mirror of
https://github.com/valitydev/salt.git
synced 2024-11-07 08:58:59 +00:00
9cd47b39dd
The logic which ensures that we expose ports which are being bound, even when not explicitly configured, was done incorrectly. UDP ports were being passed to the API as '1234/udp' instead of (1234, 'udp'). This results in the port not being exposed properly. The logic has been corrected. Additionally both the "ports" input translation function, as well as the post-processing code (where the port numbers configured in port_bindings were being added) both contained code to "fix" any ports which were configured using 'portnum/tcp', as these must be passed to the API simply as integers. To reduce code duplication, this normalization is now only performed at the very end of the post-processing function, after ports have been translated, and any missing ports from the port_bindings have been added. The unit test for the port_bindings input translation code, which was written based upon the same incorrect reading of the API docs that resulted in the incorrect behavior, have been updated to confirm the (now) correct behavior. The unit test for the ports input translation code has been updated to reflect the new normalization behavior. Finally, an integration test has been added to ensure that we properly expose UDP ports which are added as part of the post-processing function.
607 lines
24 KiB
Python
607 lines
24 KiB
Python
# -*- coding: utf-8 -*-
|
|
'''
|
|
Integration tests for the docker_container states
|
|
'''
|
|
|
|
# Import Python Libs
|
|
from __future__ import absolute_import
|
|
import errno
|
|
import functools
|
|
import logging
|
|
import os
|
|
import random
|
|
import string
|
|
import subprocess
|
|
import tempfile
|
|
|
|
# Import Salt Testing Libs
|
|
from tests.support.unit import skipIf
|
|
from tests.support.case import ModuleCase
|
|
from tests.support.paths import FILES, TMP
|
|
from tests.support.helpers import destructiveTest
|
|
from tests.support.mixins import SaltReturnAssertsMixin
|
|
|
|
# Import Salt Libs
|
|
import salt.utils
|
|
|
|
# Import 3rd-party libs
|
|
from salt.ext.six.moves import range # pylint: disable=import-error,redefined-builtin
|
|
|
|
log = logging.getLogger(__name__)
|
|
|
|
|
|
def _random_name(prefix=''):
|
|
ret = prefix
|
|
for _ in range(8):
|
|
ret += random.choice(string.ascii_lowercase)
|
|
return ret
|
|
|
|
|
|
def with_random_name(func):
|
|
'''
|
|
generate a randomized name for a container
|
|
'''
|
|
@functools.wraps(func)
|
|
def wrapper(self, *args, **kwargs):
|
|
name = _random_name(prefix='salt_')
|
|
return func(self, _random_name(prefix='salt_test_'), *args, **kwargs)
|
|
return wrapper
|
|
|
|
|
|
@destructiveTest
|
|
@skipIf(not salt.utils.which('busybox'), 'Busybox not installed')
|
|
@skipIf(not salt.utils.which('dockerd'), 'Docker not installed')
|
|
class DockerContainerTestCase(ModuleCase, SaltReturnAssertsMixin):
|
|
'''
|
|
Test docker_container states
|
|
'''
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
'''
|
|
'''
|
|
# Create temp dir
|
|
cls.image_build_rootdir = tempfile.mkdtemp(dir=TMP)
|
|
# Generate image name
|
|
cls.image = _random_name(prefix='salt_busybox_')
|
|
|
|
script_path = \
|
|
os.path.join(FILES, 'file/base/mkimage-busybox-static')
|
|
cmd = [script_path, cls.image_build_rootdir, cls.image]
|
|
log.debug('Running \'%s\' to build busybox image', ' '.join(cmd))
|
|
process = subprocess.Popen(
|
|
cmd,
|
|
close_fds=True,
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.STDOUT)
|
|
output = process.communicate()[0]
|
|
log.debug('Output from mkimge-busybox-static:\n%s', output)
|
|
|
|
if process.returncode != 0:
|
|
raise Exception('Failed to build image')
|
|
|
|
try:
|
|
salt.utils.rm_rf(cls.image_build_rootdir)
|
|
except OSError as exc:
|
|
if exc.errno != errno.ENOENT:
|
|
raise
|
|
|
|
@classmethod
|
|
def tearDownClass(cls):
|
|
cmd = ['docker', 'rmi', '--force', cls.image]
|
|
log.debug('Running \'%s\' to destroy busybox image', ' '.join(cmd))
|
|
process = subprocess.Popen(
|
|
cmd,
|
|
close_fds=True,
|
|
stdout=subprocess.PIPE,
|
|
stderr=subprocess.STDOUT)
|
|
output = process.communicate()[0]
|
|
log.debug('Output from %s:\n%s', ' '.join(cmd), output)
|
|
|
|
if process.returncode != 0:
|
|
raise Exception('Failed to destroy image')
|
|
|
|
@with_random_name
|
|
def test_running_with_no_predefined_volume(self, name):
|
|
'''
|
|
This tests that a container created using the docker_container.running
|
|
state, with binds defined, will also create the corresponding volumes
|
|
if they aren't pre-defined in the image.
