Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved all of the code to the new name. We want to elminate the name ocid from use. Move fully to crio. Also cric is being renamed to crioctl for the time being. Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh
parent
81cfba283a
commit
4493b6f176
52 changed files with 677 additions and 677 deletions
|
|
@ -15,31 +15,31 @@ function teardown() {
|
|||
skip "skip this test since apparmor is not enabled."
|
||||
fi
|
||||
|
||||
start_ocid
|
||||
start_crio
|
||||
|
||||
sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname1": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor1.json
|
||||
|
||||
run ocic pod run --name apparmor1 --config "$TESTDIR"/apparmor1.json
|
||||
run crioctl pod run --name apparmor1 --config "$TESTDIR"/apparmor1.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
run ocic ctr create --name testname1 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
run crioctl ctr create --name testname1 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
ctr_id="$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ocic ctr execsync --id "$ctr_id" touch test.txt
|
||||
run crioctl ctr execsync --id "$ctr_id" touch test.txt
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
|
||||
cleanup_ctrs
|
||||
cleanup_pods
|
||||
stop_ocid
|
||||
stop_crio
|
||||
}
|
||||
|
||||
# 2. test running with loading a specific apparmor profile as ocid default apparmor profile.
|
||||
# test that we can run with a specific apparmor profile which will block touching a file in `.` as ocid default apparmor profile.
|
||||
# 2. test running with loading a specific apparmor profile as crio default apparmor profile.
|
||||
# test that we can run with a specific apparmor profile which will block touching a file in `.` as crio default apparmor profile.
|
||||
@test "load a specific apparmor profile as default apparmor and run a container with it" {
|
||||
# this test requires apparmor, so skip this test if apparmor is not enabled.
|
||||
enabled=$(is_apparmor_enabled)
|
||||
|
|
@ -48,31 +48,31 @@ function teardown() {
|
|||
fi
|
||||
|
||||
load_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH"
|
||||
start_ocid "" "$APPARMOR_TEST_PROFILE_NAME"
|
||||
start_crio "" "$APPARMOR_TEST_PROFILE_NAME"
|
||||
|
||||
sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname2": "apparmor-test-deny-write"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor2.json
|
||||
|
||||
run ocic pod run --name apparmor2 --config "$TESTDIR"/apparmor2.json
|
||||
run crioctl pod run --name apparmor2 --config "$TESTDIR"/apparmor2.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
run ocic ctr create --name testname2 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
run crioctl ctr create --name testname2 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
ctr_id="$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ocic ctr execsync --id "$ctr_id" touch test.txt
|
||||
run crioctl ctr execsync --id "$ctr_id" touch test.txt
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
[[ "$output" =~ "Permission denied" ]]
|
||||
|
||||
cleanup_ctrs
|
||||
cleanup_pods
|
||||
stop_ocid
|
||||
stop_crio
|
||||
remove_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH"
|
||||
}
|
||||
|
||||
# 3. test running with loading a specific apparmor profile but not as ocid default apparmor profile.
|
||||
# 3. test running with loading a specific apparmor profile but not as crio default apparmor profile.
|
||||
# test that we can run with a specific apparmor profile which will block touching a file in `.`
|
||||
@test "load default apparmor profile and run a container with another apparmor profile" {
|
||||
# this test requires apparmor, so skip this test if apparmor is not enabled.
|
||||
|
|
@ -82,27 +82,27 @@ function teardown() {
|
|||
fi
|
||||
|
||||
load_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH"
|
||||
start_ocid
|
||||
start_crio
|
||||
|
||||
sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname3": "apparmor-test-deny-write"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor3.json
|
||||
|
||||
run ocic pod run --name apparmor3 --config "$TESTDIR"/apparmor3.json
|
||||
run crioctl pod run --name apparmor3 --config "$TESTDIR"/apparmor3.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
run ocic ctr create --name testname3 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
run crioctl ctr create --name testname3 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
ctr_id="$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ocic ctr execsync --id "$ctr_id" touch test.txt
|
||||
run crioctl ctr execsync --id "$ctr_id" touch test.txt
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
[[ "$output" =~ "Permission denied" ]]
|
||||
|
||||
cleanup_ctrs
|
||||
cleanup_pods
|
||||
stop_ocid
|
||||
stop_crio
|
||||
remove_apparmor_profile "$APPARMOR_TEST_PROFILE_PATH"
|
||||
}
|
||||
|
||||
|
|
@ -115,15 +115,15 @@ function teardown() {
|
|||
skip "skip this test since apparmor is not enabled."
|
||||
fi
|
||||
|
||||
start_ocid
|
||||
start_crio
|
||||
|
||||
sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname4": "not-exists"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor4.json
|
||||
|
||||
run ocic pod run --name apparmor4 --config "$TESTDIR"/apparmor4.json
|
||||
run crioctl pod run --name apparmor4 --config "$TESTDIR"/apparmor4.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
run ocic ctr create --name testname4 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
run crioctl ctr create --name testname4 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
[[ "$output" =~ "Creating container failed" ]]
|
||||
|
|
@ -131,7 +131,7 @@ function teardown() {
|
|||
|
||||
cleanup_ctrs
|
||||
cleanup_pods
|
||||
stop_ocid
|
||||
stop_crio
|
||||
}
|
||||
|
||||
# 5. test running with default apparmor profile unloaded.
|
||||
|
|
@ -143,26 +143,26 @@ function teardown() {
|
|||
skip "skip this test since apparmor is not enabled."
|
||||
fi
|
||||
|
||||
start_ocid
|
||||
start_crio
|
||||
remove_apparmor_profile "$FAKE_OCID_DEFAULT_PROFILE_PATH"
|
||||
|
||||
sed -e 's/%VALUE%/,"container\.apparmor\.security\.beta\.kubernetes\.io\/testname5": "runtime\/default"/g' "$TESTDATA"/sandbox_config_seccomp.json > "$TESTDIR"/apparmor5.json
|
||||
|
||||
run ocic pod run --name apparmor5 --config "$TESTDIR"/apparmor5.json
|
||||
run crioctl pod run --name apparmor5 --config "$TESTDIR"/apparmor5.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
run ocic ctr create --name testname5 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
run crioctl ctr create --name testname5 --config "$TESTDATA"/container_redis.json --pod "$pod_id"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
ctr_id="$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ocic ctr execsync --id "$ctr_id" touch test.txt
|
||||
run crioctl ctr execsync --id "$ctr_id" touch test.txt
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
|
||||
cleanup_ctrs
|
||||
cleanup_pods
|
||||
stop_ocid
|
||||
stop_crio
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue