summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* System tests: new system-df and passwd testsEd Santiago2020-07-30
| | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7121 from rhatdan/buildOpenShift Merge Robot2020-07-29
|\ | | | | Fix building from http or '-' options
| * Fix building from http or '-' optionsDaniel J Walsh2020-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | System tests: add environment, volume testsEd Santiago2020-07-28
|/ | | | | | | | | | | | | | | | | | Tests for #7094, in which symlinks in a volume would cause chown errors and nonrunnable containers. Tests for environment variable precedence, now include --env-host and proxy settings Fix a bug caught by covscan in helpers.t ('source' path would fail if path included spaces). Fix podman-run man page: it was incorrect in stating precedence between in-image environment and --env-host. Fixes: #7099 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* BATS help-message test: improve diagnosticsEd Santiago2020-07-21
| | | | | | | | | | | The error messages from the 'podman xxx --help' cross-check test are unhelpful, and cause much wasted time when they trigger. Solution: instead of using the built-in exit-status check in run_podman, do an explicit check outside of run_podman. This lets us die() with a custom, hopefully useful, message. Signed-off-by: Ed Santiago <santiago@redhat.com>
* BATS tests: more resilient remove_same_dev_warningEd Santiago2020-07-20
| | | | | | | | | | | | | | | | Some CI tests are flaking in the SELinux test, possibly because there's a new variation of the "multiple devices" warning I hadn't seen before: WARNING: Creating device "/dev/null" with same type, major and minor as existing "/dev/foodevdir/null". Solution: in remove_same_dev_warning(), remove "multiple" from the match string. Also: fix a Go test that wasn't cleaning up after itself. And add an actual test to it, not just check-exit-status. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #6975 from baude/rootlessIPMACOpenShift Merge Robot2020-07-15
|\ | | | | Error on rootless mac and ip addresses
| * Error on rootless mac and ip addressesBrent Baude2020-07-15
| | | | | | | | | | | | | | | | When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125. Fixes: #6972 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6979 from edsantiago/bats_masked_dirsOpenShift Merge Robot2020-07-15
|\ \ | | | | | | system tests: check for masked-device leaks
| * | system tests: check for masked-device leaksEd Santiago2020-07-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR #6957 added a new path (/sys/devs) to an existing list of masked mount points which an unprivileged container should not be able to access. Here we add a test for those: run 'stat' on those devices in the container, and make sure that they are dummies. This is kind of kludgy, and relies on heuristics that may not be 100% accurate. It also adds duplication, a list that must be kept in sync with the original list in pkg/specgen/generate/config_linux.go. I'd love to hear suggestions on how to do it better. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / system tests: new tests for run, execEd Santiago2020-07-14
|/ | | | | | | | | | | | | | | | | | | | | | - Issue #6735 : problem with multiple namespaces; confirms combinations of --userns=keep-id, --privileged, --user=XX - Issue #6829 : --userns=keep-id will add a /etc/passwd entry - Issue #6593 : podman exec, with --userns=keep-id, errors (test is currently skipped because issue remains live) ...and, addendum: add new helper function, remove_same_dev_warning. Some CI systems issue a warning on podman run --privileged: WARNING: The same type, major and minor should not be used for multiple devices. We already had special-case code to ignore than in the SELinux test, but now we're seeing it in the new run tests I added, so I've refactored the "ignore this warning" code and written tests for the removal code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* BATS system tests for new sdnotifyEd Santiago2020-07-06
| | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #6810 from vrothberg/auto-update-testOpenShift Merge Robot2020-06-29
|\ | | | | systemd system test: run auto-update
| * systemd system test: run auto-updateValentin Rothberg2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | Run `podman auto-update` in the systemd system tests. Note that this is a first step to at least exercise parts of `auto-update` in the CI. The service won't get updated just yet as we need to set up a local registry, and push a new image. I do not have enough time at the moment to do that but consider this change already as an improvement. We are experiencing some issues in #6793 w.r.t. to auto-updates but couldn't track down the root cause yet. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | system tests: add pod, inspect testingEd Santiago2020-06-26
|/ | | | | | | | | | | | | | | | Followup to #6761: confirm that 'podman ps' shows the ports on a running container in a pod created with -p (not to be confused with the container itself running with -p, tested in 500-networking.bats). While we're at it, test that the port handling itself works, by sending random text to the container and making sure the container receives it. Followup to #6752: 'podman inspect' should show multiple security opts Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #6754 from edsantiago/man_page_xrefOpenShift Merge Robot2020-06-25
