summaryrefslogtreecommitdiff
path: root/test/apiv2/test-apiv2
blob: 25f648d939de23d9baeab3e5b04a18674189a0ae (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
#!/usr/bin/env bash
#
# Usage: test-apiv2 [PORT]
#
# DEVELOPER NOTE: you almost certainly don't need to play in here. See README.
#
ME=$(basename $0)

###############################################################################
# BEGIN stuff you can but probably shouldn't customize

PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"}
PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"}
PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"alpine_labels"}
PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"latest"}
PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"

IMAGE=$PODMAN_TEST_IMAGE_FQN

REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry:2.7"

# END   stuff you can but probably shouldn't customize
###############################################################################
# BEGIN setup

TMPDIR=${TMPDIR:-/tmp}
WORKDIR=$(mktemp --tmpdir -d $ME.tmp.XXXXXX)

# Log of all HTTP requests and responses; always make '.log' point to latest
LOGBASE=${TMPDIR}/$ME.log
LOG=${LOGBASE}.$(date +'%Y%m%dT%H%M%S')
ln -sf $LOG $LOGBASE

HOST=localhost
PORT=${PODMAN_SERVICE_PORT:-8081}

# Keep track of test count and failures in files, not variables, because
# variables don't carry back up from subshells.
testcounter_file=$WORKDIR/.testcounter
failures_file=$WORKDIR/.failures

echo 0 >$testcounter_file
echo 0 >$failures_file

# Where the tests live
TESTS_DIR=$(realpath $(dirname $0))

# As of 2021-11 podman has one external helper binary, rootlessport, needed
# for rootless networking.
if [[ -z "$CONTAINERS_HELPER_BINARY_DIR" ]]; then
    export CONTAINERS_HELPER_BINARY_DIR=$(realpath ${TESTS_DIR}/../../bin)
fi

# Path to podman binary
PODMAN_BIN=${PODMAN:-${CONTAINERS_HELPER_BINARY_DIR}/podman}

# Cleanup handlers
clean_up_server() {
    if [ -n "$service_pid" ]; then
        # Remove any containers and images; this prevents the following warning:
        #  'rm: cannot remove '/.../overlay': Device or resource busy
        podman rm -a
        podman rmi -af

        stop_registry --cleanup
        stop_service
    fi
}

# Any non-test-related error, be it syntax or podman-command, fails here.
err_handler() {
    echo "Fatal error in ${BASH_SOURCE[1]}:${BASH_LINENO[0]}"
    echo "Log:"
    sed -e 's/^/  >/' <$WORKDIR/output.log
    echo "Bailing."
    clean_up_server
}

trap err_handler ERR

# END   setup
###############################################################################
# BEGIN infrastructure code - the helper functions used in tests themselves

#########
#  die  #  Exit error with a message to stderr
#########
function die() {
    echo "$ME: $*" >&2
    clean_up_server
    exit 1
}

########
#  is  #  Simple comparison
########
function is() {
    local actual=$1
    local expect=$2
    local testname=$3

    if [ "$actual" = "$expect" ]; then
        # On success, include expected value; this helps readers understand
        _show_ok 1 "$testname=$expect"
        return
    fi
    _show_ok 0 "$testname" "$expect" "$actual"
}

##########
#  like  #  Compare, but allowing patterns
##########
function like() {
    local actual=$1
    local expect=$2
    local testname=$3

    if expr "$actual" : "$expect" &>/dev/null; then
        # On success, include expected value; this helps readers understand
        # (but don't show enormous multi-line output like 'generate kube')
        blurb=$(head -n1 <<<"$actual")
        _show_ok 1 "$testname ('$blurb') ~ $expect"
        return
    fi
    _show_ok 0 "$testname" "~ $expect" "$actual"
}

##############
#  _show_ok  #  Helper for is() and like(): displays 'ok' or 'not ok'
##############
function _show_ok() {
    local ok=$1
    local testname=$2

    # If output is a tty, colorize pass/fail
    local red=
    local green=
    local reset=
    local bold=
    if [ -t 1 ]; then
        red='\e[31m'
        green='\e[32m'
        reset='\e[0m'
        bold='\e[1m'
    fi

    _bump $testcounter_file
    count=$(<$testcounter_file)

    # "skip" is a special case of "ok". Assume that our caller has included
    # the magical '# skip - reason" comment string.
    if [[ $ok == "skip" ]]; then
        # colon-plus: replace green with yellow, but only if green is non-null
        green="${green:+\e[33m}"
        ok=1
    fi
    if [ $ok -eq 1 ]; then
        echo -e "${green}ok $count ${TEST_CONTEXT} $testname${reset}"
        echo    "ok $count ${TEST_CONTEXT} $testname" >>$LOG
        return
    fi

    # Failed
    local expect=$3
    local actual=$4
    echo -e "${red}not ok $count ${TEST_CONTEXT} $testname${reset}"
    echo -e "${red}#  expected: $expect${reset}"
    echo -e "${red}#    actual: ${bold}$actual${reset}"

    echo    "not ok $count ${TEST_CONTEXT} $testname" >>$LOG
    echo    "  expected: $expect"                     >>$LOG

    _bump $failures_file
}

###########
#  _bump  #  Increment a counter in a file
###########
function _bump() {
    local file=$1

    count=$(<$file)
    echo $(( $count + 1 )) >| $file
}

#############
#  jsonify  #  convert 'foo=bar,x=y' to json {"foo":"bar","x":"y"}
#############
function jsonify() {
    # convert each to double-quoted form
    local -a settings_out
    for i in "$@"; do
        # Each argument is of the form foo=bar. Separate into left and right.
        local lhs
        local rhs
        IFS='=' read lhs rhs <<<"$i"

        if [[ $rhs =~ \" || $rhs == true || $rhs == false || $rhs =~ ^-?[0-9]+$ ]]; then
            # rhs has been pre-formatted for JSON or a non-string, do not change it
            :
        elif [[ $rhs == False ]]; then
            # JSON boolean is lowercase only
            rhs=false
        elif [[ $rhs == True ]]; then
            # JSON boolean is lowercase only
            rhs=true
        else
            rhs="\"${rhs}\""
        fi
        settings_out+=("\"${lhs}\":${rhs}")
    done

    # ...and wrap inside braces, with comma separator if multiple fields
    (IFS=','; echo "{${settings_out[*]}}")
}

#######
#  t  #  Main test helper
#######
function t() {
    local method=$1; shift
    local path=$1; shift
    local -a curl_args
    local content_type="application/json"

    local testname="$method $path"
    # POST and PUT requests may be followed by one or more key=value pairs.
    # Slurp the command line until we see a 3-digit status code.
    if [[ $method = "POST" || $method == "PUT" ]]; then
        local -a post_args
        for arg; do
            case "$arg" in
                *=*)              post_args+=("$arg");
                                  shift;;
                *.tar)            curl_args+=(--data-binary @$arg);
                                  content_type="application/x-tar";
                                  shift;;
                application/*)    content_type="$arg";
                                  shift;;
                [1-9][0-9][0-9])  break;;
                *)                die "Internal error: invalid POST arg '$arg'" ;;
            esac
        done
        if [[ -z "$curl_args" ]]; then
            curl_args=(-d $(jsonify ${post_args[@]}))
            testname="$testname [${curl_args[@]}]"
        fi
    fi

    # entrypoint path can include a descriptive comment; strip it off
    path=${path%% *}

    local url=$path
    if ! [[ $path =~ ^'http://' ]]; then
        # path may include JSONish params that curl will barf on; url-encode them
        path="${path//'['/%5B}"
        path="${path//']'/%5D}"
        path="${path//'{'/%7B}"
        path="${path//'}'/%7D}"
        path="${path//':'/%3A}"

        # If given path begins with /, use it as-is; otherwise prepend /version/
        url=http://$HOST:$PORT
        case "$path" in
        /*) url="$url$path" ;;
        libpod/*) url="$url/v4.0.0/$path" ;;
        *)  url="$url/v1.41/$path" ;;
        esac
    fi

