kitchen-docker 1.7.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.kitchen.yml +11 -1
- data/CHANGELOG.md +16 -0
- data/README.md +44 -7
- data/lib/kitchen/driver/docker.rb +25 -17
- data/lib/kitchen/driver/docker_version.rb +1 -1
- data/test/integration/capabilities/serverspec/capabilities_drop_spec.rb +8 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4275b28c2034adf26c10d78d0d670e78d602357c
|
4
|
+
data.tar.gz: 16a5f7a158bb28ae81097d2a1140b50727744276
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1aaa823ac17498cd65d78c657219409cc631a20e5e6c0a7bc2d2aeba5c386b85b76cb7c70d07fe0bccb26f9f72fc8b01c5979b68a0c5ec862a4d47bd3260d550
|
7
|
+
data.tar.gz: 2402c346e1780c3e8b1e859d9153ceaaeddf6b388a04e1cc57fab52277f9f65ba07fb10ac0341a2e40f72ea7343886332dd0f581c00c10d1a076848e1538127b
|
data/.kitchen.yml
CHANGED
@@ -36,7 +36,17 @@ platforms:
|
|
36
36
|
image: ubuntu:14.04
|
37
37
|
platform: ubuntu
|
38
38
|
links: "db:db"
|
39
|
-
|
40
39
|
suites:
|
41
40
|
- name: default
|
42
41
|
- name: concurrency
|
42
|
+
- name: capabilities
|
43
|
+
excludes: [arch,unknown,centos-7,centos-6.4,dockerfile]
|
44
|
+
driver:
|
45
|
+
provision_command:
|
46
|
+
- curl -L http://www.chef.io/chef/install.sh | bash
|
47
|
+
- apt-get install -y net-tools
|
48
|
+
username: kitchen
|
49
|
+
password: kitchen
|
50
|
+
cap_drop:
|
51
|
+
- NET_ADMIN
|
52
|
+
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
## 2.0.0
|
2
|
+
|
3
|
+
* Use Docker `top` and `port` instead of `inspect`
|
4
|
+
|
5
|
+
* Don't create the kitchen user if it already exists
|
6
|
+
|
7
|
+
* Docker container capabilities options: cap_add, cap_drop
|
8
|
+
|
9
|
+
* Docker security profile option (SELinux/AppArmor): security_opt
|
10
|
+
|
11
|
+
* wait_for_sshd option (boolean)
|
12
|
+
|
13
|
+
* Create `/etc/sudoers.d` if missing
|
14
|
+
|
15
|
+
* Fixed option deprecation warnings, require Docker >= 1.2
|
16
|
+
|
1
17
|
## 1.7.0
|
2
18
|
|
3
19
|
* Ensure a container id is set before attempting to inspect a container
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@ A Test Kitchen Driver for Docker.
|
|
4
4
|
|
5
5
|
## Requirements
|
6
6
|
|
7
|
-
* [Docker][
|
7
|
+
* [Docker][docker_installation] **(>= 1.2)**
|
8
8
|
|
9
9
|
## Installation and Setup
|
10
10
|
|
@@ -188,7 +188,7 @@ destroyed.
|
|
188
188
|
|
189
189
|
The default value is `false`.
|
190
190
|
|
191
|
-
###
|
191
|
+
### run\_command
|
192
192
|
|
193
193
|
Sets the command used to run the suite container.
|
194
194
|
|
@@ -226,7 +226,7 @@ Examples:
|
|
226
226
|
- /srv
|
227
227
|
```
|
228
228
|
|
229
|
-
###
|
229
|
+
### volumes\_from
|
230
230
|
|
231
231
|
Mount volumes managed by other containers.
|
232
232
|
|
@@ -317,7 +317,44 @@ Examples:
|
|
317
317
|
privileged: true
|
318
318
|
```
|
319
319
|
|
320
|
-
|
320
|
+
### cap\_add
|
321
|
+
|
322
|
+
Adds a capability to the running container.
|
323
|
+
|
324
|
+
Examples:
|
325
|
+
|
326
|
+
````
|
327
|
+
cap_add:
|
328
|
+
- SYS_PTRACE
|
329
|
+
|
330
|
+
````
|
331
|
+
|
332
|
+
### cap\_drop
|
333
|
+
|
334
|
+
Drops a capability from the running container.