|
|
'''
|
|
try:
|
|
bind_dir_host = tempfile.mkdtemp(dir=TMP)
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
binds=bind_dir_host + ':/foo',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Now check to ensure that the container has volumes to match the
|
|
# binds that we used when creating it.
|
|
ret = self.run_function('docker.inspect_container', [name])
|
|
self.assertTrue('/foo' in ret['Config']['Volumes'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
try:
|
|
salt.utils.rm_rf(bind_dir_host)
|
|
except OSError as exc:
|
|
if exc.errno != errno.ENOENT:
|
|
raise
|
|
|
|
@with_random_name
|
|
def test_running_with_no_predefined_ports(self, name):
|
|
'''
|
|
This tests that a container created using the docker_container.running
|
|
state, with port_bindings defined, will also configure the
|
|
corresponding ports if they aren't pre-defined in the image.
|
|
'''
|
|
try:
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
port_bindings='14505-14506:24505-24506,2123:2123/udp,8080',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Now check to ensure that the container has ports to match the
|
|
# port_bindings that we used when creating it.
|
|
expected_ports = (4505, 4506, 8080, '2123/udp')
|
|
ret = self.run_function('docker.inspect_container', [name])
|
|
self.assertTrue(x in ret['NetworkSettings']['Ports']
|
|
for x in expected_ports)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_updated_image_id(self, name):
|
|
'''
|
|
This tests the case of an image being changed after the container is
|
|
created. The next time the state is run, the container should be
|
|
replaced because the image ID is now different.
|
|
'''
|
|
try:
|
|
# Create and start a container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Get the container's info
|
|
c_info = self.run_function('docker.inspect_container', [name])
|
|
c_name, c_id = (c_info[x] for x in ('Name', 'Id'))
|
|
# Alter the filesystem inside the container
|
|
self.assertEqual(
|
|
self.run_function('docker.retcode', [name, 'touch /.salttest']),
|
|
0
|
|
)
|
|
# Commit the changes and overwrite the test class' image
|
|
self.run_function('docker.commit', [c_id, self.image])
|
|
# Re-run the state
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was replaced
|
|
self.assertTrue('container_id' in ret['changes'])
|
|
# Check to make sure that the image is in the changes dict, since
|
|
# it should have changed
|
|
self.assertTrue('image' in ret['changes'])
|
|
# Check that the comment in the state return states that
|
|
# container's image has changed
|
|
self.assertTrue('Container has a new image' in ret['comment'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_start_false_without_replace(self, name):
|
|
'''
|
|
Test that we do not start a container which is stopped, when it is not
|
|
being replaced.
|
|
'''
|
|
try:
|
|
# Create a container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Stop the container
|
|
self.run_function('docker.stop', [name], force=True)
|
|
# Re-run the state with start=False
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
start=False,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was not replaced
|
|
self.assertTrue('container_id' not in ret['changes'])
|
|
# Check to make sure that the state is not the changes dict, since
|
|
# it should not have changed
|
|
self.assertTrue('state' not in ret['changes'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_start_false_with_replace(self, name):
|
|
'''
|
|
Test that we do start a container which was previously stopped, even
|
|
though start=False, because the container was replaced.
|
|
'''
|
|
try:
|
|
# Create a container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Stop the container
|
|
self.run_function('docker.stop', [name], force=True)
|
|
# Re-run the state with start=False but also change the command to
|
|
# trigger the container being replaced.
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
command='sleep 600',
|
|
start=False,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was not replaced
|
|
self.assertTrue('container_id' in ret['changes'])
|
|
# Check to make sure that the state is not the changes dict, since
|
|
# it should not have changed
|
|
self.assertTrue('state' not in ret['changes'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_start_true(self, name):
|
|
'''
|
|
This tests that we *do* start a container that is stopped, when the
|
|
"start" argument is set to True.
