/
balmaster
/
podman
GigaCode
beta
ОбзорЦентр заботыВойти

podman

Форк
0
Ветки: 55Коммиты: 22365Теги: 216
podman
/test
/system
/
710-kube.bats 
194 строки · 6.6 Кб
1
#!/usr/bin/env bats   -*- bats -*-
2
#
3
# Test podman kube generate
4
#
5


6
load helpers
7


8
# capability drop list
9
capabilities='{"drop":["CAP_FOWNER","CAP_SETFCAP"]}'
10


11
# filter: convert yaml to json, because bash+yaml=madness
12
function yaml2json() {
13
    python3 -c 'import yaml
14
import json
15
import sys
16
json.dump(yaml.safe_load(sys.stdin), sys.stdout)'
17
}
18


19
###############################################################################
20
# BEGIN tests
21


22
@test "podman kube generate - usage message" {
23
    run_podman kube generate --help
24
    is "$output" ".*podman.* kube generate \[options\] {CONTAINER...|POD...|VOLUME...}"
25
    run_podman generate kube --help
26
    is "$output" ".*podman.* generate kube \[options\] {CONTAINER...|POD...|VOLUME...}"
27
}
28


29
@test "podman kube generate - container" {
30
    cname=c$(random_string 15)
31
    run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname $IMAGE top
32
    run_podman kube generate $cname
33


34
    # As of #18542, we must never see this message again.
35
    assert "$output" !~ "Kubernetes only allows 63 characters"
36
    # Convert yaml to json, and dump to stdout (to help in case of errors)
37
    json=$(yaml2json <<<"$output")
38
    jq . <<<"$json"
39


40
    # What we expect to see. This is by necessity an incomplete list.
41
    # For instance, it does not include org.opencontainers.image.base.*
42
    # because sometimes we get that, sometimes we don't. No clue why.
43
    #
44
    # And, unfortunately, if new fields are added to the YAML, we won't
45
    # test those unless a developer remembers to add them here.
46
    #
47
    # Reasons for doing it this way, instead of straight-comparing yaml:
48
    #   1) the arbitrariness of the org.opencontainers.image.base annotations
49
    #   2) YAML order is nondeterministic, so on a pod with two containers
50
    #      (as in the pod test below) we cannot rely on cname1/cname2.
51
    expect="
52
apiVersion | =  | v1
53
kind       | =  | Pod
54


55
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
56
metadata.labels.app        | =  | ${cname}-pod
57
metadata.name              | =  | ${cname}-pod
58


59
spec.containers[0].command       | =  | [\"top\"]
60
spec.containers[0].image         | =  | $IMAGE
61
spec.containers[0].name          | =  | $cname
62


63
spec.containers[0].securityContext.capabilities  | =  | $capabilities
64


65
status                           | =  | null
66
"
67


68
    # Parse and check all those
69
    while read key op expect; do
70
        actual=$(jq -r -c ".$key" <<<"$json")
71
        assert "$actual" $op "$expect" ".$key"
72
    done < <(parse_table "$expect")
73


74
    run_podman rm $cname
75
}
76


77
@test "podman kube generate unmasked" {
78
      KUBE=$PODMAN_TMPDIR/kube.yaml
79
      run_podman create --name test --security-opt unmask=all $IMAGE
80
      run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test
81
      is "$output" "[unmask=all]" "Inspect should see unmask all"
82
      run_podman kube generate test -f $KUBE
83
      assert "$(< $KUBE)" =~ "procMount: Unmasked" "Generated kube yaml should have procMount unmasked"
84
      run_podman kube play $KUBE
85
      run_podman inspect --format '{{ .HostConfig.SecurityOpt }}' test-pod-test
86
      is "$output" "[unmask=all]" "Inspect kube play container should see unmask all"
87
      run_podman kube down $KUBE
88
      run_podman pod rm -a
89
      run_podman rm -a
90
      run_podman rmi $(pause_image)
91
}
92


