containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

play kube: fix segfault 

when securityContext wasn't specified in yaml.
add a test as well

Signed-off-by: Peter Hunt <pehunt@redhat.com>
This commit is contained in:
Peter Hunt 2019-09-06 08:41:02 -04:00
parent b962b1e353
commit 9259693826
2 changed files with 52 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/adapter/pods.go
View File

@ -683,6 +683,7 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
containerConfig.User = imageData.Config.User containerConfig.User = imageData.Config.User
} }
if containerYAML.SecurityContext != nil {
if containerConfig.SecurityOpts != nil { if containerConfig.SecurityOpts != nil {
if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil { if containerYAML.SecurityContext.ReadOnlyRootFilesystem != nil {
containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem containerConfig.ReadOnlyRootfs = *containerYAML.SecurityContext.ReadOnlyRootFilesystem
@ -704,6 +705,7 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability)) containerConfig.CapDrop = append(containerConfig.CapDrop, string(capability))
} }
} }
}
containerConfig.Command = []string{} containerConfig.Command = []string{}
if imageData != nil && imageData.Config != nil { if imageData != nil && imageData.Config != nil {

34
test/e2e/play_kube_test.go
View File

@ -40,6 +40,7 @@ spec:
image: {{ .Image }} image: {{ .Image }}
name: {{ .Name }} name: {{ .Name }}
resources: {} resources: {}
{{ if .SecurityContext }}
securityContext: securityContext:
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
{{ if .Caps }} {{ if .Caps }}
@ -62,6 +63,7 @@ spec:
workingDir: / workingDir: /
{{ end }} {{ end }}
{{ end }} {{ end }}
{{ end }}
status: {} status: {}
` `
@ -75,6 +77,7 @@ type Container struct {
Cmd []string Cmd []string
Image string Image string
Name string Name string
SecurityContext bool
Caps bool Caps bool
CapAdd []string CapAdd []string
CapDrop []string CapDrop []string
@ -126,7 +129,7 @@ var _ = Describe("Podman generate kube", func() {
It("podman play kube test correct command", func() { It("podman play kube test correct command", func() {
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"top"} ctrCmd := []string{"top"}
testContainer := Container{ctrCmd, ALPINE, ctrName, false, nil, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, false, nil, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", "", []Container{testContainer}, tempFile) err := generateKubeYaml("test", "", []Container{testContainer}, tempFile)
@ -145,7 +148,7 @@ var _ = Describe("Podman generate kube", func() {
It("podman play kube test correct output", func() { It("podman play kube test correct output", func() {
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"echo", "hello"} ctrCmd := []string{"echo", "hello"}
testContainer := Container{ctrCmd, ALPINE, ctrName, false, nil, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, false, nil, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", "", []Container{testContainer}, tempFile) err := generateKubeYaml("test", "", []Container{testContainer}, tempFile)
@ -170,7 +173,7 @@ var _ = Describe("Podman generate kube", func() {
podName := "test" podName := "test"
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"top"} ctrCmd := []string{"top"}
testContainer := Container{ctrCmd, ALPINE, ctrName, false, nil, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, false, nil, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml(podName, "", []Container{testContainer}, tempFile) err := generateKubeYaml(podName, "", []Container{testContainer}, tempFile)
@ -190,7 +193,7 @@ var _ = Describe("Podman generate kube", func() {
hostname := "myhostname" hostname := "myhostname"
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"top"} ctrCmd := []string{"top"}
testContainer := Container{ctrCmd, ALPINE, ctrName, false, nil, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, false, nil, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", hostname, []Container{testContainer}, tempFile) err := generateKubeYaml("test", hostname, []Container{testContainer}, tempFile)
@ -210,7 +213,7 @@ var _ = Describe("Podman generate kube", func() {
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"cat", "/proc/self/status"} ctrCmd := []string{"cat", "/proc/self/status"}
capAdd := "CAP_SYS_ADMIN" capAdd := "CAP_SYS_ADMIN"
testContainer := Container{ctrCmd, ALPINE, ctrName, true, []string{capAdd}, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, true, []string{capAdd}, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", "", []Container{testContainer}, tempFile) err := generateKubeYaml("test", "", []Container{testContainer}, tempFile)
@ -230,7 +233,7 @@ var _ = Describe("Podman generate kube", func() {
ctrName := "testCtr" ctrName := "testCtr"
ctrCmd := []string{"cat", "/proc/self/status"} ctrCmd := []string{"cat", "/proc/self/status"}
capDrop := "CAP_SYS_ADMIN" capDrop := "CAP_SYS_ADMIN"
testContainer := Container{ctrCmd, ALPINE, ctrName, true, []string{capDrop}, nil} testContainer := Container{ctrCmd, ALPINE, ctrName, true, true, []string{capDrop}, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml") tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", "", []Container{testContainer}, tempFile) err := generateKubeYaml("test", "", []Container{testContainer}, tempFile)
@ -245,4 +248,23 @@ var _ = Describe("Podman generate kube", func() {
Expect(inspect.ExitCode()).To(Equal(0)) Expect(inspect.ExitCode()).To(Equal(0))
Expect(inspect.OutputToString()).To(ContainSubstring(capDrop)) Expect(inspect.OutputToString()).To(ContainSubstring(capDrop))
}) })
It("podman play kube no security context", func() {
// expect play kube to not fail if no security context is specified
ctrName := "testCtr"
ctrCmd := "ls"
testContainer := Container{[]string{ctrCmd}, ALPINE, ctrName, false, false, nil, nil}
tempFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
err := generateKubeYaml("test", "", []Container{testContainer}, tempFile)
Expect(err).To(BeNil())
kube := podmanTest.Podman([]string{"play", "kube", tempFile})
kube.WaitWithDefaultTimeout()
Expect(kube.ExitCode()).To(Equal(0))
inspect := podmanTest.Podman([]string{"inspect", ctrName})
inspect.WaitWithDefaultTimeout()
Expect(inspect.ExitCode()).To(Equal(0))
})
}) })