mirror of
https://github.com/moby/moby.git
synced 2026-01-11 18:51:37 +00:00
Merge pull request #51451 from thaJeztah/test_adjustments
assorted test-changes in preparation of updating integration-cli CLI version
This commit is contained in:
Paweł Gronowski
@@ -195,6 +195,6 @@ func (s *DockerCLIAttachSuite) TestAttachPausedContainer(c *testing.T) {
|
||||
result.Assert(c, icmd.Expected{
|
||||
Error: "exit status 1",
|
||||
ExitCode: 1,
|
||||
Err: "You cannot attach to a paused container, unpause it first",
|
||||
Err: "cannot attach to a paused container",
|
||||
})
|
||||
}
|
||||
|
||||
@@ -1044,96 +1044,87 @@ func (s *DockerCLIBuildSuite) TestBuildAddBadLinksVolume(c *testing.T) {
|
||||
// Issue #5270 - ensure we throw a better error than "unexpected EOF"
|
||||
// when we can't access files in the context.
|
||||
func (s *DockerCLIBuildSuite) TestBuildWithInaccessibleFilesInContext(c *testing.T) {
|
||||
t := c
|
||||
testRequires(c, DaemonIsLinux, UnixCli, testEnv.IsLocalDaemon) // test uses chown/chmod: not available on windows
|
||||
|
||||
{
|
||||
t.Run("inaccessible files", func(t *testing.T) {
|
||||
const name = "testbuildinaccessiblefiles"
|
||||
ctx := fakecontext.New(c, "",
|
||||
buildCTX := fakecontext.New(t, "",
|
||||
fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
|
||||
fakecontext.WithFiles(map[string]string{"fileWithoutReadAccess": "foo"}),
|
||||
)
|
||||
defer ctx.Close()
|
||||
defer buildCTX.Close()
|
||||
// This is used to ensure we detect inaccessible files early during build in the cli client
|
||||
pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
|
||||
pathToFileWithoutReadAccess := filepath.Join(buildCTX.Dir, "fileWithoutReadAccess")
|
||||
|
||||
if err := os.Chown(pathToFileWithoutReadAccess, 0, 0); err != nil {
|
||||
c.Fatalf("failed to chown file to root: %s", err)
|
||||
t.Fatalf("failed to chown file to root: %s", err)
|
||||
}
|
||||
if err := os.Chmod(pathToFileWithoutReadAccess, 0o700); err != nil {
|
||||
c.Fatalf("failed to chmod file to 700: %s", err)
|
||||
t.Fatalf("failed to chmod file to 700: %s", err)
|
||||
}
|
||||
result := icmd.RunCmd(icmd.Cmd{
|
||||
Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)},
|
||||
Dir: ctx.Dir,
|
||||
Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("DOCKER_BUILDKIT=0 %s build -t %s .", dockerBinary, name)},
|
||||
Dir: buildCTX.Dir,
|
||||
})
|
||||
if result.Error == nil {
|
||||
c.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
|
||||
t.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
|
||||
}
|
||||
|
||||
// check if we've detected the failure before we started building
|
||||
if !strings.Contains(result.Combined(), "no permission to read from ") {
|
||||
c.Fatalf("output should've contained the string: no permission to read from but contained: %s", result.Combined())
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Combined(), "error checking context") {
|
||||
c.Fatalf("output should've contained the string: error checking context")
|
||||
}
|
||||
}
|
||||
{
|
||||
assert.Check(t, is.Contains(result.Combined(), "no permission to read from"))
|
||||
assert.Check(t, is.Contains(result.Combined(), "checking context"))
|
||||
})
|
||||
t.Run("inaccessible directory", func(t *testing.T) {
|
||||
const name = "testbuildinaccessibledirectory"
|
||||
ctx := fakecontext.New(c, "",
|
||||
buildCTX := fakecontext.New(t, "",
|
||||
fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
