Merge pull request #913 from runcom/v1.0.0-rc2-patches

V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00 · 2017-09-17 21:03:54 -07:00 · 7e7a097395
commit 7e7a097395
parent dbc2b404a3 a11b8cd8ec
26 changed files with 661 additions and 116 deletions
--- a/test/inspect.bats
+++ b/test/inspect.bats
@ -0,0 +1,60 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+	cleanup_test
+}
+
+@test "info inspect" {
+	start_crio
+	out=`echo -e "GET /info HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET`
+	echo "$out"
+	[[ "$out" =~ "\"cgroup_driver\":\"$CGROUP_MANAGER\"" ]]
+	[[ "$out" =~ "\"storage_root\":\"$TESTDIR/crio\"" ]]
+
+	stop_crio
+}
+
+@test "ctr inspect" {
+	start_crio
+	run crioctl pod run --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	run crioctl ctr create --config "$TESTDATA"/container_config.json --pod "$pod_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	ctr_id="$output"
+
+	out=`echo -e "GET /containers/$ctr_id HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET`
+	echo "$out"
+	[[ "$out" =~ "\"sandbox\":\"$pod_id\"" ]]
+	[[ "$out" =~ "\"image\":\"redis:alpine\"" ]]
+
+	inet=`crioctl ctr execsync --id $ctr_id ip addr show dev eth0 scope global 2>&1 | grep inet`
+
+	IFS=" "
+	ip=`parse_pod_ip $inet`
+	[[ "$out" =~ "\"ip_address\":\"$ip\"" ]]
+
+	[[ "$out" =~ "\"name\":\"k8s_container1_podsandbox1_redhat.test.crio_redhat-test-crio_1\"" ]]
+
+
+# TODO: add some other check based on the json below:
+#
+# {"name":"k8s_container1_podsandbox1_redhat.test.crio_redhat-test-crio_1","pid":27477,"image":"redis:alpine","created_time":1505223601111546169,"labels":{"batch":"no","type":"small"},"annotations":{"daemon":"crio","owner":"dragon"},"log_path":"/var/log/crio/pods/297d014ba2c54236779da0c2f80dfba45dc31b106e4cd126a1c3c6d78edc2201/81567e9573ea798d6494c9aab156103ee91b72180fd3841a7c24d2ca39886ba2.log","root":"/tmp/tmp.0bkjphWudF/crio/overlay/d7cfc1de83cab9f377a4a1542427d2a019e85a70c1c660a9e6cf9e254df68873/merged","sandbox":"297d014ba2c54236779da0c2f80dfba45dc31b106e4cd126a1c3c6d78edc2201","ip_address":"10.88.9.153"}
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_crio
+}
+
+@test "ctr inspect not found" {
+	start_crio
+	out=`echo -e "GET /containers/notexists HTTP/1.1\r\nHost: crio\r\n" | socat - UNIX-CONNECT:$CRIO_SOCKET`
+	echo "$out"
+	[[ "$out" =~ "can't find the container with id notexists" ]]
+
+	stop_crio
+}
--- a/test/network.bats
+++ b/test/network.bats
@ -2,6 +2,72 @@