|
|
'''
|
|
try:
|
|
# Create a container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Stop the container
|
|
self.run_function('docker.stop', [name], force=True)
|
|
# Re-run the state with start=True
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
start=True,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was not replaced
|
|
self.assertTrue('container_id' not in ret['changes'])
|
|
# Check to make sure that the state is in the changes dict, since
|
|
# it should have changed
|
|
self.assertTrue('state' in ret['changes'])
|
|
# Check that the comment in the state return states that
|
|
# container's state has changed
|
|
self.assertTrue(
|
|
"State changed from 'stopped' to 'running'" in ret['comment'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_with_invalid_input(self, name):
|
|
'''
|
|
This tests that the input tranlation code identifies invalid input and
|
|
includes information about that invalid argument in the state return.
|
|
'''
|
|
try:
|
|
# Try to create a container with invalid input
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
ulimits='nofile:2048',
|
|
)
|
|
self.assertSaltFalseReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was not created
|
|
self.assertTrue('container_id' not in ret['changes'])
|
|
# Check that the error message about the invalid argument is
|
|
# included in the comment for the state
|
|
self.assertTrue(
|
|
'Ulimit definition \'nofile:2048\' is not in the format '
|
|
'type=soft_limit[:hard_limit]' in ret['comment']
|
|
)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_with_argument_collision(self, name):
|
|
'''
|
|
this tests that the input tranlation code identifies an argument
|
|
collision (API args and their aliases being simultaneously used) and
|
|
includes information about them in the state return.
|
|
'''
|
|
try:
|
|
# try to create a container with invalid input
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
ulimits='nofile=2048',
|
|
ulimit='nofile=1024:2048',
|
|
)
|
|
self.assertSaltFalseReturn(ret)
|
|
# Ciscard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was not created
|
|
self.assertTrue('container_id' not in ret['changes'])
|
|
# Check that the error message about the collision is included in
|
|
# the comment for the state
|
|
self.assertTrue(
|
|
'\'ulimit\' is an alias for \'ulimits\'' in ret['comment'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_with_ignore_collisions(self, name):
|
|
'''
|
|
This tests that the input tranlation code identifies an argument
|
|
collision (API args and their aliases being simultaneously used)
|
|
includes information about them in the state return.
|
|
'''
|
|
try:
|
|
# try to create a container with invalid input
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
ignore_collisions=True,
|
|
ulimits='nofile=2048',
|
|
ulimit='nofile=1024:2048',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check to make sure that the container was created
|
|
self.assertTrue('container_id' in ret['changes'])
|
|
# Check that the value from the API argument was one that was used
|
|
# to create the container
|
|
c_info = self.run_function('docker.inspect_container', [name])
|
|
actual = c_info['HostConfig']['Ulimits']
|
|
expected = [{'Name': 'nofile', 'Soft': 2048, 'Hard': 2048}]
|
|
self.assertEqual(actual, expected)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_with_removed_argument(self, name):
|
|
'''
|
|
This tests that removing an argument from a created container will
|
|
be detected and result in the container being replaced.
|
|
|
|
It also tests that we revert back to the value from the image. This
|
|
way, when the "command" argument is removed, we confirm that we are
|
|
reverting back to the image's command.
|
|
'''
|
|
try:
|
|
# Create the container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
command='sleep 600',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Run the state again with the "command" argument removed
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Now check to ensure that the changes include the command
|
|
# reverting back to the image's command.
|
|
image_info = self.run_function('docker.inspect_image', [self.image])
|
|
self.assertEqual(
|
|
ret['changes']['container']['Config']['Cmd']['new'],
|
|
image_info['Config']['Cmd']
|
|
)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_running_with_port_bindings(self, name):
|
|
'''
|
|
This tests that the ports which are being bound are also exposed, even
|
|
when not explicitly configured. This test will create a container with
|
|
only some of the ports exposed, including some which aren't even bound.
|
|
The resulting containers exposed ports should contain all of the ports
|
|
defined in the "ports" argument, as well as each of the ports which are
|
|
being bound.
