containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
podman/test
History
W. Trevor King a4b483c848 libpod/container_internal: Deprecate implicit hook directories 
Part of the motivation for 800eb863 (Hooks supports two directories,
process default and override, 2018-09-17, #1487) was [1]:

> We only use this for override. The reason this was caught is people
> are trying to get hooks to work with CoreOS. You are not allowed to
> write to /usr/share... on CoreOS, so they wanted podman to also look
> at /etc, where users and third parties can write.

But we'd also been disabling hooks completely for rootless users.  And
even for root users, the override logic was tricky when folks actually
had content in both directories.  For example, if you wanted to
disable a hook from the default directory, you'd have to add a no-op
hook to the override directory.

Also, the previous implementation failed to handle the case where
there hooks defined in the override directory but the default
directory did not exist:

  $ podman version
  Version:       0.11.2-dev
  Go Version:    go1.10.3
  Git Commit:    "6df7409cb5a41c710164c42ed35e33b28f3f7214"
  Built:         Sun Dec  2 21:30:06 2018
  OS/Arch:       linux/amd64
  $ ls -l /etc/containers/oci/hooks.d/test.json
  -rw-r--r--. 1 root root 184 Dec  2 16:27 /etc/containers/oci/hooks.d/test.json
  $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook
  time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d"
  time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)"

With this commit:

  $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook
  time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d"
  time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d"
  time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json"
  time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]"
  time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory"
  time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\""

(I'd setup the hook to error out).  You can see that it's silenly
ignoring the ENOENT for /usr/share/containers/oci/hooks.d and
continuing on to load hooks from /etc/containers/oci/hooks.d.

When it loads the hook, it also logs a warning-level message
suggesting that callers explicitly configure their hook directories.
That will help consumers migrate, so we can drop the implicit hook
directories in some future release.  When folks *do* explicitly
configure hook directories (via the newly-public --hooks-dir and
hooks_dir options), we error out if they're missing:

  $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container'
  error setting up OCI Hooks: open /does/not/exist: no such file or directory

I've dropped the trailing "path" from the old, hidden --hooks-dir-path
and hooks_dir_path because I think "dir(ectory)" is already enough
context for "we expect a path argument".  I consider this name change
non-breaking because the old forms were undocumented.

Coming back to rootless users, I've enabled hooks now.  I expect they
were previously disabled because users had no way to avoid
/usr/share/containers/oci/hooks.d which might contain hooks that
required root permissions.  But now rootless users will have to
explicitly configure hook directories, and since their default config
is from ~/.config/containers/libpod.conf, it's a misconfiguration if
it contains hooks_dir entries which point at directories with hooks
that require root access.  We error out so they can fix their
libpod.conf.

[1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355

Signed-off-by: W. Trevor King <wking@tremily.us>
 		2018-12-03 12:54:30 -08:00
..
bin2img Vendor in latest containers/image and contaners/storage 2018-04-19 14:08:47 +00:00
build Vendor in latest github.com/projectatomic/buildah 2018-08-03 14:39:07 +00:00
certs Add several podman push tests 2018-04-16 10:55:11 +08:00
checkseccomp Don't pollute the build output with failures to build checkseccomp 2018-07-26 20:47:31 +00:00
copyimg Vendor in new new buildah/ci 2018-10-17 17:04:19 -05:00
e2e libpod/container_internal: Deprecate implicit hook directories 2018-12-03 12:54:30 -08:00
goecho Separate common used test functions and structs to test/utils 2018-11-16 10:49:00 +08:00
install Put openshift dockerfiles in test/install 2018-09-25 21:44:51 +00:00
system The system test write with ginkgo 2018-11-16 10:49:12 +08:00
utils tests: change return type for PodmanAsUser to PodmanTestIntegration 2018-11-27 21:10:15 +01:00
README.md The system test write with ginkgo 2018-11-16 10:49:12 +08:00
policy.json Initial checkin from CRI-O repo 2017-11-01 11:24:59 -04:00
redhat_sigstore.yaml Initial checkin from CRI-O repo 2017-11-01 11:24:59 -04:00
registries.conf Use REGISTRIES_CONFIG_PATH for all tests 2018-08-02 12:40:14 +00:00
test_podman_baseline.sh Fixups for baseline test script 2018-09-06 20:54:08 +00:00
test_podman_build.sh Vendor in latest github.com/projectatomic/buildah 2018-08-03 14:39:07 +00:00
test_podman_pods.sh Add first pass for baseline pod tests 2018-09-07 12:32:16 +00:00

