From 38d5319f16ee22e2e408760c0b5ed97d66980bed Mon Sep 17 00:00:00 2001 From: Toshiki Sonoda Date: Wed, 25 Jan 2023 15:17:56 +0900 Subject: [PATCH] e2e: reduce dependency on /tmp for e2e tests - Use filepath.Join(podmanTest.TempDir, "any") instead of "/tmp/any" - Add generatePolicyFile() to avoid the hardcording of "keyPath": "tmp/key.gpg" Signed-off-by: Toshiki Sonoda --- test/e2e/checkpoint_test.go | 36 ++++++++++++++++---------------- test/e2e/common_test.go | 37 ++++++++++++++++++++++++++++++++- test/e2e/mount_rootless_test.go | 9 ++++---- test/e2e/push_test.go | 12 +++++++---- test/e2e/save_test.go | 11 ++++++++-- test/e2e/sign/policy.json | 24 --------------------- 6 files changed, 76 insertions(+), 53 deletions(-) delete mode 100644 test/e2e/sign/policy.json diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 7cdfe5af0f..ad753eed37 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -505,7 +505,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", fileName}) result.WaitWithDefaultTimeout() @@ -556,7 +556,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Checkpoint with the default algorithm result := podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", fileName}) @@ -661,7 +661,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Change the container's root file-system result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /test.output"}) @@ -723,7 +723,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Change the container's root file-system result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /test.output"}) @@ -765,7 +765,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Change the container's root file-system result := podmanTest.Podman([]string{"exec", cid, "/bin/sh", "-c", "echo test" + cid + "test > /test.output"}) @@ -808,7 +808,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Checkpoint the container result := podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", fileName}) @@ -857,7 +857,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(result.ErrorToString()).To(ContainSubstring("cannot checkpoint containers that have been started with '--rm'")) // Checkpointing with --export should still work - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", fileName}) result.WaitWithDefaultTimeout() @@ -929,7 +929,7 @@ var _ = Describe("Podman checkpoint", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) - checkpointFileName := "/tmp/checkpoint-" + cid + ".tar.gz" + checkpointFileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Checkpoint the container result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName}) @@ -1024,8 +1024,8 @@ var _ = Describe("Podman checkpoint", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) cid := session.OutputToString() - preCheckpointFileName := "/tmp/pre-checkpoint-" + cid + ".tar.gz" - checkpointFileName := "/tmp/checkpoint-" + cid + ".tar.gz" + preCheckpointFileName := filepath.Join(podmanTest.TempDir, "/pre-checkpoint-"+cid+".tar.gz") + checkpointFileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{"container", "checkpoint", "-P", "-e", preCheckpointFileName, cid}) result.WaitWithDefaultTimeout() @@ -1066,7 +1066,7 @@ var _ = Describe("Podman checkpoint", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") if !WaitContainerReady(podmanTest, cid, "Ready to accept connections", 20, 1) { Fail("Container failed to get ready") @@ -1167,7 +1167,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).To(Exit(0)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") // Checkpoint the container result := podmanTest.Podman([]string{ @@ -1286,7 +1286,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", fileName}) result.WaitWithDefaultTimeout() @@ -1326,7 +1326,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) cid := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{ "container", @@ -1514,7 +1514,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) runtime := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{ "container", @@ -1616,7 +1616,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Equal("runc")) - checkpointExportPath := "/tmp/checkpoint-" + cid + ".tar.gz" + checkpointExportPath := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") session = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointExportPath}) session.WaitWithDefaultTimeout() @@ -1685,7 +1685,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) runtime := session.OutputToString() - fileName := "/tmp/checkpoint-" + cid + ".tar.gz" + fileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result := podmanTest.Podman([]string{ "container", @@ -1769,7 +1769,7 @@ var _ = Describe("Podman checkpoint", func() { Expect(session).Should(Exit(0)) runtime := session.OutputToString() - checkpointFileName := "/tmp/checkpoint-" + cid + ".tar.gz" + checkpointFileName := filepath.Join(podmanTest.TempDir, "/checkpoint-"+cid+".tar.gz") result = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointFileName}) result.WaitWithDefaultTimeout() diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 806d9997e5..ca4bf7bf07 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -111,7 +111,7 @@ var _ = SynchronizedBeforeSuite(func() []byte { // Cache images cwd, _ := os.Getwd() INTEGRATION_ROOT = filepath.Join(cwd, "../../") - podman := PodmanTestSetup("/tmp") + podman := PodmanTestSetup(os.TempDir()) // Pull cirros but don't put it into the cache pullImages := []string{CIRROS_IMAGE, fedoraToolbox, volumeTest} @@ -988,6 +988,41 @@ func (p *PodmanTestIntegration) removeNetwork(name string) { Expect(session.ExitCode()).To(BeNumerically("<=", 1), "Exit code must be 0 or 1") } +// generatePolicyFile generates a signature verification policy file. +// it returns the policy file path. +func