kitchen-docker 1.7.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 507d10dff893beb14c3bb0fad337d70522808d9f
4
- data.tar.gz: 91b27b11aa5c5dc2dadc39eac8efd6de617cf7d8
3
+ metadata.gz: 4275b28c2034adf26c10d78d0d670e78d602357c
4
+ data.tar.gz: 16a5f7a158bb28ae81097d2a1140b50727744276
5
5
  SHA512:
6
- metadata.gz: 27d9e0fe3756df4553b62ade589bca1b09d03dd9af15c54f3f1da1f89e880b3ff641c65dae273dc9d2625e510b1477f9cbf63c71f28c59abee0dbd2cf34617a9
7
- data.tar.gz: 662d6a17f9f8ecb2b9bb819d24ef1e1682efbb5038d416124b4963231d1ee7b47ca1c8d1e796eb3a2cfda376cafce747c984e178077046f021e8948e026744fe
6
+ metadata.gz: 1aaa823ac17498cd65d78c657219409cc631a20e5e6c0a7bc2d2aeba5c386b85b76cb7c70d07fe0bccb26f9f72fc8b01c5979b68a0c5ec862a4d47bd3260d550
7
+ data.tar.gz: 2402c346e1780c3e8b1e859d9153ceaaeddf6b388a04e1cc57fab52277f9f65ba07fb10ac0341a2e40f72ea7343886332dd0f581c00c10d1a076848e1538127b
data/.kitchen.yml CHANGED
@@ -36,7 +36,17 @@ platforms:
36
36
  image: ubuntu:14.04
37
37
  platform: ubuntu
38
38
  links: "db:db"
39
-
40
39
  suites:
41
40
  - name: default
42
41
  - name: concurrency
42
+ - name: capabilities
43
+ excludes: [arch,unknown,centos-7,centos-6.4,dockerfile]
44
+ driver:
45
+ provision_command:
46
+ - curl -L http://www.chef.io/chef/install.sh | bash
47
+ - apt-get install -y net-tools
48
+ username: kitchen
49
+ password: kitchen
50
+ cap_drop:
51
+ - NET_ADMIN
52
+
data/CHANGELOG.md CHANGED
@@ -1,3 +1,19 @@
1
+ ## 2.0.0
2
+
3
+ * Use Docker `top` and `port` instead of `inspect`
4
+
5
+ * Don't create the kitchen user if it already exists
6
+
7
+ * Docker container capabilities options: cap_add, cap_drop
8
+
9
+ * Docker security profile option (SELinux/AppArmor): security_opt
10
+
11
+ * wait_for_sshd option (boolean)
12
+
13
+ * Create `/etc/sudoers.d` if missing
14
+
15
+ * Fixed option deprecation warnings, require Docker >= 1.2
16
+
1
17
  ## 1.7.0
2
18
 
3
19
  * Ensure a container id is set before attempting to inspect a container
data/README.md CHANGED
@@ -4,7 +4,7 @@ A Test Kitchen Driver for Docker.
4
4
 
5
5
  ## Requirements
6
6
 
7
- * [Docker][docker_getting_started]
7
+ * [Docker][docker_installation] **(>= 1.2)**
8
8
 
9
9
  ## Installation and Setup
10
10
 
@@ -188,7 +188,7 @@ destroyed.
188
188
 
189
189
  The default value is `false`.
190
190
 
191
- ### run_command
191
+ ### run\_command
192
192
 
193
193
  Sets the command used to run the suite container.
194
194
 
@@ -226,7 +226,7 @@ Examples:
226
226
  - /srv
227
227
  ```
228
228
 
229
- ### volumes_from
229
+ ### volumes\_from
230
230
 
231
231
  Mount volumes managed by other containers.
232
232
 
@@ -317,7 +317,44 @@ Examples:
317
317
  privileged: true
318
318
  ```
319
319
 