|\ | | | | Docs: consistency between man / --help
| * Docs: consistency between man / --helpEd Santiago2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New functionality in hack/man-page-checker: start cross- referencing the man page 'Synopsis' line against the output of 'podman foo --help'. This is part 1, flag/option consistency. Part 2 (arg consistency) is too big and will have to wait for later. flag/option consistency means: if 'podman foo --help' includes the string '[flags]' in the Usage message, make sure the man page includes '[*options*]' in its Synopsis line, and vice-versa. This found several inconsistencies, which I've fixed. While doing this I realized that Cobra automatically includes a 'Flags:' subsection in its --help output for all subcommands that have defined flags. This is great - it lets us cross-check against the usage synopsis, and make sure that '[flags]' is present or absent as needed, without fear of human screwups. If a flag-less subcommand ever gets extended with flags, but the developer forgets to add '[flags]' and remove DisableFlagsInUseLine, we now have a test that will catch that. (This, too, caught two instances which I fixed). I don't actually know if the new man-page-checker functionality will work in CI: I vaguely recall that it might run before 'make podman' does; and also vaguely recall that some steps were taken to remedy that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6751 from vrothberg/fix-6744OpenShift Merge Robot2020-06-25
|\ \ | |/ |/| podman run/create: support all transports
| * Friendly amendment for pr 6751Ed Santiago2020-06-24
| | | | | | | | | | | | More robust system test for podman run/create docker-archive Signed-off-by: Ed Santiago <santiago@redhat.com>
| * podman run/create: support all transportsValentin Rothberg2020-06-24
| | | | | | | | | | | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6746 from vrothberg/untagOpenShift Merge Robot2020-06-24
|\ \ | |/ |/| podman untag: error if tag doesn't exist
| * podman untag: error if tag doesn't existValentin Rothberg2020-06-24
| | | | | | | | | | | | | | | | | | | | | | Throw an error if a specified tag does not exist. Also make sure that the user input is normalized as we already do for `podman tag`. To prevent regressions, add a set of end-to-end and systemd tests. Last but not least, update the docs and add bash completions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | BATS tests: new too-many-arguments testEd Santiago2020-06-23
|/ | | | | | | | | | | | | | | | | | | | | | | | | ...plus a few others. And fixes to actual parsing. If a command's usage message includes '...' in the argument list, assume it can take unlimited arguments. Nothing we can check. For all others, though, the ALL-CAPS part on the right-hand side of the usage message will define an upper bound on the number of arguments accepted by the command. So in our 'podman --help' test, generate N+1 args and run that command. We expect a 125 exit status and a suitably helpful error message. Not all podman commands or subcommands were checking, so I fixed that. And, fixed some broken usage messages (all-caps FLAGS, and '[flags]' at the end of 'ARGS'). Add new checks to the help test to prevent those in the future. Plus a little refactoring/cleanup where necessary. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #6726 from edsantiago/batsOpenShift Merge Robot2020-06-23
|\ | | | | system tests: invoke with abs path to podman
| * system tests: invoke with abs path to podmanEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reversion of one part of #6679: my handling of 'realpath' would not work when $PODMAN is 'podman-remote --url etc'. Trying to handle that case got unmaintainable; so instead let's just force 'make {local,remote}system' to invoke with a full PODMAN path. This breaks down if someone runs the tests with a manual 'bats' invocation, but I think I'm the only one who ever does that. Since podman path will now be very long in the logs, add code to logformatter to abbreviate it like we do for the ginkgo logs. And, one thing that has bugged me for a long time: in the error logs, show a different prompt ('#' vs '$') to distinguish root vs rootless. This should make it much easier to see at-a-glance whether a log file is root or not. Add tests for it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6722 from vrothberg/fix-6718OpenShift Merge Robot2020-06-23
|\ \ | |/ |/| image load: no args required
| * image load: no args requiredValentin Rothberg2020-06-23
| | | | | | | | | | | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6679 from edsantiago/batsOpenShift Merge Robot2020-06-23
|\ \ | |/ |/| system tests: new rm, build tests
| * system tests: new rm, build testsEd Santiago2020-06-22
| | | | | | | | | | | | | | | | | | | | | | | | - rm: confirm 'rm' and 'rm -f' on running container - build: shotgun test of workdir, cmd, env, labels The new build test cd's to a temporary directory, which broke test invocations using a relative path (./bin/podman). Added code to detect relative paths and convert them to absolute. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Add --preservefds to podman runQi Wang2020-06-19
|/ | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* CI: force registry:2.6Valentin Rothberg2020-06-19
