A newer runc changed [1] a couple of certain error messages checked in this
test to be lowercased, which lead to a mismatch in this test case.
Fix is to remove "The" (which was replaced with "the").
[1] https://github.com/opencontainers/runc/pull/2441
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Currently default capability CAP_NET_RAW allows users to open ICMP echo
sockets, and CAP_NET_BIND_SERVICE allows binding to ports under 1024.
Both of these are safe operations, and Linux now provides ways that
these can be set, per container, to be allowed without any capabilties
for non root users. Enable these by default. Users can revert to the
previous behaviour by overriding the sysctl values explicitly.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
- Add tests to ensure it's working
- Rename variables for better clarification
- Fix validation test
- Remove wrong filter assertion based on publish filter
- Change port on test
Signed-off-by: Jaime Cepeda <jcepedavillamayor@gmail.com>
This enables image lookup when creating a container to fail when the
reference exists but it is for the wrong platform. This prevents trying
to run an image for the wrong platform, as can be the case with, for
example binfmt_misc+qemu.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Switch to moby/sys/mount and mountinfo. Keep the pkg/mount for potential
outside users.
This commit was generated by the following bash script:
```
set -e -u -o pipefail
for file in $(git grep -l 'docker/docker/pkg/mount"' | grep -v ^pkg/mount); do
sed -i -e 's#/docker/docker/pkg/mount"#/moby/sys/mount"#' \
-e 's#mount\.\(GetMounts\|Mounted\|Info\|[A-Za-z]*Filter\)#mountinfo.\1#g' \
$file
goimports -w $file
done
```
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This test was temporarily disabled (see moby/moby#35023) because of a bug in
Windows RS3 and RS4 causing duplicate port mappings to not be detected, and
not causing an error.
This bug was fixed as MSFT:14083260 on 10/31/2017, and backported to RS3 in
November/December 2017.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Rewrite sockRequestHijack to requestHijack which use writable
Transport's Response.Body to replace deprecated hijacked httputil.ClientConn.
```
// As of Go 1.12, the Body will also implement io.Writer
// on a successful "101 Switching Protocols" response,
// as used by WebSockets and HTTP/2's "h2c" mode.
Body io.ReadCloser
```.
TestPostContainersAttach and TestExecResizeImmediatelyAfterExecStart
replace all sockRequestHijack to requestHijack.
Signed-off-by: HuanHuan Ye <logindaveye@gmail.com>
Now that we marked these utilities as helpers, it should be
possible to find which test-case failed (if any), and we
can skip logging in the "happy path".
This makes these tests less noisy, which makes it easier
to find actually important information in the output:
--- PASS: TestDockerSuite/TestCpFromCaseC (0.96s)
docker_cli_cp_utils_test.go:244: checking that file "/tmp/test-cp-from-case-c450122079/file2" contains "file2\n"
docker_cli_cp_utils_test.go:192: running `docker cp 962b1f3311e742b0842e13b2ad350214cea25883999fd26e87e8c9ddf40d5eb4:/root/file1 /tmp/test-cp-from-case-c450122079/file2`
docker_cli_cp_utils_test.go:244: checking that file "/tmp/test-cp-from-case-c450122079/file2" contains "file1\n"
Some of these tests should probably be rewritten to use subtests,
but that's something for a follow-up.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Updated TestInfoSecurityOptions to not rely on CLI output. Note that this
test should be migrated to the integration suite, but that suite does not yet
have checks for "Seccomp" and "AppArmor"
- TestInfoAPIWarnings: don't start with busybox because we're not running containers in this test
- Migrate TestInfoDebug to integration suite
- Migrate TestInsecureRegistries to integration suite (renamed to TestInfoInsecureRegistries)
- Migrate TestRegistryMirrors to integration suite (renamed to TestInfoRegistryMirrors)
- Migrate TestInfoDiscoveryBackend to integration suite
- Migrate TestInfoDiscoveryInvalidAdvertise to integration suite
- Migrate TestInfoDiscoveryAdvertiseInterfaceName to integration suite
- Remove TestInfoFormat, which is testing the CLI functionality, and there is an
existing test in docker/cli (TestFormatInfo) covering this
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This makes the test less noisy, and won't print the `failed: Error ...` messages,
which were confusing.
