mirror of https://github.com/containers/podman.git
Merge pull request #22591 from Luap99/remove-toolbox-image
test/e2e: remove toolbox image
This commit is contained in:
openshift-merge-bot[bot]
GitHub
commit
db44d57b86
|
|
@ -161,7 +161,7 @@ var _ = SynchronizedBeforeSuite(func() []byte {
|
|||
podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init"))
|
||||
|
||||
// Pull cirros but don't put it into the cache
|
||||
pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest}
|
||||
pullImages := []string{CIRROS_IMAGE, volumeTest}
|
||||
pullImages = append(pullImages, CACHE_IMAGES...)
|
||||
for _, image := range pullImages {
|
||||
podman.createArtifact(image)
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@ var (
|
|||
INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck
|
||||
BB = "quay.io/libpod/busybox:latest"
|
||||
HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck
|
||||
fedoraToolbox = "registry.fedoraproject.org/fedora-toolbox:36"
|
||||
volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623"
|
||||
|
||||
// This image has seccomp profiles that blocks all syscalls.
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
package integration
|
||||
|
||||
var (
|
||||
STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck
|
||||
NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck
|
||||
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
|
||||
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
|
||||
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
|
||||
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
|
||||
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
|
||||
STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
|
||||
NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck
|
||||
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
|
||||
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
|
||||
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
|
||||
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
|
||||
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
|
||||
)
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
package integration
|
||||
|
||||
var (
|
||||
STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck
|
||||
NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck
|
||||
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
|
||||
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
|
||||
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
|
||||
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
|
||||
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
|
||||
STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
|
||||
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
|
||||
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
|
||||
NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck
|
||||
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
|
||||
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
|
||||
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
|
||||
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
|
||||
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
|
||||
)
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ import (
|
|||
. "github.com/containers/podman/v5/test/utils"
|
||||
. "github.com/onsi/ginkgo/v2"
|
||||
. "github.com/onsi/gomega"
|
||||
. "github.com/onsi/gomega/gexec"
|
||||
)
|
||||
|
||||
var _ = Describe("Toolbox-specific testing", func() {
|
||||
|
|
@ -178,123 +177,18 @@ var _ = Describe("Toolbox-specific testing", func() {
|
|||
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
|
||||
})
|
||||
|
||||
It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() {
|
||||
SkipIfNotRootless("only meaningful when run rootless")
|
||||
var session *PodmanSessionIntegration
|
||||
It("podman run --userns=keep-id - modify /etc/passwd and /etc/group", func() {
|
||||
passwdLine := "testuser:x:1001:1001::/home/testuser:/bin/sh"
|
||||
groupLine := "testuser:x:1001:"
|
||||
|
||||
var username = "testuser"
|
||||
var homeDir = "/home/testuser"
|
||||
var shell = "/bin/sh"
|
||||
var uid = "1001"
|
||||
var gid = "1001"
|
||||
|
||||
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
|
||||
homeDir, shell, uid, username)
|
||||
passwd := fmt.Sprintf("passwd --delete %s", username)
|
||||
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
|
||||
fmt.Sprintf("%s; %s; echo READY; sleep 1000", useradd, passwd)})
|
||||
// ensure that the container can edit passwd and group files
|
||||
session := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id",
|
||||
"--user", "root:root", ALPINE, "sh", "-c",
|
||||
fmt.Sprintf("echo %s > /etc/passwd && echo %s > /etc/group && cat /etc/passwd && cat /etc/group", passwdLine, groupLine)})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
session = podmanTest.Podman([]string{"start", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
|
||||
|
||||
expectedOutput := fmt.Sprintf("%s:x:%s:%s::%s:%s",
|
||||
username, uid, gid, homeDir, shell)
|
||||
|
||||
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
|
||||
|
||||
expectedOutput = "passwd: Note: deleting a password also unlocks the password."
|
||||
|
||||
session = podmanTest.Podman([]string{"logs", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(Exit(0))
|
||||
Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput))
|
||||
})
|
||||
|
||||
It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() {
|
||||
SkipIfNotRootless("only meaningful when run rootless")
|
||||
var session *PodmanSessionIntegration
|
||||
|
||||
var groupName = "testgroup"
|
||||
var gid = "1001"
|
||||
|
||||
groupadd := fmt.Sprintf("groupadd --gid %s %s", gid, groupName)
|
||||
|
||||
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
|
||||
fmt.Sprintf("%s; echo READY; sleep 1000", groupadd)})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
session = podmanTest.Podman([]string{"start", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
|
||||
|
||||
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/group"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(groupName))
|
||||
|
||||
session = podmanTest.Podman([]string{"logs", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring("READY"))
|
||||
})
|
||||
|
||||
It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() {
|
||||
SkipIfNotRootless("only meaningful when run rootless")
|
||||
var session *PodmanSessionIntegration
|
||||
var badHomeDir = "/home/badtestuser"
|
||||
var badShell = "/bin/sh"
|
||||
var badUID = "1001"
|
||||
var username = "testuser"
|
||||
var homeDir = "/home/testuser"
|
||||
var shell = "/bin/bash"
|
||||
var uid = "1411"
|
||||
var groupName = "testgroup"
|
||||
var gid = "1422"
|
||||
|
||||
// The use of bad* in the name of variables does not imply the invocation
|
||||
// of useradd should fail The user is supposed to be created successfully
|
||||
// but later his information (uid, home, shell,..) is changed via usermod.
