End to end tests refs #3 (#10)

* Separate docs for containerd 1.1 and 1.2

The configuration for the untrusted workload annotation and runtime
class are different enough that it makes sense to separate the docs.

Commands in docs are taken from scripts in the docs/scripts directory.
These scripts can be used later for integration & doc tests (#3). The
docs can be updated using the embedmd tool:
https://github.com/campoy/embedmd

* Add basic e2e tests refs #3

Added end-to-end tests based on the quickstart workflows for
containerd 1.1 and containerd 1.2+.

3 files changed, 87 insertions, 0 deletions

diff --git a/test/e2e/runtime-handler/install.sh b/test/e2e/runtime-handler/install.sh
new file mode 100755
index 000000000..ebe9d3580
--- /dev/null
+++ b/test/e2e/runtime-handler/install.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# A sample script for installing and configuring the gvisor-containerd-shim to
+# use the containerd runtime handler. 
+
+set -ex
+
+{ # Step 1: Create containerd config.toml
+cat <<EOF | sudo tee /etc/containerd/config.toml
+disabled_plugins = ["restart"]
+[plugins.linux]
+  shim = "/usr/local/bin/gvisor-containerd-shim"
+  shim_debug = true
+[plugins.cri.containerd.runtimes.runsc]
+  runtime_type = "io.containerd.runtime.v1.linux"
+  runtime_engine = "/usr/local/bin/runsc"
+  runtime_root = "/run/containerd/runsc"
+EOF
+}
+
+{ # Step 2: Restart containerd
+sudo pkill containerd
+sudo containerd -log-level debug &> /tmp/containerd-cri.log &
+}
diff --git a/test/e2e/runtime-handler/test.sh b/test/e2e/runtime-handler/test.sh
new file mode 100755
index 000000000..99f3565b6
--- /dev/null
+++ b/test/e2e/runtime-handler/test.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# Runs end-to-end tests for gvisor-containerd-shim to test the use of runtime
+# handler. This should work on containerd 1.2+
+
+# This is meant to be run in a VM as it makes a fairly invasive install of
+# containerd.
+
+set -ex
+
+# Install containerd
+. ./test/e2e/containerd-install.sh
+
+# Install gVisor
+. ./test/e2e/runsc-install.sh
+
+# Install gvisor-containerd-shim
+. ./test/e2e/shim-install.sh
+
+# Test installation/configuration
+. ./test/e2e/runtime-handler/install.sh
+
+# Install crictl
+. ./test/e2e/crictl-install.sh
+
+# Test usage
+. ./test/e2e/runtime-handler/usage.sh
+
+# Run a container in the sandbox
+. ./test/e2e/run-container.sh
+
+# Validate the pod and container
+. ./test/e2e/validate.sh
diff --git a/test/e2e/runtime-handler/usage.sh b/test/e2e/runtime-handler/usage.sh
new file mode 100755
index 000000000..1f8a09757
--- /dev/null
+++ b/test/e2e/runtime-handler/usage.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# A sample script for testing the gvisor-containerd-shim # using untrusted
+# workload extension.
+
+set -ex
+
+{ # Step 1: Pull the nginx image
+sudo crictl pull nginx
+}
+
+{ # Step 2: Create sandbox.json
+cat <<EOF | tee sandbox.json
+{
+    "metadata": {
+        "name": "nginx-sandbox",
+        "namespace": "default",
+        "attempt": 1,
+        "uid": "hdishd83djaidwnduwk28bcsb"
+    },
+    "linux": {
+    },
+    "log_directory": "/tmp"
+}
+EOF
+}
+
+{ # Step 3: Create the sandbox
+SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json)
+}