|
335
|
+
|
336
|
+
Examples:
|
337
|
+
|
338
|
+
````
|
339
|
+
cap_drop:
|
340
|
+
- CHOWN
|
341
|
+
|
342
|
+
````
|
343
|
+
|
344
|
+
### security\_opt
|
345
|
+
|
346
|
+
Apply a security profile to the Docker container. Allowing finer granularity of
|
347
|
+
access control than privileged mode, through leveraging SELinux/AppArmor
|
348
|
+
profiles to grant access to specific resources.
|
349
|
+
|
350
|
+
Examples:
|
351
|
+
|
352
|
+
```
|
353
|
+
security_opt:
|
354
|
+
- apparmor:my_profile
|
355
|
+
```
|
356
|
+
|
357
|
+
### dockerfile
|
321
358
|
|
322
359
|
Use a custom Dockerfile, instead of having Kitchen-Docker build one for you.
|
323
360
|
|
@@ -327,7 +364,7 @@ Examples:
|
|
327
364
|
dockerfile: test/Dockerfile
|
328
365
|
```
|
329
366
|
|
330
|
-
###
|
367
|
+
### instance\_name
|
331
368
|
|
332
369
|
Set the name of container to link to other container(s).
|
333
370
|
|
@@ -355,7 +392,7 @@ Examples:
|
|
355
392
|
- kvs:kvs
|
356
393
|
```
|
357
394
|
|
358
|
-
###
|
395
|
+
### publish\_all
|
359
396
|
|
360
397
|
Publish all exposed ports to the host interfaces.
|
361
398
|
This option used to communicate between some containers.
|
@@ -396,7 +433,7 @@ Apache 2.0 (see [LICENSE][license])
|
|
396
433
|
[issues]: https://github.com/portertech/kitchen-docker/issues
|
397
434
|
[license]: https://github.com/portertech/kitchen-docker/blob/master/LICENSE
|
398
435
|
[repo]: https://github.com/portertech/kitchen-docker
|
399
|
-
[
|
436
|
+
[docker_installation]: https://docs.docker.com/installation/#installation
|
400
437
|
[docker_upstart_issue]: https://github.com/dotcloud/docker/issues/223
|
401
438
|
[docker_index]: https://index.docker.io/
|
402
439
|
[docker_default_image]: https://index.docker.io/_/base/
|
@@ -31,6 +31,9 @@ module Kitchen
|
|
31
31
|
default_config :binary, 'docker'
|
32
32
|
default_config :socket, ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock'
|
33
33
|
default_config :privileged, false
|
34
|
+
default_config :cap_add, nil
|
35
|
+
default_config :cap_drop, nil
|
36
|
+
default_config :security_opt, nil
|
34
37
|
default_config :use_cache, true
|
35
38
|
default_config :remove_images, false
|
36
39
|
default_config :run_command, '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes ' +
|
@@ -43,6 +46,7 @@ module Kitchen
|
|
43
46
|
default_config :tls_cert, nil
|
44
47
|
default_config :tls_key, nil
|
45
48
|
default_config :publish_all, false
|
49
|
+
default_config :wait_for_sshd, true
|
46
50
|
|
47
51
|
default_config :use_sudo do |driver|
|
48
52
|
!driver.remote_socket?
