podman

1
#!/usr/bin/env bats   -*- bats -*-
2
#
3
# All tests in here perform nasty manipulations on image storage.
4
#
5

6
load helpers
7

8
###############################################################################
9
# BEGIN setup/teardown
10

11
# Create a scratch directory; this is what we'll use for image store and cache
12
if [ -z "${PODMAN_CORRUPT_TEST_WORKDIR}" ]; then
13
    export PODMAN_CORRUPT_TEST_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman_corrupt_test.XXXXXX)
14
fi
15

16
PODMAN_CORRUPT_TEST_IMAGE_CANONICAL_FQIN=quay.io/libpod/alpine@sha256:634a8f35b5f16dcf4aaa0822adc0b1964bb786fca12f6831de8ddc45e5986a00
17
PODMAN_CORRUPT_TEST_IMAGE_TAGGED_FQIN=${PODMAN_CORRUPT_TEST_IMAGE_CANONICAL_FQIN%%@sha256:*}:test
18
PODMAN_CORRUPT_TEST_IMAGE_ID=961769676411f082461f9ef46626dd7a2d1e2b2a38e6a44364bcbecf51e66dd4
19

20
function setup() {
21
    skip_if_remote "none of these tests run under podman-remote"
22

23
    # DANGER! This completely changes the behavior of run_podman,
24
    # forcing it to use a quarantined directory. Make certain that
25
    # it gets unset in teardown.
26
    _PODMAN_TEST_OPTS="--storage-driver=vfs $(podman_isolation_opts ${PODMAN_CORRUPT_TEST_WORKDIR})"
27
}
28

29
function teardown() {
30
    # No other tests should ever run with these scratch options
31
    unset _PODMAN_TEST_OPTS
32

33
    is_remote && return
34

35
    # Clean up
36
    umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true
37
    if is_rootless; then
38
        run_podman unshare rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
39
    else
40
        rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
41
    fi
42
}
43

44
# END   setup/teardown
45
###############################################################################
46
# BEGIN primary test helper
47

48
# This is our main action, invoked by every actual test. It:
49
#    - creates a new empty rootdir
50
#    - populates it with our crafted test image
51
#    - removes [ manifest, blob ]
52
#    - confirms that "podman images" throws an error
53
#    - runs the specified command (rmi -a -f, prune, reset, etc)
54
#    - confirms that it succeeds, and also emits expected warnings
55
function _corrupt_image_test() {
56
    # Run this test twice: once removing manifest, once removing blob
57
    for what_to_rm in manifest blob; do
58
        # I have no idea, but this sometimes remains mounted
59
        umount ${PODMAN_CORRUPT_TEST_WORKDIR}/root/overlay || true
60
        # Start with a fresh storage root, load prefetched image into it.
61
        /bin/rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}/root
62
        mkdir -p ${PODMAN_CORRUPT_TEST_WORKDIR}/root
63
        run_podman load -i ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar
64
        # "podman load" restores it without a tag, which (a) causes rmi-by-name
65
        # to fail, and (b) causes "podman images" to exit 0 instead of 125
66
        run_podman tag ${PODMAN_CORRUPT_TEST_IMAGE_ID} ${PODMAN_CORRUPT_TEST_IMAGE_TAGGED_FQIN}
67

68
        # shortcut variable name
69
        local id=${PODMAN_CORRUPT_TEST_IMAGE_ID}
70

71
        case "$what_to_rm" in
72
            manifest)  rm_path=manifest ;;
73
            blob)      rm_path="=$(echo -n "sha256:$id" | base64 -w0)" ;;
74
            *)         die "Internal error: unknown action '$what_to_rm'" ;;
75
        esac
76

77
        # Corruptify, and confirm that 'podman images' throws an error
78
        rm -v ${PODMAN_CORRUPT_TEST_WORKDIR}/root/*-images/$id/${rm_path}
79
        run_podman 125 images
80
        is "$output" "Error: locating item named \".*\" for image with ID \"$id\" (consider removing the image to resolve the issue): file does not exist.*"
81

82
        # Run the requested command. Confirm it succeeds, with suitable warnings.
83
        run_podman 0+w $*
84
        # There are three different variations on the warnings, allow each...
85
        allow_warnings "Failed to determine parent of image: .*, ignoring the error" \
86
                       "Failed to determine if an image is a parent: .*, ignoring the error" \
87
                       "Failed to determine if an image is a manifest list: .*, ignoring the error"
88
        # ...but make sure we get at least one
89
        require_warning "Failed to determine (parent|if an image is) .*, ignoring the error"
90

91
        run_podman images -a --noheading
92
        is "$output" "" "podman images -a, after $*, is empty"
93
    done
94
}
95

96
# END   primary test helper
97
###############################################################################
98
# BEGIN first "test" does a one-time pull of our desired image
99

100
@test "podman corrupt images - initialize" {
101
    # Pull once, save cached copy.
102
    run_podman pull $PODMAN_CORRUPT_TEST_IMAGE_CANONICAL_FQIN
103
    run_podman save -o ${PODMAN_CORRUPT_TEST_WORKDIR}/img.tar \
104
               $PODMAN_CORRUPT_TEST_IMAGE_CANONICAL_FQIN
105
}
106

107
# END   first "test" does a one-time pull of our desired image
108
###############################################################################
109
# BEGIN actual tests
110

111
@test "podman corrupt images - rmi -f <image-id>" {
112
    _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_ID}"
113
}
114

115
@test "podman corrupt images - rmi -f <image-tagged-name>" {
116
    _corrupt_image_test "rmi -f ${PODMAN_CORRUPT_TEST_IMAGE_TAGGED_FQIN}"
117
}
118

119
@test "podman corrupt images - rmi -f -a" {
120
    _corrupt_image_test "rmi -f -a"
121
}
122

123
@test "podman corrupt images - image prune" {
124
    _corrupt_image_test "image prune -a -f"
125
}
126

127
@test "podman corrupt images - system reset" {
128
    _corrupt_image_test "system reset -f"
129
}
130

131
# END   actual tests
132
###############################################################################
133
# BEGIN final cleanup
134

135
@test "podman corrupt images - cleanup" {
136
    rm -rf ${PODMAN_CORRUPT_TEST_WORKDIR}
137
}
138

139
# END   final cleanup
140
###############################################################################
141

142
# vim: filetype=sh
143