Update shim to build using bazel.

The go.mod dependency tree for the shim was somehow contradictory. After
resolving these issues (e.g. explicitly imported k8s 1.14, pulling a
specific dbus version), and adding all dependencies, the shim can now be
build as part of the regular bazel tree.

As part of this process, minor cleanup was done in all the source files:
headers were standardized (and include "The gVisor Authors" in addition
to the "The containerd Authors" if originally derived from containerd
sources), and comments were cleaned up to meet coding standards.

This change makes the containerd installation dynamic, so that multiple
versions can be tested, and drops the static installer for the VM image
itself.

This change also updates test/root/crictl_test.go and related utilities,
so that the containerd tests can be run on any version (and in cases
where it applies, they can be run on both v1 and v2 as parameterized
tests).

16 files changed, 0 insertions, 419 deletions

diff --git a/test/shim/containerd-install.sh b/test/shim/containerd-install.sh
deleted file mode 100755
index 400819245..000000000
--- a/test/shim/containerd-install.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash
-
-# A script to install containerd and CNI plugins for e2e testing
-
-wget -q --https-only \
-    https://github.com/containerd/containerd/releases/download/v${CONTAINERD_VERSION}/containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz \
-    https://github.com/containernetworking/plugins/releases/download/v0.7.0/cni-plugins-amd64-v0.7.0.tgz
-
-sudo mkdir -p /etc/containerd /etc/cni/net.d /opt/cni/bin
-sudo tar -xvf cni-plugins-amd64-v0.7.0.tgz -C /opt/cni/bin/
-sudo tar -xvf containerd-${CONTAINERD_VERSION}.linux-amd64.tar.gz -C /
-
-cat <<EOF | sudo tee /etc/containerd/config.toml
-disabled_plugins = ["restart"]
-# Set to avoid port overlap on older versions of containerd where default is 10010.
-[plugins.cri]
-  stream_server_port = "10011"
-EOF
-
-cat <<EOF | sudo tee /etc/cni/net.d/10-bridge.conf
-{
-  "cniVersion": "0.3.1",
-  "name": "bridge",
-  "type": "bridge",
-  "bridge": "cnio0",
-  "isGateway": true,
-  "ipMasq": true,
-  "ipam": {
-      "type": "host-local",
-      "ranges": [
-        [{"subnet": "10.200.0.0/24"}]
-      ],
-      "routes": [{"dst": "0.0.0.0/0"}]
-  }
-}
-EOF
-cat <<EOF | sudo tee /etc/cni/net.d/99-loopback.conf
-{
-  "cniVersion": "0.3.1",
-  "type": "loopback"
-}
-EOF
-
-sudo PATH=$PATH containerd -log-level debug &>/tmp/containerd-cri.log &
diff --git a/test/shim/crictl-install.sh b/test/shim/crictl-install.sh
deleted file mode 100755
index 1d63c889b..000000000
--- a/test/shim/crictl-install.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# A sample script for installing crictl.
-
-set -ex
-
-{ # Step 1: Download crictl
-wget https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.13.0/crictl-v1.13.0-linux-amd64.tar.gz
-tar xf crictl-v1.13.0-linux-amd64.tar.gz
-sudo mv crictl /usr/local/bin
-}
-
-{ # Step 2: Configure crictl
-cat <<EOF | sudo tee /etc/crictl.yaml
-runtime-endpoint: unix:///run/containerd/containerd.sock
-EOF
-}
diff --git a/test/shim/run-container.sh b/test/shim/run-container.sh
deleted file mode 100755
index 4595433c3..000000000
--- a/test/shim/run-container.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-# A sample script to run a container in an existing pod
-
-set -ex
-
-{ # Step 1: Create nginx container config
-cat <<EOF | tee container.json
-{
-  "metadata": {
-      "name": "nginx"
-    },
-  "image":{
-      "image": "nginx"
-    },
-  "log_path":"nginx.0.log",
-  "linux": {
-  }
-}
-EOF
-}
-
-{ # Step 2: Create nginx container
-CONTAINER_ID=$(sudo crictl create ${SANDBOX_ID} container.json sandbox.json)
-}
-
-{ # Step 3: Start nginx container
-sudo crictl start ${CONTAINER_ID}
-}
-
diff --git a/test/shim/runsc-install.sh b/test/shim/runsc-install.sh
deleted file mode 100755
index 420fe01e9..000000000
--- a/test/shim/runsc-install.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-# Sample script to install runsc
-
-wget -q --https-only \
-    https://storage.googleapis.com/gvisor/releases/${RUNSC_VERSION}/runsc
-chmod +x runsc
-sudo mv runsc /usr/local/bin/
diff --git a/test/shim/runtime-handler-shim-v2/install.sh b/test/shim/runtime-handler-shim-v2/install.sh
deleted file mode 100755
index af6b5be1e..000000000
--- a/test/shim/runtime-handler-shim-v2/install.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-# A sample script for installing and configuring the gvisor-containerd-shim to
-# use the containerd runtime handler.
