summaryrefslogtreecommitdiff
path: root/test/e2e/run_test.go
Commit message (Collapse)AuthorAge
* Convert strings.Contains() to Expect(ContainSubstring)Ed Santiago2021-11-30
| | | | | | | ...done manually, not via sed, because some of the inner expressions include nested commas. Signed-off-by: Ed Santiago <santiago@redhat.com>
* e2e tests: enable golintEd Santiago2021-11-29
| | | | | | ...and fix problems found therewith. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #12361 from rhatdan/remoteDaniel J Walsh2021-11-23
|\ | | | | podman-remote does not support signature-policy
| * podman-remote does not support signature-policyDaniel J Walsh2021-11-19
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12357 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | e2e tests: clean up antihelpful BeTrue()sEd Santiago2021-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Many ginkgo tests have been written to use this evil form: GrepString("foo") Expect(that to BeTrue()) ...which yields horrible useless messages on failure: false is not true Identify those (automatically, via script) and convert to: Expect(output to ContainSubstring("foo")) ...which yields: "this output" does not contain substring "foo" There are still many BeTrue()s left. This is just a start. This is commit 1 of 2. It includes the script I used, and all changes to *.go are those computed by the script. Commit 2 will apply some manual fixes. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Semiperiodic cleanup of obsolete Skip()sEd Santiago2021-11-19
|/ | | | | | | | | | | | | | Found by my find-obsolete-skips script. Let's see which, if any, of these skipped tests can be reenabled. Some Skips are "this will never work", not "this is expected to work one day". Update the message on those to reflect that. Some were real bugs in the test framework. Fix those. And, joy of joys, some work today. Remove those skips. Signed-off-by: Ed Santiago <santiago@redhat.com>
* fix CIValentin Rothberg2021-11-18
| | | | | | | | | | | | Our fedora-minimal image on Quay bases on fedora-minimal:latest which starting with F35 removed a number of binaries that our CI depends on. Fix that by pulling `fedora-minimal:34` from the Fedora registry directly. Once the build bot on Quay has been disabled, we move the image over there to make sure that it will not change over time. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* secret: honor custom target for secrets with runAditya Rajan2021-11-15
| | | | | | | | | | | Honor custom `target` if specified while running or creating containers with secret `type=mount`. Example: `podman run -it --secret token,type=mount,target=TOKEN ubi8/ubi:latest bash` Signed-off-by: Aditya Rajan <arajan@redhat.com>
* test: run --cgroups=split in new cgroupGiuseppe Scrivano2021-11-04
| | | | | | | | | | the --cgroups=split test changes the current cgroup as it creates a sub-cgroup. This can cause a race condition in tests that are reading the current cgroup. Closes: https://github.com/containers/podman/issues/11191 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* volumes: allow more options for devptsGiuseppe Scrivano2021-10-28
| | | | | | | | allow to pass down more options that are supported by the kernel. Discussion here: https://github.com/containers/toolbox/issues/568 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* container create: fix --tls-verify parsingValentin Rothberg2021-10-27
| | | | | | | | | Make sure that the value is only set if specified on the CLI. c/image already defaults to true but if set in the system context, we'd skip settings in the registries.conf. Fixes: #11933 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* libpod: change mountpoint ownership c.Root when using overlay on top of ↵Aditya Rajan2021-10-19
| | | | | | | | | | external rootfs Allow chainging ownership of mountpoint created on top external overlay rootfs to support use-cases when custom --uidmap and --gidmap are specified. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* rootfs-overlay: fix overlaybase path for cleanupsAditya Rajan2021-10-18
| | | | | | | | Following commit ensures not dandling mounts are left behind when we are creating an overlay on top of external rootfs. Co-authored-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Aditya Rajan <arajan@redhat.com>
* Eighty-six eighty-eightyEd Santiago2021-09-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (Sorry, couldn't resist). CI flakes have been coming down - thank you to everyone who has been making them a priority. This leaves a noisy subset that I've just been ignoring for months: Running: podman ... -p 8080:something ...cannot listen on the TCP port: listen tcp4 :8080: bind: address already in use Sometimes these are one-time errors resolved on 2nd try; sometimes they fail three times, forcing CI user to hit Rerun. In all cases they make noise in my flake logs, which costs me time. My assumption is that this has to do with ginkgo running random tests in parallel. Since many e2e tests simplemindedly use 8080, collisions are inevitable. Solution: simplemindedly replace 8080 with other (also arbitrarily picked) numbers. This is imperfect -- it requires human developers to pick a number NNNN and 'grep NNNN test/e2e/*' before adding new tests, which I am 100% confident ain't gonna happen -- but it's better than what we have now. Side note: I considered writing and using a RandomAvailablePort() helper, but that would still be racy. Plus, it would be a pain to interpolate strings into so many places. Finally, with this hand-tooled approach, if/when we _do_ get conflicts on port NNNN, it should be very easy to grep for NNNN, find the offending tests that reuse that port, and fix one of them. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #11567 from giuseppe/cgroups-split-with-podsOpenShift Merge Robot2021-09-15
