b0cb37fd |
package main
import (
"encoding/json" |
84aae5a2 |
"fmt" |
7107898d |
"os" |
abb5e9a0 |
"reflect" |
475c6531 |
"strings" |
b0cb37fd |
"time" |
321874f3 |
|
eeb6d0a7 |
"os/exec"
|
3e90b12d |
"io/ioutil"
|
9c2374d1 |
"github.com/docker/docker/pkg/nat" |
dc944ea7 |
"github.com/go-check/check" |
b0cb37fd |
)
// Make sure we can create a simple container with some args |
dc944ea7 |
func (s *DockerSuite) TestCreateArgs(c *check.C) { |
5c295460 |
out, _ := dockerCmd(c, "create", "busybox", "command", "arg1", "arg2", "arg with space") |
b0cb37fd |
|
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
b0cb37fd |
|
5c295460 |
out, _ = dockerCmd(c, "inspect", cleanedContainerID) |
b0cb37fd |
containers := []struct {
ID string
Created time.Time
Path string
Args []string
Image string
}{} |
6b858b59 |
if err := json.Unmarshal([]byte(out), &containers); err != nil { |
dc944ea7 |
c.Fatalf("Error inspecting the container: %s", err) |
b0cb37fd |
}
if len(containers) != 1 { |
dc944ea7 |
c.Fatalf("Unexpected container count. Expected 0, received: %d", len(containers)) |
b0cb37fd |
}
|
dc944ea7 |
cont := containers[0]
if cont.Path != "command" {
c.Fatalf("Unexpected container path. Expected command, received: %s", cont.Path) |
b0cb37fd |
}
b := false
expected := []string{"arg1", "arg2", "arg with space"}
for i, arg := range expected { |
dc944ea7 |
if arg != cont.Args[i] { |
b0cb37fd |
b = true
break
}
} |
dc944ea7 |
if len(cont.Args) != len(expected) || b {
c.Fatalf("Unexpected args. Expected %v, received: %v", expected, cont.Args) |
b0cb37fd |
}
}
// Make sure we can set hostconfig options too |
dc944ea7 |
func (s *DockerSuite) TestCreateHostConfig(c *check.C) { |
70407ce4 |
|
5c295460 |
out, _ := dockerCmd(c, "create", "-P", "busybox", "echo") |
b0cb37fd |
|
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
b0cb37fd |
|
5c295460 |
out, _ = dockerCmd(c, "inspect", cleanedContainerID) |
b0cb37fd |
containers := []struct {
HostConfig *struct {
PublishAllPorts bool
}
}{} |
6b858b59 |
if err := json.Unmarshal([]byte(out), &containers); err != nil { |
dc944ea7 |
c.Fatalf("Error inspecting the container: %s", err) |
b0cb37fd |
}
if len(containers) != 1 { |
dc944ea7 |
c.Fatalf("Unexpected container count. Expected 0, received: %d", len(containers)) |
b0cb37fd |
}
|
dc944ea7 |
cont := containers[0]
if cont.HostConfig == nil {
c.Fatalf("Expected HostConfig, got none") |
b0cb37fd |
}
|
dc944ea7 |
if !cont.HostConfig.PublishAllPorts {
c.Fatalf("Expected PublishAllPorts, got false") |
b0cb37fd |
}
}
|
dc944ea7 |
func (s *DockerSuite) TestCreateWithPortRange(c *check.C) { |
70407ce4 |
|
5c295460 |
out, _ := dockerCmd(c, "create", "-p", "3300-3303:3300-3303/tcp", "busybox", "echo") |
2338a9cf |
|
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
2338a9cf |
|
5c295460 |
out, _ = dockerCmd(c, "inspect", cleanedContainerID) |
2338a9cf |
containers := []struct {
HostConfig *struct {
PortBindings map[nat.Port][]nat.PortBinding
}
}{}
if err := json.Unmarshal([]byte(out), &containers); err != nil { |
dc944ea7 |
c.Fatalf("Error inspecting the container: %s", err) |
2338a9cf |
}
if len(containers) != 1 { |
dc944ea7 |
c.Fatalf("Unexpected container count. Expected 0, received: %d", len(containers)) |
2338a9cf |
}
|
dc944ea7 |
cont := containers[0]
if cont.HostConfig == nil {
c.Fatalf("Expected HostConfig, got none") |
2338a9cf |
}
|
dc944ea7 |
if len(cont.HostConfig.PortBindings) != 4 {
c.Fatalf("Expected 4 ports bindings, got %d", len(cont.HostConfig.PortBindings)) |
2338a9cf |
} |
dc944ea7 |
for k, v := range cont.HostConfig.PortBindings { |
2338a9cf |
if len(v) != 1 { |
dc944ea7 |
c.Fatalf("Expected 1 ports binding, for the port %s but found %s", k, v) |
