mirror of
https://github.com/containers/podman
synced 2024-10-20 17:23:30 +00:00
feaa1a134a
Allow users to add annotions in the podman play kube command. This PR Also fixes the fact that annotations in the pod spec were not being passed down to containers. Fixes: https://github.com/containers/podman/issues/12968 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
236 lines
6.6 KiB
Bash
236 lines
6.6 KiB
Bash
#!/usr/bin/env bats -*- bats -*-
|
|
#
|
|
# Test podman play
|
|
#
|
|
|
|
load helpers
|
|
|
|
# This is a long ugly way to clean up pods and remove the pause image
|
|
function teardown() {
|
|
run_podman pod rm -t 0 -f -a
|
|
run_podman rm -t 0 -f -a
|
|
run_podman image list --format '{{.ID}} {{.Repository}}'
|
|
while read id name; do
|
|
if [[ "$name" =~ /podman-pause ]]; then
|
|
run_podman rmi $id
|
|
fi
|
|
done <<<"$output"
|
|
|
|
basic_teardown
|
|
}
|
|
|
|
testYaml="
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
labels:
|
|
app: test
|
|
name: test_pod
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- sleep
|
|
- \"100\"
|
|
env:
|
|
- name: PATH
|
|
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
- name: TERM
|
|
value: xterm
|
|
- name: container
|
|
value: podman
|
|
image: $IMAGE
|
|
name: test
|
|
resources: {}
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 3000
|
|
fsGroup: 2000
|
|
allowPrivilegeEscalation: true
|
|
capabilities: {}
|
|
privileged: false
|
|
seLinuxOptions:
|
|
level: \"s0:c1,c2\"
|
|
readOnlyRootFilesystem: false
|
|
volumeMounts:
|
|
- mountPath: /testdir:z
|
|
name: home-podman-testdir
|
|
workingDir: /
|
|
volumes:
|
|
- hostPath:
|
|
path: TESTDIR
|
|
type: Directory
|
|
name: home-podman-testdir
|
|
status: {}
|
|
"
|
|
|
|
RELABEL="system_u:object_r:container_file_t:s0"
|
|
|
|
@test "podman play with stdin" {
|
|
TESTDIR=$PODMAN_TMPDIR/testdir
|
|
mkdir -p $TESTDIR
|
|
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
|
|
|
run_podman play kube - < $PODMAN_TMPDIR/test.yaml
|
|
if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
|
|
run ls -Zd $TESTDIR
|
|
is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened"
|
|
fi
|
|
|
|
# Make sure that the K8s pause image isn't pulled but the local podman-pause is built.
|
|
run_podman images
|
|
run_podman 1 image exists k8s.gcr.io/pause
|
|
run_podman version --format "{{.Server.Version}}-{{.Server.Built}}"
|
|
run_podman image exists localhost/podman-pause:$output
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
}
|
|
|
|
@test "podman play" {
|
|
TESTDIR=$PODMAN_TMPDIR/testdir
|
|
mkdir -p $TESTDIR
|
|
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
|
run_podman play kube $PODMAN_TMPDIR/test.yaml
|
|
if [ -e /usr/sbin/selinuxenabled -a /usr/sbin/selinuxenabled ]; then
|
|
run ls -Zd $TESTDIR
|
|
is "$output" "${RELABEL} $TESTDIR" "selinux relabel should have happened"
|
|
fi
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
}
|
|
|
|
@test "podman play --network" {
|
|
TESTDIR=$PODMAN_TMPDIR/testdir
|
|
mkdir -p $TESTDIR
|
|
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
|
run_podman 125 play kube --network host $PODMAN_TMPDIR/test.yaml
|
|
is "$output" ".*invalid value passed to --network: bridge or host networking must be configured in YAML" "podman plan-network should fail with --network host"
|
|
run_podman play kube --network slirp4netns:port_handler=slirp4netns $PODMAN_TMPDIR/test.yaml
|
|
run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}"
|
|
infraID="$output"
|
|
run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID
