["CNI_CONFIG_PATH"] = os.path.join( diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index 7d9f1fcb3..0652a97e4 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -66,7 +66,7 @@ load helpers name=thiscontainerdoesnotexist run_podman 125 stop $name is "$output" \ - "Error: no container with name or ID $name found: no such container" \ + "Error: no container with name or ID \"$name\" found: no such container" \ "podman stop nonexistent container" run_podman stop --ignore $name diff --git a/test/system/065-cp.bats b/test/system/065-cp.bats index 88ed983d8..73e807843 100644 --- a/test/system/065-cp.bats +++ b/test/system/065-cp.bats @@ -88,6 +88,7 @@ load helpers run_podman rmi -f $cpimage } + @test "podman cp file from host to container tmpfs mount" { srcdir=$PODMAN_TMPDIR/cp-test-file-host-to-ctr mkdir -p $srcdir @@ -113,6 +114,22 @@ load helpers } +@test "podman cp file from host to container and check ownership" { + srcdir=$PODMAN_TMPDIR/cp-test-file-host-to-ctr + mkdir -p $srcdir + content=cp-user-test-$(random_string 10) + echo "content" > $srcdir/hostfile + userid=$(id -u) + + run_podman run --user=$userid --userns=keep-id -d --name cpcontainer $IMAGE sleep infinity + run_podman cp $srcdir/hostfile cpcontainer:/tmp/hostfile + run_podman exec cpcontainer stat -c "%u" /tmp/hostfile + is "$output" "$userid" "copied file is chowned to the container user" + run_podman kill cpcontainer + run_podman rm -f cpcontainer +} + + @test "podman cp file from container to host" { srcdir=$PODMAN_TMPDIR/cp-test-file-ctr-to-host mkdir -p $srcdir @@ -175,20 +192,19 @@ load helpers @test "podman cp dir from host to container" { - dirname=dir-test - srcdir=$PODMAN_TMPDIR/$dirname - mkdir -p $srcdir + srcdir=$PODMAN_TMPDIR + mkdir -p $srcdir/dir/sub local -a randomcontent=( random-0-$(random_string 10) random-1-$(random_string 15) ) - echo "${randomcontent[0]}" > $srcdir/hostfile0 - echo "${randomcontent[1]}" > $srcdir/hostfile1 + echo "${randomcontent[0]}" > $srcdir/dir/sub/hostfile0 + echo "${randomcontent[1]}" > $srcdir/dir/sub/hostfile1 # "." and "dir/." will copy the contents, so make sure that a dir ending # with dot is treated correctly. - mkdir -p $srcdir. - cp $srcdir/* $srcdir./ + mkdir -p $srcdir/dir. + cp -r $srcdir/dir/* $srcdir/dir. run_podman run -d --name cpcontainer --workdir=/srv $IMAGE sleep infinity run_podman exec cpcontainer mkdir /srv/subdir @@ -199,12 +215,15 @@ load helpers # format is: <source arg to cp (appended to srcdir)> | <destination arg to cp> | <full dest path> | <test name> tests=" - | / | /dir-test | copy to root - . | / | /dir-test. | copy dotdir to root - / | /tmp | /tmp/dir-test | copy to tmp - /. | /usr/ | /usr/ | copy contents of dir to usr/ - | . | /srv/dir-test | copy to workdir (rel path) - | subdir/. | /srv/subdir/dir-test | copy to workdir subdir (rel path) + dir | / | /dir/sub | copy dir to root + dir. | / | /dir./sub | copy dir. to root + dir/ | /tmp | /tmp/dir/sub | copy dir/ to tmp + dir/. | /usr/ | /usr/sub | copy dir/. usr/ + dir/sub | . | /srv/sub | copy dir/sub to workdir (rel path) + dir/sub/. | subdir/. | /srv/subdir | copy dir/sub/. to workdir subdir (rel path) + dir | /newdir1 | /newdir1/sub | copy dir to newdir1 + dir/ | /newdir2 | /newdir2/sub | copy dir/ to newdir2 + dir/. | /newdir3 | /newdir3/sub | copy dir/. to newdir3 " # RUNNING container @@ -213,12 +232,10 @@ load helpers if [[ $src == "''" ]];then unset src fi - run_podman cp $srcdir$src cpcontainer:$dest - run_podman exec cpcontainer ls $dest_fullname - run_podman exec cpcontainer cat $dest_fullname/hostfile0 - is "$output" "${randomcontent[0]}" "$description (cp -> ctr:$dest)" - run_podman exec cpcontainer cat $dest_fullname/hostfile1 - is "$output" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" + run_podman cp $srcdir/$src cpcontainer:$dest + run_podman exec cpcontainer cat $dest_fullname/hostfile0 $dest_fullname/hostfile1 + is "${lines[0]}" "${randomcontent[0]}" "$description (cp -> ctr:$dest)" + is "${lines[1]}" "${randomcontent[1]}" "$description (cp -> ctr:$dest)" done < <(parse_table "$tests") run_podman kill cpcontainer run_podman rm -f cpcontainer @@ -230,7 +247,7 @@ load helpers unset src fi run_podman create --name cpcontainer --workdir=/srv $cpimage sleep infinity - run_podman cp $srcdir$src cpcontainer:$dest + run_podman cp $srcdir/$src cpcontainer:$dest run_podman start cpcontainer run_podman exec cpcontainer cat $dest_fullname/hostfile0 $dest_fullname/hostfile1 is "${lines[0]}" "${randomcontent[0]}" "$description (cp -> ctr:$dest)" @@ -263,17 +280,19 @@ load helpers run_podman commit -q cpcontainer cpimage="$output" - # format is: <source arg to cp (appended to /srv)> | <full dest path> | <test name> + # format is: <source arg to cp (appended to /srv)> | <dest> | <full dest path> | <test name> tests=" - /srv | /srv/subdir | copy /srv - /srv/ | /srv/subdir | copy /srv/ - /srv/. | /subdir | copy /srv/. - /srv/subdir/. | | copy /srv/subdir/. - /tmp/subdir. | /subdir. | copy /tmp/subdir. +/srv | | /srv/subdir | copy /srv +/srv | /newdir | /newdir/subdir | copy /srv to /newdir +/srv/ | | /srv/subdir | copy /srv/ +/srv/. | | /subdir | copy /srv/. +/srv/. | /newdir | /newdir/subdir | copy /srv/. to /newdir +/srv/subdir/. | | | copy /srv/subdir/. +/tmp/subdir. | | /subdir. | copy /tmp/subdir. " # RUNNING container - while read src dest_fullname description; do + while read src dest dest_fullname description; do if [[ $src == "''" ]];then unset src fi @@ -283,7 +302,7 @@ load helpers if [[ $dest_fullname == "''" ]];then unset dest_fullname fi - run_podman cp cpcontainer:$src $destdir + run_podman cp cpcontainer:$src $destdir$dest is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" rm -rf $destdir/* @@ -293,7 +312,7 @@ load helpers # CREATED container run_podman create --name cpcontainer --workdir=/srv $cpimage - while read src dest_fullname description; do + while read src dest dest_fullname description; do if [[ $src == "''" ]];then unset src fi @@ -303,7 +322,7 @@ load helpers if [[ $dest_fullname == "''" ]];then unset dest_fullname fi - run_podman cp cpcontainer:$src $destdir + run_podman cp cpcontainer:$src $destdir$dest is "$(< $destdir$dest_fullname/containerfile0)" "${randomcontent[0]}" "$description" is "$(< $destdir$dest_fullname/containerfile1)" "${randomcontent[1]}" "$description" rm -rf $destdir/* @@ -314,6 +333,46 @@ load helpers } +@test "podman cp symlinked directory from container" { + destdir=$PODMAN_TMPDIR/cp-weird-symlink + mkdir -p $destdir + + # Create 3 files with random content in the container. + local -a randomcontent=( + random-0-$(random_string 10) + random-1-$(random_string 15) + ) + + run_podman run -d --name cpcontainer $IMAGE sleep infinity + run_podman exec cpcontainer sh -c "echo ${randomcontent[0]} > /tmp/containerfile0" + run_podman exec cpcontainer sh -c "echo ${randomcontent[1]} > /tmp/containerfile1" + run_podman exec cpcontainer sh -c "mkdir /tmp/sub && cd /tmp/sub && ln -s .. weirdlink" + + # Commit the image for testing non-running containers + run_podman commit -q cpcontainer + cpimage="$output" + + # RUNNING container + # NOTE: /dest does not exist yet but is expected to be created during copy + run_podman cp cpcontainer:/tmp/sub/weirdlink $destdir/dest + run cat $destdir/dest/containerfile0 $destdir/dest/containerfile1 + is "${lines[0]}" "${randomcontent[0]}" "eval symlink - running container" + is "${lines[1]}" "${randomcontent[1]}" "eval symlink - running container" + + run_podman kill cpcontainer + run_podman rm -f cpcontainer + run rm -rf $srcdir/dest + + # CREATED container + run_podman create --name cpcontainer $cpimage + run_podman cp cpcontainer:/tmp/sub/weirdlink $destdir/dest + run cat $destdir/dest/containerfile0 $destdir/dest/containerfile1 + is "${lines[0]}" "${randomcontent[0]}" "eval symlink - created container" + is "${lines[1]}" "${randomcontent[1]}" "eval symlink - created container" + run_podman rm -f cpcontainer +} + + @test "podman cp file from host to container volume" { srcdir=$PODMAN_TMPDIR/cp-test-volume mkdir -p $srcdir diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 1e7d366a1..d413b0c10 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -168,6 +168,9 @@ EOF CAT_SECRET="cat /run/secrets/$secret_filename" fi + # For --dns-search: a domain that is unlikely to exist + local nosuchdomain=nx$(random_string 10).net + # Command to run on container startup with no args cat >$tmpdir/mycmd <<EOF #!/bin/sh @@ -188,11 +191,17 @@ EOF https_proxy=https-proxy-in-env-file EOF + # Build args: one explicit (foo=bar), one implicit (foo) + local arg_implicit_value=implicit_$(random_string 15) + local arg_explicit_value=explicit_$(random_string 15) + # NOTE: it's important to not create the workdir. # Podman will make sure to create a missing workdir # if needed. See #9040. cat >$tmpdir/Containerfile <<EOF FROM $IMAGE +ARG arg_explicit +ARG arg_implicit LABEL $label_name=$label_value WORKDIR $workdir @@ -217,18 +226,47 @@ RUN chown 2:3 /bin/mydefaultcmd RUN $CAT_SECRET +RUN echo explicit-build-arg=\$arg_explicit +RUN echo implicit-build-arg=\$arg_implicit + CMD ["/bin/mydefaultcmd","$s_echo"] +RUN cat /etc/resolv.conf EOF + # The goal is to test that a missing value will be inherited from + # environment - but that can't work with remote, so for simplicity + # just make it explicit in that case too. + local build_arg_implicit="--build-arg arg_implicit" + if is_remote; then + build_arg_implicit+="=$arg_implicit_value" + fi + # cd to the dir, so we test relative paths (important for podman-remote) cd $PODMAN_TMPDIR + export arg_explicit="THIS SHOULD BE OVERRIDDEN BY COMMAND LINE!" + export arg_implicit=${arg_implicit_value} run_podman ${MOUNTS_CONF} build \ + --build-arg arg_explicit=${arg_explicit_value} \ + $build_arg_implicit \ + --dns-search $nosuchdomain \ -t build_test -f build-test/Containerfile build-test local iid="${lines[-1]}" + if [[ $output =~ missing.*build.argument ]]; then + die "podman did not see the given --build-arg(s)" + fi + # Make sure 'podman build' had the secret mounted is "$output" ".*$secret_contents.*" "podman build has /run/secrets mounted" + # --build-arg should be set, both via 'foo=bar' and via just 'foo' ($foo) + is "$output" ".*explicit-build-arg=${arg_explicit_value}" \ + "--build-arg arg_explicit=explicit-value works" + is "$output" ".*implicit-build-arg=${arg_implicit_value}" \ + "--build-arg arg_implicit works (inheriting from environment)" + is "$output" ".