test/e2e: remove toolbox image

The image is way to big (over 800MB) that slows tests down as we always
have to pull this, the tests itself are also super slow due the
entrypoint logic that we don't care about. We should be testing for
features needed and not specific tools.

I think the current changes should have a similar coverage in terms of
podman features, it no longer tests toolbox but IMO this never was a
task for podman CI tests.

The main driver for this is to make the tests run entirely based on
tmpfs and this image is just to much[1].

[1] https://github.com/containers/podman/pull/22533

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2024-05-03 16:39:42 +02:00
parent 6ec2c0b43b
commit 7a43c2ed1b
5 changed files with 47 additions and 163 deletions

View File

@ -161,7 +161,7 @@ var _ = SynchronizedBeforeSuite(func() []byte {
podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init")) podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init"))
// Pull cirros but don't put it into the cache // Pull cirros but don't put it into the cache
pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest} pullImages := []string{CIRROS_IMAGE, volumeTest}
pullImages = append(pullImages, CACHE_IMAGES...) pullImages = append(pullImages, CACHE_IMAGES...)
for _, image := range pullImages { for _, image := range pullImages {
podman.createArtifact(image) podman.createArtifact(image)

View File

@ -13,7 +13,6 @@ var (
INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck
BB = "quay.io/libpod/busybox:latest" BB = "quay.io/libpod/busybox:latest"
HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck
fedoraToolbox = "registry.fedoraproject.org/fedora-toolbox:36"
volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623" volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623"
// This image has seccomp profiles that blocks all syscalls. // This image has seccomp profiles that blocks all syscalls.

View File

@ -1,15 +1,15 @@
package integration package integration
var ( var (
STORAGE_FS = "overlay" //nolint:revive,stylecheck STORAGE_FS = "overlay" //nolint:revive,stylecheck
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
) )

View File

@ -1,15 +1,15 @@
package integration package integration
var ( var (
STORAGE_FS = "overlay" //nolint:revive,stylecheck STORAGE_FS = "overlay" //nolint:revive,stylecheck
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck
CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck CITEST_IMAGE = "quay.io/libpod/testimage:20240123" //nolint:revive,stylecheck
SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck SYSTEMD_IMAGE = "quay.io/libpod/systemd-image:20240124" //nolint:revive,stylecheck
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
) )