-
-set -ex
-
-{ # Step 1: Create containerd config.toml
-cat <<EOF | sudo tee /etc/containerd/config.toml
-disabled_plugins = ["restart"]
-[plugins.linux]
-  shim_debug = true
-[plugins.cri.containerd.runtimes.runsc]
-  runtime_type = "io.containerd.runsc.v1"
-EOF
-}
-
-{ # Step 2: Restart containerd
-sudo pkill containerd
-sudo containerd -log-level debug &> /tmp/containerd-cri.log &
-}
diff --git a/test/shim/runtime-handler-shim-v2/test.sh b/test/shim/runtime-handler-shim-v2/test.sh
deleted file mode 100755
index e33655ec1..000000000
--- a/test/shim/runtime-handler-shim-v2/test.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-# Runs end-to-end tests for gvisor-containerd-shim to test the use of runtime
-# handler. This should work on containerd 1.2+
-
-# This is meant to be run in a VM as it makes a fairly invasive install of
-# containerd.
-
-set -ex
-
-# Install containerd
-. ./test/e2e/containerd-install.sh
-
-# Install gVisor
-. ./test/e2e/runsc-install.sh
-
-# Install gvisor-containerd-shim
-. ./test/e2e/shim-install.sh
-
-# Test installation/configuration
-. ./test/e2e/runtime-handler-shim-v2/install.sh
-
-# Install crictl
-. ./test/e2e/crictl-install.sh
-
-# Test usage (the same with runtime-handler)
-. ./test/e2e/runtime-handler/usage.sh
-
-# Run a container in the sandbox
-. ./test/e2e/run-container.sh
-
-# Validate the pod and container
-. ./test/e2e/validate.sh
-. ./test/e2e/runtime-handler-shim-v2/validate.sh
diff --git a/test/shim/runtime-handler-shim-v2/validate.sh b/test/shim/runtime-handler-shim-v2/validate.sh
deleted file mode 100755
index b74a059ef..000000000
--- a/test/shim/runtime-handler-shim-v2/validate.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-# A sample script to validating the running containerd-shim-runsc-v1.
-
-set -ex
-
-ps aux | grep [c]ontainerd-shim-runsc-v1
diff --git a/test/shim/runtime-handler/install.sh b/test/shim/runtime-handler/install.sh
deleted file mode 100755
index ebe9d3580..000000000
--- a/test/shim/runtime-handler/install.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-# A sample script for installing and configuring the gvisor-containerd-shim to
-# use the containerd runtime handler. 
-
-set -ex
-
-{ # Step 1: Create containerd config.toml
-cat <<EOF | sudo tee /etc/containerd/config.toml
-disabled_plugins = ["restart"]
-[plugins.linux]
-  shim = "/usr/local/bin/gvisor-containerd-shim"
-  shim_debug = true
-[plugins.cri.containerd.runtimes.runsc]
-  runtime_type = "io.containerd.runtime.v1.linux"
-  runtime_engine = "/usr/local/bin/runsc"
-  runtime_root = "/run/containerd/runsc"
-EOF
-}
-
-{ # Step 2: Restart containerd
-sudo pkill containerd
-sudo containerd -log-level debug &> /tmp/containerd-cri.log &
-}
diff --git a/test/shim/runtime-handler/test.sh b/test/shim/runtime-handler/test.sh
deleted file mode 100755
index 99f3565b6..000000000
--- a/test/shim/runtime-handler/test.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# Runs end-to-end tests for gvisor-containerd-shim to test the use of runtime
-# handler. This should work on containerd 1.2+
-
-# This is meant to be run in a VM as it makes a fairly invasive install of
-# containerd.