| | | | | | | | | | | For using the `registry:2.6` image. 2.7 and beyond dropped the `htpasswd` binary from the rootfs which parts of our CI depends on. While this is not a sustainable solution (assuming `htpasswd` is gone for ever), it unblocks the CI for now. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* BATS and APIv2: more tests and tweaksEd Santiago2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - (minor): apiv2 tests: check for full ID Observation made while reviewing #6461: tests were checking only for a 12-character container/image ID in return value. It's actually 64, and we should test for that. This should also minimize confusion in a future maintainer. - podman pause/unpause: new test Runs a 'date/sleep' loop, pauses container, sleeps 3s, restarts, then confirms that there's a 3- to 6-second gap in the logs for the container. - podman healthcheck: new test run a container with healthcheck, test both healthy and unhealthy conditions - podman pod: check '{{.Pod}}' field in podman ps Hey, as long as we have a pod with two running containers, might as well confirm that 'podman ps' returns the expected pod ID. Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests : more testsEd Santiago2020-06-01
| | | | | | | | | | | | | | - exec: add test for #5046, in which conmon swallowed chars on a large byte transfer - pod: add 'pod exists' tests, both positive and negative; consolidate tests; add '--label', and check in 'pod inspect' add 'pod ps' tests - networking: add test for #5466, in which detached run with --userns=keep-id would not forward a port Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #5594 from edsantiago/batsOpenShift Merge Robot2020-05-30
|\ | | | | system tests: enable skopeo REGISTRY_AUTH_FILE
| * system tests: enable skopeo REGISTRY_AUTH_FILEEd Santiago2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | skopeo pr #829 adds REGISTRY_AUTH_FILE support; this lets us enable the following test: podman login - shares credentials with skopeo - via envariable (I seriously doubt that the CI VMs have been updated with the new skopeo, but I can leave this PR in limbo until that happens. Otherwise I'll forget to enable the test). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | V2 verify JSON output is consistent and doesn't driftJhon Honce2020-05-28
| | | | | | | | | | | | | | $ cd test/apiv2 $ python -m unittest -v test_rest_v1_0_0.TestApi Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Add --format to pod inspectBoaz Shuster2020-05-27
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Merge pull request #6331 from sujil02/iidfile-battestOpenShift Merge Robot2020-05-22
|\ \ | | | | | | Enables iidfile test as issue fixed now
| * | Enables iidfile test as issue fixed nowSujil022020-05-21
| | | | | | | | | | | | Signed-off-by: Sujil02 <sushah@redhat.com>
* | | podman version --format ... was not workingDaniel J Walsh2020-05-21
|/ / | | | | | | | | | | This patch fixes the podman --version --format command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6280 from mheon/switch_off_noexecOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Turn off 'noexec' option by default for named volumes
| * | Turn off 'noexec' option by default for named volumesMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | We previously enforced this for security reasons, but as Dan has explained on several occasions, it's not very valuable there (it's trivially easy to bypass) and it does seriously annoy folks trying to use named volumes. Flip the default from 'on' to 'off'. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | system tests: more podman-pod testsEd Santiago2020-05-20
|/ / | | | | | | | | | | | | | | * rename pod-top.bats to pod.bats * add test for TCP port communication between pods * add test for various podman-pod-create options Signed-off-by: Ed Santiago <santiago@redhat.com>
* | system tests: small fixes for rawhide+cgroups v1Ed Santiago2020-05-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three small fixes for breaking tests on rawhide: 1) run test: looks like runc changed the format of an error message, adding a colon in one place. runc is used on rawhide when booted in cgroups v1 2) volumes test: difference in exit status and error message between runc and crun. 3) systemd test: define XDG_RUNTIME_DIR if unset. podman helpfully sets this to a reasonable default, but the 'systemctl' commands used in this test do not. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | system tests: add volume testsEd Santiago2020-05-12
| | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Some BATS cleanup: run and systemd testsEd Santiago2020-05-11
| | | | | | | | | | | | | | | | | | | | | | run test: run positive test before negative; and actually implement real negative tests. Also, add confirmation tests for cidfile/pidfile, not just 'exit status is good'. systemd test: enable rootless, and again add actual content testing. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | fix and enable systemd system testsValentin Rothberg2020-05-08
| | | | | | | | | | | | | | | | | | | | | | The systemd unit test never ran in CI and was broken for various reasons. Fix the test to execute Podman in systemd units and to also run generated units files. Note: more tests will be added in the future. The simple check for now will prevent regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | set --conmon-pidfileValentin Rothberg2020-05-08
| | | | | | | | | | | | | | The --conmon-pidfile was not set in the spec leading to failing systemd units. Also add a system test to prevent future regressions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>