generatePolicyFile(tempDir string) string { + keyPath := filepath.Join(tempDir, "key.gpg") + policyPath := filepath.Join(tempDir, "policy.json") + conf := fmt.Sprintf(` +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": { + "docker": { + "localhost:5000": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "%s" + } + ], + "localhost:5000/sigstore-signed": [ + { + "type": "sigstoreSigned", + "keyPath": "testdata/sigstore-key.pub" + } + ] + } + } +} +`, keyPath) + writeConf([]byte(conf), policyPath) + return policyPath +} + func (s *PodmanSessionIntegration) jq(jqCommand string) (string, error) { var out bytes.Buffer cmd := exec.Command("jq", jqCommand) diff --git a/test/e2e/mount_rootless_test.go b/test/e2e/mount_rootless_test.go index b0452deda5..212a4c795f 100644 --- a/test/e2e/mount_rootless_test.go +++ b/test/e2e/mount_rootless_test.go @@ -57,11 +57,12 @@ var _ = Describe("Podman mount", func() { opts := podmanTest.PodmanMakeOptions([]string{"mount", cid}, false, false) args = append(args, opts...) - // container root file system location is /tmp/... because "--root /tmp/..." + // container root file system location is podmanTest.TempDir/... + // because "--root podmanTest.TempDir/..." session := podmanTest.Podman(args) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(ContainSubstring("/tmp")) + Expect(session.OutputToString()).To(ContainSubstring(podmanTest.TempDir)) }) It("podman image mount", func() { @@ -83,10 +84,10 @@ var _ = Describe("Podman mount", func() { opts := podmanTest.PodmanMakeOptions([]string{"image", "mount", ALPINE}, false, false) args = append(args, opts...) - // image location is /tmp/... because "--root /tmp/..." + // image location is podmanTest.TempDir/... because "--root podmanTest.TempDir/..." session := podmanTest.Podman(args) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) - Expect(session.OutputToString()).To(ContainSubstring("/tmp")) + Expect(session.OutputToString()).To(ContainSubstring(podmanTest.TempDir)) }) }) diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 9a02584572..cd2df10743 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -139,9 +139,10 @@ var _ = Describe("Podman push", func() { if !IsRemote() { // Remote does not support --digestfile // Test --digestfile option - push2 := podmanTest.Podman([]string{"push", "--tls-verify=false", "--digestfile=/tmp/digestfile.txt", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + digestFile := filepath.Join(podmanTest.TempDir, "digestfile.txt") + push2 := podmanTest.Podman([]string{"push", "--tls-verify=false", "--digestfile=" + digestFile, "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) push2.WaitWithDefaultTimeout() - fi, err := os.Lstat("/tmp/digestfile.txt") + fi, err := os.Lstat(digestFile) Expect(err).ToNot(HaveOccurred()) Expect(fi.Name()).To(Equal("digestfile.txt")) Expect(push2).Should(Exit(0)) @@ -162,6 +163,9 @@ var _ = Describe("Podman push", func() { err := os.Remove(systemRegistriesDAddition) Expect(err).ToNot(HaveOccurred()) }() + // Generate a signature verification policy file + policyPath := generatePolicyFile(podmanTest.TempDir) + defer os.Remove(policyPath) // Verify that the policy rejects unsigned images push := podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/sigstore-signed"}) @@ -169,7 +173,7 @@ var _ = Describe("Podman push", func() { Expect(push).Should(Exit(0)) Expect(push.ErrorToString()).To(BeEmpty()) - pull := podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", "sign/policy.json", "localhost:5000/sigstore-signed"}) + pull := podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", policyPath, "localhost:5000/sigstore-signed"}) pull.WaitWithDefaultTimeout() Expect(pull).To(ExitWithError()) Expect(pull.ErrorToString()).To(ContainSubstring("A signature was required, but no signature exists")) @@ -180,7 +184,7 @@ var _ = Describe("Podman push", func() { Expect(push).Should(Exit(0)) Expect(push.ErrorToString()).To(BeEmpty()) - pull = podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", "sign/policy.json", "localhost:5000/sigstore-signed"}) + pull = podmanTest.Podman([]string{"pull", "-q", "--tls-verify=false", "--signature-policy", policyPath, "localhost:5000/sigstore-signed"}) pull.WaitWithDefaultTimeout() Expect(pull).Should(Exit(0)) } diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index b11ba7c514..17da7c23f5 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -185,8 +185,11 @@ var _ = Describe("Podman save", func() { Expect(err).ToNot(HaveOccurred()) }() - cmd = exec.Command("cp", "sign/key.gpg", "/tmp/key.gpg") + keyPath := filepath.Join(podmanTest.TempDir, "key.gpg") + cmd = exec.Command("cp", "sign/key.gpg", keyPath) Expect(cmd.Run()).To(Succeed()) + defer os.Remove(keyPath) + sigstore := ` default-docker: sigstore: file:///var/lib/containers/sigstore @@ -207,7 +210,11 @@ default-docker: Expect(session).Should(Exit(0)) if !IsRemote() { - session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy=sign/policy.json", "localhost:5000/alpine"}) + // Generate a signature verification policy file + policyPath := generatePolicyFile(podmanTest.TempDir) + defer os.Remove(policyPath) + + session = podmanTest.Podman([]string{"pull", "--tls-verify=false", "--signature-policy", policyPath, "localhost:5000/alpine"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) diff --git a/test/e2e/sign/policy.json b/test/e2e/sign/policy.json deleted file mode 100644 index 812c149899..0000000000 --- a/test/e2e/sign/policy.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": { - "docker": { - "localhost:5000": [ - { - "type": "signedBy", - "keyType": "GPGKeys", - "keyPath": "/tmp/key.gpg" - } - ], - "localhost:5000/sigstore-signed": [ - { - "type": "sigstoreSigned", - "keyPath": "testdata/sigstore-key.pub" - } - ] - } - } -}