2338a9cf |
}
if k.Port() != v[0].HostPort { |
dc944ea7 |
c.Fatalf("Expected host port %d to match published port %d", k.Port(), v[0].HostPort) |
2338a9cf |
}
}
}
|
dc944ea7 |
func (s *DockerSuite) TestCreateWithiLargePortRange(c *check.C) { |
70407ce4 |
|
5c295460 |
out, _ := dockerCmd(c, "create", "-p", "1-65535:1-65535/tcp", "busybox", "echo") |
2338a9cf |
|
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
2338a9cf |
|
5c295460 |
out, _ = dockerCmd(c, "inspect", cleanedContainerID) |
2338a9cf |
containers := []struct {
HostConfig *struct {
PortBindings map[nat.Port][]nat.PortBinding
}
}{}
if err := json.Unmarshal([]byte(out), &containers); err != nil { |
dc944ea7 |
c.Fatalf("Error inspecting the container: %s", err) |
2338a9cf |
}
if len(containers) != 1 { |
dc944ea7 |
c.Fatalf("Unexpected container count. Expected 0, received: %d", len(containers)) |
2338a9cf |
}
|
dc944ea7 |
cont := containers[0]
if cont.HostConfig == nil {
c.Fatalf("Expected HostConfig, got none") |
2338a9cf |
}
|
dc944ea7 |
if len(cont.HostConfig.PortBindings) != 65535 {
c.Fatalf("Expected 65535 ports bindings, got %d", len(cont.HostConfig.PortBindings)) |
2338a9cf |
} |
dc944ea7 |
for k, v := range cont.HostConfig.PortBindings { |
2338a9cf |
if len(v) != 1 { |
dc944ea7 |
c.Fatalf("Expected 1 ports binding, for the port %s but found %s", k, v) |
2338a9cf |
}
if k.Port() != v[0].HostPort { |
dc944ea7 |
c.Fatalf("Expected host port %d to match published port %d", k.Port(), v[0].HostPort) |
2338a9cf |
}
}
}
|
b0cb37fd |
// "test123" should be printed by docker create + start |
dc944ea7 |
func (s *DockerSuite) TestCreateEchoStdout(c *check.C) { |
70407ce4 |
|
5c295460 |
out, _ := dockerCmd(c, "create", "busybox", "echo", "test123") |
b0cb37fd |
|
475c6531 |
cleanedContainerID := strings.TrimSpace(out) |
b0cb37fd |
|
5c295460 |
out, _ = dockerCmd(c, "start", "-ai", cleanedContainerID) |
b0cb37fd |
if out != "test123\n" { |
dc944ea7 |
c.Errorf("container should've printed 'test123', got %q", out) |
b0cb37fd |
}
} |
7107898d |
|
dc944ea7 |
func (s *DockerSuite) TestCreateVolumesCreated(c *check.C) {
testRequires(c, SameHostDaemon) |
70407ce4 |
|
7107898d |
name := "test_create_volume" |
5c295460 |
dockerCmd(c, "create", "--name", name, "-v", "/foo", "busybox")
|
1c3cb2d3 |
dir, err := inspectMountSourceField(name, "/foo") |
7107898d |
if err != nil { |
dc944ea7 |
c.Fatalf("Error getting volume host path: %q", err) |
7107898d |
}
if _, err := os.Stat(dir); err != nil && os.IsNotExist(err) { |
dc944ea7 |
c.Fatalf("Volume was not created") |
7107898d |
}
if err != nil { |
dc944ea7 |
c.Fatalf("Error statting volume host path: %q", err) |
7107898d |
}
} |
abb5e9a0 |
|
dc944ea7 |
func (s *DockerSuite) TestCreateLabels(c *check.C) { |
abb5e9a0 |
name := "test_create_labels"
expected := map[string]string{"k1": "v1", "k2": "v2"} |
5c295460 |
dockerCmd(c, "create", "--name", name, "-l", "k1=v1", "--label", "k2=v2", "busybox") |
abb5e9a0 |
actual := make(map[string]string)
err := inspectFieldAndMarshall(name, "Config.Labels", &actual)
if err != nil { |
dc944ea7 |
c.Fatal(err) |
abb5e9a0 |
}
if !reflect.DeepEqual(expected, actual) { |
dc944ea7 |
c.Fatalf("Expected %s got %s", expected, actual) |
abb5e9a0 |
}
}
|
dc944ea7 |
func (s *DockerSuite) TestCreateLabelFromImage(c *check.C) { |
abb5e9a0 |
imageName := "testcreatebuildlabel"
_, err := buildImage(imageName,
`FROM busybox
LABEL k1=v1 k2=v2`,
true)
if err != nil { |
dc944ea7 |
c.Fatal(err) |
abb5e9a0 |
}
name := "test_create_labels_from_image" |
79621c77 |
expected := map[string]string{"k2": "x", "k3": "v3"} |
5c295460 |
dockerCmd(c, "create", "--name", name, "-l", "k2=x", "--label", "k3=v3", imageName) |