320
- ## dockerfile
320
+ ### cap\_add
321
+
322
+ Adds a capability to the running container.
323
+
324
+ Examples:
325
+
326
+ ````
327
+ cap_add:
328
+ - SYS_PTRACE
329
+
330
+ ````
331
+
332
+ ### cap\_drop
333
+
334
+ Drops a capability from the running container.
335
+
336
+ Examples:
337
+
338
+ ````
339
+ cap_drop:
340
+ - CHOWN
341
+
342
+ ````
343
+
344
+ ### security\_opt
345
+
346
+ Apply a security profile to the Docker container. Allowing finer granularity of
347
+ access control than privileged mode, through leveraging SELinux/AppArmor
348
+ profiles to grant access to specific resources.
349
+
350
+ Examples:
351
+
352
+ ```
353
+ security_opt:
354
+ - apparmor:my_profile
355
+ ```
356
+
357
+ ### dockerfile
321
358
 
322
359
  Use a custom Dockerfile, instead of having Kitchen-Docker build one for you.
323
360
 
@@ -327,7 +364,7 @@ Examples:
327
364
  dockerfile: test/Dockerfile
328
365
  ```
329
366
 
330
- ### instance_name
367
+ ### instance\_name
331
368
 
332
369
  Set the name of container to link to other container(s).
333
370
 
@@ -355,7 +392,7 @@ Examples:
355
392
  - kvs:kvs
356
393
  ```
357
394
 
358
- ### publish_all
395
+ ### publish\_all
359
396
 
360
397
  Publish all exposed ports to the host interfaces.
361
398
  This option used to communicate between some containers.
@@ -396,7 +433,7 @@ Apache 2.0 (see [LICENSE][license])
396
433
  [issues]: https://github.com/portertech/kitchen-docker/issues
397
434
  [license]: https://github.com/portertech/kitchen-docker/blob/master/LICENSE
398
435
  [repo]: https://github.com/portertech/kitchen-docker
399
- [docker_getting_started]: http://www.docker.io/gettingstarted/
436
+ [docker_installation]: https://docs.docker.com/installation/#installation
400
437
  [docker_upstart_issue]: https://github.com/dotcloud/docker/issues/223
401
438
  [docker_index]: https://index.docker.io/
402
439
  [docker_default_image]: https://index.docker.io/_/base/
@@ -31,6 +31,9 @@ module Kitchen
31
31
  default_config :binary, 'docker'
32
32
  default_config :socket, ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock'
33
33
  default_config :privileged, false
34
+ default_config :cap_add, nil
35
+ default_config :cap_drop, nil
36
+ default_config :security_opt, nil
34
37
  default_config :use_cache, true
35
38
  default_config :remove_images, false
36
39
  default_config :run_command, '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes ' +
@@ -43,6 +46,7 @@ module Kitchen
43
46
  default_config :tls_cert, nil
44
47
  default_config :tls_key, nil
45
48
  default_config :publish_all, false
49
+ default_config :wait_for_sshd, true
46
50
 
47
51
  default_config :use_sudo do |driver|
48
52
  !driver.remote_socket?
@@ -82,7 +86,7 @@ module Kitchen
82
86
  state[:container_id] = run_container(state) unless state[:container_id]
83
87
  state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
84
88
  state[:port] = container_ssh_port(state)
85
- wait_for_sshd(state[:hostname], nil, :port => state[:port])
89
+ wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
86
90
  end
87
91
 
