kitchen-docker 1.7.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.kitchen.yml +11 -1
- data/CHANGELOG.md +16 -0
- data/README.md +44 -7
- data/lib/kitchen/driver/docker.rb +25 -17
- data/lib/kitchen/driver/docker_version.rb +1 -1
- data/test/integration/capabilities/serverspec/capabilities_drop_spec.rb +8 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4275b28c2034adf26c10d78d0d670e78d602357c
|
4
|
+
data.tar.gz: 16a5f7a158bb28ae81097d2a1140b50727744276
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1aaa823ac17498cd65d78c657219409cc631a20e5e6c0a7bc2d2aeba5c386b85b76cb7c70d07fe0bccb26f9f72fc8b01c5979b68a0c5ec862a4d47bd3260d550
|
7
|
+
data.tar.gz: 2402c346e1780c3e8b1e859d9153ceaaeddf6b388a04e1cc57fab52277f9f65ba07fb10ac0341a2e40f72ea7343886332dd0f581c00c10d1a076848e1538127b
|
data/.kitchen.yml
CHANGED
@@ -36,7 +36,17 @@ platforms:
|
|
36
36
|
image: ubuntu:14.04
|
37
37
|
platform: ubuntu
|
38
38
|
links: "db:db"
|
39
|
-
|
40
39
|
suites:
|
41
40
|
- name: default
|
42
41
|
- name: concurrency
|
42
|
+
- name: capabilities
|
43
|
+
excludes: [arch,unknown,centos-7,centos-6.4,dockerfile]
|
44
|
+
driver:
|
45
|
+
provision_command:
|
46
|
+
- curl -L http://www.chef.io/chef/install.sh | bash
|
47
|
+
- apt-get install -y net-tools
|
48
|
+
username: kitchen
|
49
|
+
password: kitchen
|
50
|
+
cap_drop:
|
51
|
+
- NET_ADMIN
|
52
|
+
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,19 @@
|
|
1
|
+
## 2.0.0
|
2
|
+
|
3
|
+
* Use Docker `top` and `port` instead of `inspect`
|
4
|
+
|
5
|
+
* Don't create the kitchen user if it already exists
|
6
|
+
|
7
|
+
* Docker container capabilities options: cap_add, cap_drop
|
8
|
+
|
9
|
+
* Docker security profile option (SELinux/AppArmor): security_opt
|
10
|
+
|
11
|
+
* wait_for_sshd option (boolean)
|
12
|
+
|
13
|
+
* Create `/etc/sudoers.d` if missing
|
14
|
+
|
15
|
+
* Fixed option deprecation warnings, require Docker >= 1.2
|
16
|
+
|
1
17
|
## 1.7.0
|
2
18
|
|
3
19
|
* Ensure a container id is set before attempting to inspect a container
|
data/README.md
CHANGED
@@ -4,7 +4,7 @@ A Test Kitchen Driver for Docker.
|
|
4
4
|
|
5
5
|
## Requirements
|
6
6
|
|
7
|
-
* [Docker][
|
7
|
+
* [Docker][docker_installation] **(>= 1.2)**
|
8
8
|
|
9
9
|
## Installation and Setup
|
10
10
|
|
@@ -188,7 +188,7 @@ destroyed.
|
|
188
188
|
|
189
189
|
The default value is `false`.
|
190
190
|
|
191
|
-
###
|
191
|
+
### run\_command
|
192
192
|
|
193
193
|
Sets the command used to run the suite container.
|
194
194
|
|
@@ -226,7 +226,7 @@ Examples:
|
|
226
226
|
- /srv
|
227
227
|
```
|
228
228
|
|
229
|
-
###
|
229
|
+
### volumes\_from
|
230
230
|
|
231
231
|
Mount volumes managed by other containers.
|
232
232
|
|
@@ -317,7 +317,44 @@ Examples:
|
|
317
317
|
privileged: true
|
318
318
|
```
|
319
319
|
|
320
|
-
|
320
|
+
### cap\_add
|
321
|
+
|
322
|
+
Adds a capability to the running container.
|
323
|
+
|
324
|
+
Examples:
|
325
|
+
|
326
|
+
````
|
327
|
+
cap_add:
|
328
|
+
- SYS_PTRACE
|
329
|
+
|
330
|
+
````
|
331
|
+
|
332
|
+
### cap\_drop
|
333
|
+
|
334
|
+
Drops a capability from the running container.