View File

@ -38,7 +38,6 @@ import (
. "github.com/containers/podman/v5/test/utils" . "github.com/containers/podman/v5/test/utils"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec"
) )
var _ = Describe("Toolbox-specific testing", func() { var _ = Describe("Toolbox-specific testing", func() {
@ -178,123 +177,18 @@ var _ = Describe("Toolbox-specific testing", func() {
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput)) Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
}) })
It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() { It("podman run --userns=keep-id - modify /etc/passwd and /etc/group", func() {
SkipIfNotRootless("only meaningful when run rootless") passwdLine := "testuser:x:1001:1001::/home/testuser:/bin/sh"
var session *PodmanSessionIntegration groupLine := "testuser:x:1001:"
var username = "testuser" // ensure that the container can edit passwd and group files
var homeDir = "/home/testuser" session := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id",
var shell = "/bin/sh" "--user", "root:root", ALPINE, "sh", "-c",
var uid = "1001" fmt.Sprintf("echo %s > /etc/passwd && echo %s > /etc/group && cat /etc/passwd && cat /etc/group", passwdLine, groupLine)})
var gid = "1001"
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
homeDir, shell, uid, username)
passwd := fmt.Sprintf("passwd --delete %s", username)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; %s; echo READY; sleep 1000", useradd, passwd)})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly()) Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).Should(ContainSubstring(passwdLine))
session = podmanTest.Podman([]string{"start", "test"}) Expect(session.OutputToString()).Should(ContainSubstring(groupLine))
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
expectedOutput := fmt.Sprintf("%s:x:%s:%s::%s:%s",
username, uid, gid, homeDir, shell)
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
expectedOutput = "passwd: Note: deleting a password also unlocks the password."
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput))
})
It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var groupName = "testgroup"
var gid = "1001"
groupadd := fmt.Sprintf("groupadd --gid %s %s", gid, groupName)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; echo READY; sleep 1000", groupadd)})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/group"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(groupName))
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
})
It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var badHomeDir = "/home/badtestuser"
var badShell = "/bin/sh"
var badUID = "1001"
var username = "testuser"
var homeDir = "/home/testuser"
var shell = "/bin/bash"
var uid = "1411"
var groupName = "testgroup"
var gid = "1422"
// The use of bad* in the name of variables does not imply the invocation
// of useradd should fail The user is supposed to be created successfully
// but later his information (uid, home, shell,..) is changed via usermod.
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
badHomeDir, badShell, badUID, username)
groupadd := fmt.Sprintf("groupadd --gid %s %s",
gid, groupName)
usermod := fmt.Sprintf("usermod --append --groups wheel --home %s --shell %s --uid %s --gid %s %s",
homeDir, shell, uid, gid, username)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; %s; %s; echo READY; sleep 1000", useradd, groupadd, usermod)})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
expectedUser := fmt.Sprintf("%s:x:%s:%s::%s:%s",
username, uid, gid, homeDir, shell)
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(expectedUser))
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
}) })
It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() { It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() {
@ -312,13 +206,12 @@ var _ = Describe("Toolbox-specific testing", func() {
Expect(session).Should(ExitCleanly()) Expect(session).Should(ExitCleanly())
}) })
It("podman create + start - with all needed switches for create - sleep as entry-point", func() { It("podman create + start - with all needed switches for create", func() {
SkipIfNotRootless("only meaningful when run rootless") SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
// These should be most of the switches that Toolbox uses to create a "toolbox" container // These should be most of the switches that Toolbox uses to create a "toolbox" container
// https://github.com/containers/toolbox/blob/main/src/cmd/create.go // https://github.com/containers/toolbox/blob/main/src/cmd/create.go
session = podmanTest.Podman([]string{"create", session := podmanTest.Podman([]string{"create",
"--log-driver", "k8s-file", "--log-driver", "k8s-file",
"--dns", "none", "--dns", "none",
"--hostname", "toolbox", "--hostname", "toolbox",
@ -333,20 +226,14 @@ var _ = Describe("Toolbox-specific testing", func() {
"--ulimit", "host", "--ulimit", "host",
"--userns=keep-id", "--userns=keep-id",
"--user", "root:root", "--user", "root:root",
fedoraToolbox, "sh", "-c", "echo READY; sleep 1000"}) ALPINE, "sh", "-c", "echo READY"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly()) Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"}) session = podmanTest.Podman([]string{"start", "-a", "test"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly()) Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).Should(ContainSubstring("READY"))
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
}) })
It("podman run --userns=keep-id check $HOME", func() { It("podman run --userns=keep-id check $HOME", func() {
@ -355,22 +242,20 @@ var _ = Describe("Toolbox-specific testing", func() {
currentUser, err := user.Current() currentUser, err := user.Current()
Expect(err).ToNot(HaveOccurred()) Expect(err).ToNot(HaveOccurred())
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"}) session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", ALPINE, "sh", "-c", "echo $HOME"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly()) Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir)) Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
if isRootless() { location := path.Dir(currentUser.HomeDir)
location := path.Dir(currentUser.HomeDir) volumeArg := fmt.Sprintf("%s:%s", location, location)
volumeArg := fmt.Sprintf("%s:%s", location, location) session = podmanTest.Podman([]string{"run",
session = podmanTest.Podman([]string{"run", "--userns=keep-id",
"--userns=keep-id", "--volume", volumeArg,
"--volume", volumeArg, ALPINE, "sh", "-c", "echo $HOME"})
fedoraToolbox, "sh", "-c", "echo $HOME"}) session.WaitWithDefaultTimeout()
session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly())
Expect(session).Should(ExitCleanly()) Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
}
}) })
}) })