-
-set -ex
-
-# Install containerd
-. ./test/e2e/containerd-install.sh
-
-# Install gVisor
-. ./test/e2e/runsc-install.sh
-
-# Install gvisor-containerd-shim
-. ./test/e2e/shim-install.sh
-
-# Test installation/configuration
-. ./test/e2e/runtime-handler/install.sh
-
-# Install crictl
-. ./test/e2e/crictl-install.sh
-
-# Test usage
-. ./test/e2e/runtime-handler/usage.sh
-
-# Run a container in the sandbox
-. ./test/e2e/run-container.sh
-
-# Validate the pod and container
-. ./test/e2e/validate.sh
diff --git a/test/shim/runtime-handler/usage.sh b/test/shim/runtime-handler/usage.sh
deleted file mode 100755
index 350c720c2..000000000
--- a/test/shim/runtime-handler/usage.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-# A sample script for testing the gvisor-containerd-shim
-# using runtime handler.
-
-set -ex
-
-{ # Step 1: Pull the nginx image
-sudo crictl pull nginx
-}
-
-{ # Step 2: Create sandbox.json
-cat <<EOF | tee sandbox.json
-{
-    "metadata": {
-        "name": "nginx-sandbox",
-        "namespace": "default",
-        "attempt": 1,
-        "uid": "hdishd83djaidwnduwk28bcsb"
-    },
-    "linux": {
-    },
-    "log_directory": "/tmp"
-}
-EOF
-}
-
-{ # Step 3: Create the sandbox
-SANDBOX_ID=$(sudo crictl runp --runtime runsc sandbox.json)
-}
diff --git a/test/shim/runtimeclass-install.sh b/test/shim/runtimeclass-install.sh
deleted file mode 100755
index 28abbcd00..000000000
--- a/test/shim/runtimeclass-install.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# A sample script to test installing a RuntimeClass
-
-set -ex
-
-{ # Step 1: Install a RuntimeClass
-cat <<EOF | kubectl apply -f -
-apiVersion: node.k8s.io/v1beta1
-kind: RuntimeClass
-metadata:
-  name: gvisor
-handler: runsc
-EOF
-}
-
-{ # Step 2: Create a pod
-cat <<EOF | kubectl apply -f -
-apiVersion: v1
-kind: Pod
-metadata:
-  name: nginx-gvisor
-spec:
-  runtimeClassName: gvisor
-  containers:
-  - name: nginx
-    image: nginx
-EOF
-}
-
-{ # Step 3: Get the pod
-kubectl get pod nginx-gvisor -o wide
-}
diff --git a/test/shim/shim-install.sh b/test/shim/shim-install.sh
deleted file mode 100755
index f98455d46..000000000
--- a/test/shim/shim-install.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-# A sample script to install gvisor-containerd-shim
-
-set -ex
-
-# Build gvisor-containerd-shim
-if [ "${INSTALL_LATEST}" == "1" ]; then
-{ # Step 1(release): Install gvisor-containerd-shim
-LATEST_RELEASE=$(wget -qO - https://api.github.com/repos/google/gvisor-containerd-shim/releases | grep -oP '(?<="browser_download_url": ")https://[^"]*gvisor-containerd-shim.linux-amd64' | head -1)
-wget -O gvisor-containerd-shim ${LATEST_RELEASE}
-chmod +x gvisor-containerd-shim
-sudo mv gvisor-containerd-shim /usr/local/bin/gvisor-containerd-shim
-}
-else
-{ # Step 1(dev): Build and install gvisor-containerd-shim and containerd-shim-runsc-v1
-    make
-    sudo make install
-}
-fi
-
-{ # Step 2: Create the gvisor-containerd-shim.toml
-cat <<EOF | sudo tee /etc/containerd/gvisor-containerd-shim.toml
-# This is the path to the default runc containerd-shim.