|
||||
fakecontext.WithFiles(map[string]string{"directoryWeCantStat/bar": "foo"}),
|
||||
)
|
||||
defer ctx.Close()
|
||||
defer buildCTX.Close()
|
||||
// This is used to ensure we detect inaccessible directories early during build in the cli client
|
||||
pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
|
||||
pathToDirectoryWithoutReadAccess := filepath.Join(buildCTX.Dir, "directoryWeCantStat")
|
||||
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
|
||||
|
||||
if err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
|
||||
c.Fatalf("failed to chown directory to root: %s", err)
|
||||
t.Fatalf("failed to chown directory to root: %s", err)
|
||||
}
|
||||
if err := os.Chmod(pathToDirectoryWithoutReadAccess, 0o444); err != nil {
|
||||
c.Fatalf("failed to chmod directory to 444: %s", err)
|
||||
t.Fatalf("failed to chmod directory to 444: %s", err)
|
||||
}
|
||||
if err := os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0o700); err != nil {
|
||||
c.Fatalf("failed to chmod file to 700: %s", err)
|
||||
t.Fatalf("failed to chmod file to 700: %s", err)
|
||||
}
|
||||
|
||||
result := icmd.RunCmd(icmd.Cmd{
|
||||
Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name)},
|
||||
Dir: ctx.Dir,
|
||||
Command: []string{"su", "unprivilegeduser", "-c", fmt.Sprintf("DOCKER_BUILDKIT=0 %s build -t %s .", dockerBinary, name)},
|
||||
Dir: buildCTX.Dir,
|
||||
})
|
||||
if result.Error == nil {
|
||||
c.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
|
||||
t.Fatalf("build should have failed: %s %s", result.Error, result.Combined())
|
||||
}
|
||||
|
||||
// check if we've detected the failure before we started building
|
||||
if !strings.Contains(result.Combined(), "can't stat") {
|
||||
c.Fatalf("output should've contained the string: can't access %s", result.Combined())
|
||||
}
|
||||
|
||||
if !strings.Contains(result.Combined(), "error checking context") {
|
||||
c.Fatalf("output should've contained the string: error checking context\ngot:%s", result.Combined())
|
||||
}
|
||||
}
|
||||
{
|
||||
assert.Check(t, is.Contains(result.Combined(), "can't stat"))
|
||||
assert.Check(t, is.Contains(result.Combined(), "checking context"))
|
||||
})
|
||||
t.Run("links OK", func(t *testing.T) {
|
||||
const name = "testlinksok"
|
||||
ctx := fakecontext.New(c, "", fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"))
|
||||
defer ctx.Close()
|
||||
buildCTX := fakecontext.New(t, "", fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"))
|
||||
defer buildCTX.Close()
|
||||
|
||||
target := "../../../../../../../../../../../../../../../../../../../azA"
|
||||
if err := os.Symlink(filepath.Join(ctx.Dir, "g"), target); err != nil {
|
||||
c.Fatal(err)
|
||||
if err := os.Symlink(filepath.Join(buildCTX.Dir, "g"), target); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer os.Remove(target)
|
||||
// This is used to ensure we don't follow links when checking if everything in the context is accessible
|
||||
// This test doesn't require that we run commands as an unprivileged user
|
||||
cli.BuildCmd(c, name, build.WithExternalBuildContext(ctx))
|
||||
}
|
||||
{
|
||||
cli.BuildCmd(t, name, build.WithExternalBuildContext(buildCTX))
|
||||
})
|
||||
t.Run("inaccessible ignored files", func(t *testing.T) {
|
||||
const name = "testbuildignoredinaccessible"
|
||||
ctx := fakecontext.New(c, "",
|
||||
ctx := fakecontext.New(t, "",
|
||||
fakecontext.WithDockerfile("FROM scratch\nADD . /foo/"),