|
335
|
+
|
336
|
+
Examples:
|
337
|
+
|
338
|
+
````
|
339
|
+
cap_drop:
|
340
|
+
- CHOWN
|
341
|
+
|
342
|
+
````
|
343
|
+
|
344
|
+
### security\_opt
|
345
|
+
|
346
|
+
Apply a security profile to the Docker container. Allowing finer granularity of
|
347
|
+
access control than privileged mode, through leveraging SELinux/AppArmor
|
348
|
+
profiles to grant access to specific resources.
|
349
|
+
|
350
|
+
Examples:
|
351
|
+
|
352
|
+
```
|
353
|
+
security_opt:
|
354
|
+
- apparmor:my_profile
|
355
|
+
```
|
356
|
+
|
357
|
+
### dockerfile
|
321
358
|
|
322
359
|
Use a custom Dockerfile, instead of having Kitchen-Docker build one for you.
|
323
360
|
|
@@ -327,7 +364,7 @@ Examples:
|
|
327
364
|
dockerfile: test/Dockerfile
|
328
365
|
```
|
329
366
|
|
330
|
-
###
|
367
|
+
### instance\_name
|
331
368
|
|
332
369
|
Set the name of container to link to other container(s).
|
333
370
|
|
@@ -355,7 +392,7 @@ Examples:
|
|
355
392
|
- kvs:kvs
|
356
393
|
```
|
357
394
|
|
358
|
-
###
|
395
|
+
### publish\_all
|
359
396
|
|
360
397
|
Publish all exposed ports to the host interfaces.
|
361
398
|
This option used to communicate between some containers.
|
@@ -396,7 +433,7 @@ Apache 2.0 (see [LICENSE][license])
|
|
396
433
|
[issues]: https://github.com/portertech/kitchen-docker/issues
|
397
434
|
[license]: https://github.com/portertech/kitchen-docker/blob/master/LICENSE
|
398
435
|
[repo]: https://github.com/portertech/kitchen-docker
|
399
|
-
[
|
436
|
+
[docker_installation]: https://docs.docker.com/installation/#installation
|
400
437
|
[docker_upstart_issue]: https://github.com/dotcloud/docker/issues/223
|
401
438
|
[docker_index]: https://index.docker.io/
|
402
439
|
[docker_default_image]: https://index.docker.io/_/base/
|
@@ -31,6 +31,9 @@ module Kitchen
|
|
31
31
|
default_config :binary, 'docker'
|
32
32
|
default_config :socket, ENV['DOCKER_HOST'] || 'unix:///var/run/docker.sock'
|
33
33
|
default_config :privileged, false
|
34
|
+
default_config :cap_add, nil
|
35
|
+
default_config :cap_drop, nil
|
36
|
+
default_config :security_opt, nil
|
34
37
|
default_config :use_cache, true
|
35
38
|
default_config :remove_images, false
|
36
39
|
default_config :run_command, '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes ' +
|
@@ -43,6 +46,7 @@ module Kitchen
|
|
43
46
|
default_config :tls_cert, nil
|
44
47
|
default_config :tls_key, nil
|
45
48
|
default_config :publish_all, false
|
49
|
+
default_config :wait_for_sshd, true
|
46
50
|
|
47
51
|
default_config :use_sudo do |driver|
|
48
52
|
!driver.remote_socket?