|
||||
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
|
||||
badHomeDir, badShell, badUID, username)
|
||||
groupadd := fmt.Sprintf("groupadd --gid %s %s",
|
||||
gid, groupName)
|
||||
usermod := fmt.Sprintf("usermod --append --groups wheel --home %s --shell %s --uid %s --gid %s %s",
|
||||
homeDir, shell, uid, gid, username)
|
||||
|
||||
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
|
||||
fmt.Sprintf("%s; %s; %s; echo READY; sleep 1000", useradd, groupadd, usermod)})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
session = podmanTest.Podman([]string{"start", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
|
||||
|
||||
expectedUser := fmt.Sprintf("%s:x:%s:%s::%s:%s",
|
||||
username, uid, gid, homeDir, shell)
|
||||
|
||||
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(expectedUser))
|
||||
|
||||
session = podmanTest.Podman([]string{"logs", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring("READY"))
|
||||
Expect(session.OutputToString()).Should(ContainSubstring(passwdLine))
|
||||
Expect(session.OutputToString()).Should(ContainSubstring(groupLine))
|
||||
})
|
||||
|
||||
It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() {
|
||||
|
|
@ -312,13 +206,12 @@ var _ = Describe("Toolbox-specific testing", func() {
|
|||
Expect(session).Should(ExitCleanly())
|
||||
})
|
||||
|
||||
It("podman create + start - with all needed switches for create - sleep as entry-point", func() {
|
||||
It("podman create + start - with all needed switches for create", func() {
|
||||
SkipIfNotRootless("only meaningful when run rootless")
|
||||
var session *PodmanSessionIntegration
|
||||
|
||||
// These should be most of the switches that Toolbox uses to create a "toolbox" container
|
||||
// https://github.com/containers/toolbox/blob/main/src/cmd/create.go
|
||||
session = podmanTest.Podman([]string{"create",
|
||||
session := podmanTest.Podman([]string{"create",
|
||||
"--log-driver", "k8s-file",
|
||||
"--dns", "none",
|
||||
"--hostname", "toolbox",
|
||||
|
|
@ -333,20 +226,14 @@ var _ = Describe("Toolbox-specific testing", func() {
|
|||
"--ulimit", "host",
|
||||
"--userns=keep-id",
|
||||
"--user", "root:root",
|
||||
fedoraToolbox, "sh", "-c", "echo READY; sleep 1000"})
|
||||
ALPINE, "sh", "-c", "echo READY"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
session = podmanTest.Podman([]string{"start", "test"})
|
||||
session = podmanTest.Podman([]string{"start", "-a", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
|
||||
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
|
||||
|
||||
session = podmanTest.Podman([]string{"logs", "test"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring("READY"))
|
||||
Expect(session.OutputToString()).Should(ContainSubstring("READY"))
|
||||
})
|
||||
|
||||
It("podman run --userns=keep-id check $HOME", func() {
|
||||
|
|
@ -355,22 +242,20 @@ var _ = Describe("Toolbox-specific testing", func() {
|
|||
currentUser, err := user.Current()
|
||||
Expect(err).ToNot(HaveOccurred())
|
||||
|
||||
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"})
|
||||
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", ALPINE, "sh", "-c", "echo $HOME"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
|
||||
|
||||
if isRootless() {
|
||||
location := path.Dir(currentUser.HomeDir)
|
||||
volumeArg := fmt.Sprintf("%s:%s", location, location)
|
||||
session = podmanTest.Podman([]string{"run",
|
||||
"--userns=keep-id",
|
||||
"--volume", volumeArg,
|
||||
fedoraToolbox, "sh", "-c", "echo $HOME"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
|
||||
}
|
||||
location := path.Dir(currentUser.HomeDir)
|
||||
volumeArg := fmt.Sprintf("%s:%s", location, location)
|
||||
session = podmanTest.Podman([]string{"run",
|
||||
"--userns=keep-id",
|
||||
"--volume", volumeArg,
|
||||
ALPINE, "sh", "-c", "echo $HOME"})
|
||||
session.WaitWithDefaultTimeout()
|
||||
Expect(session).Should(ExitCleanly())
|
||||
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
|
||||
})
|
||||
|
||||
})
|
||||
|
|
|
|||
Loading…
Reference in New Issue