Also, running as a subtest allows tracking failures individually through the
junit.xml files.
Before:
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup (3.00s)
daemon.go:26: Creating a new daemon at: "/go/src/github.com/docker/docker/bundles/test-integration/TestDockerSwarmSuite/TestSwarmNetworkCreateDup"
docker_cli_swarm_test.go:1527: Creating a network named "network-test-0" with "bridge", then "bridge"
docker_cli_swarm_test.go:1534: As expected, the attempt to network "network-test-0" with "bridge" failed: Error response from daemon: network with name network-test-0 already exists
docker_cli_swarm_test.go:1527: Creating a network named "network-test-0" with "bridge", then "overlay"
docker_cli_swarm_test.go:1534: As expected, the attempt to network "network-test-0" with "overlay" failed: Error response from daemon: network with name network-test-0 already exists
docker_cli_swarm_test.go:1527: Creating a network named "network-test-1" with "overlay", then "bridge"
docker_cli_swarm_test.go:1534: As expected, the attempt to network "network-test-1" with "bridge" failed: Error response from daemon: network with name network-test-1 already exists
docker_cli_swarm_test.go:1527: Creating a network named "network-test-1" with "overlay", then "overlay"
docker_cli_swarm_test.go:1534: As expected, the attempt to network "network-test-1" with "overlay" failed: Error response from daemon: network with name network-test-1 already exists
After:
=== RUN TestDockerSwarmSuite
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_bridge_then_bridge
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_bridge_then_overlay
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_overlay_then_bridge
=== RUN TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_overlay_then_overlay
--- PASS: TestDockerSwarmSuite (8.12s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup (8.12s)
daemon.go:26: Creating a new daemon at: "/go/src/github.com/docker/docker/bundles/test-integration/TestDockerSwarmSuite/TestSwarmNetworkCreateDup"
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_bridge_then_bridge (0.52s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_bridge_then_overlay (0.31s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_overlay_then_bridge (0.17s)
--- PASS: TestDockerSwarmSuite/TestSwarmNetworkCreateDup/driver_overlay_then_overlay (0.12s)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Before:
daemon.go:26: Creating a new daemon at: "/go/src/github.com/docker/docker/bundles/test-integration/TestDockerSwarmSuite/TestSwarmNetworkCreateDup"
After:
docker_cli_swarm_test.go:1522: Creating a new daemon at: "/go/src/github.com/docker/docker/bundles/test-integration/TestDockerSwarmSuite/TestSwarmNetworkCreateDup"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Running these tests with a different version of the CLI caused
some failures because the tests relied on the CLI's output format.
Although these tests should be rewritten to use the API directly,
in the meantime this makes them slightly more reliable.
Signed-off-by: Tibor Vass <tibor@docker.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make this utility a helper, so that the "skip" message is printing
the location of the test, instead of the location of the helper,
which is what it's printing now:
requirement.go:26: unmatched requirement bridgeNfIptables
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Unfortunately quite some of these tests do output-matching, which
may be CLI dependent; this patch prints the output string, to help
debugging failures that may be related to the output having changed
between CLI versions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were accidentally wrong due to a sloppy copy/paste issue. Interestingly,
CI passed on the PR that added it (6397dd4d31),
possibly because of this issue, it stopped linting?
WARN [runner/golint] Golint: can't lint 4 files: no file name for file &{Doc:<nil> Package:23044677 Name:quota Decls:[0xc02cc3fa40 0xc02cc3fac0 0xc02cc3fb40 0xc02cc3fbc0 0xc02cc62ab0 0xc02cc62c00] Scope:scope 0xc02cc5c340 {
var ErrQuotaNotSupported
type errQuotaNotSupported
}
Imports:[0xc02cc62930] Unresolved:[errdefs nil string] Comments:[0xc02cbc9ae0 0xc02cbc9c60]}
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On account of being flaky on both RS1 and RS5.