|
||||
fakecontext.WithFiles(map[string]string{
|
||||
"directoryWeCantStat/bar": "foo",
|
||||
@@ -1145,24 +1136,24 @@ func (s *DockerCLIBuildSuite) TestBuildWithInaccessibleFilesInContext(c *testing
|
||||
pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
|
||||
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
|
||||
if err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0); err != nil {
|
||||
c.Fatalf("failed to chown directory to root: %s", err)
|
||||
t.Fatalf("failed to chown directory to root: %s", err)
|
||||
}
|
||||
if err := os.Chmod(pathToDirectoryWithoutReadAccess, 0o444); err != nil {
|
||||
c.Fatalf("failed to chmod directory to 444: %s", err)
|
||||
t.Fatalf("failed to chmod directory to 444: %s", err)
|
||||
}
|
||||
if err := os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0o700); err != nil {
|
||||
c.Fatalf("failed to chmod file to 700: %s", err)
|
||||
t.Fatalf("failed to chmod file to 700: %s", err)
|
||||
}
|
||||
|
||||
result := icmd.RunCmd(icmd.Cmd{
|
||||
Dir: ctx.Dir,
|
||||
Command: []string{
|
||||
"su", "unprivilegeduser", "-c",
|
||||
fmt.Sprintf("%s build -t %s .", dockerBinary, name),
|
||||
fmt.Sprintf("DOCKER_BUILDKIT=0 %s build -t %s .", dockerBinary, name),
|
||||
},
|
||||
})
|
||||
result.Assert(c, icmd.Expected{})
|
||||
}
|
||||
result.Assert(t, icmd.Success)
|
||||
})
|
||||
}
|
||||
|
||||
func (s *DockerCLIBuildSuite) TestBuildForceRm(c *testing.T) {
|
||||
@@ -1178,9 +1169,7 @@ func (s *DockerCLIBuildSuite) TestBuildForceRm(c *testing.T) {
|
||||
}
|
||||
|
||||
containerCountAfter := getContainerCount(c)
|
||||
if containerCountBefore != containerCountAfter {
|
||||
c.Fatalf("--force-rm shouldn't have left containers behind")
|
||||
}
|
||||
assert.Check(c, is.Equal(containerCountBefore, containerCountAfter), "--force-rm shouldn't have left containers behind")
|
||||
}
|
||||
|
||||
func (s *DockerCLIBuildSuite) TestBuildRm(c *testing.T) {
|
||||
|
||||
@@ -25,45 +25,35 @@ func (s *DockerCLICommitSuite) OnTimeout(t *testing.T) {
|
||||
|
||||
func (s *DockerCLICommitSuite) TestCommitAfterContainerIsDone(c *testing.T) {
|
||||
skip.If(c, RuntimeIsWindowsContainerd(), "FIXME: Broken on Windows + containerd combination")
|
||||
out := cli.DockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo").Combined()
|
||||
|
||||
cleanedContainerID := strings.TrimSpace(out)
|
||||
|
||||
cli.DockerCmd(c, "wait", cleanedContainerID)
|
||||
|
||||
out = cli.DockerCmd(c, "commit", cleanedContainerID).Combined()
|
||||
|
||||
cleanedImageID := strings.TrimSpace(out)
|
||||
|
||||
cli.DockerCmd(c, "inspect", cleanedImageID)
|
||||
cID := cli.DockerCmd(c, "run", "-d", "busybox", "echo", c.Name()).Combined()
|
||||
cID = strings.TrimSpace(cID)
|
||||
imageID := cli.DockerCmd(c, "commit", cID).Combined()
|
||||
imageID = strings.TrimSpace(imageID)
|
||||
cli.DockerCmd(c, "inspect", imageID)
|
||||
}
|
||||
|
||||
func (s *DockerCLICommitSuite) TestCommitWithoutPause(c *testing.T) {
|
||||
testRequires(c, DaemonIsLinux)
|
||||
out := cli.DockerCmd(c, "run", "-i", "-a", "stdin", "busybox", "echo", "foo").Combined()
|
||||
|
||||
cleanedContainerID := strings.TrimSpace(out)
|
||||
|
||||
cli.DockerCmd(c, "wait", cleanedContainerID)
|
||||
|
||||
out = cli.DockerCmd(c, "commit", "-p=false", cleanedContainerID).Combined()
|
||||
|
||||
cleanedImageID := strings.TrimSpace(out)
|
||||
|
||||
cli.DockerCmd(c, "inspect", cleanedImageID)
