kitchen-docker 1.7.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 507d10dff893beb14c3bb0fad337d70522808d9f
4
- data.tar.gz: 91b27b11aa5c5dc2dadc39eac8efd6de617cf7d8
3
+ metadata.gz: 4275b28c2034adf26c10d78d0d670e78d602357c
4
+ data.tar.gz: 16a5f7a158bb28ae81097d2a1140b50727744276
5
5
  SHA512:
6
- metadata.gz: 27d9e0fe3756df4553b62ade589bca1b09d03dd9af15c54f3f1da1f89e880b3ff641c65dae273dc9d2625e510b1477f9cbf63c71f28c59abee0dbd2cf34617a9
7
- data.tar.gz: 662d6a17f9f8ecb2b9bb819d24ef1e1682efbb5038d416124b4963231d1ee7b47ca1c8d1e796eb3a2cfda376cafce747c984e178077046f021e8948e026744fe
6
+ metadata.gz: 1aaa823ac17498cd65d78c657219409cc631a20e5e6c0a7bc2d2aeba5c386b85b76cb7c70d07fe0bccb26f9f72fc8b01c5979b68a0c5ec862a4d47bd3260d550
7
+ data.tar.gz: 2402c346e1780c3e8b1e859d9153ceaaeddf6b388a04e1cc57fab52277f9f65ba07fb10ac0341a2e40f72ea7343886332dd0f581c00c10d1a076848e1538127b
data/.kitchen.yml CHANGED
@@ -36,7 +36,17 @@ platforms:
36
36
  image: ubuntu:14.04
37
37
  platform: ubuntu
38
38
  links: "db:db"
39
-
40
39
  suites:
41
40
  - name: default
42
41
  - name: concurrency
42
+ - name: capabilities
43
+ excludes: [arch,unknown,centos-7,centos-6.4,dockerfile]
44
+ driver:
45
+ provision_command:
46
+ - curl -L http://www.chef.io/chef/install.sh | bash
47
+ - apt-get install -y net-tools
48
+ username: kitchen
49
+ password: kitchen
50
+ cap_drop:
51
+ - NET_ADMIN
52
+
data/CHANGELOG.md CHANGED
@@ -1,3 +1,19 @@
1
+ ## 2.0.0
2
+
3
+ * Use Docker `top` and `port` instead of `inspect`
4
+
5
+ * Don't create the kitchen user if it already exists
6
+
7
+ * Docker container capabilities options: cap_add, cap_drop
8
+
9
+ * Docker security profile option (SELinux/AppArmor): security_opt
10
+
11
+ * wait_for_sshd option (boolean)
12
+
13
+ * Create `/etc/sudoers.d` if missing
14
+
15
+ * Fixed option deprecation warnings, require Docker >= 1.2
16
+
1
17
  ## 1.7.0
2
18
 
3
19
  * Ensure a container id is set before attempting to inspect a container
data/README.md CHANGED
@@ -4,7 +4,7 @@ A Test Kitchen Driver for Docker.
4
4
 
5
5
  ## Requirements
6
6
 
7
- * [Docker][docker_getting_started]
7
+ * [Docker][docker_installation] **(>= 1.2)**
8
8
 
9
9
  ## Installation and Setup
10
10
 
@@ -188,7 +188,7 @@ destroyed.
188
188
 
189
189
  The default value is `false`.
190
190
 
191
- ### run_command
191
+ ### run\_command
192
192
 
193
193
  Sets the command used to run the suite container.
194
194
 
@@ -226,7 +226,7 @@ Examples:
226
226
  - /srv
227
227
  ```
228
228
 
229
- ### volumes_from
229
+ ### volumes\_from
230
230
 
231
231
  Mount volumes managed by other containers.
232
232
 
@@ -317,7 +317,44 @@ Examples:
317
317
  privileged: true
318
318
  ```
319
319
 