|\ | | | | libpod: honor --cgroups=split also with pods
| * libpod: honor --cgroups=split also with podsGiuseppe Scrivano2021-09-14
| | | | | | | | | | | | Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | tests: enable --cgroups=disabled test for rootlessGiuseppe Scrivano2021-09-14
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | tests: simplify --cgroups=disabled testGiuseppe Scrivano2021-09-14
|/ | | | | | read the cgroup directly from the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix file descriptor leaks and add testJhon Honce2021-08-24
| | | | | | | | | | * Add response.Body.Close() where needed to release HTTP connections to API server. * Add tests to ensure no general leaks occur. 100% coverage would be required to ensure no leaks on any call. * Update code comments to be godoc correct Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #11205 from Shivkumar13/shivkumar-tls-fixOpenShift Merge Robot2021-08-23
|\ | | | | Support for --tls-verify flag in podman-run & podman-create
| * Support for --tls-verify flag in podman run & podman createShivkumar132021-08-21
| | | | | | | | Signed-off-by: Shivkumar13 <sople@redhat.com>
* | Fix AVC denials in tests of volume mountsChris Evich2021-08-18
|/ | | | | | | | | This becomes a problem on hosts with upgraded policies. Ref: https://github.com/containers/podman/issues/10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #11048 from cdoern/heatlhCheckCompatOpenShift Merge Robot2021-07-29
|\ | | | | Fixed Healthcheck formatting, string to []string
| * Fixed Healthcheck formatting, string to []stringcdoern2021-07-28
| | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
| * Fixed Healthcheck formatting, string to []stringcdoern2021-07-26
| | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
* | e2e tests: use Should(Exit()) and ExitWithError()Ed Santiago2021-07-15
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | e2e test failures are rife with messages like: Expected 1 to equal 0 These make me cry. They're anti-helpful, requiring the reader to dive into the source code to figure out what those numbers mean. Solution: Go tests have a '.Should(Exit(NNN))' mechanism. I don't know if it spits out a better diagnostic (I have no way to run e2e tests on my laptop), but I have to fantasize that it will, and given the state of our flakes I assume that at least one test will fail and give me the opportunity to see what the error message looks like. THIS IS NOT REVIEWABLE CODE. There is no way for a human to review it. Don't bother. Maybe look at a few random ones for sanity. If you want to really review, here is a reproducer of what I did: cd test/e2e ! positive assertions. The second is the same as the first, ! with the addition of (unnecessary) parentheses because ! some invocations were written that way. The third is BeZero(). perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\d+)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(\(Equal\((\d+)\)\)\)/Expect($1).Should(Exit($2))/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(BeZero\(\)\)/Expect($1).Should(Exit(0))/' *_test.go ! Same as above, but handles three non-numeric exit codes ! in run_exit_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\S+)\)\)/Expect($1).Should(Exit($2))/' *_test.go ! negative assertions. Difference is the spelling of 'To(Not)', ! 'ToNot', and 'NotTo'. I assume those are all the same. perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Not\(Equal\((0)\)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.NotTo\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go ! negative, old use of BeZero() perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(BeZero\(\)\)/Expect($1).Should(ExitWithError())/' *_test.go Run those on a clean copy of main branch (at the same branch point as my PR, of course), then diff against a checked-out copy of my PR. There should be no differences. Then all you have to review is that my replacements above are sane. UPDATE: nope, that's not enough, you also need to add gomega/gexec to the files that don't have it: perl -pi -e '$_ .= "$1/gexec\"\n" if m!^(.*/onsi/gomega)"!' $(grep -L gomega/gexec $(git log -1 --stat | awk '$1 ~ /test\/e2e\// { print $1}')) UPDATE 2: hand-edit run_volume_test.go UPDATE 3: sigh, add WaitWithDefaultTimeout() to a couple of places UPDATE 4: skip a test due to bug #10935 (race condition) Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #10451 from giuseppe/test-ENOSYSOpenShift Merge Robot2021-06-16
|\ | | | | tests: update CI images
| * test: drop invalid testGiuseppe Scrivano2021-06-16
| | | | | | | | | | | | | | | | | | runc-1.0-rc95 refuses destination paths that are not absolute. The test was causing a mount with a destination "[/etc/foo]" causing the OCI runtime to fail. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Fix permissions on initially created named volumesDaniel J Walsh2021-06-14
|/ | | | | | | | Permission of volume should match the directory it is being mounted on. Fixes: https://github.com/containers/podman/issues/10188 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Support uid,gid,mode options for secretsAshley Cui2021-05-17
| | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* podman image tree: restore previous behaviorValentin Rothberg2021-05-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of libimage changed the order of layers which has now been restored to remain backwards compatible. Further changes: * Fix a bug in the journald logging which requires to strip trailing new lines from the message. The system tests did not pass due to empty new lines. Triggered by changing the default logger to journald in containers/common. * Fix another bug in the journald logging which embedded the container ID inside the message rather than the specifid field. That surfaced in a preceeding whitespace of each log line which broke the system tests. * Alter the system tests to make sure that the k8s-file and the journald logging drivers are executed. * A number of e2e tests have been changed to force the k8s-file driver to make them pass when running inside a root container. * Increase the timeout in a kill test which seems to take longer now. Reasons are unknown. Tests passed earlier and no signal-related changes happend. It may be CI VM flake since some system tests but other flaked. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ | | | | Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Fix infinite loop in isPathOnVolumeSlava Bacherikov2021-05-06
| | | | | | | | | | | | | | | | | | | | filepath.Dir in some cases returns `.` symbol and calling this function again returns same result. In such cases this function never returns and causes some operations to stuck forever. Closes #10216 Signed-off-by: Slava Bacherikov <slava@bacher09.org>
* | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Skip blkio-weight test when no kernel BFQ supportChris Evich2021-04-27
|/ | | | | | | Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the distro. skip this test if the required cgroup node doesn't exist. Signed-off-by: Chris Evich <cevich@redhat.com>
* skip pidfile it on remotechenkang2021-04-17
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* add utchenkang2021-04-16
| | | | Signed-off-by: chenkang <kongchen28@gmail.com>
* Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix podman build --pull-neverDaniel J Walsh2021-03-27
| | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Validate passed in timezone from tz optionTomSweeneyRedHat2021-03-21
| | | | | | | | | | | | | | | | | | | | | | | | Erik Sjolund reported an issue where a badly formated file could be passed into the `--tz` option and then the date in the container would be badly messed up: ``` erik@laptop:~$ echo Hello > file.txt erik@laptop:~$ podman run --tz=../../../home/erik/file.txt --rm -ti docker.io/library/alpine cat /etc/localtime Hello erik@laptop:~$ podman --version podman version 3.0.0-rc1 erik@laptop:~$ ``` This fix checks to make sure the TZ passed in is a valid value and then proceeds with the rest of the processing. This was first reported as a potential security issue, but it was thought not to be. However, I thought closing the hole sooner rather than later would be good. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* test: check for io.stat existence on cgroup v2Giuseppe Scrivano2021-03-17
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix test for last crun/runcGiuseppe Scrivano2021-03-17
| | | | | | | | | there was a documentation issue for the kernel that reported the range to be different than on cgroup v1. The issue has been fixed in crun/runc. Adapt the test. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: simplify cgroup pathGiuseppe Scrivano2021-03-17
| | | | | | with cgroup v2, the cgroupns is enabled by default. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Latest crun/runc should handle blkio-weight testDaniel J Walsh2021-03-17
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable cgroupsv2 rw mount via security-opt unmaskJakub Guzik2021-02-28
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* test: ignore named hierarchies for cgroups=splitGiuseppe Scrivano2021-02-23
| | | | | | | | | ignore named hierarchies for the --cgroups=split test as crun does not set it. Closes: https://github.com/containers/podman/pull/9302#issuecomment-784157272 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* bump go module to v3Valentin Rothberg2021-02-22
| | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Do not reset storage when running inside of a containerDaniel J Walsh2021-02-16
| | | | | | | | | | | | | | | | | | | | | | | | Currently if the host shares container storage with a container running podman, the podman inside of the container resets the storage on the host. This can cause issues on the host, as well as causes the podman command running the container, to fail to unmount /dev/shm. podman run -ti --rm --privileged -v /var/lib/containers:/var/lib/containers quay.io/podman/stable podman run alpine echo hello * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy Since podman is volume mounting in the graphroot, it will add a flag to /run/.containerenv to tell podman inside of container whether to reset storage or not. Since the inner podman is running inside of the container, no reason to assume this is a fresh reboot, so if "container" environment variable is set then skip reset of storage. Also added tests to make sure /run/.containerenv is runnig correctly. Fixes: https://github.com/containers/podman/issues/9191 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>