Co-Authored-By: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Signed-off-by: Vikram bir Singh <vikrambir.singh@docker.com>
This test was updated in b79adac339, but is still flaky;
```
20:24:13 FAIL: docker_cli_swarm_test.go:1333: DockerSwarmSuite.TestSwarmClusterRotateUnlockKey
20:24:13
20:24:13 Creating a new daemon at: /go/src/github.com/docker/docker/bundles/test-integration/3/DockerSwarmSuite.TestSwarmClusterRotateUnlockKey
20:24:13 [d6f95e679cb65] waiting for daemon to start
20:24:13 [d6f95e679cb65] waiting for daemon to start
20:24:13 [d6f95e679cb65] daemon started
20:24:13
20:24:13 Creating a new daemon at: /go/src/github.com/docker/docker/bundles/test-integration/3/DockerSwarmSuite.TestSwarmClusterRotateUnlockKey
20:24:13 [d204a02ba4780] waiting for daemon to start
20:24:13 [d204a02ba4780] waiting for daemon to start
20:24:13 [d204a02ba4780] daemon started
20:24:13
20:24:13 [d204a02ba4780] joining swarm manager [d6f95e679cb65]@0.0.0.0:2477, swarm listen addr 0.0.0.0:2478
20:24:13 Creating a new daemon at: /go/src/github.com/docker/docker/bundles/test-integration/3/DockerSwarmSuite.TestSwarmClusterRotateUnlockKey
20:24:13 [d873d6a842829] waiting for daemon to start
20:24:13 [d873d6a842829] waiting for daemon to start
20:24:13 [d873d6a842829] daemon started
20:24:13
20:24:13 [d873d6a842829] joining swarm manager [d6f95e679cb65]@0.0.0.0:2477, swarm listen addr 0.0.0.0:2479
20:24:13 [d204a02ba4780] Stopping daemon
20:24:13 [d204a02ba4780] exiting daemon
20:24:13 [d204a02ba4780] Daemon stopped
20:24:13 [d204a02ba4780] waiting for daemon to start
20:24:13 [d204a02ba4780] waiting for daemon to start
20:24:13 [d204a02ba4780] daemon started
20:24:13
20:24:13 [d873d6a842829] Stopping daemon
20:24:13 [d873d6a842829] exiting daemon
20:24:13 [d873d6a842829] Daemon stopped
20:24:13 [d873d6a842829] waiting for daemon to start
20:24:13 [d873d6a842829] waiting for daemon to start
20:24:13 [d873d6a842829] daemon started
20:24:13
20:24:13 docker_cli_swarm_test.go:1413:
20:24:13 c.Assert(err, checker.IsNil, check.Commentf("%s", outs))
20:24:13 ... value *exec.ExitError = &exec.ExitError{ProcessState:(*os.ProcessState)(0xc000934240), Stderr:[]uint8(nil)} ("exit status 1")
20:24:13 ... Error response from daemon: rpc error: code = Unknown desc = The swarm does not have a leader. It's possible that too few managers are online. Make sure more than half of the managers are online.
20:24:13
20:24:13
20:24:13 [d6f95e679cb65] Stopping daemon
20:24:13 [d6f95e679cb65] exiting daemon
20:24:13 [d6f95e679cb65] Daemon stopped
20:24:13 [d204a02ba4780] Stopping daemon
20:24:13 [d204a02ba4780] exiting daemon
20:24:13 [d204a02ba4780] Daemon stopped
20:24:13 [d873d6a842829] Stopping daemon
20:24:13 [d873d6a842829] exiting daemon
20:24:13 [d873d6a842829] Daemon stopped
```
The interesting bit there is that the retry loop should have a 3 second sleep before retrying,
but looking at the failure above, the test started (and failed) within a second, which means that
a different error / output was returned.