    # curl -X HEAD but without --head seems to wait for output anyway
    if [[ $method == "HEAD" ]]; then
        curl_args+=("--head")
    fi

    local expected_code=$1; shift

    # Log every action we do
    echo "-------------------------------------------------------------" >>$LOG
    echo "\$ $testname"                                                  >>$LOG
    rm -f $WORKDIR/curl.*
    # -s = silent, but --write-out 'format' gives us important response data
    # The hairy "{ ...;rc=$?; } || :" lets us capture curl's exit code and
    # give a helpful diagnostic if it fails.
    { response=$(curl -s -X $method "${curl_args[@]}"            \
                    -H "Content-type: $content_type"             \
                    --dump-header $WORKDIR/curl.headers.out      \
                    --write-out '%{http_code}^%{content_type}^%{time_total}' \
                    -o $WORKDIR/curl.result.out "$url"); rc=$?; } || :

    # Any error from curl is instant bad news, from which we can't recover
    if [[ $rc -ne 0 ]]; then
        die "curl failure ($rc) on $url - cannot continue"
    fi

    # Show returned headers (without trailing ^M or empty lines) in log file.
    # Sometimes -- I can't remember why! -- we don't get headers.
    if [[ -e $WORKDIR/curl.headers.out ]]; then
        tr -d '\015' < $WORKDIR/curl.headers.out | egrep '.' >>$LOG
    fi

    IFS='^' read actual_code content_type time_total <<<"$response"
    printf "X-Response-Time: ${time_total}s\n\n" >>$LOG

    # Log results, if text. If JSON, filter through jq for readability.
    if [[ $content_type =~ /octet ]]; then
        output="[$(file --brief $WORKDIR/curl.result.out)]"
        echo "$output" >>$LOG
    elif [[ -e $WORKDIR/curl.result.out ]]; then
        # Output from /logs sometimes includes NULs. Strip them.
        output=$(tr -d '\0' < $WORKDIR/curl.result.out)

        if [[ $content_type =~ application/json ]] && [[ $method != "HEAD" ]]; then
            jq . <<<"$output" >>$LOG
        else
            echo "$output" >>$LOG
        fi
    else
        output=
        echo "[no output]" >>$LOG
    fi

    # Test return code
    is "$actual_code" "$expected_code" "$testname : status"

    # Special case: 204/304, by definition, MUST NOT return content (rfc2616)
    if [[ $expected_code = 204 || $expected_code = 304 ]]; then
        if [ -n "$*" ]; then
            die "Internal error: ${expected_code} status returns no output; fix your test."
        fi
        if [ -n "$output" ]; then
            _show_ok 0 "$testname: ${expected_code} status returns no output" "''" "$output"
        fi
        return
    fi

    local i

    # Special case: if response code does not match, dump the response body
    # and skip all further subtests.
    if [[ $actual_code != $expected_code ]]; then
        echo -e "#  response: $output"
        for i; do
            _show_ok skip "$testname: $i # skip - wrong return code"
        done
        return
    fi

    for i; do
        if expr "$i" : "[^=~]\+=.*" >/dev/null; then
            # Exact match on json field
            json_field=$(expr "$i" : "\([^=]*\)=")
            expect=$(expr "$i" : '[^=]*=\(.*\)')
            actual=$(jq -r "$json_field" <<<"$output")
            is "$actual" "$expect" "$testname : $json_field"
        elif expr "$i" : "[^=~]\+~.*" >/dev/null; then
            # regex match on json field
            json_field=$(expr "$i" : "\([^~]*\)~")
            expect=$(expr "$i" : '[^~]*~\(.*\)')
            actual=$(jq -r "$json_field" <<<"$output")
            like "$actual" "$expect" "$testname : $json_field"
        else
            # Direct string comparison
            is "$output" "$i" "$testname : output"
        fi
    done
}