|
||||
cID := cli.DockerCmd(c, "run", "-dit", "busybox").Combined()
|
||||
cID = strings.TrimSpace(cID)
|
||||
imageID := cli.DockerCmd(c, "commit", "-p=false", cID).Combined()
|
||||
imageID = strings.TrimSpace(imageID)
|
||||
cli.DockerCmd(c, "inspect", imageID)
|
||||
}
|
||||
|
||||
// TestCommitPausedContainer tests that a paused container is not unpaused after being committed
|
||||
func (s *DockerCLICommitSuite) TestCommitPausedContainer(c *testing.T) {
|
||||
testRequires(c, DaemonIsLinux)
|
||||
containerID := cli.DockerCmd(c, "run", "-i", "-d", "busybox").Stdout()
|
||||
containerID = strings.TrimSpace(containerID)
|
||||
cID := cli.DockerCmd(c, "run", "-dit", "busybox").Combined()
|
||||
cID = strings.TrimSpace(cID)
|
||||
cli.DockerCmd(c, "pause", cID)
|
||||
|
||||
cli.DockerCmd(c, "pause", containerID)
|
||||
cli.DockerCmd(c, "commit", containerID)
|
||||
imageID := cli.DockerCmd(c, "commit", cID).Combined()
|
||||
imageID = strings.TrimSpace(imageID)
|
||||
cli.DockerCmd(c, "inspect", imageID)
|
||||
|
||||
out := inspectField(c, containerID, "State.Paused")
|
||||
// commit should not unpause a paused container
|
||||
out := inspectField(c, cID, "State.Paused")
|
||||
assert.Assert(c, is.Contains(out, "true"))
|
||||
}
|
||||
|
||||
|
||||
@@ -1052,6 +1052,8 @@ func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *testing.T
|
||||
s.d.StartWithBusybox(testutil.GetContext(c), c, "--bip", bridgeRange)
|
||||
defer s.d.Restart(c)
|
||||
|
||||
apiClient := s.d.NewClientT(c)
|
||||
|
||||
var cont int
|
||||
for {
|
||||
contName := fmt.Sprintf("container%d", cont)
|
||||
@@ -1060,9 +1062,14 @@ func (s *DockerDaemonSuite) TestBridgeIPIsExcludedFromAllocatorPool(c *testing.T
|
||||
// pool exhausted
|
||||
break
|
||||
}
|
||||
ip, err := s.d.Cmd("inspect", "--format", "'{{.NetworkSettings.IPAddress}}'", contName)
|
||||
assert.Assert(c, err == nil, ip)
|
||||
|
||||
res, err := apiClient.ContainerInspect(c.Context(), contName, client.ContainerInspectOptions{})
|
||||
assert.NilError(c, err)
|
||||
|
||||
assert.Check(c, res.Container.NetworkSettings != nil)
|
||||
assert.Check(c, res.Container.NetworkSettings.Networks["bridge"] != nil)
|
||||
ip := res.Container.NetworkSettings.Networks["bridge"].IPAddress.String()
|
||||
assert.Assert(c, err == nil, ip)
|
||||
assert.Assert(c, ip != bridgeIP)
|
||||
cont++
|
||||
}
|
||||
|
||||
@@ -1739,9 +1739,9 @@ func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *testing.T) {
|
||||
verifyIPAddresses(c, "mynet0", "mynet", "172.28.99.88", "2001:db8:1234::9988")
|
||||
|
||||
_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "mynet_ip", "--ip6", "2001:db8:1234::9999", "busybox", "top")
|
||||
assert.ErrorContains(c, err, "unable to parse IP")
|
||||
assert.ErrorContains(c, err, "parse IP") // failed to / unable to parse IP
|
||||
_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top")
|
||||
assert.ErrorContains(c, err, "unable to parse IP")
|
||||
assert.ErrorContains(c, err, "parse IP") // failed to / unable to parse IP
|
||||
|
||||
// This is a case of IPv4 address to `--ip6`
|
||||
_, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "172.28.99.99", "busybox", "top")
|
||||
|
||||
@@ -1100,9 +1100,9 @@ func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *testing.T) {
|
||||
result.Assert(c, icmd.Expected{
|
||||
ExitCode: 1,
|
||||
})
|
||||
out := result.Combined()
|
||||
