- Join a few tests in one when it makes sense (reduce the number of
container run and thus the overall time of the suites)
- Remove some duplication on several tests
- Remove some unused methods
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,23 +0,0 @@ |
1 |
-package main |
|
2 |
- |
|
3 |
-import ( |
|
4 |
- "github.com/docker/docker/integration-cli/daemon" |
|
5 |
- "github.com/go-check/check" |
|
6 |
-) |
|
7 |
- |
|
8 |
-func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *daemon.Swarm { |
|
9 |
- s.daemonsLock.Lock() |
|
10 |
- defer s.daemonsLock.Unlock() |
|
11 |
- for _, d := range s.daemons { |
|
12 |
- if d.NodeID == nodeID { |
|
13 |
- return d |
|
14 |
- } |
|
15 |
- } |
|
16 |
- c.Fatalf("could not find node with id: %s", nodeID) |
|
17 |
- return nil |
|
18 |
-} |
|
19 |
- |
|
20 |
-// nodeCmd executes a command on a given node via the normal docker socket |
|
21 |
-func (s *DockerSwarmSuite) nodeCmd(c *check.C, id string, args ...string) (string, error) { |
|
22 |
- return s.getDaemon(c, id).Cmd(args...) |
|
23 |
-} |
24 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,23 @@ |
0 |
+package main |
|
1 |
+ |
|
2 |
+import ( |
|
3 |
+ "github.com/docker/docker/integration-cli/daemon" |
|
4 |
+ "github.com/go-check/check" |
|
5 |
+) |
|
6 |
+ |
|
7 |
+func (s *DockerSwarmSuite) getDaemon(c *check.C, nodeID string) *daemon.Swarm { |
|
8 |
+ s.daemonsLock.Lock() |
|
9 |
+ defer s.daemonsLock.Unlock() |
|
10 |
+ for _, d := range s.daemons { |
|
11 |
+ if d.NodeID == nodeID { |
|
12 |
+ return d |
|
13 |
+ } |
|
14 |
+ } |
|
15 |
+ c.Fatalf("could not find node with id: %s", nodeID) |
|
16 |
+ return nil |
|
17 |
+} |
|
18 |
+ |
|
19 |
+// nodeCmd executes a command on a given node via the normal docker socket |
|
20 |
+func (s *DockerSwarmSuite) nodeCmd(c *check.C, id string, args ...string) (string, error) { |
|
21 |
+ return s.getDaemon(c, id).Cmd(args...) |
|
22 |
+} |
... | ... |
@@ -564,32 +564,11 @@ func (s *DockerSuite) TestContainerAPICreateMultipleNetworksConfig(c *check.C) { |
564 | 564 |
} |
565 | 565 |
|
566 | 566 |
func (s *DockerSuite) TestContainerAPICreateWithHostName(c *check.C) { |
567 |
- hostName := "test-host" |
|
568 |
- config := map[string]interface{}{ |
|
569 |
- "Image": "busybox", |
|
570 |
- "Hostname": hostName, |
|
571 |
- } |
|
572 |
- |
|
573 |
- status, body, err := request.SockRequest("POST", "/containers/create", config, daemonHost()) |
|
574 |
- c.Assert(err, checker.IsNil) |
|
575 |
- c.Assert(status, checker.Equals, http.StatusCreated) |
|
576 |
- |
|
577 |
- var container containertypes.ContainerCreateCreatedBody |
|
578 |
- c.Assert(json.Unmarshal(body, &container), checker.IsNil) |
|
579 |
- |
|
580 |
- status, body, err = request.SockRequest("GET", "/containers/"+container.ID+"/json", nil, daemonHost()) |
|
581 |
- c.Assert(err, checker.IsNil) |
|
582 |
- c.Assert(status, checker.Equals, http.StatusOK) |
|
583 |
- |
|
584 |
- var containerJSON types.ContainerJSON |
|
585 |
- c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil) |
|
586 |
- c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname")) |
|
587 |
-} |
|
588 |
- |
|
589 |
-func (s *DockerSuite) TestContainerAPICreateWithDomainName(c *check.C) { |
|
590 | 567 |
domainName := "test-domain" |
568 |
+ hostName := "test-hostname" |
|
591 | 569 |
config := map[string]interface{}{ |
592 | 570 |
"Image": "busybox", |
571 |
+ "Hostname": hostName, |
|