###################
#  start_service  #  Run the socket listener
###################
service_pid=
function start_service() {
    # If there's a listener on the port, nothing for us to do
    { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null && return

    test -x $PODMAN_BIN || die "Not found: $PODMAN_BIN"

    if [ "$HOST" != "localhost" ]; then
        die "Cannot start service on non-localhost ($HOST)"
    fi

    # FIXME: EXPERIMENTAL: 2022-06-13: podman rootless needs a namespace. If
    # system-service is the first podman command run (as is the case in CI)
    # this will happen as a fork-exec, where the parent podman creates the
    # namespace and the child is the server. Then, when stop_service() kills
    # the parent, the child (server) happily stays alive and ruins subsequent
    # tests that try to restart service with different settings.
    # Workaround: run an unshare to get namespaces initialized.
    if [[ $(id -u) != 0 ]]; then
        $PODMAN_BIN unshare true
    fi

    $PODMAN_BIN \
        --root $WORKDIR/server_root --syslog=true \
        system service \
        --time 0 \
        tcp:127.0.0.1:$PORT \
        &> $WORKDIR/server.log &
    service_pid=$!
    echo "# started service, pid $service_pid"

    wait_for_port $HOST $PORT
}

function stop_service() {
    # Stop the server
    if [[ -n $service_pid ]]; then
        kill $service_pid || :
        wait $service_pid || :
        echo "# stopped service, pid $service_pid"
    fi
    service_pid=

    if { exec 3<> /dev/tcp/$HOST/$PORT; } &>/dev/null; then
        echo "# WARNING: stop_service: Service still running on port $PORT"
    fi

}

####################
#  start_registry  #  Run a local registry
####################
REGISTRY_PORT=
REGISTRY_USERNAME=
REGISTRY_PASSWORD=
function start_registry() {
    # We can be called multiple times, but each time should start a new
    # registry container with (possibly) different configuration. That
    # means that all callers must be responsible for invoking stop_registry.
    if [[ -n "$REGISTRY_PORT" ]]; then
        die "start_registry invoked twice in succession, without stop_registry"
    fi

    # First arg is auth type (default: "none", but can also be "htpasswd")
    local auth="${1:-none}"

    REGISTRY_PORT=$(random_port)

    local REGDIR=$WORKDIR/registry
    local AUTHDIR=$REGDIR/auth
    mkdir -p $AUTHDIR

    mkdir -p ${REGDIR}/{root,runroot}
    local PODMAN_REGISTRY_ARGS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"

    # Give it three tries, to compensate for network flakes
    podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
        podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
        podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE

    # Create a local cert (no need to do this more than once)
    if [[ ! -e $AUTHDIR/domain.key ]]; then
        # FIXME: is there a hidden "--quiet" flag? This is too noisy.
        openssl req -newkey rsa:4096 -nodes -sha256 \
                -keyout $AUTHDIR/domain.key -x509 -days 2 \
                -out $AUTHDIR/domain.crt \
                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
                -addext subjectAltName=DNS:localhost
    fi

    # If invoked with auth=htpasswd, create credentials
    REGISTRY_USERNAME=
    REGISTRY_PASSWORD=
    declare -a registry_auth_params=(-e "REGISTRY_AUTH=$auth")
    if [[ "$auth" = "htpasswd" ]]; then
        REGISTRY_USERNAME=u$(random_string 7)
        REGISTRY_PASSWORD=p$(random_string 7)

        htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \
                 > $AUTHDIR/htpasswd

        registry_auth_params+=(
            -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"
            -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd"
        )
    fi

    # Run the registry, and wait for it to come up
    podman ${PODMAN_REGISTRY_ARGS} run -d \
           -p ${REGISTRY_PORT}:5000 \
           --name registry \
           -v $AUTHDIR:/auth:Z \
           "${registry_auth_params[@]}" \
           -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
           -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
           ${REGISTRY_IMAGE}

    wait_for_port localhost $REGISTRY_PORT 10
    echo "# started registry (auth=$auth) on port $PORT"
}

function stop_registry() {
    local REGDIR=${WORKDIR}/registry
    if [[ -d $REGDIR ]]; then
        local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"
        podman $OPTS stop -i -t 0 registry