*search $nosuchdomain" \ + "--dns-search added to /etc/resolv.conf" + if is_remote; then ENVHOST="" else @@ -362,6 +400,82 @@ Labels.$label_name | $label_value run_podman rmi -f build_test } +@test "podman build - COPY with ignore" { + local tmpdir=$PODMAN_TMPDIR/build-test-$(random_string 10) + mkdir -p $tmpdir/subdir + + # Create a bunch of files. Declare this as an array to avoid duplication + # because we iterate over that list below, checking for each file. + # A leading "-" indicates that the file SHOULD NOT exist in the built image + local -a files=( + -test1 -test1.txt + test2 test2.txt + subdir/sub1 subdir/sub1.txt + -subdir/sub2 -subdir/sub2.txt + this-file-does-not-match-anything-in-ignore-file + comment + ) + for f in ${files[@]}; do + # The magic '##-' strips off the '-' prefix + echo "$f" > $tmpdir/${f##-} + done + + # Directory that doesn't exist in the image; COPY should create it + local newdir=/newdir-$(random_string 12) + cat >$tmpdir/Containerfile <<EOF +FROM $IMAGE +COPY ./ $newdir/ +EOF + + # Run twice: first with a custom --ignorefile, then with a default one. + # This ordering is deliberate: if we were to run with .dockerignore + # first, and forget to rm it, and then run with --ignorefile, _and_ + # there was a bug in podman where --ignorefile was a NOP (eg #9570), + # the test might pass because of the existence of .dockerfile. + for ignorefile in ignoreme-$(random_string 5) .dockerignore; do + # Patterns to ignore. Mostly copied from buildah/tests/bud/dockerignore + cat >$tmpdir/$ignorefile <<EOF +# comment +test* +!test2* +subdir +!*/sub1* +EOF + + # Build an image. For .dockerignore + local -a ignoreflag + unset ignoreflag + if [[ $ignorefile != ".dockerignore" ]]; then + ignoreflag="--ignorefile $tmpdir/$ignorefile" + fi + run_podman build -t build_test ${ignoreflag} $tmpdir + + # Delete the ignore file! Otherwise, in the next iteration of the loop, + # we could end up with an existing .dockerignore that invisibly + # takes precedence over --ignorefile + rm -f $tmpdir/$ignorefile + + # It would be much more readable, and probably safer, to iterate + # over each file, running 'podman run ... ls -l $f'. But each podman run + # takes a second or so, and we are mindful of each second. + run_podman run --rm build_test find $newdir -type f + for f in ${files[@]}; do + if [[ $f =~ ^- ]]; then + f=${f##-} + if [[ $output =~ $f ]]; then + die "File '$f' found in image; it should have been ignored via $ignorefile" + fi + else + is "$output" ".*$newdir/$f" \ + "File '$f' should exist in container (no match in $ignorefile)" + fi + done + + # Clean up + run_podman rmi -f build_test + done +} + @test "podman build - stdin test" { # Random workdir, and random string to verify build output workdir=/$(random_string 10) diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 902cd9f5e..936449bdb 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -26,6 +26,13 @@ verify_iid_and_name() { is "$new_img_name" "$1" "Name & tag of restored image" } +@test "podman load invalid file" { + # Regression test for #9672 to make sure invalid input yields errors. + invalid=$PODMAN_TMPDIR/invalid + echo "I am an invalid file and should cause a podman-load error" > $invalid + run_podman 125 load -i $invalid +} + @test "podman save to pipe and load" { # Generate a random name and tag (must be lower-case) local random_name=x0$(random_string 12 | tr A-Z a-z) |