This patch adds some additional debugging to that test to see if we can catch the reason
this test is still flaky.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
docker/integration-cli/checker/checker.go
Line 12: warning: exported type Compare should have comment or be unexported (golint)
Line 14: warning: exported function False should have comment or be unexported (golint)
Line 20: warning: exported function True should have comment or be unexported (golint)
Line 26: warning: exported function Equals should have comment or be unexported (golint)
Line 32: warning: exported function Contains should have comment or be unexported (golint)
Line 38: warning: exported function Not should have comment or be unexported (golint)
Line 52: warning: exported function DeepEquals should have comment or be unexported (golint)
Line 58: warning: exported function HasLen should have comment or be unexported (golint)
Line 64: warning: exported function IsNil should have comment or be unexported (golint)
Line 70: warning: exported function GreaterThan should have comment or be unexported (golint)
Line 76: warning: exported function NotNil should have comment or be unexported (golint)
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
internal/test/environment/environment.go:37:23: `useing` is a misspelling of `using`(misspell)
integration/container/wait_test.go:49:9: `waitres` is a misspelling of `waiters`(misspell)
integration/container/wait_test.go:95:9: `waitres` is a misspelling of `waiters`(misspell)
integration-cli/docker_api_containers_test.go:1042:7: `waitres` is a misspelling of `waiters`(misspell)
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fixes linter warnings like this one:
> distribution/pull_v2.go:229:39: SA1019: os.SEEK_SET is deprecated: Use io.SeekStart, io.SeekCurrent, and io.SeekEnd. (staticcheck)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
```
integration-cli/docker_cli_attach_test.go:44:: SA2002: the goroutine calls T.Fatal, which must be called in the same goroutine as the test (staticcheck)
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
integration-cli/docker_cli_daemon_test.go:1753:32: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_daemon_test.go:1783:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_daemon_test.go:1893:92: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:444:34: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:600:36: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:602:36: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:610:34: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:613:34: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:614:36: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_external_volume_driver_test.go:617:36: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_plugins_test.go:431:39: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:174:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1046:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1071:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1074:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1079:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1087:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1102:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1108:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1128:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1323:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1329:32: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1388:34: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
integration-cli/docker_cli_swarm_test.go:1985:31: S1025: the argument is already a string, there's no need to use fmt.Sprintf (gosimple)
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
integration-cli/docker_cli_registry_user_agent_test.go:78:2: SA5001: should check returned error before deferring reg.Close() (staticcheck)
integration-cli/docker_cli_v2_only_test.go:30:2: SA5001: should check returned error before deferring reg.Close() (staticcheck)
integration-cli/docker_api_containers_test.go:392:3: SA5001: should check returned error before deferring resp.Body.Close() (staticcheck)
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
```
14:26:43 integration-cli/docker_cli_build_test.go:3430:15: S1007: should use raw string (`...`) with regexp.MustCompile to avoid having to escape twice (gosimple)
14:26:43 outRegexp := regexp.MustCompile("^(sha256:|)[a-z0-9]{64}\\n$")
14:26:43 ^
14:26:43 integration-cli/docker_cli_by_digest_test.go:26:20: S1007: should use raw string (`...`) with regexp.MustCompile to avoid having to escape twice (gosimple)
14:26:43 pushDigestRegex = regexp.MustCompile("[\\S]+: digest: ([\\S]+) size: [0-9]+")
14:26:43 ^
14:26:43 integration-cli/docker_cli_by_digest_test.go:27:20: S1007: should use raw string (`...`) with regexp.MustCompile to avoid having to escape twice (gosimple)
14:26:43 digestRegex = regexp.MustCompile("Digest: ([\\S]+)")
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Format the source according to latest goimports.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Hyper-V isolated containers do not allow file-operations on a
running container. This test currently uses `docker cp` to verify
that the WORKDIR was automatically created, which cannot be done
while the container is running.
```
FAIL: docker_cli_create_test.go:302: DockerSuite.TestCreateWithWorkdir
assertion failed:
Command: d:\CI-7\CI-f3768a669\binary\docker.exe cp foo:c:\home\foo\bar c:\tmp
ExitCode: 1
Error: exit status 1
Stdout:
Stderr: Error response from daemon: filesystem operations against a running Hyper-V container are not supported
Failures:
ExitCode was 1 expected 0
Expected no error
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
After the commit faaffd5d6d ("Windows:Disable 2 restart test when
Hyper-V") some tests became skipped on linux:
SKIP: docker_cli_restart_test.go:167: DockerSuite.TestRestartContainerSuccess (unmatched requirement IsolationIsProcess)
SKIP: docker_cli_restart_test.go:240: DockerSuite.TestRestartPolicyAfterRestart (unmatched requirement IsolationIsProcess)
But AFAIU it is highly unlikely that we actually meant to skip them on linux.
https://github.com/moby/moby/issues/39625
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
`TestBuildBuildTimeArgEnv` and `TestBuildBuildTimeArgEmptyValVariants` were
using non-standard comparisons.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Found these by doing a `grep -R 'using the force'` on a full test run.