93
@test "podman kube generate - pod" {
94
    local pname=p$(random_string 15)
95
    local cname1=c1$(random_string 15)
96
    local cname2=c2$(random_string 15)
97


98
    run_podman pod create --name $pname --publish 9999:8888
99


100
    # Needs at least one container. Error is slightly different between
101
    # regular and remote podman:
102
    #   regular: Error: pod ... only has...
103
    #   remote:  Error: generating YAML: pod ... only has...
104
    run_podman 125 kube generate $pname
105
    assert "$output" =~ "Error: .* only has an infra container"
106


107
    run_podman container create --cap-drop fowner --cap-drop setfcap --name $cname1 --pod $pname $IMAGE top
108
    run_podman container create --name $cname2 --pod $pname $IMAGE bottom
109
    run_podman kube generate $pname
110


111
    json=$(yaml2json <<<"$output")
112
    jq . <<<"$json"
113


114
    # See container test above for description of this table
115
    expect="
116
apiVersion | =  | v1
117
kind       | =  | Pod
118


119
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
120
metadata.labels.app        | =  | ${pname}
121
metadata.name              | =  | ${pname}
122


123
spec.hostname                              | =  | null
124


125
spec.containers[0].command                 | =  | [\"top\"]
126
spec.containers[0].image                   | =  | $IMAGE
127
spec.containers[0].name                    | =  | $cname1
128
spec.containers[0].ports[0].containerPort  | =  | 8888
129
spec.containers[0].ports[0].hostPort       | =  | 9999
130
spec.containers[0].resources               | =  | null
131


132
spec.containers[1].command                 | =  | [\"bottom\"]
133
spec.containers[1].image                   | =  | $IMAGE
134
spec.containers[1].name                    | =  | $cname2
135
spec.containers[1].ports                   | =  | null
136
spec.containers[1].resources               | =  | null
137


138
spec.containers[0].securityContext.capabilities  | =  | $capabilities
139


140
status  | =  | null
141
"
142


143
    while read key op expect; do
144
        actual=$(jq -r -c ".$key" <<<"$json")
145
        assert "$actual" $op "$expect" ".$key"
146
    done < <(parse_table "$expect")
147


148
    run_podman rm $cname1 $cname2
149
    run_podman pod rm $pname
150
    run_podman rmi $(pause_image)
151
}
152


153
@test "podman kube generate - deployment" {
154
    skip_if_remote "containersconf needs to be set on server side"
155
    local pname=p$(random_string 15)
156
    local cname1=c1$(random_string 15)
157
    local cname2=c2$(random_string 15)
158


159
    run_podman pod create --name $pname
160
    run_podman container create --name $cname1 --pod $pname $IMAGE top
161
    run_podman container create --name $cname2 --pod $pname $IMAGE bottom
162


163
    containersconf=$PODMAN_TMPDIR/containers.conf
164
    cat >$containersconf <<EOF
165
[engine]
166
kube_generate_type="deployment"
167
EOF
168
    CONTAINERS_CONF_OVERRIDE=$containersconf run_podman kube generate $pname
169


170
    json=$(yaml2json <<<"$output")
171
    # For debugging purposes in the event we regress, we can see the generate output to know what went wrong
172
    jq . <<<"$json"
173


174
    # See container test above for description of this table
175
    expect="
176
apiVersion | =  | apps/v1
177
kind       | =  | Deployment
178


179
metadata.creationTimestamp | =~ | [0-9T:-]\\+Z
180
metadata.labels.app        | =  | ${pname}
181
metadata.name              | =  | ${pname}-deployment
182
"
183


184
    while read key op expect; do
185
        actual=$(jq -r -c ".$key" <<<"$json")
186
        assert "$actual" $op "$expect" ".$key"
187
    done < <(parse_table "$expect")
188


189
    run_podman rm $cname1 $cname2
190
    run_podman pod rm $pname
191
    run_podman rmi $(pause_image)
192
}
193


194
# vim: filetype=sh
195

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.