320
- ## dockerfile
320
+ ### cap\_add
321
+
322
+ Adds a capability to the running container.
323
+
324
+ Examples:
325
+
326
+ ````
327
+ cap_add:
328
+ - SYS_PTRACE
329
+
330
+ ````
331
+
332
+ ### cap\_drop
333
+
334
+ Drops a capability from the running container.
335
+
336
+ Examples:
337
+
338
+ ````
339
+ cap_drop:
340
+ - CHOWN
341
+
342
+ ````
343
+
344
+ ### security\_opt
345
+
346
+ Apply a security profile to the Docker container. Allowing finer granularity of
347
+ access control than privileged mode, through leveraging SELinux/AppArmor
348
+ profiles to grant access to specific resources.
349
+
350
+ Examples:
351
+
352
+ ```
353
+ security_opt:
354
+ - apparmor:my_profile
355
+ ```
356
+
357
+ ### dockerfile
321
358
 
322
359
  Use a custom Dockerfile, instead of having Kitchen-Docker build one for you.
323
360
 
@@ -327,7 +364,7 @@ Examples:
327
364
  dockerfile: test/Dockerfile
328
365
  ```
329
366
 
330
- ### instance_name
367
+ ### instance\_name
331
368
 
332
369
  Set the name of container to link to other container(s).
333
370
 
@@ -355,7 +392,7 @@ Examples:
355
392
  - kvs:kvs
356
393
  ```
357
394
 
358
- ### publish_all
395
+ ### publish\_all
359
396
 
360
397
  Publish all exposed ports to the host interfaces.
361
398
  This option used to communicate between some containers.
@@ -396,7 +433,7 @@ Apache 2.0 (see [LICENSE][license])
396
433
  [issues]: https://github.com/portertech/kitchen-docker/issues
397
434
  [license]: https://github.com/portertech/kitchen-docker/blob/master/LICENSE
398
435
  [repo]: https://github.com/portertech/kitchen-docker
399
- [docker_getting_started]: http://www.docker.io/gettingstarted/
436
+ [docker_installation]: https://docs.docker.com/installation/#installation
400
437
  [docker_upstart_issue]: https://github.com/dotcloud/docker/issues/223
401
438
  [docker_index]: https://index.docker.io/
402
439
  [docker_default_image]: https://index.docker.io/_/base/
@@ -31,6 +31,9 @@ module Kitchen
31
31
  default_config :binary, 'docker'
32
32
  default_config :socket, ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock'
33
33
  default_config :privileged, false
34
+ default_config :cap_add, nil
35
+ default_config :cap_drop, nil
36
+ default_config :security_opt, nil
34
37
  default_config :use_cache, true
35
38
  default_config :remove_images, false
36
39
  default_config :run_command, '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes ' +
@@ -43,6 +46,7 @@ module Kitchen
43
46
  default_config :tls_cert, nil
44
47
  default_config :tls_key, nil
45
48
  default_config :publish_all, false
49
+ default_config :wait_for_sshd, true
46
50
 
47
51
  default_config :use_sudo do |driver|
48
52
  !driver.remote_socket?
@@ -82,7 +86,7 @@ module Kitchen
82
86
  state[:container_id] = run_container(state) unless state[:container_id]
83
87
  state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
84
88
  state[:port] = container_ssh_port(state)
85
- wait_for_sshd(state[:hostname], nil, :port => state[:port])
89
+ wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
86
90
  end
87
91
 