README.md

PODMAN logo

Test utils

Test utils provide common functions and structs for testing. It includes two structs:

  • PodmanTest: Handle the podman command and other global resources like temporary directory. It provides basic methods, like checking podman image and pod status. Test suites should create their owner test struct as a composite of PodmanTest, and their owner PodmanMakeOptions().

  • PodmanSession: Store execution session data and related methods. Such like get command output and so on. It can be used directly in the test suite, only embed it to your owner session struct if you need expend it.

Unittest for test/utils

To ensure neither tests nor utils break, There are unit-tests for each functions and structs in test/utils. When you adding functions or structs to this package, please update both unit-tests for it and this documentation.

Run unit test for test/utils

Run unit test for test/utils.

make localunit

Structure of the test utils and test suites

The test utils package is at the same level of test suites. Each test suites also have their owner common functions and structs stored in libpod_suite_test.go.

Ginkgo test framework

Ginkgo is a BDD testing framework. This allows us to use native Golang to perform our tests and there is a strong affiliation between Ginkgo and the Go test framework.

Installing dependencies

The dependencies for integration really consists of three things:

  • ginkgo binary
  • ginkgo sources
  • gomega sources

The following instructions assume your GOPATH is ~/go. Adjust as needed for your environment.

Installing ginkgo

Fetch and build ginkgo with the following command:

GOPATH=~/go go get -u github.com/onsi/ginkgo/ginkgo

Now install the ginkgo binary into your path:

install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/

You now have a ginkgo binary and its sources in your GOPATH.

Install gomega sources

The gomega sources can be simply installed with the command:

GOPATH=~/go go get github.com/onsi/gomega/...

Integration Tests

Test suite for integration test for podman command line. It has its own structs:

  • PodmanTestIntegration: Integration test struct as a composite of PodmanTest. It set up the global options for podman command to ignore the environment influence from different test system.

  • PodmanSessionIntegration: This struct has it own methods for checking command output with given format JSON by using structs defined in inspect package.

Running the integration tests

You can run the entire suite of integration tests with the following command:

GOPATH=~/go ginkgo -v test/e2e/.

Note the trailing period on the command above. Also, -v invokes verbose mode. That switch is optional.

You can run a single file of integration tests using the go test command:

GOPATH=~/go go test -v test/e2e/libpod_suite_test.go test/e2e/your_test.go

Run all tests like PAPR

You can closely emulate the PAPR run for Fedora with the following command:

make integration.fedora

This will run lint, git-validation, and gofmt tests and then execute unit and integration tests as well.

Run tests in a container

In case you have issue running the tests locally on your machine, you can run them in a container:

make shell

This will run a container and give you a shell and you can follow the instructions above.

System test

System tests are used for testing the podman CLI in the context of a complete system. It requires that podman, all dependencies, and configurations are in place. The intention of system testing is to match as closely as possible with real-world user/developer use-cases and environments. The orchestration of the environments and tests is left to external tooling.

  • PodmanTestSystem: System test struct as a composite of PodmanTest. It will not add any options to the command by default. When you run system test, you can set GLOBALOPTIONS, PODMAN_SUBCMD_OPTIONS or PODMAN_BINARY in ENV to run the test suite for different test matrices.

Run system test

You can run the test with following command:

make localsystem