opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-02 16:57:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

test/e2e: remove toolbox image

Browse Source 
The image is way to big (over 800MB) that slows tests down as we always
have to pull this, the tests itself are also super slow due the
entrypoint logic that we don't care about. We should be testing for
features needed and not specific tools.

I think the current changes should have a similar coverage in terms of
podman features, it no longer tests toolbox but IMO this never was a
task for podman CI tests.

The main driver for this is to make the tests run entirely based on
tmpfs and this image is just to much[1].

[1] https://github.com/containers/podman/pull/22533

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2024-05-03 16:39:42 +02:00
parent 6ec2c0b43b
commit 7a43c2ed1b
5 changed files with 47 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/e2e/common_test.go
View File

@ -161,7 +161,7 @@ var _ = SynchronizedBeforeSuite(func() []byte {
podman := PodmanTestSetup(filepath.Join(globalTmpDir, "image-init"))
// Pull cirros but don't put it into the cache
pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest}
pullImages := []string{CIRROS_IMAGE, volumeTest}
pullImages = append(pullImages, CACHE_IMAGES...)
for _, image := range pullImages {
podman.createArtifact(image)

1
test/e2e/config.go
View File

@ -13,7 +13,6 @@ var (
INFRA_IMAGE = "quay.io/libpod/k8s-pause:3.5" //nolint:revive,stylecheck
BB = "quay.io/libpod/busybox:latest"
HEALTHCHECK_IMAGE = "quay.io/libpod/alpine_healthcheck:latest" //nolint:revive,stylecheck
fedoraToolbox = "registry.fedoraproject.org/fedora-toolbox:36"
volumeTest = "quay.io/libpod/volume-plugin-test-img:20220623"
// This image has seccomp profiles that blocks all syscalls.

2
test/e2e/config_amd64.go
View File

@ -5,7 +5,7 @@ var (
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
NGINX_IMAGE = "quay.io/libpod/alpine_nginx:latest" //nolint:revive,stylecheck
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck

2
test/e2e/config_arm64.go
View File

@ -5,7 +5,7 @@ var (
STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_FS = "overlay" //nolint:revive,stylecheck
ROOTLESS_STORAGE_OPTIONS = "--storage-driver overlay" //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE, fedoraToolbox} //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, CITEST_IMAGE, HEALTHCHECK_IMAGE, SYSTEMD_IMAGE} //nolint:revive,stylecheck
NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
REGISTRY_IMAGE = "quay.io/libpod/registry:2.8.2" //nolint:revive,stylecheck