There's still a few more which are running against the main test daemon,
so it is difficult to find which test they belong to.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
I've seen this test fail a number of times recently on RS1
Looking at failures, the test is taking a long time ro run (491.77s, which is
more than 8 minutes), so perhaps it's just too slow on RS1, which may be
because we switch to a different base image, or because we're now running
on different machines.
Compared to RS5 (still slow, but a lot faster);
```
--- PASS: Test/DockerSuite/TestAPIImagesSaveAndLoad (146.25s)
```
```
--- FAIL: Test/DockerSuite/TestAPIImagesSaveAndLoad (491.77s)
cli.go:45: assertion failed:
Command: d:\CI-5\CI-93d2cf881\binary\docker.exe inspect --format {{.Id}} sha256:69e7c1ff23be5648c494294a3808c0ea3f78616fad67bfe3b10d3a7e2be5ff02
ExitCode: 1
Error: exit status 1
Stdout:
Stderr: Error: No such object: sha256:69e7c1ff23be5648c494294a3808c0ea3f78616fad67bfe3b10d3a7e2be5ff02
Failures:
ExitCode was 1 expected 0
Expected no error
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Replaced using a bit of grep-ing;
```
find . -name "*_test.go" -exec sed -E -i 's#assert.Assert\((.*), fmt.Sprintf\((.*)\)\)$#assert.Assert\(\1, \2\)#g' '{}' \;
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Starting the daemon should not load the busybox image again
in most cases, so add a new `StartNodeWithBusybox` function
to be clear that this one loads the busybox image, and use
`StartNode()` for cases where loading the busybox image is
not needed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go run rm-gocheck.go redress '[^/]\bcheck\.Suite\(.*\{\s*$' \
"integration-cli/check_test.go" "integration-cli/docker_cli_external_volume_driver_unix_test.go" "integration-cli/docker_cli_network_unix_test.go"
Signed-off-by: Tibor Vass <tibor@docker.com>
Tests fixed in this patch used to compile and pass successfully,
despite checking if non-nullable types are not nil.
These would have become compile errors once go-check is removed.
About TestContainerAPIPsOmitFields:
Basically what happened is that this test got refactored to start using the API types
and API client library instead of custom types and stdlib's http functions.
This test used to test an API regression which could possibly be a unit test.
However because PublicPort and IP are not nullable types, this test became useless.
Signed-off-by: Tibor Vass <tibor@docker.com>
Noticed this test container not exiting correctly while debugging
another issue. Before this change, signals were being eaten by bash, now
they are hanlded by top. This cuts the test time in half since it
doesn't have to wait for docker to SIGKILL it.
Old:
PASS: docker_cli_swarm_test.go:840: DockerSwarmSuite.TestSwarmServiceTTY 18.997s
New:
PASS: docker_cli_swarm_test.go:840: DockerSwarmSuite.TestSwarmServiceTTY 6.293s
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
TestBuildMulitStageResetScratch testcase was actually meant to be
TestBuildMulitStageResetScratch
Signed-off-by: Vitaly Ostrosablin <tmp6154@yandex.ru>
TestSwarmClusterRotateUnlockKey had been identified as a flaky test. It
turns out that the test code was wrong: where we should have been
checking the string output of a command, we were instead checking the
value of the error. This means that the error case we were expecting was
not being matched, and the test was failing when it should have just
retried.
Signed-off-by: Drew Erny <drew.erny@docker.com>
The `DockerDaemonSuite.SetUpTest` already checks for Linux and a local daemon;
```
func (s *DockerDaemonSuite) SetUpTest(c *check.C) {
testRequires(c, DaemonIsLinux, testEnv.IsLocalDaemon)
s.d = daemon.New(c, dockerBinary, dockerdBinary, testdaemon.WithEnvironment(testEnv.Execution))
}
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Code retrying service update operations when receiving "update out of
sequence" errors was removed because of a misunderstanding, which has
made tests flaky. This re-adds the "CmdRetryOutOfSequence" method, and
uses it in TestSwarmPublishAdd to avoid flaky behavior.
Signed-off-by: Drew Erny <drew.erny@docker.com>
The `--stars` flag was deprecated, and was replaced by `--filter stars=xx`
Integration tests run with a fixed version of the CLI, and the new
(`--filter`) option is already tested in this test, so there's no need
to verify the old flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `--stars` and `--automated` flags have been deprecated, and were
replaced by `--filter stars=xx` and `--filter is-automated=true`.