593 | 572 |
"Domainname": domainName, |
594 | 573 |
} |
595 | 574 |
|
... | ... |
@@ -606,6 +585,7 @@ func (s *DockerSuite) TestContainerAPICreateWithDomainName(c *check.C) { |
606 | 606 |
|
607 | 607 |
var containerJSON types.ContainerJSON |
608 | 608 |
c.Assert(json.Unmarshal(body, &containerJSON), checker.IsNil) |
609 |
+ c.Assert(containerJSON.Config.Hostname, checker.Equals, hostName, check.Commentf("Mismatched Hostname")) |
|
609 | 610 |
c.Assert(containerJSON.Config.Domainname, checker.Equals, domainName, check.Commentf("Mismatched Domainname")) |
610 | 611 |
} |
611 | 612 |
|
... | ... |
@@ -2347,35 +2347,17 @@ func (s *DockerDaemonSuite) TestBuildOnDisabledBridgeNetworkDaemon(c *check.C) { |
2347 | 2347 |
} |
2348 | 2348 |
|
2349 | 2349 |
// Test case for #21976 |
2350 |
-func (s *DockerDaemonSuite) TestDaemonDNSInHostMode(c *check.C) { |
|
2350 |
+func (s *DockerDaemonSuite) TestDaemonDNSFlagsInHostMode(c *check.C) { |
|
2351 | 2351 |
testRequires(c, SameHostDaemon, DaemonIsLinux) |
2352 | 2352 |
|
2353 |
- s.d.StartWithBusybox(c, "--dns", "1.2.3.4") |
|
2353 |
+ s.d.StartWithBusybox(c, "--dns", "1.2.3.4", "--dns-search", "example.com", "--dns-opt", "timeout:3") |
|
2354 | 2354 |
|
2355 | 2355 |
expectedOutput := "nameserver 1.2.3.4" |
2356 | 2356 |
out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf") |
2357 | 2357 |
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out)) |
2358 |
-} |
|
2359 |
- |
|
2360 |
-// Test case for #21976 |
|
2361 |
-func (s *DockerDaemonSuite) TestDaemonDNSSearchInHostMode(c *check.C) { |
|
2362 |
- testRequires(c, SameHostDaemon, DaemonIsLinux) |
|
2363 |
- |
|
2364 |
- s.d.StartWithBusybox(c, "--dns-search", "example.com") |
|
2365 |
- |
|
2366 |
- expectedOutput := "search example.com" |
|
2367 |
- out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf") |
|
2358 |
+ expectedOutput = "search example.com" |
|
2368 | 2359 |
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out)) |
2369 |
-} |
|
2370 |
- |
|
2371 |
-// Test case for #21976 |
|
2372 |
-func (s *DockerDaemonSuite) TestDaemonDNSOptionsInHostMode(c *check.C) { |
|
2373 |
- testRequires(c, SameHostDaemon, DaemonIsLinux) |
|
2374 |
- |
|
2375 |
- s.d.StartWithBusybox(c, "--dns-opt", "timeout:3") |
|
2376 |
- |
|
2377 |
- expectedOutput := "options timeout:3" |
|
2378 |
- out, _ := s.d.Cmd("run", "--net=host", "busybox", "cat", "/etc/resolv.conf") |
|
2360 |
+ expectedOutput = "options timeout:3" |
|
2379 | 2361 |
c.Assert(out, checker.Contains, expectedOutput, check.Commentf("Expected '%s', but got %q", expectedOutput, out)) |
2380 | 2362 |
} |
2381 | 2363 |
|
... | ... |
@@ -8,26 +8,19 @@ import ( |
8 | 8 |
) |
9 | 9 |
|
10 | 10 |
func (s *DockerSuite) TestExperimentalVersionTrue(c *check.C) { |
11 |
- testRequires(c, ExperimentalDaemon) |
|
12 |
- |
|
13 |
- out, _ := dockerCmd(c, "version") |
|
14 |
- for _, line := range strings.Split(out, "\n") { |
|
15 |
- if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") { |
|
16 |
- c.Assert(line, checker.Matches, "*true") |
|
17 |
- return |
|
18 |
- } |
|
19 |
- } |
|
20 |
- |
|
21 |
- c.Fatal(`"Experimental" not found in version output`) |
|
11 |
+ testExperimentalInVersion(c, ExperimentalDaemon, "*true") |
|
22 | 12 |
} |
23 | 13 |
|
24 | 14 |
func (s *DockerSuite) TestExperimentalVersionFalse(c *check.C) { |
25 |
- testRequires(c, NotExperimentalDaemon) |
|
15 |
+ testExperimentalInVersion(c, NotExperimentalDaemon, "*false") |