88
92
  def destroy(state)
@@ -162,10 +166,12 @@ module Kitchen
162
166
  username = config[:username]
163
167
  password = config[:password]
164
168
  base = <<-eos
165
- RUN useradd -d /home/#{username} -m -s /bin/bash #{username}
169
+ RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
166
170
  RUN echo #{username}:#{password} | chpasswd
167
171
  RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
172
+ RUN mkdir -p /etc/sudoers.d
168
173
  RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
174
+ RUN chmod 0440 /etc/sudoers.d/#{username}
169
175
  eos
170
176
  custom = ''
171
177
  Array(config[:provision_command]).each do |cmd|
@@ -213,7 +219,8 @@ module Kitchen
213
219
  def build_run_command(image_id)
214
220
  cmd = "run -d -p 22"
215
221
  Array(config[:forward]).each {|port| cmd << " -p #{port}"}
216
- Array(config[:dns]).each {|dns| cmd << " -dns #{dns}"}
222
+ Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
223
+ Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
217
224
  Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
218
225
  Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
219
226
  Array(config[:links]).each {|link| cmd << " --link #{link}"}
@@ -222,9 +229,12 @@ module Kitchen
222
229
  cmd << " -h #{config[:hostname]}" if config[:hostname]
223
230
  cmd << " -m #{config[:memory]}" if config[:memory]
224
231
  cmd << " -c #{config[:cpu]}" if config[:cpu]
225
- cmd << " -privileged" if config[:privileged]
226
232
  cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
227
233
  cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
234
+ cmd << " --privileged" if config[:privileged]
235
+ Array(config[:cap_add]).each {|cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
236
+ Array(config[:cap_drop]).each {|cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
237
+ Array(config[:security_opt]).each {|opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]
228
238
  cmd << " #{image_id} #{config[:run_command]}"
229
239
  cmd
230
240
  end
@@ -235,30 +245,28 @@ module Kitchen
235
245
  parse_container_id(output)
236
246
  end
237
247
 
238
- def inspect_container(state)
239
- container_id = state[:container_id]
240
- docker_command("inspect #{container_id}")
241
- end
242
-
243
248
  def container_exists?(state)
244
- state[:container_id] && !!inspect_container(state) rescue false
249
+ state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
245
250
  end
246
251
 
247
252
  def parse_container_ssh_port(output)
248
253
  begin
249
- info = Array(::JSON.parse(output)).first
250
- ports = info['NetworkSettings']['Ports'] || info['HostConfig']['PortBindings']
251
- ssh_port = ports['22/tcp'].detect {|port| port['HostIp'] == '0.0.0.0'}
252
- ssh_port['HostPort'].to_i
254
+ host, port = output.split(':')
255
+ port.to_i
253
256
  rescue
254
257
  raise ActionFailed,
255
- 'Could not parse Docker inspect output for container SSH port'
258
+ 'Could not parse Docker port output for container SSH port'
256
259
  end
257
260
  end
258
261
 
259
262
  def container_ssh_port(state)
260
- output = inspect_container(state)
261
- parse_container_ssh_port(output)
263
+ begin
264
+ output = docker_command("port #{state[:container_id]} 22/tcp")
265
+ parse_container_ssh_port(output)
266
+ rescue
267
+ raise ActionFailed,
268
+ 'Docker reports container has no ssh port mapped'
269
+ end
262
270
  end
263
271
 
264
272
  def rm_container(state)
@@ -19,6 +19,6 @@ module Kitchen
19
19
  module Driver
20
20
 
21
21
  # Version string for Docker Kitchen driver
22
- DOCKER_VERSION = "1.7.0"
22
+ DOCKER_VERSION = "2.0.0"
23
23
  end
24
24
  end
@@ -0,0 +1,8 @@
1
+ require 'serverspec'
2
+
3
+ set :backend, :exec
4
+
5
+ describe command('sudo /sbin/ifconfig eth0 multicast') do
6
+ its(:exit_status) { should_not eq 0 }
7
+ its(:stdout) { should match /Operation not permitted/ }
8
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kitchen-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.7.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sean Porter
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-05 00:00:00.000000000 Z
11
+ date: 2015-04-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: test-kitchen
@@ -116,6 +116,7 @@ files:
116
116
  - lib/kitchen/driver/docker/erb.rb
117
117
  - lib/kitchen/driver/docker_version.rb
118
118
  - test/Dockerfile
119
+ - test/integration/capabilities/serverspec/capabilities_drop_spec.rb
119
120
  - test/integration/default/serverspec/default_spec.rb
120
121
  homepage: https://github.com/portertech/kitchen-docker
121
122
  licenses:
@@ -143,4 +144,5 @@ specification_version: 4
143
144
  summary: A Docker Driver for Test Kitchen
144
145
  test_files:
145
146
  - test/Dockerfile
147
+ - test/integration/capabilities/serverspec/capabilities_drop_spec.rb
146
148
  - test/integration/default/serverspec/default_spec.rb