diff options
author | Adin Scannell <ascannell@google.com> | 2019-09-03 22:01:34 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-09-03 22:02:43 -0700 |
commit | 67a2ab1438cdccbe045143bbfaa807cf83110ebc (patch) | |
tree | 8c17f5ecd3e5b3e9c4decb46d8f2b2e893809dc1 /test/e2e | |
parent | 144127e5e1c548150f49501a7decb82ec2e239f2 (diff) |
Impose order on test scripts.
The simple test script has gotten out of control. Shard this script into
different pieces and attempt to impose order on overall test structure. This
change helps lay some of the foundations for future improvements.
* The runsc/test directories are moved into just test/.
* The runsc/test/testutil package is split into logical pieces.
* The scripts/ directory contains new top-level targets.
* Each test is now responsible for building targets it requires.
* The install functionality is moved into `runsc` itself for simplicity.
* The existing kokoro run_tests.sh file now just calls all (can be split).
After this change is merged, I will create multiple distinct workflows for
Kokoro, one for each of the scripts currently targeted by `run_tests.sh` today,
which should dramatically reduce the time-to-run for the Kokoro tests, and
provides a better foundation for further improvements to the infrastructure.
PiperOrigin-RevId: 267081397
Diffstat (limited to 'test/e2e')
-rw-r--r-- | test/e2e/BUILD | 31 | ||||
-rw-r--r-- | test/e2e/exec_test.go | 156 | ||||
-rw-r--r-- | test/e2e/integration.go | 16 | ||||
-rw-r--r-- | test/e2e/integration_test.go | 348 | ||||
-rw-r--r-- | test/e2e/regression_test.go | 45 |
5 files changed, 596 insertions, 0 deletions
diff --git a/test/e2e/BUILD b/test/e2e/BUILD new file mode 100644 index 000000000..99442cffb --- /dev/null +++ b/test/e2e/BUILD @@ -0,0 +1,31 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") + +package(licenses = ["notice"]) + +go_test( + name = "integration_test", + size = "large", + srcs = [ + "exec_test.go", + "integration_test.go", + "regression_test.go", + ], + embed = [":integration"], + tags = [ + # Requires docker and runsc to be configured before the test runs. + "manual", + "local", + ], + visibility = ["//:sandbox"], + deps = [ + "//pkg/abi/linux", + "//runsc/dockerutil", + "//runsc/testutil", + ], +) + +go_library( + name = "integration", + srcs = ["integration.go"], + importpath = "gvisor.dev/gvisor/test/integration", +) diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go new file mode 100644 index 000000000..ce2c4f689 --- /dev/null +++ b/test/e2e/exec_test.go @@ -0,0 +1,156 @@ +// Copyright 2018 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package image provides end-to-end integration tests for runsc. These tests +// require docker and runsc to be installed on the machine. +// +// Each test calls docker commands to start up a container, and tests that it +// is behaving properly, with various runsc commands. The container is killed +// and deleted at the end. + +package integration + +import ( + "fmt" + "strconv" + "strings" + "syscall" + "testing" + "time" + + "gvisor.dev/gvisor/pkg/abi/linux" + "gvisor.dev/gvisor/runsc/dockerutil" +) + +func TestExecCapabilities(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatalf("docker pull failed: %v", err) + } + d := dockerutil.MakeDocker("exec-test") + + // Start the container. + if err := d.Run("alpine", "sh", "-c", "cat /proc/self/status; sleep 100"); err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer d.CleanUp() + + matches, err := d.WaitForOutputSubmatch("CapEff:\t([0-9a-f]+)\n", 5*time.Second) + if err != nil { + t.Fatalf("WaitForOutputSubmatch() timeout: %v", err) + } + if len(matches) != 2 { + t.Fatalf("There should be a match for the whole line and the capability bitmask") + } + capString := matches[1] + t.Log("Root capabilities:", capString) + + // CAP_NET_RAW was in the capability set for the container, but was + // removed. However, `exec` does not remove it. Verify that it's not + // set in the container, then re-add it for comparison. + caps, err := strconv.ParseUint(capString, 16, 64) + if err != nil { + t.Fatalf("failed to convert capabilities %q: %v", capString, err) + } + if caps&(1<<uint64(linux.CAP_NET_RAW)) != 0 { + t.Fatalf("CAP_NET_RAW should be filtered, but is set in the container: %x", caps) + } + caps |= 1 << uint64(linux.CAP_NET_RAW) + want := fmt.Sprintf("CapEff:\t%016x\n", caps) + + // Now check that exec'd process capabilities match the root. + got, err := d.Exec("grep", "CapEff:", "/proc/self/status") + if err != nil { + t.Fatalf("docker exec failed: %v", err) + } + if got != want { + t.Errorf("wrong capabilities, got: %q, want: %q", got, want) + } +} + +func TestExecJobControl(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatalf("docker pull failed: %v", err) + } + d := dockerutil.MakeDocker("exec-job-control-test") + + // Start the container. + if err := d.Run("alpine", "sleep", "1000"); err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer d.CleanUp() + + // Exec 'sh' with an attached pty. + cmd, ptmx, err := d.ExecWithTerminal("sh") + if err != nil { + t.Fatalf("docker exec failed: %v", err) + } + defer ptmx.Close() + + // Call "sleep 100 | cat" in the shell. We pipe to cat so that there + // will be two processes in the foreground process group. + if _, err := ptmx.Write([]byte("sleep 100 | cat\n")); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // Give shell a few seconds to start executing the sleep. + time.Sleep(2 * time.Second) + + // Send a ^C to the pty, which should kill sleep and cat, but not the + // shell. \x03 is ASCII "end of text", which is the same as ^C. + if _, err := ptmx.Write([]byte{'\x03'}); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // The shell should still be alive at this point. Sleep should have + // exited with code 2+128=130. We'll exit with 10 plus that number, so + // that we can be sure that the shell did not get signalled. + if _, err := ptmx.Write([]byte("exit $(expr $? + 10)\n")); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // Exec process should exit with code 10+130=140. + ps, err := cmd.Process.Wait() + if err != nil { + t.Fatalf("error waiting for exec process: %v", err) + } + ws := ps.Sys().(syscall.WaitStatus) + if !ws.Exited() { + t.Errorf("ws.Exited got false, want true") + } + if got, want := ws.ExitStatus(), 140; got != want { + t.Errorf("ws.ExitedStatus got %d, want %d", got, want) + } +} + +// Test that failure to exec returns proper error message. +func TestExecError(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatalf("docker pull failed: %v", err) + } + d := dockerutil.MakeDocker("exec-error-test") + + // Start the container. + if err := d.Run("alpine", "sleep", "1000"); err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer d.CleanUp() + + _, err := d.Exec("no_can_find") + if err == nil { + t.Fatalf("docker exec didn't fail") + } + if want := `error finding executable "no_can_find" in PATH`; !strings.Contains(err.Error(), want) { + t.Fatalf("docker exec wrong error, got: %s, want: .*%s.*", err.Error(), want) + } +} diff --git a/test/e2e/integration.go b/test/e2e/integration.go new file mode 100644 index 000000000..4cd5f6c24 --- /dev/null +++ b/test/e2e/integration.go @@ -0,0 +1,16 @@ +// Copyright 2018 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package integration is empty. See integration_test.go for description. +package integration diff --git a/test/e2e/integration_test.go b/test/e2e/integration_test.go new file mode 100644 index 000000000..7cc0de129 --- /dev/null +++ b/test/e2e/integration_test.go @@ -0,0 +1,348 @@ +// Copyright 2018 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package integration provides end-to-end integration tests for runsc. +// +// Each test calls docker commands to start up a container, and tests that it is +// behaving properly, with various runsc commands. The container is killed and +// deleted at the end. +// +// Setup instruction in test/README.md. +package integration + +import ( + "flag" + "fmt" + "net" + "net/http" + "os" + "strconv" + "strings" + "syscall" + "testing" + "time" + + "gvisor.dev/gvisor/runsc/dockerutil" + "gvisor.dev/gvisor/runsc/testutil" +) + +// httpRequestSucceeds sends a request to a given url and checks that the status is OK. +func httpRequestSucceeds(client http.Client, server string, port int) error { + url := fmt.Sprintf("http://%s:%d", server, port) + // Ensure that content is being served. + resp, err := client.Get(url) + if err != nil { + return fmt.Errorf("error reaching http server: %v", err) + } + if want := http.StatusOK; resp.StatusCode != want { + return fmt.Errorf("wrong response code, got: %d, want: %d", resp.StatusCode, want) + } + return nil +} + +// TestLifeCycle tests a basic Create/Start/Stop docker container life cycle. +func TestLifeCycle(t *testing.T) { + if err := dockerutil.Pull("nginx"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("lifecycle-test") + if err := d.Create("-p", "80", "nginx"); err != nil { + t.Fatal("docker create failed:", err) + } + if err := d.Start(); err != nil { + d.CleanUp() + t.Fatal("docker start failed:", err) + } + + // Test that container is working + port, err := d.FindPort(80) + if err != nil { + t.Fatal("docker.FindPort(80) failed: ", err) + } + if err := testutil.WaitForHTTP(port, 30*time.Second); err != nil { + t.Fatal("WaitForHTTP() timeout:", err) + } + client := http.Client{Timeout: time.Duration(2 * time.Second)} + if err := httpRequestSucceeds(client, "localhost", port); err != nil { + t.Error("http request failed:", err) + } + + if err := d.Stop(); err != nil { + d.CleanUp() + t.Fatal("docker stop failed:", err) + } + if err := d.Remove(); err != nil { + t.Fatal("docker rm failed:", err) + } +} + +func TestPauseResume(t *testing.T) { + const img = "gcr.io/gvisor-presubmit/python-hello" + if !testutil.IsCheckpointSupported() { + t.Log("Checkpoint is not supported, skipping test.") + return + } + + if err := dockerutil.Pull(img); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("pause-resume-test") + if err := d.Run("-p", "8080", img); err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer d.CleanUp() + + // Find where port 8080 is mapped to. + port, err := d.FindPort(8080) + if err != nil { + t.Fatal("docker.FindPort(8080) failed:", err) + } + + // Wait until it's up and running. + if err := testutil.WaitForHTTP(port, 30*time.Second); err != nil { + t.Fatal("WaitForHTTP() timeout:", err) + } + + // Check that container is working. + client := http.Client{Timeout: time.Duration(2 * time.Second)} + if err := httpRequestSucceeds(client, "localhost", port); err != nil { + t.Error("http request failed:", err) + } + + if err := d.Pause(); err != nil { + t.Fatal("docker pause failed:", err) + } + + // Check if container is paused. + switch _, err := client.Get(fmt.Sprintf("http://localhost:%d", port)); v := err.(type) { + case nil: + t.Errorf("http req expected to fail but it succeeded") + case net.Error: + if !v.Timeout() { + t.Errorf("http req got error %v, wanted timeout", v) + } + default: + t.Errorf("http req got unexpected error %v", v) + } + + if err := d.Unpause(); err != nil { + t.Fatal("docker unpause failed:", err) + } + + // Wait until it's up and running. + if err := testutil.WaitForHTTP(port, 30*time.Second); err != nil { + t.Fatal("WaitForHTTP() timeout:", err) + } + + // Check if container is working again. + if err := httpRequestSucceeds(client, "localhost", port); err != nil { + t.Error("http request failed:", err) + } +} + +func TestCheckpointRestore(t *testing.T) { + const img = "gcr.io/gvisor-presubmit/python-hello" + if !testutil.IsCheckpointSupported() { + t.Log("Pause/resume is not supported, skipping test.") + return + } + + if err := dockerutil.Pull(img); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("save-restore-test") + if err := d.Run("-p", "8080", img); err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer d.CleanUp() + + if err := d.Checkpoint("test"); err != nil { + t.Fatal("docker checkpoint failed:", err) + } + + if _, err := d.Wait(30 * time.Second); err != nil { + t.Fatal(err) + } + + if err := d.Restore("test"); err != nil { + t.Fatal("docker restore failed:", err) + } + + // Find where port 8080 is mapped to. + port, err := d.FindPort(8080) + if err != nil { + t.Fatal("docker.FindPort(8080) failed:", err) + } + + // Wait until it's up and running. + if err := testutil.WaitForHTTP(port, 30*time.Second); err != nil { + t.Fatal("WaitForHTTP() timeout:", err) + } + + // Check if container is working again. + client := http.Client{Timeout: time.Duration(2 * time.Second)} + if err := httpRequestSucceeds(client, "localhost", port); err != nil { + t.Error("http request failed:", err) + } +} + +// Create client and server that talk to each other using the local IP. +func TestConnectToSelf(t *testing.T) { + d := dockerutil.MakeDocker("connect-to-self-test") + + // Creates server that replies "server" and exists. Sleeps at the end because + // 'docker exec' gets killed if the init process exists before it can finish. + if err := d.Run("ubuntu:trusty", "/bin/sh", "-c", "echo server | nc -l -p 8080 && sleep 1"); err != nil { + t.Fatal("docker run failed:", err) + } + defer d.CleanUp() + + // Finds IP address for host. + ip, err := d.Exec("/bin/sh", "-c", "cat /etc/hosts | grep ${HOSTNAME} | awk '{print $1}'") + if err != nil { + t.Fatal("docker exec failed:", err) + } + ip = strings.TrimRight(ip, "\n") + + // Runs client that sends "client" to the server and exits. + reply, err := d.Exec("/bin/sh", "-c", fmt.Sprintf("echo client | nc %s 8080", ip)) + if err != nil { + t.Fatal("docker exec failed:", err) + } + + // Ensure both client and server got the message from each other. + if want := "server\n"; reply != want { + t.Errorf("Error on server, want: %q, got: %q", want, reply) + } + if _, err := d.WaitForOutput("^client\n$", 