147
test/e2e/toolbox_test.go
View File

@ -38,7 +38,6 @@ import (
. "github.com/containers/podman/v5/test/utils"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gexec"
)
var _ = Describe("Toolbox-specific testing", func() {
@ -178,123 +177,18 @@ var _ = Describe("Toolbox-specific testing", func() {
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
})
It("podman create --userns=keep-id - entrypoint - adding user with useradd and then removing their password", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
It("podman run --userns=keep-id - modify /etc/passwd and /etc/group", func() {
passwdLine := "testuser:x:1001:1001::/home/testuser:/bin/sh"
groupLine := "testuser:x:1001:"
var username = "testuser"
var homeDir = "/home/testuser"
var shell = "/bin/sh"
var uid = "1001"
var gid = "1001"
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
homeDir, shell, uid, username)
passwd := fmt.Sprintf("passwd --delete %s", username)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; %s; echo READY; sleep 1000", useradd, passwd)})
// ensure that the container can edit passwd and group files
session := podmanTest.Podman([]string{"run", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id",
"--user", "root:root", ALPINE, "sh", "-c",
fmt.Sprintf("echo %s > /etc/passwd && echo %s > /etc/group && cat /etc/passwd && cat /etc/group", passwdLine, groupLine)})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
expectedOutput := fmt.Sprintf("%s:x:%s:%s::%s:%s",
username, uid, gid, homeDir, shell)
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(expectedOutput))
expectedOutput = "passwd: Note: deleting a password also unlocks the password."
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.ErrorToString()).To(ContainSubstring(expectedOutput))
})
It("podman create --userns=keep-id + podman exec - adding group with groupadd", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var groupName = "testgroup"
var gid = "1001"
groupadd := fmt.Sprintf("groupadd --gid %s %s", gid, groupName)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; echo READY; sleep 1000", groupadd)})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/group"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(groupName))
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
})
It("podman create --userns=keep-id - entrypoint - modifying existing user with usermod - add to new group, change home/shell/uid", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
var badHomeDir = "/home/badtestuser"
var badShell = "/bin/sh"
var badUID = "1001"
var username = "testuser"
var homeDir = "/home/testuser"
var shell = "/bin/bash"
var uid = "1411"
var groupName = "testgroup"
var gid = "1422"
// The use of bad* in the name of variables does not imply the invocation
// of useradd should fail The user is supposed to be created successfully
// but later his information (uid, home, shell,..) is changed via usermod.
useradd := fmt.Sprintf("useradd --home-dir %s --shell %s --uid %s %s",
badHomeDir, badShell, badUID, username)
groupadd := fmt.Sprintf("groupadd --gid %s %s",
gid, groupName)
usermod := fmt.Sprintf("usermod --append --groups wheel --home %s --shell %s --uid %s --gid %s %s",
homeDir, shell, uid, gid, username)
session = podmanTest.Podman([]string{"create", "--log-driver", "k8s-file", "--name", "test", "--userns=keep-id", "--user", "root:root", fedoraToolbox, "sh", "-c",
fmt.Sprintf("%s; %s; %s; echo READY; sleep 1000", useradd, groupadd, usermod)})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
expectedUser := fmt.Sprintf("%s:x:%s:%s::%s:%s",
username, uid, gid, homeDir, shell)
session = podmanTest.Podman([]string{"exec", "test", "cat", "/etc/passwd"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(expectedUser))
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
Expect(session.OutputToString()).Should(ContainSubstring(passwdLine))
Expect(session.OutputToString()).Should(ContainSubstring(groupLine))
})
It("podman run --privileged --userns=keep-id --user root:root - entrypoint - (bind)mounting", func() {
@ -312,13 +206,12 @@ var _ = Describe("Toolbox-specific testing", func() {
Expect(session).Should(ExitCleanly())
})
It("podman create + start - with all needed switches for create - sleep as entry-point", func() {
It("podman create + start - with all needed switches for create", func() {
SkipIfNotRootless("only meaningful when run rootless")
var session *PodmanSessionIntegration
// These should be most of the switches that Toolbox uses to create a "toolbox" container
// https://github.com/containers/toolbox/blob/main/src/cmd/create.go
session = podmanTest.Podman([]string{"create",
session := podmanTest.Podman([]string{"create",
"--log-driver", "k8s-file",
"--dns", "none",
"--hostname", "toolbox",
@ -333,20 +226,14 @@ var _ = Describe("Toolbox-specific testing", func() {
"--ulimit", "host",
"--userns=keep-id",
"--user", "root:root",
fedoraToolbox, "sh", "-c", "echo READY; sleep 1000"})
ALPINE, "sh", "-c", "echo READY"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
session = podmanTest.Podman([]string{"start", "test"})
session = podmanTest.Podman([]string{"start", "-a", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(WaitContainerReady(podmanTest, "test", "READY", 5, 1)).To(BeTrue())
session = podmanTest.Podman([]string{"logs", "test"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring("READY"))
Expect(session.OutputToString()).Should(ContainSubstring("READY"))
})
It("podman run --userns=keep-id check $HOME", func() {
@ -355,22 +242,20 @@ var _ = Describe("Toolbox-specific testing", func() {
currentUser, err := user.Current()
Expect(err).ToNot(HaveOccurred())
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", fedoraToolbox, "sh", "-c", "echo $HOME"})
session = podmanTest.Podman([]string{"run", "-v", fmt.Sprintf("%s:%s", currentUser.HomeDir, currentUser.HomeDir), "--userns=keep-id", ALPINE, "sh", "-c", "echo $HOME"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
if isRootless() {
location := path.Dir(currentUser.HomeDir)
volumeArg := fmt.Sprintf("%s:%s", location, location)
session = podmanTest.Podman([]string{"run",
"--userns=keep-id",
"--volume", volumeArg,
fedoraToolbox, "sh", "-c", "echo $HOME"})
ALPINE, "sh", "-c", "echo $HOME"})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
Expect(session.OutputToString()).To(ContainSubstring(currentUser.HomeDir))
}
})
})