|
@@ -82,7 +86,7 @@ module Kitchen
|
|
82
86
|
state[:container_id] = run_container(state) unless state[:container_id]
|
83
87
|
state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
|
84
88
|
state[:port] = container_ssh_port(state)
|
85
|
-
wait_for_sshd(state[:hostname], nil, :port => state[:port])
|
89
|
+
wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
|
86
90
|
end
|
87
91
|
|
88
92
|
def destroy(state)
|
@@ -162,10 +166,12 @@ module Kitchen
|
|
162
166
|
username = config[:username]
|
163
167
|
password = config[:password]
|
164
168
|
base = <<-eos
|
165
|
-
RUN useradd -d /home/#{username} -m -s /bin/bash #{username}
|
169
|
+
RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
|
166
170
|
RUN echo #{username}:#{password} | chpasswd
|
167
171
|
RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
172
|
+
RUN mkdir -p /etc/sudoers.d
|
168
173
|
RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
|
174
|
+
RUN chmod 0440 /etc/sudoers.d/#{username}
|
169
175
|
eos
|
170
176
|
custom = ''
|
171
177
|
Array(config[:provision_command]).each do |cmd|
|
@@ -213,7 +219,8 @@ module Kitchen
|
|
213
219
|
def build_run_command(image_id)
|
214
220
|
cmd = "run -d -p 22"
|
215
221
|
Array(config[:forward]).each {|port| cmd << " -p #{port}"}
|
216
|
-
Array(config[:dns]).each {|dns| cmd << "
|
222
|
+
Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
|
223
|
+
Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
|
217
224
|
Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
|
218
225
|
Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
|
219
226
|
Array(config[:links]).each {|link| cmd << " --link #{link}"}
|
@@ -222,9 +229,12 @@ module Kitchen
|
|
222
229
|
cmd << " -h #{config[:hostname]}" if config[:hostname]
|
223
230
|
cmd << " -m #{config[:memory]}" if config[:memory]
|
224
231
|
cmd << " -c #{config[:cpu]}" if config[:cpu]
|
225
|
-
cmd << " -privileged" if config[:privileged]
|
226
232
|
cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
|
227
233
|
cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
|
234
|
+
cmd << " --privileged" if config[:privileged]
|
235
|
+
Array(config[:cap_add]).each {|cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
|
236
|
+
Array(config[:cap_drop]).each {|cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
|
237
|
+
Array(config[:security_opt]).each {|opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]
|
228
238
|
cmd << " #{image_id} #{config[:run_command]}"
|
229
239
|
cmd
|
230
240
|
end
|
@@ -235,30 +245,28 @@ module Kitchen
|
|
235
245
|
parse_container_id(output)
|
236
246
|
end
|
237
247
|
|
238
|
-
def inspect_container(state)
|
239
|
-
container_id = state[:container_id]
|
240
|
-
docker_command("inspect #{container_id}")
|
241
|
-
end
|
242
|
-
|
243
248
|
def container_exists?(state)
|
244
|
-
state[:container_id] && !!
|
249
|
+
state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
|
245
250
|
end
|
246
251
|
|
247
252
|
def parse_container_ssh_port(output)
|
248
253
|
begin
|
249
|
-
|
250
|
-
|
251
|
-
ssh_port = ports['22/tcp'].detect {|port| port['HostIp'] == '0.0.0.0'}
|
252
|
-
ssh_port['HostPort'].to_i
|
254
|
+
host, port = output.split(':')
|
255
|
+
port.to_i
|
253
256
|
rescue
|
254
257
|
raise ActionFailed,
|
255
|
-
'Could not parse Docker
|
258
|
+
'Could not parse Docker port output for container SSH port'
|
256
259
|
end
|
257
260
|
end
|
258
261
|
|
259
262
|
def container_ssh_port(state)
|
260
|
-
|
261
|
-
|
263
|
+
begin
|
264
|
+
output = docker_command("port #{state[:container_id]} 22/tcp")
|
265
|
+
parse_container_ssh_port(output)
|
266
|
+
rescue
|
267
|
+
raise ActionFailed,
|
268
|
+
'Docker reports container has no ssh port mapped'
|
269
|
+
end
|
262
270
|
end
|
263
271
|
|
264
272
|
def rm_container(state)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-docker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Porter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: test-kitchen
|
@@ -116,6 +116,7 @@ files:
|
|
116
116
|
- lib/kitchen/driver/docker/erb.rb
|
117
117
|
- lib/kitchen/driver/docker_version.rb
|
118
118
|
- test/Dockerfile
|
119
|
+
- test/integration/capabilities/serverspec/capabilities_drop_spec.rb
|
119
120
|
- test/integration/default/serverspec/default_spec.rb
|
120
121
|
homepage: https://github.com/portertech/kitchen-docker
|
121
122
|
licenses:
|
@@ -143,4 +144,5 @@ specification_version: 4
|
|
143
144
|
summary: A Docker Driver for Test Kitchen
|
144
145
|
test_files:
|
145
146
|
- test/Dockerfile
|
147
|
+
- test/integration/capabilities/serverspec/capabilities_drop_spec.rb
|
146
148
|
- test/integration/default/serverspec/default_spec.rb
|