|
16 |
+} |
|
26 | 17 |
|
18 |
+func testExperimentalInVersion(c *check.C, requirement func() bool, expectedValue string) { |
|
19 |
+ testRequires(c, requirement) |
|
27 | 20 |
out, _ := dockerCmd(c, "version") |
28 | 21 |
for _, line := range strings.Split(out, "\n") { |
29 | 22 |
if strings.HasPrefix(strings.TrimSpace(line), "Experimental:") { |
30 |
- c.Assert(line, checker.Matches, "*false") |
|
23 |
+ c.Assert(line, checker.Matches, expectedValue) |
|
31 | 24 |
return |
32 | 25 |
} |
33 | 26 |
} |
... | ... |
@@ -12,22 +12,6 @@ import ( |
12 | 12 |
"github.com/go-check/check" |
13 | 13 |
) |
14 | 14 |
|
15 |
-func waitForStatus(c *check.C, name string, prev string, expected string) { |
|
16 |
- prev = prev + "\n" |
|
17 |
- expected = expected + "\n" |
|
18 |
- for { |
|
19 |
- out, _ := dockerCmd(c, "inspect", "--format={{.State.Status}}", name) |
|
20 |
- if out == expected { |
|
21 |
- return |
|
22 |
- } |
|
23 |
- c.Check(out, checker.Equals, prev) |
|
24 |
- if out != prev { |
|
25 |
- return |
|
26 |
- } |
|
27 |
- time.Sleep(100 * time.Millisecond) |
|
28 |
- } |
|
29 |
-} |
|
30 |
- |
|
31 | 15 |
func waitForHealthStatus(c *check.C, name string, prev string, expected string) { |
32 | 16 |
prev = prev + "\n" |
33 | 17 |
expected = expected + "\n" |
... | ... |
@@ -17,40 +17,24 @@ import ( |
17 | 17 |
|
18 | 18 |
// This used to work, it test a log of PageSize-1 (gh#4851) |
19 | 19 |
func (s *DockerSuite) TestLogsContainerSmallerThanPage(c *check.C) { |
20 |
- testLen := 32767 |
|
21 |
- out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen)) |
|
22 |
- |
|
23 |
- id := strings.TrimSpace(out) |
|
24 |
- dockerCmd(c, "wait", id) |
|
25 |
- |
|
26 |
- out, _ = dockerCmd(c, "logs", id) |
|
27 |
- |
|
28 |
- c.Assert(out, checker.HasLen, testLen+1) |
|
20 |
+ testLogsContainerPagination(c, 32767) |
|
29 | 21 |
} |
30 | 22 |
|
31 | 23 |
// Regression test: When going over the PageSize, it used to panic (gh#4851) |
32 | 24 |
func (s *DockerSuite) TestLogsContainerBiggerThanPage(c *check.C) { |
33 |
- testLen := 32768 |
|
34 |
- out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen)) |
|
35 |
- |
|
36 |
- id := strings.TrimSpace(out) |
|
37 |
- dockerCmd(c, "wait", id) |
|
38 |
- |
|
39 |
- out, _ = dockerCmd(c, "logs", id) |
|
40 |
- |
|
41 |
- c.Assert(out, checker.HasLen, testLen+1) |
|
25 |
+ testLogsContainerPagination(c, 32768) |
|
42 | 26 |
} |
43 | 27 |
|
44 | 28 |
// Regression test: When going much over the PageSize, it used to block (gh#4851) |
45 | 29 |
func (s *DockerSuite) TestLogsContainerMuchBiggerThanPage(c *check.C) { |
46 |
- testLen := 33000 |
|
47 |
- out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen)) |
|
30 |
+ testLogsContainerPagination(c, 33000) |
|
31 |
+} |
|
48 | 32 |
|
33 |
+func testLogsContainerPagination(c *check.C, testLen int) { |
|
34 |
+ out, _ := dockerCmd(c, "run", "-d", "busybox", "sh", "-c", fmt.Sprintf("for i in $(seq 1 %d); do echo -n = >> a.a; done; echo >> a.a; cat a.a", testLen)) |
|
49 | 35 |
id := strings.TrimSpace(out) |
50 | 36 |
dockerCmd(c, "wait", id) |
51 |
- |
|
52 | 37 |
out, _ = dockerCmd(c, "logs", id) |
53 |
- |
|
54 | 38 |
c.Assert(out, checker.HasLen, testLen+1) |
55 | 39 |
} |
56 | 40 |
|
... | ... |
@@ -1854,13 +1854,20 @@ func (s *DockerSuite) TestRunInteractiveWithRestartPolicy(c *check.C) { |
1854 | 1854 |
} |
1855 | 1855 |
|
1856 | 1856 |
// Test for #2267 |
1857 |