|
|
'''
|
|
try:
|
|
# Create the container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
command='sleep 600',
|
|
shutdown_timeout=1,
|
|
port_bindings=[1234, '1235-1236', '2234/udp', '2235-2236/udp'],
|
|
ports=[1235, '2235/udp', 9999],
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
|
|
# Check the created container's port bindings and exposed ports.
|
|
# The port bindings should only contain the ports defined in the
|
|
# port_bindings argument, while the exposed ports should also
|
|
# contain the extra port (9999/tcp) which was included in the ports
|
|
# argument.
|
|
|
|
cinfo = self.run_function('docker.inspect_container', [name])
|
|
ports = ['1234/tcp', '1235/tcp', '1236/tcp',
|
|
'2234/udp', '2235/udp', '2236/udp']
|
|
self.assertEqual(
|
|
sorted(cinfo['HostConfig']['PortBindings']),
|
|
ports
|
|
)
|
|
self.assertEqual(
|
|
sorted(cinfo['Config']['ExposedPorts']),
|
|
ports + ['9999/tcp']
|
|
)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_absent_with_stopped_container(self, name):
|
|
'''
|
|
This tests the docker_container.absent state on a stopped container
|
|
'''
|
|
try:
|
|
# Create the container
|
|
self.run_function('docker.create', [self.image], name=name)
|
|
# Remove the container
|
|
ret = self.run_state('docker_container.absent', name=name)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check that we have a removed container ID in the changes dict
|
|
self.assertTrue('removed' in ret['changes'])
|
|
|
|
# Run the state again to confirm it changes nothing
|
|
ret = self.run_state('docker_container.absent', name=name)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Nothing should have changed
|
|
self.assertEqual(ret['changes'], {})
|
|
# Ensure that the comment field says the container does not exist
|
|
self.assertEqual(
|
|
ret['comment'],
|
|
'Container \'{0}\' does not exist'.format(name)
|
|
)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_absent_with_running_container(self, name):
|
|
'''
|
|
This tests the docker_container.absent state and
|
|
'''
|
|
try:
|
|
# Create the container
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
command='sleep 600',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
|
|
# Try to remove the container. This should fail because force=True
|
|
# is needed to remove a container that is running.
|
|
ret = self.run_state('docker_container.absent', name=name)
|
|
self.assertSaltFalseReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Nothing should have changed
|
|
self.assertEqual(ret['changes'], {})
|
|
# Ensure that the comment states that force=True is required
|
|
self.assertEqual(
|
|
ret['comment'],
|
|
'Container is running, set force to True to forcibly remove it'
|
|
)
|
|
|
|
# Try again with force=True. This should succeed.
|
|
ret = self.run_state('docker_container.absent', name=name, force=True)
|
|
self.assertSaltTrueReturn(ret)
|
|
# Discard the outer dict with the state compiler data to make below
|
|
# asserts easier to read/write
|
|
ret = ret[next(iter(ret))]
|
|
# Check that we have a removed container ID in the changes dict
|
|
self.assertTrue('removed' in ret['changes'])
|
|
# The comment should mention that the container was removed
|
|
self.assertEqual(
|
|
ret['comment'],
|
|
'Forcibly removed container \'{0}\''.format(name)
|
|
)
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|
|
|
|
@with_random_name
|
|
def test_env_with_running_container(self, name):
|
|
'''
|
|
dockerng.running environnment part. Testing issue 39838.
|
|
'''
|
|
try:
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
env='VAR1=value1,VAR2=value2,VAR3=value3',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
ret = self.run_function('docker.inspect_container', [name])
|
|
self.assertTrue('VAR1=value1' in ret['Config']['Env'])
|
|
self.assertTrue('VAR2=value2' in ret['Config']['Env'])
|
|
self.assertTrue('VAR3=value3' in ret['Config']['Env'])
|
|
ret = self.run_state(
|
|
'docker_container.running',
|
|
name=name,
|
|
image=self.image,
|
|
env='VAR1=value1,VAR2=value2',
|
|
)
|
|
self.assertSaltTrueReturn(ret)
|
|
ret = self.run_function('docker.inspect_container', [name])
|
|
self.assertTrue('VAR1=value1' in ret['Config']['Env'])
|
|
self.assertTrue('VAR2=value2' in ret['Config']['Env'])
|
|
self.assertTrue('VAR3=value3' not in ret['Config']['Env'])
|
|
finally:
|
|
if name in self.run_function('docker.list_containers', all=True):
|
|
self.run_function('docker.rm', [name], force=True)
|