Integration tests run with a fixed version of the CLI, and the new
(`--filter`) option is already tested in this test, so there's no need
to verify the old flags.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Both `--help` and `--no-trunc` are implemented in the CLI. There's
no need to verify them here because the integration tests use a
fixed version of the CLI.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows our tests, which all share a containerd instance, to be a
bit more isolated by setting the containerd namespaces to the generated
daemon ID's rather than the default namespaces.
This came about because I found in some cases we had test daemons
failing to start (really very slow to start) because it was (seemingly)
processing events from other tests.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Removes some test functions that were unused:
- bridgeNfIP6tables
- ambientCapabilities (added to support #26979, which was reverted in #27737)
- overlay2Supported
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is the second part to
https://github.com/containerd/containerd/pull/3361 and will help process
delete not block forever when the process exists but the I/O was
inherited by a subprocess that lives on.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This reverts commit 98fc09128b in order to
keep registry v2 schema1 handling and libtrust-key-based engine ID.
Because registry v2 schema1 was not officially deprecated and
registries are still relying on it, this patch puts its logic back.
However, registry v1 relics are not added back since v1 logic has been
removed a while ago.
This also fixes an engine upgrade issue in a swarm cluster. It was relying
on the Engine ID to be the same upon upgrade, but the mentioned commit
modified the logic to use UUID and from a different file.
Since the libtrust key is always needed to support v2 schema1 pushes,
that the old engine ID is based on the libtrust key, and that the engine ID
needs to be conserved across upgrades, adding a UUID-based engine ID logic
seems to add more complexity than it solves the problems.
Hence reverting the engine ID changes as well.
Signed-off-by: Tibor Vass <tibor@docker.com>
This test runs on a daemon also used by other tests
so make sure we don't get failures if another test
doesn't cleanup or is running in parallel.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test is dependent on the search results returned by Docker Hub, which
can change at any moment, and causes this test to be unpredictable.
Removing this test instead of trying to catch up with Docker Hub any time
the results change, because it's effectively testing Docker Hub, and not
the daemon.
Unit tests are already in place to test the core functionality of the daemon,
so it should be safe to remove this test.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
`chmod` is a legacy syscall, and not present on arm64, which
caused this test to fail.
Add `fchmodat` to the profile so that this test can run both
on x64 and arm64.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sometimes this test fails (allegedly due to problems with Docker Hub),
but it fails later than it should, for example:
> 01:20:34.845 assertion failed: expression is false: strings.Count(outSearchCmdStars, "[OK]") <= strings.Count(outSearchCmd, "[OK]"): The quantity of images with stars should be less than that of all images: <...>
This, with non-empty list of images following, means that the initial
`docker search busybox` command returned not enough results. So, add
a check that `docker search busybox` returns something.
While at it,
* raise the number of stars to 10;
* simplify check for number of lines (no need to count [OK]'s);
* improve error message.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Don't use two-stage mount in TestContainersAPICreateMountsCreate();
apparently it was written before mount.Mount() could accept propagation
flags.
While at it, remove rw as this is the default.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This PR is a small gofmt fix of https://goreportcard.com/report/github.com/moby/moby#gofmt
```
gofmt99%
Gofmt formats Go programs. We run gofmt -s on your code, where -s is for the "simplify" command
moby/integration-cli/docker_cli_run_test.go
Line 1: warning: file is not gofmted with -s (gofmt)
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Instead of having to go through files or registry values as is currently the
case.
While adding GMSA support to Kubernetes (https://github.com/kubernetes/kubernetes/pull/73726)
I stumbled upon the fact that Docker currently only allows passing Windows
credential specs through files or registry values, forcing the Kubelet
to perform a rather awkward dance of writing-then-deleting to either the
disk or the registry to be able to create a Windows container with cred
specs.
This patch solves this problem by making it possible to directly pass
whole base64-encoded cred specs to the engine's API. I took the opportunity
to slightly refactor the method responsible for Windows cred spec as it
seemed hard to read to me.
Added some unit tests on Windows credential specs handling, as there were
previously none.
Added/amended the relevant integration tests.
I have also tested it manually: given a Windows container using a cred spec
that you would normally start with e.g.