-func (s *DockerSuite) TestRunWriteHostsFileAndNotCommit(c *check.C) { |
|
1858 |
- // Cannot run on Windows as Windows does not support diff. |
|
1857 |
+func (s *DockerSuite) TestRunWriteSpecialFilesAndNotCommit(c *check.C) { |
|
1858 |
+ // Cannot run on Windows as this files are not present in Windows |
|
1859 | 1859 |
testRequires(c, DaemonIsLinux) |
1860 |
- name := "writehosts" |
|
1861 |
- out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hosts && cat /etc/hosts") |
|
1860 |
+ |
|
1861 |
+ testRunWriteSpecialFilesAndNotCommit(c, "writehosts", "/etc/hosts") |
|
1862 |
+ testRunWriteSpecialFilesAndNotCommit(c, "writehostname", "/etc/hostname") |
|
1863 |
+ testRunWriteSpecialFilesAndNotCommit(c, "writeresolv", "/etc/resolv.conf") |
|
1864 |
+} |
|
1865 |
+ |
|
1866 |
+func testRunWriteSpecialFilesAndNotCommit(c *check.C, name, path string) { |
|
1867 |
+ command := fmt.Sprintf("echo test2267 >> %s && cat %s", path, path) |
|
1868 |
+ out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", command) |
|
1862 | 1869 |
if !strings.Contains(out, "test2267") { |
1863 |
- c.Fatal("/etc/hosts should contain 'test2267'") |
|
1870 |
+ c.Fatalf("%s should contain 'test2267'", path) |
|
1864 | 1871 |
} |
1865 | 1872 |
|
1866 | 1873 |
out, _ = dockerCmd(c, "diff", name) |
... | ... |
@@ -1897,38 +1904,6 @@ func sliceEq(a, b []string) bool { |
1897 | 1897 |
return true |
1898 | 1898 |
} |
1899 | 1899 |
|
1900 |
-// Test for #2267 |
|
1901 |
-func (s *DockerSuite) TestRunWriteHostnameFileAndNotCommit(c *check.C) { |
|
1902 |
- // Cannot run on Windows as Windows does not support diff. |
|
1903 |
- testRequires(c, DaemonIsLinux) |
|
1904 |
- name := "writehostname" |
|
1905 |
- out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/hostname && cat /etc/hostname") |
|
1906 |
- if !strings.Contains(out, "test2267") { |
|
1907 |
- c.Fatal("/etc/hostname should contain 'test2267'") |
|
1908 |
- } |
|
1909 |
- |
|
1910 |
- out, _ = dockerCmd(c, "diff", name) |
|
1911 |
- if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) { |
|
1912 |
- c.Fatal("diff should be empty") |
|
1913 |
- } |
|
1914 |
-} |
|
1915 |
- |
|
1916 |
-// Test for #2267 |
|
1917 |
-func (s *DockerSuite) TestRunWriteResolvFileAndNotCommit(c *check.C) { |
|
1918 |
- // Cannot run on Windows as Windows does not support diff. |
|
1919 |
- testRequires(c, DaemonIsLinux) |
|
1920 |
- name := "writeresolv" |
|
1921 |
- out, _ := dockerCmd(c, "run", "--name", name, "busybox", "sh", "-c", "echo test2267 >> /etc/resolv.conf && cat /etc/resolv.conf") |
|
1922 |
- if !strings.Contains(out, "test2267") { |
|
1923 |
- c.Fatal("/etc/resolv.conf should contain 'test2267'") |
|
1924 |
- } |
|
1925 |
- |
|
1926 |
- out, _ = dockerCmd(c, "diff", name) |
|
1927 |
- if len(strings.Trim(out, "\r\n")) != 0 && !eqToBaseDiff(out, c) { |
|
1928 |
- c.Fatal("diff should be empty") |
|
1929 |
- } |
|
1930 |
-} |
|
1931 |
- |
|
1932 | 1900 |
func (s *DockerSuite) TestRunWithBadDevice(c *check.C) { |
1933 | 1901 |
// Cannot run on Windows as Windows does not support --device |
1934 | 1902 |
testRequires(c, DaemonIsLinux) |
... | ... |
@@ -3453,38 +3428,14 @@ func (s *DockerSuite) TestRunContainerWithCgroupParent(c *check.C) { |
3453 | 3453 |
// Not applicable on Windows as uses Unix specific functionality |
3454 | 3454 |
testRequires(c, DaemonIsLinux) |
3455 | 3455 |
|
3456 |
- cgroupParent := "test" |
|
3457 |
- name := "cgroup-test" |
|
3456 |