1*time.Second); err != nil { + t.Fatal("docker.WaitForOutput(client) timeout:", err) + } +} + +func TestMemLimit(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("cgroup-test") + cmd := "cat /proc/meminfo | grep MemTotal: | awk '{print $2}'" + out, err := d.RunFg("--memory=500MB", "alpine", "sh", "-c", cmd) + if err != nil { + t.Fatal("docker run failed:", err) + } + defer d.CleanUp() + + // Remove warning message that swap isn't present. + if strings.HasPrefix(out, "WARNING") { + lines := strings.Split(out, "\n") + if len(lines) != 3 { + t.Fatalf("invalid output: %s", out) + } + out = lines[1] + } + + got, err := strconv.ParseUint(strings.TrimSpace(out), 10, 64) + if err != nil { + t.Fatalf("failed to parse %q: %v", out, err) + } + if want := uint64(500 * 1024); got != want { + t.Errorf("MemTotal got: %d, want: %d", got, want) + } +} + +func TestNumCPU(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("cgroup-test") + cmd := "cat /proc/cpuinfo | grep 'processor.*:' | wc -l" + out, err := d.RunFg("--cpuset-cpus=0", "alpine", "sh", "-c", cmd) + if err != nil { + t.Fatal("docker run failed:", err) + } + defer d.CleanUp() + + got, err := strconv.Atoi(strings.TrimSpace(out)) + if err != nil { + t.Fatalf("failed to parse %q: %v", out, err) + } + if want := 1; got != want { + t.Errorf("MemTotal got: %d, want: %d", got, want) + } +} + +// TestJobControl tests that job control characters are handled properly. +func TestJobControl(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatalf("docker pull failed: %v", err) + } + d := dockerutil.MakeDocker("job-control-test") + + // Start the container with an attached PTY. + _, ptmx, err := d.RunWithPty("alpine", "sh") + if err != nil { + t.Fatalf("docker run failed: %v", err) + } + defer ptmx.Close() + defer d.CleanUp() + + // Call "sleep 100" in the shell. + if _, err := ptmx.Write([]byte("sleep 100\n")); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // Give shell a few seconds to start executing the sleep. + time.Sleep(2 * time.Second) + + // Send a ^C to the pty, which should kill sleep, but not the shell. + // \x03 is ASCII "end of text", which is the same as ^C. + if _, err := ptmx.Write([]byte{'\x03'}); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // The shell should still be alive at this point. Sleep should have + // exited with code 2+128=130. We'll exit with 10 plus that number, so + // that we can be sure that the shell did not get signalled. + if _, err := ptmx.Write([]byte("exit $(expr $? + 10)\n")); err != nil { + t.Fatalf("error writing to pty: %v", err) + } + + // Wait for the container to exit. + got, err := d.Wait(5 * time.Second) + if err != nil { + t.Fatalf("error getting exit code: %v", err) + } + // Container should exit with code 10+130=140. + if want := syscall.WaitStatus(140); got != want { + t.Errorf("container exited with code %d want %d", got, want) + } +} + +// TestTmpFile checks that files inside '/tmp' are not overridden. In addition, +// it checks that working dir is created if it doesn't exit. +func TestTmpFile(t *testing.T) { + if err := dockerutil.Pull("alpine"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("tmp-file-test") + if err := d.Run("-w=/tmp/foo/bar", "--read-only", "alpine", "touch", "/tmp/foo/bar/file"); err != nil { + t.Fatal("docker run failed:", err) + } + defer d.CleanUp() +} + +func TestMain(m *testing.M) { + dockerutil.EnsureSupportedDockerVersion() + flag.Parse() + os.Exit(m.Run()) +} diff --git a/test/e2e/regression_test.go b/test/e2e/regression_test.go new file mode 100644 index 000000000..2488be383 --- /dev/null +++ b/test/e2e/regression_test.go @@ -0,0 +1,45 @@ +// Copyright 2019 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package integration + +import ( + "strings" + "testing" + + "gvisor.dev/gvisor/runsc/dockerutil" +) + +// Test that UDS can be created using overlay when parent directory is in lower +// layer only (b/134090485). +// +// Prerequisite: the directory where the socket file is created must not have +// been open for write before bind(2) is called. +func TestBindOverlay(t *testing.T) { + if err := dockerutil.Pull("ubuntu:trusty"); err != nil { + t.Fatal("docker pull failed:", err) + } + d := dockerutil.MakeDocker("bind-overlay-test") + + cmd := "nc -l -U /var/run/sock & p=$! && sleep 1 && echo foobar-asdf | nc -U /var/run/sock && wait $p" + got, err := d.RunFg("ubuntu:trusty", "bash", "-c", cmd) + if err != nil { + t.Fatal("docker run failed:", err) + } + + if want := "foobar-asdf"; !strings.Contains(got, want) { + t.Fatalf("docker run output is missing %q: %s", want, got) + } + defer d.CleanUp() +} |