-runc_shim = "/usr/local/bin/containerd-shim"
-EOF
-}
-
diff --git a/test/shim/untrusted-workload/install.sh b/test/shim/untrusted-workload/install.sh
deleted file mode 100755
index c4538aed1..000000000
--- a/test/shim/untrusted-workload/install.sh
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/bash
-
-# A sample script for installing and configuring the gvisor-containerd-shim to
-# use the untrusted workload extension.
-
-set -ex
-
-{ # Step 1: Create containerd config.toml
-cat <<EOF | sudo tee /etc/containerd/config.toml
-disabled_plugins = ["restart"]
-[plugins.linux]
-  shim = "/usr/local/bin/gvisor-containerd-shim"
-  shim_debug = true
-# Set to avoid port overlap on older versions of containerd where default is 10010.
-[plugins.cri]
-  stream_server_port = "10011"
-[plugins.cri.containerd.untrusted_workload_runtime]
-  runtime_type = "io.containerd.runtime.v1.linux"
-  runtime_engine = "/usr/local/bin/runsc"
-  runtime_root = "/run/containerd/runsc"
-EOF
-}
-
-{ # Step 2: Restart containerd
-sudo pkill containerd
-sudo containerd -log-level debug &>/tmp/containerd-cri.log &
-}
diff --git a/test/shim/untrusted-workload/test.sh b/test/shim/untrusted-workload/test.sh
deleted file mode 100755
index 6e312cf6d..000000000
--- a/test/shim/untrusted-workload/test.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# Runs end-to-end tests for gvisor-containerd-shim to test using the
-# untrusted workload extension. This should work on containerd 1.1+
-
-# This is meant to be run in a VM as it makes a fairly invasive install of
-# containerd.
-
-set -ex
-
-# Install containerd
-. ./test/e2e/containerd-install.sh
-
-# Install gVisor
-. ./test/e2e/runsc-install.sh
-
-# Install gvisor-containerd-shim
-. ./test/e2e/shim-install.sh
-
-# Test installation/configuration
-. ./test/e2e/untrusted-workload/install.sh
-
-# Install crictl
-. ./test/e2e/crictl-install.sh
-
-# Test usage
-. ./test/e2e/untrusted-workload/usage.sh
-
-# Run a container in the sandbox
-. ./test/e2e/run-container.sh
-
-# Validate the pod and container
-. ./test/e2e/validate.sh
diff --git a/test/shim/untrusted-workload/usage.sh b/test/shim/untrusted-workload/usage.sh
deleted file mode 100755
index db8206964..000000000
--- a/test/shim/untrusted-workload/usage.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-# A sample script for testing the gvisor-containerd-shim # using untrusted
-# workload extension.
-
-set -ex
-
-{ # Step 1: Pull the nginx image
-sudo crictl pull nginx
-}
-
-{ # Step 2: Create sandbox.json
-cat <<EOF | tee sandbox.json
-{
-    "metadata": {
-        "name": "nginx-sandbox",
-        "namespace": "default",
-        "attempt": 1,
-        "uid": "hdishd83djaidwnduwk28bcsb"
-    },
-    "annotations": {
-      "io.kubernetes.cri.untrusted-workload": "true"
-    },
-    "linux": {
-    },
-    "log_directory": "/tmp"
-}
-EOF
-}
-
-{ # Step 3: Create the sandbox
-SANDBOX_ID=$(sudo crictl runp sandbox.json)
-}
diff --git a/test/shim/validate.sh b/test/shim/validate.sh
deleted file mode 100755
index b56b79d2a..000000000
--- a/test/shim/validate.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# A sample script to validate a running nginx container.
-
-set -ex
-
-{ # Step 1: Inspect the pod
-sudo crictl inspectp ${SANDBOX_ID}
-}
-
-{ # Step 2: Inspect the container
-sudo crictl inspect ${CONTAINER_ID}
-}
-
-{ # Step 3: Check dmesg
-sudo crictl exec ${CONTAINER_ID} dmesg | grep -i gvisor
-}