|
@@ -82,7 +86,7 @@ module Kitchen
|
|
82
86
|
state[:container_id] = run_container(state) unless state[:container_id]
|
83
87
|
state[:hostname] = remote_socket? ? socket_uri.host : 'localhost'
|
84
88
|
state[:port] = container_ssh_port(state)
|
85
|
-
wait_for_sshd(state[:hostname], nil, :port => state[:port])
|
89
|
+
wait_for_sshd(state[:hostname], nil, :port => state[:port]) if config[:wait_for_sshd]
|
86
90
|
end
|
87
91
|
|
88
92
|
def destroy(state)
|
@@ -162,10 +166,12 @@ module Kitchen
|
|
162
166
|
username = config[:username]
|
163
167
|
password = config[:password]
|
164
168
|
base = <<-eos
|
165
|
-
RUN useradd -d /home/#{username} -m -s /bin/bash #{username}
|
169
|
+
RUN if ! getent passwd #{username}; then useradd -d /home/#{username} -m -s /bin/bash #{username}; fi
|
166
170
|
RUN echo #{username}:#{password} | chpasswd
|
167
171
|
RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
|
172
|
+
RUN mkdir -p /etc/sudoers.d
|
168
173
|
RUN echo '#{username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/#{username}
|
174
|
+
RUN chmod 0440 /etc/sudoers.d/#{username}
|
169
175
|
eos
|
170
176
|
custom = ''
|
171
177
|
Array(config[:provision_command]).each do |cmd|
|
@@ -213,7 +219,8 @@ module Kitchen
|
|
213
219
|
def build_run_command(image_id)
|
214
220
|
cmd = "run -d -p 22"
|
215
221
|
Array(config[:forward]).each {|port| cmd << " -p #{port}"}
|
216
|
-
Array(config[:dns]).each {|dns| cmd << "
|
222
|
+
Array(config[:dns]).each {|dns| cmd << " --dns #{dns}"}
|
223
|
+
Array(config[:add_host]).each {|host, ip| cmd << " --add-host=#{host}:#{ip}"}
|
217
224
|
Array(config[:volume]).each {|volume| cmd << " -v #{volume}"}
|
218
225
|
Array(config[:volumes_from]).each {|container| cmd << " --volumes-from #{container}"}
|
219
226
|
Array(config[:links]).each {|link| cmd << " --link #{link}"}
|
@@ -222,9 +229,12 @@ module Kitchen
|
|
222
229
|
cmd << " -h #{config[:hostname]}" if config[:hostname]
|
223
230
|
cmd << " -m #{config[:memory]}" if config[:memory]
|
224
231
|
cmd << " -c #{config[:cpu]}" if config[:cpu]
|
225
|
-
cmd << " -privileged" if config[:privileged]
|
226
232
|
cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
|
227
233
|
cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
|
234
|
+
cmd << " --privileged" if config[:privileged]
|
235
|
+
Array(config[:cap_add]).each {|cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
|
236
|
+
Array(config[:cap_drop]).each {|cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
|
237
|
+
Array(config[:security_opt]).each {|opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]
|
228
238
|
cmd << " #{image_id} #{config[:run_command]}"
|
229
239
|
cmd
|
230
240
|
end
|
@@ -235,30 +245,28 @@ module Kitchen
|
|
235
245
|
parse_container_id(output)
|
236
246
|
end
|
237
247
|
|
238
|
-
def inspect_container(state)
|
239
|
-
container_id = state[:container_id]
|
240
|
-
docker_command("inspect #{container_id}")
|
241
|
-
end
|
242
|
-
|
243
248
|
def container_exists?(state)
|
244
|
-
state[:container_id] && !!
|
249
|
+
state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
|
245
250
|
end
|
246
251
|
|
247
252
|
def parse_container_ssh_port(output)
|
248
253
|
begin
|
249
|
-
|
250
|
-
|
251
|
-
ssh_port = ports['22/tcp'].detect {|port| port['HostIp'] == '0.0.0.0'}
|
252
|
-
ssh_port['HostPort'].to_i
|
254
|
+
host, port = output.split(':')
|
255
|
+
port.to_i
|
253
256
|
rescue
|
254
257
|
raise ActionFailed,
|
255
|
-
'Could not parse Docker
|
258
|
+
'Could not parse Docker port output for container SSH port'
|
256
259
|
end
|
257
260
|
end
|
258
261
|
|
259
262
|
def container_ssh_port(state)
|
260
|
-
|
261
|
-
|
263
|
+
begin
|
264
|
+
output = docker_command("port #{state[:container_id]} 22/tcp")
|
265
|
+
parse_container_ssh_port(output)
|
266
|
+
rescue
|
267
|
+
raise ActionFailed,
|
268
|
+
'Docker reports container has no ssh port mapped'
|
269
|
+
end
|
262
270
|
end
|
263
271
|
|
264
272
|
def rm_container(state)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kitchen-docker
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Porter
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-04-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: test-kitchen
|
@@ -116,6 +116,7 @@ files:
|
|
116
116
|
- lib/kitchen/driver/docker/erb.rb
|
117
117
|
- lib/kitchen/driver/docker_version.rb
|
118
118
|
- test/Dockerfile
|
119
|
+
- test/integration/capabilities/serverspec/capabilities_drop_spec.rb
|
119
120
|
- test/integration/default/serverspec/default_spec.rb
|
120
121
|
homepage: https://github.com/portertech/kitchen-docker
|
121
122
|
licenses:
|
@@ -143,4 +144,5 @@ specification_version: 4
|
|
143
144
|
summary: A Docker Driver for Test Kitchen
|
144
145
|
test_files:
|
145
146
|
- test/Dockerfile
|
147
|
+
- test/integration/capabilities/serverspec/capabilities_drop_spec.rb
|
146
148
|
- test/integration/default/serverspec/default_spec.rb
|