cri-o/test
Antonio Murdaca a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
..
bin2img Move to new github.com/sirupsen/logrus. 2017-08-07 11:50:04 -04:00
checkseccomp seccomp: use Prctl() from x/sys/unix 2017-07-18 15:34:23 +02:00
copyimg Move to new github.com/sirupsen/logrus. 2017-08-07 11:50:04 -04:00
hooks Add support for oci-hooks to libkpod 2017-09-05 07:39:31 -04:00
testdata sandbox, ctr: SELinux fixes 2017-09-17 22:40:17 +02:00
apparmor.bats Fix remnants of ocid -> crio rename 2017-05-15 15:05:58 -07:00
cgroups.bats test: Add test for pids limit 2017-07-11 19:17:48 -07:00
ctr.bats contrib: test: run kube tests in CI with same cgroup driver 2017-09-08 14:26:39 +02:00
helpers.bash Merge pull request #562 from rhatdan/hooks 2017-09-07 19:06:01 +02:00
hooks.bats Add support for oci-hooks to libkpod 2017-09-05 07:39:31 -04:00
image.bats Add image pull with signature integration test 2017-09-11 13:34:30 +02:00
image_volume.bats test: Add a test for image volumes bind mount option 2017-07-14 16:57:38 -07:00
inspect.bats test: add inspect integration tests 2017-09-17 10:19:31 +02:00
kpod.bats Vendor in changes made to containers/image for OCI 2017-08-31 16:40:13 -04:00
kpod_diff.bats Implement kpod rm 2017-09-05 14:35:36 -04:00
kpod_export.bats Add 'kpod export' command 2017-08-08 16:46:01 -04:00
kpod_load.bats Update kpod load and save for oci-archive 2017-09-08 10:33:58 -04:00
kpod_logs.bats server: container_create: store sandbox's ip in annotations 2017-09-02 02:05:58 +02:00
kpod_mount.bats Add kpod-mount and kpod-umount to mount and umount container images 2017-08-08 15:46:50 -04:00
kpod_ps.bats Add namespace flag to kpod ps 2017-09-10 11:21:49 -04:00
kpod_rename.bats implement kpod rename 2017-08-17 09:00:41 -04:00
kpod_rm.bats Implement kpod rm 2017-09-05 14:35:36 -04:00
kpod_save.bats Update kpod load and save for oci-archive 2017-09-08 10:33:58 -04:00
kpod_stats.bats add kpod stats function 2017-08-17 11:34:10 -04:00
kpod_stop.bats kpod stop -- stop one or more containers 2017-09-11 17:03:27 -05:00
network.bats server: correctly set hostname 2017-09-17 10:19:31 +02:00
pod.bats server: adhere to CRI for sandbox stop/remove 2017-06-15 23:08:30 +02:00
policy.json Add image pull with signature integration test 2017-09-11 13:34:30 +02:00
README.md Fix remnants of ocid -> crio rename 2017-05-15 15:05:58 -07:00
redhat_sigstore.yaml Add image pull with signature integration test 2017-09-11 13:34:30 +02:00
restore.bats server: adhere to CRI for sandbox stop/remove 2017-06-15 23:08:30 +02:00
runtimeversion.bats Rename ocid to crio. 2017-05-12 09:56:06 -04:00
seccomp.bats server: standardize on naming 2017-06-22 11:55:03 +02:00
selinux.bats sandbox, ctr: SELinux fixes 2017-09-17 22:40:17 +02:00
tag.bats cmd/kpod/tag.go: Do not assume docker.io for tagging 2017-09-06 09:00:00 -05:00
test_runner.sh add tests skeleton 2016-09-24 00:37:07 +02:00

CRIO Integration Tests

Integration tests provide end-to-end testing of CRIO.

Note that integration tests do not replace unit tests.

As a rule of thumb, code should be tested thoroughly with unit tests. Integration tests on the other hand are meant to test a specific feature end to end.

Integration tests are written in bash using the bats framework.

Running integration tests

Containerized tests

The easiest way to run integration tests is with Docker:

$ make integration

To run a single test bucket:

$ make integration TESTFLAGS="runtimeversion.bats"

On your host

To run the integration tests on your host, you will first need to setup a development environment plus bats For example:

$ cd ~/go/src/github.com
$ git clone https://github.com/sstephenson/bats.git
$ cd bats
$ ./install.sh /usr/local

You will also need to install the CNI plugins as the the default pod test template runs without host networking:

$ go get github.com/containernetworking/cni
$ cd "$GOPATH/src/github.com/containernetworking/cni"
$ git checkout -q d4bbce1865270cd2d2be558d6a23e63d314fe769
$ ./build.sh \
$ mkdir -p /opt/cni/bin \
$ cp bin/* /opt/cni/bin/

Then you can run the tests on your host:

$ sudo make localintegration

To run a single test bucket:

$ make localintegration TESTFLAGS="runtimeversion.bats"

Or you can just run them directly using bats

$ sudo bats test

Runtime selection

Tests on the host will run with runc as the default runtime. However you can select other OCI compatible runtimes by setting the RUNTIME environment variable.

For example one could use the Clear Containers runtime instead of runc:

make localintegration RUNTIME=cc-oci-runtime

Writing integration tests

[Helper functions] (https://github.com/kubernetes-incubator/crio/blob/master/test/helpers.bash) are provided in order to facilitate writing tests.

#!/usr/bin/env bats

# This will load the helpers.
load helpers

# setup is called at the beginning of every test.
function setup() {
}

# teardown is called at the end of every test.
function teardown() {
	cleanup_test
}

@test "crioctl runtimeversion" {
	start_crio
	crioctl runtimeversion
	[ "$status" -eq 0 ]
}