assert.Assert(c, strings.Contains(result.Combined(), "Error: This node is not part of a swarm"), out)
|
||||
assert.Assert(c, !strings.Contains(result.Combined(), "Please enter unlock key"), out)
|
||||
out := strings.ToLower(result.Combined())
|
||||
assert.Assert(c, strings.Contains(out, "this node is not part of a swarm"), out)
|
||||
assert.Assert(c, !strings.Contains(out, "enter unlock key"), out)
|
||||
out, err := d.Cmd("swarm", "init")
|
||||
assert.NilError(c, err, out)
|
||||
|
||||
@@ -1112,9 +1112,9 @@ func (s *DockerSwarmSuite) TestUnlockEngineAndUnlockedSwarm(c *testing.T) {
|
||||
result.Assert(c, icmd.Expected{
|
||||
ExitCode: 1,
|
||||
})
|
||||
out = result.Combined()
|
||||
assert.Assert(c, strings.Contains(result.Combined(), "Error: swarm is not locked"), out)
|
||||
assert.Assert(c, !strings.Contains(result.Combined(), "Please enter unlock key"), out)
|
||||
out = strings.ToLower(result.Combined())
|
||||
assert.Assert(c, strings.Contains(out, "swarm is not locked"), out)
|
||||
assert.Assert(c, !strings.Contains(out, "enter unlock key"), out)
|
||||
}
|
||||
|
||||
func (s *DockerSwarmSuite) TestSwarmInitLocked(c *testing.T) {
|
||||
@@ -1148,7 +1148,7 @@ func (s *DockerSwarmSuite) TestSwarmInitLocked(c *testing.T) {
|
||||
|
||||
outs, err = d.Cmd("node", "ls")
|
||||
assert.Assert(c, err == nil, outs)
|
||||
assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
|
||||
assert.Assert(c, !strings.Contains(outs, "encrypted and needs to be unlocked"), outs)
|
||||
outs, err = d.Cmd("swarm", "update", "--autolock=false")
|
||||
assert.Assert(c, err == nil, outs)
|
||||
|
||||
@@ -1156,7 +1156,7 @@ func (s *DockerSwarmSuite) TestSwarmInitLocked(c *testing.T) {
|
||||
|
||||
outs, err = d.Cmd("node", "ls")
|
||||
assert.Assert(c, err == nil, outs)
|
||||
assert.Assert(c, !strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
|
||||
assert.Assert(c, !strings.Contains(outs, "encrypted and needs to be unlocked"), outs)
|
||||
}
|
||||
|
||||
func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *testing.T) {
|
||||
@@ -1173,10 +1173,10 @@ func (s *DockerSwarmSuite) TestSwarmLeaveLocked(c *testing.T) {
|
||||
assert.Equal(c, info.LocalNodeState, swarm.LocalNodeStateLocked)
|
||||
|
||||
outs, _ = d.Cmd("node", "ls")
|
||||
assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and needs to be unlocked"), outs)
|
||||
assert.Assert(c, strings.Contains(outs, "encrypted and needs to be unlocked"), outs)
|
||||
// `docker swarm leave` a locked swarm without --force will return an error
|
||||
outs, _ = d.Cmd("swarm", "leave")
|
||||
assert.Assert(c, strings.Contains(outs, "Swarm is encrypted and locked."), outs)
|
||||
assert.Assert(c, strings.Contains(outs, "encrypted and locked."), outs)
|
||||
// It is OK for user to leave a locked swarm with --force
|
||||
outs, err = d.Cmd("swarm", "leave", "--force")
|
||||
assert.Assert(c, err == nil, outs)
|
||||
@@ -1311,7 +1311,7 @@ func (s *DockerSwarmSuite) TestSwarmJoinPromoteLocked(c *testing.T) {
|
||||
poll.WaitOn(c, pollCheck(c, d3.CheckLocalNodeState(ctx), checker.Equals(swarm.LocalNodeStateActive)), poll.WithTimeout(time.Second))
|
||||
}
|
||||
|
||||
const swarmIsEncryptedMsg = "Swarm is encrypted and needs to be unlocked"
|
||||
const swarmIsEncryptedMsg = "encrypted and needs to be unlocked"
|
||||
|
||||
func (s *DockerSwarmSuite) TestSwarmRotateUnlockKey(c *testing.T) {
|
||||
ctx := testutil.GetContext(c)
|
||||
|
||||
Reference in New Issue
Block a user