 load helpers

+@test "ensure correct hostname" {
+	start_crio
+	run crioctl pod run --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id"
+	echo "$output"
+	[ "$status" -eq 0  ]
+	ctr_id="$output"
+	run crioctl ctr start --id "$ctr_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	run crioctl ctr execsync --id "$ctr_id" sh -c "hostname"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "crioctl_host" ]]
+	run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "crioctl_host" ]]
+	run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "crioctl_host" ]]
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_crio
+}
+
+@test "ensure correct hostname for hostnetwork:true" {
+	start_crio
+	hostnetworkconfig=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["security_context"]["namespace_options"]["host_network"] = True; obj["annotations"] = {}; obj["hostname"] = ""; json.dump(obj, sys.stdout)')
+	echo "$hostnetworkconfig" > "$TESTDIR"/sandbox_hostnetwork_config.json
+	run crioctl pod run --config "$TESTDIR"/sandbox_hostnetwork_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id"
+	echo "$output"
+	[ "$status" -eq 0  ]
+	ctr_id="$output"
+	run crioctl ctr start --id "$ctr_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	run crioctl ctr execsync --id "$ctr_id" sh -c "hostname"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "$HOSTNAME" ]]
+	run crioctl ctr execsync --id "$ctr_id" sh -c "echo \$HOSTNAME"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "$HOSTNAME" ]]
+	run crioctl ctr execsync --id "$ctr_id" sh -c "cat /etc/hostname"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	[[ "$output" =~ "$HOSTNAME" ]]
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_crio
+}
+
@test "Check for valid pod netns CIDR" {
 	start_crio
 	run crioctl pod run --config "$TESTDATA"/sandbox_config.json
--- a/test/selinux.bats
+++ b/test/selinux.bats
@ -0,0 +1,26 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function teardown() {
+	cleanup_test
+}
+
+@test "ctr termination reason Completed" {
+	start_crio
+	run crioctl pod run --config "$TESTDATA"/sandbox_config_selinux.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+	run crioctl ctr create --config "$TESTDATA"/container_redis.json --pod "$pod_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+	ctr_id="$output"
+	run crioctl ctr start --id "$ctr_id"
+	echo "$output"
+	[ "$status" -eq 0 ]
+
+	cleanup_ctrs
+	cleanup_pods
+	stop_crio
+}
--- a/test/testdata/container_config.json
+++ b/test/testdata/container_config.json
@ -51,6 +51,12 @@
 		},
 		"security_context": {
 			"readonly_rootfs": false,
+			"selinux_options": {
+				"user": "system_u",
+				"role": "system_r",
+				"type": "svirt_lxc_net_t",
+				"level": "s0:c4,c5"
+			},
 			"capabilities": {
 				"add_capabilities": [
 					"setuid",
@ -58,12 +64,6 @@
 				],
 				"drop_capabilities": [
 				]
-			},
-			"selinux_options": {
-				"user": "system_u",
-				"role": "system_r",
-				"type": "container_t",
-				"level": "s0:c4,c5"
 			}
 		}
 	}
--- a/test/testdata/container_config_by_imageid.json
+++ b/test/testdata/container_config_by_imageid.json
@ -62,7 +62,7 @@
 			"selinux_options": {
 				"user": "system_u",
 				"role": "system_r",
-				"type": "container_t",
+				"type": "svirt_lxc_net_t",
 				"level": "s0:c4,c5"
 			}
 		}
--- a/test/testdata/container_config_hostport.json
+++ b/test/testdata/container_config_hostport.json
@ -64,7 +64,7 @@
 			"selinux_options": {
 				"user": "system_u",
 				"role": "system_r",
-				"type": "container_t",
+				"type": "svirt_lxc_net_t",
 				"level": "s0:c4,c5"
 			}
 		}
--- a/test/testdata/container_config_logging.json
+++ b/test/testdata/container_config_logging.json
@ -64,7 +64,7 @@
 			"selinux_options": {
 				"user": "system_u",
 				"role": "system_r",
-				"type": "container_t",
+				"type": "svirt_lxc_net_t",
 				"level": "s0:c4,c5"
 			}
 		}
--- a/test/testdata/container_config_resolvconf.json
+++ b/test/testdata/container_config_resolvconf.json
@ -64,7 +64,7 @@
 			"selinux_options": {
 				"user": "system_u",
 				"role": "system_r",
-				"type": "container_t",
+				"type": "svirt_lxc_net_t",
 				"level": "s0:c4,c5"
 			}
 		}
--- a/test/testdata/container_config_resolvconf_ro.json
+++ b/test/testdata/container_config_resolvconf_ro.json
@ -64,7 +64,7 @@
 			"selinux_options": {
 				"user": "system_u",
 				"role": "system_r",
-				"type": "container_t",
+				"type": "svirt_lxc_net_t",
 				"level": "s0:c4,c5"
 			}
 		}
--- a/test/testdata/container_config_seccomp.json
+++ b/test/testdata/container_config_seccomp.json
@ -65,7 +65,7 @@
 				"user": "system_u",
 				"role": "system_r",
 				"type": "svirt_lxc_net_t",
-				"level": "s0:c4-c5"
+				"level": "s0:c4,c5"
 			}
 		}
 	}
--- a/test/testdata/sandbox_config.json
+++ b/test/testdata/sandbox_config.json
@ -39,6 +39,12 @@
 				"host_network": false,
 				"host_pid": false,
 				"host_ipc": false
+			},
+			"selinux_options": {
+				"user": "system_u",
+				"role": "system_r",
+				"type": "svirt_lxc_net_t",
+				"level": "s0:c4,c5"
 			}
 		}
 	}
--- a/test/testdata/sandbox_config_seccomp.json
+++ b/test/testdata/sandbox_config_seccomp.json
@ -41,13 +41,13 @@
 				"host_network": false,
 				"host_pid": false,
 				"host_ipc": false
+			},
+			"selinux_options": {
+				"user": "system_u",
+				"role": "system_r",
+				"type": "svirt_lxc_net_t",
+				"level": "s0:c4,c5"
 			}
-		},
-		"selinux_options": {
-			"user": "system_u",
-			"role": "system_r",
-			"type": "container_t",
-			"level": "s0:c1,c2"
 		}
 	}
 }
--- a/test/testdata/sandbox_config_selinux.json
+++ b/test/testdata/sandbox_config_selinux.json
@ -0,0 +1,48 @@
+{
+	"metadata": {
+		"name": "podsandbox1",
+		"uid": "redhat-test-crio",
+		"namespace": "redhat.test.crio",
+		"attempt": 1
+	},
+	"hostname": "crioctl_host",
+	"log_directory": "",
+	"dns_config": {
+		"searches": [
+			"8.8.8.8"
+		]
+	},
+	"port_mappings": [],
+	"resources": {
+		"cpu": {
+			"limits": 3,
+			"requests": 2
+		},
+		"memory": {
+			"limits": 50000000,
+			"requests": 2000000
+		}
+	},
+	"labels": {
+		"group": "test"
+	},
+	"annotations": {
+		"owner": "hmeng",
+		"security.alpha.kubernetes.io/sysctls": "kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000",
+		"security.alpha.kubernetes.io/unsafe-sysctls": "kernel.msgmax=8192" ,
+		"security.alpha.kubernetes.io/seccomp/pod": "unconfined"
+	},
+	"linux": {
+		"cgroup_parent": "/Burstable/pod_123-456",
+		"security_context": {
+			"namespace_options": {
+				"host_network": false,
+				"host_pid": false,
+				"host_ipc": false
+			},
+			"selinux_options": {
+				"level": "s0"
+			}
+		}
+	}
+}