From 7a43c2ed1b4430d6fb08142a1c44314798d87498 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 3 May 2024 16:39:42 +0200 Subject: [PATCH] test/e2e: remove toolbox image The image is way to big (over 800MB) that slows tests down as we always have to pull this, the tests itself are also super slow due the entrypoint logic that we don't care about. We should be testing for features needed and not specific tools. I think the current changes should have a similar coverage in terms of podman features, it no longer tests toolbox but IMO this never was a task for podman CI tests. The main driver for this is to make the tests run entirely based on tmpfs and this image is just to much[1]. [1] https://github.com/containers/podman/pull/22533 Signed-off-by: Paul Holzinger --- test/e2e/common_test.go | 2 +- test/e2e/config.go | 1 - test/e2e/config_amd64.go | 22 +++--- test/e2e/config_arm64.go | 22 +++--- test/e2e/toolbox_test.go | 163 ++++++--------------------------------- 5 files changed, 47 insertions(+), 163 deletions(-) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index c83b32a911..82ddc5c121 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -161,7 +161,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init")) // Pull cirros but don't put it into the cache - pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest} + pullImages := []string{CIRROS_IMAGE, volumeTest} pullImages = append(pullImages, CACHE_IMAGES...) for _, image := range pullImages { podman.createArtifact(image) diff --git a/test/e2e/config.go b/test/e2e/config.go index 3ab956dd9a..4867734247 100644 --- a/test/e2e/config.go +++ b/test/e2e/config.go @@ -13,7 +13,6 @@ var ( INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck BB = "quay.io/libpod/busybox:latest" HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck - fedoraToolbox = "registry.fedoraproject.org/fedora-toolbox:36" volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623" // This image has seccomp profiles that blocks all syscalls. diff --git a/test/e2e/config_amd64.go b/test/e2e/config_amd64.go index 1ef7ec4aa3..27ad021b46 100644 --- a/test/e2e/config_amd64.go +++ b/test/e2e/config_amd64.go @@ -1,15 +1,15 @@ package integration var ( - STORAGE_FS = "overlay" //nolint:revive,stylecheck - STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck - NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck - BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck - REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck - CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck - SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck - CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck + STORAGE_FS = "overlay" //nolint:revive,stylecheck + STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck + NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck + BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck + REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck + CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck + SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck + CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck ) diff --git a/test/e2e/config_arm64.go b/test/e2e/config_arm64.go index 9ace0fc41f..3bb2d3600f 100644 --- a/test/e2e/config_arm64.go +++ b/test/e2e/config_arm64.go @@ -1,15 +1,15 @@ package integration var ( - STORAGE_FS = "overlay" //nolint:revive,stylecheck - STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck - ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck - CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck - NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck - BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck - REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck - CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck - SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck - CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck + STORAGE_FS = "overlay" //nolint:revive,stylecheck + STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck + ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck + CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck + NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck + BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck + REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck + CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck + SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck + CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck ) diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index ce2537a6cb..8e2fce35e3 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -38,7 +38,6 @@ import ( . "github.com/containers/podman/v5/test/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gexec" ) var _ = Describe("Toolbox-specific testing", func() { @@ -178,123 +177,18 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session.OutputToString()).To(ContainSubstring(expectedOutput)) }) - It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration + It("podman run --userns=keep-id - modify /etc/passwd and /etc/group", func() { + passwdLine := "testuser:x:1001:1001::/home/testuser:/bin/sh" + groupLine := "testuser:x:1001:" - var username = "testuser" - var homeDir = "/home/testuser" - var shell = "/bin/sh" - var uid = "1001" - var gid = "1001" - - useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s", - homeDir, shell, uid, username) - passwd := fmt.Sprintf("passwd --delete %s", username) - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; %s; echo READY; sleep 1000", useradd, passwd)}) + // ensure that the container can edit passwd and group files + session := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", + "--user", "root:root", ALPINE, "sh", "-c", + fmt.Sprintf("echo %s > /etc/passwd && echo %s > /etc/group && cat /etc/passwd && cat /etc/group", passwdLine, groupLine)}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - expectedOutput := fmt.Sprintf("%s:x:%s:%s::%s:%s", - username, uid, gid, homeDir, shell) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(expectedOutput)) - - expectedOutput = "passwd: Note: deleting a password also unlocks the password." - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput)) - }) - - It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration - - var groupName = "testgroup" - var gid = "1001" - - groupadd := fmt.Sprintf("groupadd --gid %s %s", gid, groupName) - - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; echo READY; sleep 1000", groupadd)}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/group"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(groupName)) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) - }) - - It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() { - SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration - var badHomeDir = "/home/badtestuser" - var badShell = "/bin/sh" - var badUID = "1001" - var username = "testuser" - var homeDir = "/home/testuser" - var shell = "/bin/bash" - var uid = "1411" - var groupName = "testgroup" - var gid = "1422" - - // The use of bad* in the name of variables does not imply the invocation - // of useradd should fail The user is supposed to be created successfully - // but later his information (uid, home, shell,..) is changed via usermod. - useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s", - badHomeDir, badShell, badUID, username) - groupadd := fmt.Sprintf("groupadd --gid %s %s", - gid, groupName) - usermod := fmt.Sprintf("usermod --append --groups wheel --home %s --shell %s --uid %s --gid %s %s", - homeDir, shell, uid, gid, username) - - session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c", - fmt.Sprintf("%s; %s; %s; echo READY; sleep 1000", useradd, groupadd, usermod)}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - session = podmanTest.Podman([]string{"start", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - expectedUser := fmt.Sprintf("%s:x:%s:%s::%s:%s", - username, uid, gid, homeDir, shell) - - session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(expectedUser)) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) + Expect(session.OutputToString()).Should(ContainSubstring(passwdLine)) + Expect(session.OutputToString()).Should(ContainSubstring(groupLine)) }) It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() { @@ -312,13 +206,12 @@ var _ = Describe("Toolbox-specific testing", func() { Expect(session).Should(ExitCleanly()) }) - It("podman create + start - with all needed switches for create - sleep as entry-point", func() { + It("podman create + start - with all needed switches for create", func() { SkipIfNotRootless("only meaningful when run rootless") - var session *PodmanSessionIntegration // These should be most of the switches that Toolbox uses to create a "toolbox" container // https://github.com/containers/toolbox/blob/main/src/cmd/create.go - session = podmanTest.Podman([]string{"create", + session := podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--dns", "none", "--hostname", "toolbox", @@ -333,20 +226,14 @@ var _ = Describe("Toolbox-specific testing", func() { "--ulimit", "host", "--userns=keep-id", "--user", "root:root", - fedoraToolbox, "sh", "-c", "echo READY; sleep 1000"}) + ALPINE, "sh", "-c", "echo READY"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"start", "test"}) + session = podmanTest.Podman([]string{"start", "-a", "test"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - - Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue()) - - session = podmanTest.Podman([]string{"logs", "test"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring("READY")) + Expect(session.OutputToString()).Should(ContainSubstring("READY")) }) It("podman run --userns=keep-id check $HOME", func() { @@ -355,22 +242,20 @@ var _ = Describe("Toolbox-specific testing", func() { currentUser, err := user.Current() Expect(err).ToNot(HaveOccurred()) - session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"}) + session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", ALPINE, "sh", "-c", "echo $HOME"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) - if isRootless() { - location := path.Dir(currentUser.HomeDir) - volumeArg := fmt.Sprintf("%s:%s", location, location) - session = podmanTest.Podman([]string{"run", - "--userns=keep-id", - "--volume", volumeArg, - fedoraToolbox, "sh", "-c", "echo $HOME"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(ExitCleanly()) - Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) - } + location := path.Dir(currentUser.HomeDir) + volumeArg := fmt.Sprintf("%s:%s", location, location) + session = podmanTest.Podman([]string{"run", + "--userns=keep-id", + "--volume", volumeArg, + ALPINE, "sh", "-c", "echo $HOME"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(ExitCleanly()) + Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) }) })