+ // cgroup-parent relative path |
|
3457 |
+ testRunContainerWithCgroupParent(c, "test", "cgroup-test") |
|
3458 | 3458 |
|
3459 |
- out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup") |
|
3460 |
- if err != nil { |
|
3461 |
- c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) |
|
3462 |
- } |
|
3463 |
- cgroupPaths := testutil.ParseCgroupPaths(string(out)) |
|
3464 |
- if len(cgroupPaths) == 0 { |
|
3465 |
- c.Fatalf("unexpected output - %q", string(out)) |
|
3466 |
- } |
|
3467 |
- id, err := getIDByName(name) |
|
3468 |
- c.Assert(err, check.IsNil) |
|
3469 |
- expectedCgroup := path.Join(cgroupParent, id) |
|
3470 |
- found := false |
|
3471 |
- for _, path := range cgroupPaths { |
|
3472 |
- if strings.HasSuffix(path, expectedCgroup) { |
|
3473 |
- found = true |
|
3474 |
- break |
|
3475 |
- } |
|
3476 |
- } |
|
3477 |
- if !found { |
|
3478 |
- c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths) |
|
3479 |
- } |
|
3459 |
+ // cgroup-parent absolute path |
|
3460 |
+ testRunContainerWithCgroupParent(c, "/cgroup-parent/test", "cgroup-test-absolute") |
|
3480 | 3461 |
} |
3481 | 3462 |
|
3482 |
-func (s *DockerSuite) TestRunContainerWithCgroupParentAbsPath(c *check.C) { |
|
3483 |
- // Not applicable on Windows as uses Unix specific functionality |
|
3484 |
- testRequires(c, DaemonIsLinux) |
|
3485 |
- |
|
3486 |
- cgroupParent := "/cgroup-parent/test" |
|
3487 |
- name := "cgroup-test" |
|
3463 |
+func testRunContainerWithCgroupParent(c *check.C, cgroupParent, name string) { |
|
3488 | 3464 |
out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup") |
3489 | 3465 |
if err != nil { |
3490 | 3466 |
c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) |
... | ... |
@@ -3513,49 +3464,12 @@ func (s *DockerSuite) TestRunInvalidCgroupParent(c *check.C) { |
3513 | 3513 |
// Not applicable on Windows as uses Unix specific functionality |
3514 | 3514 |
testRequires(c, DaemonIsLinux) |
3515 | 3515 |
|
3516 |
- cgroupParent := "../../../../../../../../SHOULD_NOT_EXIST" |
|
3517 |
- cleanCgroupParent := "SHOULD_NOT_EXIST" |
|
3518 |
- name := "cgroup-invalid-test" |
|
3516 |
+ testRunInvalidCgroupParent(c, "../../../../../../../../SHOULD_NOT_EXIST", "SHOULD_NOT_EXIST", "cgroup-invalid-test") |
|
3519 | 3517 |
|
3520 |
- out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup") |
|
3521 |
- if err != nil { |
|
3522 |
- // XXX: This may include a daemon crash. |
|
3523 |
- c.Fatalf("unexpected failure when running container with --cgroup-parent option - %s\n%v", string(out), err) |
|
3524 |
- } |
|
3525 |
- |
|
3526 |
- // We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue. |
|
3527 |
- if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) { |
|
3528 |
- c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!") |
|
3529 |
- } |
|
3530 |
- |
|
3531 |
- cgroupPaths := testutil.ParseCgroupPaths(string(out)) |
|
3532 |
- if len(cgroupPaths) == 0 { |
|
3533 |
- c.Fatalf("unexpected output - %q", string(out)) |
|
3534 |
- } |
|
3535 |
- id, err := getIDByName(name) |
|
3536 |
- c.Assert(err, check.IsNil) |
|
3537 |
- expectedCgroup := path.Join(cleanCgroupParent, id) |
|
3538 |
- found := false |
|
3539 |
- for _, path := range cgroupPaths { |
|
3540 |
- if strings.HasSuffix(path, expectedCgroup) { |
|
3541 |
- found = true |
|
3542 |
- break |
|
3543 |
- } |
|
3544 |
- } |
|
3545 |
- if !found { |
|
3546 |