abb5e9a0 |
actual := make(map[string]string)
err = inspectFieldAndMarshall(name, "Config.Labels", &actual)
if err != nil { |
dc944ea7 |
c.Fatal(err) |
abb5e9a0 |
}
if !reflect.DeepEqual(expected, actual) { |
dc944ea7 |
c.Fatalf("Expected %s got %s", expected, actual) |
abb5e9a0 |
}
} |
2c24a8a4 |
|
dc944ea7 |
func (s *DockerSuite) TestCreateHostnameWithNumber(c *check.C) {
out, _ := dockerCmd(c, "run", "-h", "web.0", "busybox", "hostname") |
2c24a8a4 |
if strings.TrimSpace(out) != "web.0" { |
dc944ea7 |
c.Fatalf("hostname not set, expected `web.0`, got: %s", out) |
2c24a8a4 |
}
} |
012e588a |
func (s *DockerSuite) TestCreateRM(c *check.C) {
// Test to make sure we can 'rm' a new container that is in
// "Created" state, and has ever been run. Test "rm -f" too.
// create a container |
5c295460 |
out, _ := dockerCmd(c, "create", "busybox") |
012e588a |
cID := strings.TrimSpace(out)
|
5c295460 |
dockerCmd(c, "rm", cID) |
012e588a |
// Now do it again so we can "rm -f" this time |
5c295460 |
out, _ = dockerCmd(c, "create", "busybox") |
012e588a |
cID = strings.TrimSpace(out) |
5c295460 |
dockerCmd(c, "rm", "-f", cID) |
012e588a |
} |
84aae5a2 |
func (s *DockerSuite) TestCreateModeIpcContainer(c *check.C) {
testRequires(c, SameHostDaemon)
|
5c295460 |
out, _ := dockerCmd(c, "create", "busybox") |
84aae5a2 |
id := strings.TrimSpace(out)
|
5c295460 |
dockerCmd(c, "create", fmt.Sprintf("--ipc=container:%s", id), "busybox") |
84aae5a2 |
} |
1406cb35 |
func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) { |
871d2b96 |
repoName := s.setupTrustedImage(c, "trusted-create") |
1406cb35 |
// Try create
createCmd := exec.Command(dockerBinary, "create", repoName)
s.trustedCmd(createCmd) |
871d2b96 |
out, _, err := runCommandWithOutput(createCmd) |
1406cb35 |
if err != nil {
c.Fatalf("Error running trusted create: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Tagging") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
dockerCmd(c, "rmi", repoName)
// Try untrusted create to ensure we pushed the tag to the registry |
259cadb0 |
createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName) |
1406cb35 |
s.trustedCmd(createCmd)
out, _, err = runCommandWithOutput(createCmd)
if err != nil {
c.Fatalf("Error running trusted create: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Status: Downloaded") { |
259cadb0 |
c.Fatalf("Missing expected output on trusted create with --disable-content-trust:\n%s", out) |
1406cb35 |
}
}
func (s *DockerTrustSuite) TestUntrustedCreate(c *check.C) {
repoName := fmt.Sprintf("%v/dockercli/trusted:latest", privateRegistryURL)
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
dockerCmd(c, "push", repoName)
dockerCmd(c, "rmi", repoName)
// Try trusted create on untrusted tag
createCmd := exec.Command(dockerBinary, "create", repoName)
s.trustedCmd(createCmd)
out, _, err := runCommandWithOutput(createCmd)
if err == nil {
c.Fatalf("Error expected when running trusted create with:\n%s", out)
}
if !strings.Contains(string(out), "no trust data available") {
c.Fatalf("Missing expected output on trusted create:\n%s", out)
}
}
|
871d2b96 |
func (s *DockerTrustSuite) TestTrustedIsolatedCreate(c *check.C) {
repoName := s.setupTrustedImage(c, "trusted-isolated-create") |
1406cb35 |
|
871d2b96 |
// Try create
createCmd := exec.Command(dockerBinary, "--config", "/tmp/docker-isolated-create", "create", repoName)
s.trustedCmd(createCmd)
out, _, err := runCommandWithOutput(createCmd) |
1406cb35 |
if err != nil { |
871d2b96 |
c.Fatalf("Error running trusted create: %s\n%s", err, out) |
1406cb35 |
} |
871d2b96 |
if !strings.Contains(string(out), "Tagging") { |
1406cb35 |
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