88
92
  def destroy(state)
@@ -162,10 +166,12 @@ module Kitchen
162
166
  username = config[:username]
163
167
  password = config[:password]
164
168
  base = <<-eos
165
- RUN useradd -d /home/#{username} -m -s /bin/bash #{username}
169
+ RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
166
170
  RUN echo #{username}:#{password} | chpasswd
167
171
  RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
172
+ RUN mkdir -p /etc/sudoers.d
168
173
  RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
174
+ RUN chmod 0440 /etc/sudoers.d/#{username}
169
175
  eos
170
176
  custom = ''
171
177
  Array(config[:provision_command]).each do |cmd|
@@ -213,7 +219,8 @@ module Kitchen
213
219
  def build_run_command(image_id)
214
220
  cmd = "run -d -p 22"
215
221
  Array(config[:forward]).each {|port| cmd << " -p #{port}"}
216
- Array(config[:dns]).each {|dns| cmd << " -dns #{dns}"}
222
+ Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
223
+ Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
217
224
  Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
218
225
  Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
219
226
  Array(config[:links]).each {|link| cmd << " --link #{link}"}
@@ -222,9 +229,12 @@ module Kitchen
222
229
  cmd << " -h #{config[:hostname]}" if config[:hostname]
223
230
  cmd << " -m #{config[:memory]}" if config[:memory]
224
231
  cmd << " -c #{config[:cpu]}" if config[:cpu]
225
- cmd << " -privileged" if config[:privileged]
226
232
  cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
227
233
  cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
234
+ cmd << " --privileged" if config[:privileged]
235
+ Array(config[:cap_add]).each {|cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
236
+ Array(config[:cap_drop]).each {|cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
237
+ Array(config[:security_opt]).each {|opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]
228
238
  cmd << " #{image_id} #{config[:run_command]}"
229
239
  cmd
230
240
  end
@@ -235,30 +245,28 @@ module Kitchen
235
245
  parse_container_id(output)
236
246
  end
237
247
 
238
- def inspect_container(state)
239
- container_id = state[:container_id]
240
- docker_command("inspect #{container_id}")
241
- end
242
-
243
248
  def container_exists?(state)
244
- state[:container_id] && !!inspect_container(state) rescue false
249
+ state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
245
250
  end
246
251
 
247
252
  def parse_container_ssh_port(output)
248
253
  begin
249
- info = Array(::JSON.parse(output)).first
250
- ports = info['NetworkSettings']['Ports'] || info['HostConfig']['PortBindings']
251
- ssh_port = ports['22/tcp'].detect {|port| port['HostIp'] == '0.0.0.0'}
252
- ssh_port['HostPort'].to_i
254
+ host, port = output.split(':')
255
+ port.to_i
253
256
  rescue
254
257
  raise ActionFailed,
255
- 'Could not parse Docker inspect output for container SSH port'
258
+ 'Could not parse Docker port output for container SSH port'
256
259
  end
257
260
  end
258
261
 
259
262
  def container_ssh_port(state)
260
- output = inspect_container(state)
261
- parse_container_ssh_port(output)
263
+ begin
264
+ output = docker_command("port #{state[:container_id]} 22/tcp")
265
+ parse_container_ssh_port(output)
266
+ rescue
267
+ raise ActionFailed,
268
+ 'Docker reports container has no ssh port mapped'
269
+ end
262
270
  end
263
271
 
264
272
  def rm_container(state)
@@ -19,6 +19,6 @@ module Kitchen
19
19
  module Driver
20
20
 
21
21
  # Version string for Docker Kitchen driver
22
- DOCKER_VERSION = "1.7.0"
22
+ DOCKER_VERSION = "2.0.0"
23
23
  end
24
24
  end
@@ -0,0 +1,8 @@
1
+ require 'serverspec'
2
+
3
+ set :backend, :exec
4
+
5
+ describe command('sudo /sbin/ifconfig eth0 multicast') do
6
+ its(:exit_status) { should_not eq 0 }
7
+ its(:stdout) { should match /Operation not permitted/ }
8
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kitchen-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Porter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-05 00:00:00.000000000 Z
11
+ date: 2015-04-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: test-kitchen
@@ -116,6 +116,7 @@ files:
116
116
  - lib/kitchen/driver/docker/erb.rb
117
117
  - lib/kitchen/driver/docker_version.rb
118
118
  - test/Dockerfile
119
+ - test/integration/capabilities/serverspec/capabilities_drop_spec.rb
119
120
  - test/integration/default/serverspec/default_spec.rb
120
121
  homepage: https://github.com/portertech/kitchen-docker
121
122
  licenses:
@@ -143,4 +144,5 @@ specification_version: 4
143
144
  summary: A Docker Driver for Test Kitchen
144
145
  test_files:
145
146
  - test/Dockerfile
147
+ - test/integration/capabilities/serverspec/capabilities_drop_spec.rb
146
148
  - test/integration/default/serverspec/default_spec.rb