- c.Fatalf("unexpected cgroup paths. Expected at least one cgroup path to have suffix %q. Cgroup Paths: %v", expectedCgroup, cgroupPaths) |
|
3547 |
- } |
|
3518 |
+ testRunInvalidCgroupParent(c, "/../../../../../../../../SHOULD_NOT_EXIST", "/SHOULD_NOT_EXIST", "cgroup-absolute-invalid-test") |
|
3548 | 3519 |
} |
3549 | 3520 |
|
3550 |
-// TestRunInvalidCgroupParent checks that a specially-crafted cgroup parent doesn't cause Docker to crash or start modifying /. |
|
3551 |
-func (s *DockerSuite) TestRunAbsoluteInvalidCgroupParent(c *check.C) { |
|
3552 |
- // Not applicable on Windows as uses Unix specific functionality |
|
3553 |
- testRequires(c, DaemonIsLinux) |
|
3554 |
- |
|
3555 |
- cgroupParent := "/../../../../../../../../SHOULD_NOT_EXIST" |
|
3556 |
- cleanCgroupParent := "/SHOULD_NOT_EXIST" |
|
3557 |
- name := "cgroup-absolute-invalid-test" |
|
3558 |
- |
|
3521 |
+func testRunInvalidCgroupParent(c *check.C, cgroupParent, cleanCgroupParent, name string) { |
|
3559 | 3522 |
out, _, err := dockerCmdWithError("run", "--cgroup-parent", cgroupParent, "--name", name, "busybox", "cat", "/proc/self/cgroup") |
3560 | 3523 |
if err != nil { |
3561 | 3524 |
// XXX: This may include a daemon crash. |
... | ... |
@@ -3564,7 +3478,7 @@ func (s *DockerSuite) TestRunAbsoluteInvalidCgroupParent(c *check.C) { |
3564 | 3564 |
|
3565 | 3565 |
// We expect "/SHOULD_NOT_EXIST" to not exist. If not, we have a security issue. |
3566 | 3566 |
if _, err := os.Stat("/SHOULD_NOT_EXIST"); err == nil || !os.IsNotExist(err) { |
3567 |
- c.Fatalf("SECURITY: --cgroup-parent with /../../ garbage paths cause files to be created in the host (this is bad) !!") |
|
3567 |
+ c.Fatalf("SECURITY: --cgroup-parent with ../../ relative paths cause files to be created in the host (this is bad) !!") |
|
3568 | 3568 |
} |
3569 | 3569 |
|
3570 | 3570 |
cgroupPaths := testutil.ParseCgroupPaths(string(out)) |
... | ... |
@@ -132,60 +132,3 @@ func (s *DockerSwarmSuite) TestServiceHealthStart(c *check.C) { |
132 | 132 |
return task.Status.State, nil |
133 | 133 |
}, checker.Equals, swarm.TaskStateRunning) |
134 | 134 |
} |
135 |
- |
|
136 |
-// start a service whose task is unhealthy at beginning |
|
137 |
-// its tasks should be blocked in starting stage, until health check is passed |
|
138 |
-func (s *DockerSwarmSuite) TestServiceHealthUpdate(c *check.C) { |
|
139 |
- testRequires(c, DaemonIsLinux) // busybox doesn't work on Windows |
|
140 |
- |
|
141 |
- d := s.AddDaemon(c, true, true) |
|
142 |
- |
|
143 |
- // service started from this image won't pass health check |
|
144 |
- imageName := "testhealth" |
|
145 |
- _, _, err := d.BuildImageWithOut(imageName, |
|
146 |
- `FROM busybox |
|
147 |
- HEALTHCHECK --interval=1s --timeout=1s --retries=1024\ |
|
148 |
- CMD cat /status`, |
|
149 |
- true) |
|
150 |
- c.Check(err, check.IsNil) |
|
151 |
- |
|
152 |
- serviceName := "healthServiceStart" |
|
153 |
- out, err := d.Cmd("service", "create", "--name", serviceName, imageName, "top") |
|
154 |
- c.Assert(err, checker.IsNil, check.Commentf(out)) |
|
155 |
- id := strings.TrimSpace(out) |
|
156 |
- |
|
157 |
- var tasks []swarm.Task |
|
158 |
- waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { |
|
159 |
- tasks = d.GetServiceTasks(c, id) |
|
160 |
- return tasks, nil |
|
161 |
- }, checker.HasLen, 1) |
|
162 |
- |
|
163 |
- task := tasks[0] |
|
164 |
- |
|
165 |
- // wait for task to start |
|
166 |
- waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { |
|
167 |
- task = d.GetTask(c, task.ID) |
|
168 |
- return task.Status.State, nil |
|
169 |
- }, checker.Equals, swarm.TaskStateStarting) |
|
170 |
- |
|
171 |
- containerID := task.Status.ContainerStatus.ContainerID |
|
172 |
- |
|
173 |
- // wait for health check to work |
|
174 |
- waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { |
|
175 |
- out, _ := d.Cmd("inspect", "--format={{.State.Health.FailingStreak}}", containerID) |
|
176 |
- failingStreak, _ := strconv.Atoi(strings.TrimSpace(out)) |
|
177 |
- return failingStreak, nil |
|
178 |
- }, checker.GreaterThan, 0) |
|
179 |
- |
|
180 |
- // task should be blocked at starting status |
|
181 |
- task = d.GetTask(c, task.ID) |
|
182 |
- c.Assert(task.Status.State, check.Equals, swarm.TaskStateStarting) |
|
183 |
- |
|
184 |
- // make it healthy |
|
185 |
- d.Cmd("exec", containerID, "touch", "/status") |
|
186 |
- // Task should be at running status |
|
187 |
- waitAndAssert(c, defaultReconciliationTimeout, func(c *check.C) (interface{}, check.CommentInterface) { |
|
188 |
- task = d.GetTask(c, task.ID) |
|
189 |
- return task.Status.State, nil |
|
190 |
- }, checker.Equals, swarm.TaskStateRunning) |
|
191 |
-} |
... | ... |
@@ -12,29 +12,22 @@ import ( |
12 | 12 |
"github.com/go-check/check" |
13 | 13 |
) |
14 | 14 |
|
15 |
+// ensure Kernel version is >= v3.9 for macvlan support |
|
15 | 16 |
func macvlanKernelSupport() bool { |
16 |
- const macvlanKernelVer = 3 // minimum macvlan kernel support |
|
17 |
- const macvlanMajorVer = 9 // minimum macvlan major kernel support |
|
18 |
- kv, err := kernel.GetKernelVersion() |
|
19 |
- if err != nil { |
|
20 |
- return false |
|
21 |
- } |
|
22 |
- // ensure Kernel version is >= v3.9 for macvlan support |
|
23 |
- if kv.Kernel < macvlanKernelVer || (kv.Kernel == macvlanKernelVer && kv.Major < macvlanMajorVer) { |
|
24 |
- return false |
|
25 |
- } |
|
26 |
- return true |
|
17 |
+ return checkKernelMajorVersionGreaterOrEqualThen(3, 9) |
|
27 | 18 |
} |
28 | 19 |
|
20 |
+// ensure Kernel version is >= v4.2 for ipvlan support |
|
29 | 21 |
func ipvlanKernelSupport() bool { |
30 |
- const ipvlanKernelVer = 4 // minimum ipvlan kernel support |
|
31 |
- const ipvlanMajorVer = 2 // minimum ipvlan major kernel support |
|
22 |
+ return checkKernelMajorVersionGreaterOrEqualThen(4, 2) |
|
23 |
+} |
|
24 |
+ |
|
25 |
+func checkKernelMajorVersionGreaterOrEqualThen(kernelVersion int, majorVersion int) bool { |
|
32 | 26 |
kv, err := kernel.GetKernelVersion() |
33 | 27 |
if err != nil { |
34 | 28 |
return false |
35 | 29 |
} |
36 |
- // ensure Kernel version is >= v4.2 for ipvlan support |
|
37 |
- if kv.Kernel < ipvlanKernelVer || (kv.Kernel == ipvlanKernelVer && kv.Major < ipvlanMajorVer) { |
|
30 |
+ if kv.Kernel < kernelVersion || (kv.Kernel == kernelVersion && kv.Major < majorVersion) { |
|
38 | 31 |
return false |
39 | 32 |
} |
40 | 33 |
return true |
... | ... |
@@ -251,7 +251,7 @@ func (s *DockerTrustSuite) setupTrustedplugin(c *check.C, source, name string) s |
251 | 251 |
return repoName |
252 | 252 |
} |
253 | 253 |
|
254 |
-func notaryClientEnv(cmd *exec.Cmd) { |
|
254 |
+func (s *DockerTrustSuite) notaryCmd(c *check.C, args ...string) string { |
|
255 | 255 |
pwd := "12345678" |
256 | 256 |
env := []string{ |
257 | 257 |
fmt.Sprintf("NOTARY_ROOT_PASSPHRASE=%s", pwd), |
... | ... |
@@ -259,16 +259,16 @@ func notaryClientEnv(cmd *exec.Cmd) { |
259 | 259 |