```powershell
docker run --rm --security-opt "credentialspec=file://win.json" mcr.microsoft.com/windows/servercore:ltsc2019 nltest /parentdomain
# output:
# my.ad.domain.com. (1)
# The command completed successfully
```
can now equivalently be started with
```powershell
$rawCredSpec = & cat 'C:\ProgramData\docker\credentialspecs\win.json'
$escaped = $rawCredSpec.Replace('"', '\"')
docker run --rm --security-opt "credentialspec=raw://$escaped" mcr.microsoft.com/windows/servercore:ltsc2019 nltest /parentdomain
# same output!
```
I'll do another PR on Swarmkit after this is merged to allow services to use
the same option.
(It's worth noting that @dperny faced the same problem adding GMSA support
to Swarmkit, to which he came up with an interesting solution - see
https://github.com/moby/moby/pull/38632 - but alas these tricks are not
available to the Kubelet.)
Signed-off-by: Jean Rouge <rougej+github@gmail.com>
Signed-off-by: John Howard <jhoward@microsoft.com>
Also fixes https://github.com/moby/moby/issues/22874
This commit is a pre-requisite to moving moby/moby on Windows to using
Containerd for its runtime.
The reason for this is that the interface between moby and containerd
for the runtime is an OCI spec which must be unambigious.
It is the responsibility of the runtime (runhcs in the case of
containerd on Windows) to ensure that arguments are escaped prior
to calling into HCS and onwards to the Win32 CreateProcess call.
Previously, the builder was always escaping arguments which has
led to several bugs in moby. Because the local runtime in
libcontainerd had context of whether or not arguments were escaped,
it was possible to hack around in daemon/oci_windows.go with
knowledge of the context of the call (from builder or not).
With a remote runtime, this is not possible as there's rightly
no context of the caller passed across in the OCI spec. Put another
way, as I put above, the OCI spec must be unambigious.
The other previous limitation (which leads to various subtle bugs)
is that moby is coded entirely from a Linux-centric point of view.
Unfortunately, Windows != Linux. Windows CreateProcess uses a
command line, not an array of arguments. And it has very specific
rules about how to escape a command line. Some interesting reading
links about this are:
https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/https://stackoverflow.com/questions/31838469/how-do-i-convert-argv-to-lpcommandline-parameter-of-createprocesshttps://docs.microsoft.com/en-us/cpp/cpp/parsing-cpp-command-line-arguments?view=vs-2017
For this reason, the OCI spec has recently been updated to cater
for more natural syntax by including a CommandLine option in
Process.
What does this commit do?
Primary objective is to ensure that the built OCI spec is unambigious.
It changes the builder so that `ArgsEscaped` as commited in a
layer is only controlled by the use of CMD or ENTRYPOINT.
Subsequently, when calling in to create a container from the builder,
if follows a different path to both `docker run` and `docker create`
using the added `ContainerCreateIgnoreImagesArgsEscaped`. This allows
a RUN from the builder to control how to escape in the OCI spec.
It changes the builder so that when shell form is used for RUN,
CMD or ENTRYPOINT, it builds (for WCOW) a more natural command line
using the original as put by the user in the dockerfile, not
the parsed version as a set of args which loses fidelity.
This command line is put into args[0] and `ArgsEscaped` is set
to true for CMD or ENTRYPOINT. A RUN statement does not commit
`ArgsEscaped` to the commited layer regardless or whether shell
or exec form were used.
There's no need to try to re-build the test images if they already
exist. This change makes basically no difference to the upstream
integration test-suite running, but for users who want to run the
integration-cli suite on a host machine (such as distributions doing
tests) this change allows images to be pre-loaded such that compilers
aren't needed on the test machine.
However, this does remove the accidental re-compilation of nnp-test, as
well as handling errors far more cleanly (previously if an error
occurred during a test build, further tests won't attempt to rebuild
it).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Move the test case from integration-cli to integration.
The test logic itself has not changed, except these
two things:
* the new test sets default-ipc-mode via command line
rather than via daemon.json (less code);
* the new test uses current API version.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
As people are using the UUID in `docker info` that was based on the v1 manifest signing key, replace
with a UUID instead.
Remove deprecated `--disable-legacy-registry` option that was scheduled to be removed in 18.03.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