        # rm/rmi are important when running rootless: without them we
        # get EPERMS in tmpdir cleanup because files are owned by subuids.
        podman $OPTS rm -f -i registry
        if [[ "$1" = "--cleanup" ]]; then
            podman $OPTS rmi -f -a
        fi
        echo "# stopped registry on port $PORT"
    fi

    REGISTRY_PORT=
    REGISTRY_USERNAME=
    REGISTRY_PASSWORD=
}

#################
#  random_port  #  Random open port; arg is range (min-max), default 5000-5999
#################
function random_port() {
    local range=${1:-5000-5999}

    local port
    for port in $(shuf -i ${range}); do
        if ! { exec 5<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then
            echo $port
            return
        fi
    done

    die "Could not find open port in range $range"
}

###################
#  random_string  #  Pseudorandom alphanumeric string of given length
###################
function random_string() {
    local length=${1:-10}
    head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
}

###################
#  wait_for_port  #  Returns once port is available on host
###################
function wait_for_port() {
    local host=$1                      # Probably "localhost"
    local port=$2                      # Numeric port
    local _timeout=${3:-5}             # Optional; default to 5 seconds

    local path=/dev/tcp/$host/$port

    # Wait
    local i=$_timeout
    while [ $i -gt 0 ]; do
        { exec 3<> /dev/tcp/$host/$port; } &>/dev/null && return
        sleep 1
        i=$(( $i - 1 ))
    done
    die "Timed out (${_timeout}s) waiting for service ($path)"
}

############
#  podman  #  Needed by some test scripts to invoke the actual podman binary
############
function podman() {
    echo "\$ $PODMAN_BIN $*"                           >>$WORKDIR/output.log
#    env CONTAINERS_REGISTRIES_CONF=$TESTS_DIR/../registries.conf \
        $PODMAN_BIN --root $WORKDIR/server_root "$@"   >>$WORKDIR/output.log 2>&1
}

####################
#  root, rootless  #  Is server rootless?
####################
ROOTLESS=
function root() {
    ! rootless
}

function rootless() {
    if [[ -z $ROOTLESS ]]; then
        ROOTLESS=$(curl -s http://$HOST:$PORT/v1.40/info | jq .Rootless)
    fi
    test "$ROOTLESS" = "true"
}

# True if cgroups v2 are enabled
function have_cgroupsv2() {
    cgroup_type=$(stat -f -c %T /sys/fs/cgroup)
    test "$cgroup_type" = "cgroup2fs"
}

# END   infrastructure code
###############################################################################
# BEGIN sanity checks

for tool in curl jq podman; do
    type $tool &>/dev/null || die "$ME: Required tool '$tool' not found"
done

# END   sanity checks
###############################################################################
# BEGIN entry handler (subtest invoker)

echo '============================= test session starts =============================='
echo "podman client -- $(curl --version)"

# Identify the tests to run. If called with args, use those as globs.
tests_to_run=()
if [ -n "$*" ]; then
    shopt -s nullglob
    for i; do
        match=(${TESTS_DIR}/*${i}*.at)
        if [ ${#match} -eq 0 ]; then
            die "No match for $TESTS_DIR/*$i*.at"
        fi
        tests_to_run+=("${match[@]}")
    done
    shopt -u nullglob
else
    tests_to_run=($TESTS_DIR/*.at)
fi
echo -e "collected ${#tests_to_run[@]} items\n"

start_service

for i in ${tests_to_run[@]}; do
    TEST_CONTEXT="[$(basename $i .at)]"

    # Clear output from 'podman' helper
    >| $WORKDIR/output.log

    source $i
done

# END   entry handler
###############################################################################

clean_up_server

test_count=$(<$testcounter_file)
failure_count=$(<$failures_file)

if [ -z "$PODMAN_TESTS_KEEP_WORKDIR" ]; then
    rm -rf $WORKDIR
fi

echo "1..${test_count}"

exit $failure_count