|
|
is "$output" "slirp4netns" "network mode slirp4netns is set for the container"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
|
|
run_podman play kube --network none $PODMAN_TMPDIR/test.yaml
|
|
run_podman pod inspect --format {{.InfraContainerID}} "${lines[1]}"
|
|
infraID="$output"
|
|
run_podman container inspect --format "{{.HostConfig.NetworkMode}}" $infraID
|
|
is "$output" "none" "network mode none is set for the container"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
}
|
|
|
|
@test "podman play with user from image" {
|
|
TESTDIR=$PODMAN_TMPDIR/testdir
|
|
mkdir -p $TESTDIR
|
|
|
|
testUserYaml="
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
labels:
|
|
app: test
|
|
name: test_pod
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- id
|
|
env:
|
|
- name: PATH
|
|
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
- name: TERM
|
|
value: xterm
|
|
- name: container
|
|
value: podman
|
|
image: userimage
|
|
name: test
|
|
resources: {}
|
|
status: {}
|
|
"
|
|
|
|
cat > $PODMAN_TMPDIR/Containerfile << _EOF
|
|
from $IMAGE
|
|
USER bin
|
|
_EOF
|
|
|
|
echo "$testUserYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
|
run_podman build -t userimage $PODMAN_TMPDIR
|
|
run_podman play kube --start=false $PODMAN_TMPDIR/test.yaml
|
|
run_podman inspect --format "{{ .Config.User }}" test_pod-test
|
|
is "$output" bin "expect container within pod to run as the bin user"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
run_podman rmi -f userimage:latest
|
|
}
|
|
|
|
@test "podman play --build --context-dir" {
|
|
skip_if_remote "--build is not supported in context remote"
|
|
testUserYaml="
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
labels:
|
|
app: test
|
|
name: test_pod
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- id
|
|
env:
|
|
- name: PATH
|
|
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
- name: TERM
|
|
value: xterm
|
|
- name: container
|
|
value: podman
|
|
image: quay.io/libpod/userimage
|
|
name: test
|
|
resources: {}
|
|
status: {}
|
|
"
|
|
|
|
mkdir -p $PODMAN_TMPDIR/userimage
|
|
cat > $PODMAN_TMPDIR/userimage/Containerfile << _EOF
|
|
from $IMAGE
|
|
USER bin
|
|
_EOF
|
|
|
|
echo "$testUserYaml" > $PODMAN_TMPDIR/test.yaml
|
|
run_podman 125 play kube --build --start=false $PODMAN_TMPDIR/test.yaml
|
|
run_podman play kube --replace --context-dir=$PODMAN_TMPDIR --build --start=false $PODMAN_TMPDIR/test.yaml
|
|
run_podman inspect --format "{{ .Config.User }}" test_pod-test
|
|
is "$output" bin "expect container within pod to run as the bin user"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
run_podman rmi -f userimage:latest
|
|
|
|
cd $PODMAN_TMPDIR
|
|
run_podman play kube --replace --build --start=false $PODMAN_TMPDIR/test.yaml
|
|
run_podman inspect --format "{{ .Config.User }}" test_pod-test
|
|
is "$output" bin "expect container within pod to run as the bin user"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
run_podman rmi -f userimage:latest
|
|
}
|
|
|
|
@test "podman play --annotation" {
|
|
TESTDIR=$PODMAN_TMPDIR/testdir
|
|
RANDOMSTRING=$(random_string 15)
|
|
mkdir -p $TESTDIR
|
|
echo "$testYaml" | sed "s|TESTDIR|${TESTDIR}|g" > $PODMAN_TMPDIR/test.yaml
|
|
run_podman play kube --annotation "name=$RANDOMSTRING" $PODMAN_TMPDIR/test.yaml
|
|
run_podman inspect --format "{{ .Config.Annotations }}" test_pod-test
|
|
is "$output" ".*name:$RANDOMSTRING" "Annotation should be added to pod"
|
|
|
|
run_podman stop -a -t 0
|
|
run_podman pod rm -t 0 -f test_pod
|
|
}
|