fmt.Sprintf("NOTARY_SNAPSHOT_PASSPHRASE=%s", pwd), |
260 | 260 |
fmt.Sprintf("NOTARY_DELEGATION_PASSPHRASE=%s", pwd), |
261 | 261 |
} |
262 |
- cmd.Env = append(os.Environ(), env...) |
|
262 |
+ result := icmd.RunCmd(icmd.Cmd{ |
|
263 |
+ Command: append([]string{notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json")}, args...), |
|
264 |
+ Env: append(os.Environ(), env...), |
|
265 |
+ }) |
|
266 |
+ result.Assert(c, icmd.Success) |
|
267 |
+ return result.Combined() |
|
263 | 268 |
} |
264 | 269 |
|
265 | 270 |
func (s *DockerTrustSuite) notaryInitRepo(c *check.C, repoName string) { |
266 |
- initCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "init", repoName) |
|
267 |
- notaryClientEnv(initCmd) |
|
268 |
- out, _, err := runCommandWithOutput(initCmd) |
|
269 |
- if err != nil { |
|
270 |
- c.Fatalf("Error initializing notary repository: %s\n", out) |
|
271 |
- } |
|
271 |
+ s.notaryCmd(c, "init", repoName) |
|
272 | 272 |
} |
273 | 273 |
|
274 | 274 |
func (s *DockerTrustSuite) notaryCreateDelegation(c *check.C, repoName, role string, pubKey string, paths ...string) { |
... | ... |
@@ -277,42 +277,19 @@ func (s *DockerTrustSuite) notaryCreateDelegation(c *check.C, repoName, role str |
277 | 277 |
pathsArg = "--paths=" + strings.Join(paths, ",") |
278 | 278 |
} |
279 | 279 |
|
280 |
- delgCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), |
|
281 |
- "delegation", "add", repoName, role, pubKey, pathsArg) |
|
282 |
- notaryClientEnv(delgCmd) |
|
283 |
- out, _, err := runCommandWithOutput(delgCmd) |
|
284 |
- if err != nil { |
|
285 |
- c.Fatalf("Error adding %s role to notary repository: %s\n", role, out) |
|
286 |
- } |
|
280 |
+ s.notaryCmd(c, "delegation", "add", repoName, role, pubKey, pathsArg) |
|
287 | 281 |
} |
288 | 282 |
|
289 | 283 |
func (s *DockerTrustSuite) notaryPublish(c *check.C, repoName string) { |
290 |
- pubCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "publish", repoName) |
|
291 |
- notaryClientEnv(pubCmd) |
|
292 |
- out, _, err := runCommandWithOutput(pubCmd) |
|
293 |
- if err != nil { |
|
294 |
- c.Fatalf("Error publishing notary repository: %s\n", out) |
|
295 |
- } |
|
284 |
+ s.notaryCmd(c, "publish", repoName) |
|
296 | 285 |
} |
297 | 286 |
|
298 | 287 |
func (s *DockerTrustSuite) notaryImportKey(c *check.C, repoName, role string, privKey string) { |
299 |
- impCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "key", |
|
300 |
- "import", privKey, "-g", repoName, "-r", role) |
|
301 |
- notaryClientEnv(impCmd) |
|
302 |
- out, _, err := runCommandWithOutput(impCmd) |
|
303 |
- if err != nil { |
|
304 |
- c.Fatalf("Error importing key to notary repository: %s\n", out) |
|
305 |
- } |
|
288 |
+ s.notaryCmd(c, "key", "import", privKey, "-g", repoName, "-r", role) |
|
306 | 289 |
} |
307 | 290 |
|
308 | 291 |
func (s *DockerTrustSuite) notaryListTargetsInRole(c *check.C, repoName, role string) map[string]string { |
309 |
- listCmd := exec.Command(notaryBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "list", |
|
310 |
- repoName, "-r", role) |
|
311 |
- notaryClientEnv(listCmd) |
|
312 |
- out, _, err := runCommandWithOutput(listCmd) |
|
313 |
- if err != nil { |
|
314 |
- c.Fatalf("Error listing targets in notary repository: %s\n", out) |
|
315 |
- } |
|
292 |
+ out := s.notaryCmd(c, "list", repoName, "-r", role) |
|
316 | 293 |
|
317 | 294 |
// should look something like: |
318 | 295 |
// NAME DIGEST SIZE (BYTES) ROLE |