dockerCmd(c, "rmi", repoName) |
871d2b96 |
}
func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) { |
83f6dbe3 |
c.Skip("Currently changes system time, causing instability") |
871d2b96 |
repoName := s.setupTrustedImage(c, "trusted-create-expired") |
1406cb35 |
// Certificates have 10 years of expiration
elevenYearsFromNow := time.Now().Add(time.Hour * 24 * 365 * 11)
runAtDifferentDate(elevenYearsFromNow, func() {
// Try create
createCmd := exec.Command(dockerBinary, "create", repoName)
s.trustedCmd(createCmd) |
871d2b96 |
out, _, err := runCommandWithOutput(createCmd) |
1406cb35 |
if err == nil {
c.Fatalf("Error running trusted create in the distant future: %s\n%s", err, out)
}
if !strings.Contains(string(out), "could not validate the path to a trusted root") {
c.Fatalf("Missing expected output on trusted create in the distant future:\n%s", out)
}
})
runAtDifferentDate(elevenYearsFromNow, func() {
// Try create |
259cadb0 |
createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName) |
1406cb35 |
s.trustedCmd(createCmd) |
871d2b96 |
out, _, err := runCommandWithOutput(createCmd) |
1406cb35 |
if err != nil {
c.Fatalf("Error running untrusted create in the distant future: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Status: Downloaded") {
c.Fatalf("Missing expected output on untrusted create in the distant future:\n%s", out)
}
})
} |
268fa5af |
func (s *DockerTrustSuite) TestTrustedCreateFromBadTrustServer(c *check.C) {
repoName := fmt.Sprintf("%v/dockerclievilcreate/trusted:latest", privateRegistryURL)
evilLocalConfigDir, err := ioutil.TempDir("", "evil-local-config-dir")
if err != nil {
c.Fatalf("Failed to create local temp dir")
}
// tag the image and upload it to the private registry
dockerCmd(c, "tag", "busybox", repoName)
pushCmd := exec.Command(dockerBinary, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err := runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error creating trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
dockerCmd(c, "rmi", repoName)
// Try create
createCmd := exec.Command(dockerBinary, "create", repoName)
s.trustedCmd(createCmd)
out, _, err = runCommandWithOutput(createCmd)
if err != nil {
c.Fatalf("Error creating trusted create: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Tagging") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
dockerCmd(c, "rmi", repoName)
// Kill the notary server, start a new "evil" one.
s.not.Close()
s.not, err = newTestNotary(c)
if err != nil {
c.Fatalf("Restarting notary server failed.")
}
// In order to make an evil server, lets re-init a client (with a different trust dir) and push new data.
// tag an image and upload it to the private registry
dockerCmd(c, "--config", evilLocalConfigDir, "tag", "busybox", repoName)
// Push up to the new server
pushCmd = exec.Command(dockerBinary, "--config", evilLocalConfigDir, "push", repoName)
s.trustedCmd(pushCmd)
out, _, err = runCommandWithOutput(pushCmd)
if err != nil {
c.Fatalf("Error creating trusted push: %s\n%s", err, out)
}
if !strings.Contains(string(out), "Signing and pushing trust metadata") {
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
// Now, try creating with the original client from this new trust server. This should fail.
createCmd = exec.Command(dockerBinary, "create", repoName)
s.trustedCmd(createCmd)
out, _, err = runCommandWithOutput(createCmd)
if err == nil {
c.Fatalf("Expected to fail on this create due to different remote data: %s\n%s", err, out)
}
|
3e90b12d |
if !strings.Contains(string(out), "failed to validate data with current trusted certificates") { |
268fa5af |
c.Fatalf("Missing expected output on trusted push:\n%s", out)
}
} |