kitchen-docker 2.10.0 → 2.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df5438ae1f2f9b74072ba1c53c9b0c7876dd4abdd6e5cb864fddfa62c2bda75f
-  data.tar.gz: 4e7531d5e26a6c7bceeb7cd14779e256cf2ebf21a866d1ea66f18957567c6623
+  metadata.gz: 5cb2a57e3f7074c1f3b07505f6931d9d742a2ff70d8908b97d9c69d27bb6b34b
+  data.tar.gz: 863c64c9dac8d43c0db30bb5b83cb6eaf3448ae0b988f9809abbd882b8b12ac1
 SHA512:
-  metadata.gz: cafda9489c84bbbe7848ca36f777c33910a0696f52b78a1333cfe1ea9c1a7c9a89a9ec0ad1b674dc38141e03929886653bbe39424789294dc84d99d9a333c93f
-  data.tar.gz: b5b121d05430ff88899cefe3d2754c00142f508237de92a9694919a5559227196b4d6d48651de6d7c620328207bea423e889671218c428e690fb59226e91e6c4
+  metadata.gz: b8639ed71230580894bc7daedd7c7efcaf09458e2e6c1cbf45e0617e16844a28d4c0015c251009e1e0fa0c741daf15715eed2a2bc6f1eada903a04fdb73a620a
+  data.tar.gz: 779683f5e429eff27d8d68c3a19f8d01b1247d9699f283bde06f902ed6a8a0f03330e534568cac05114676f27434ba0aacb443ad57705b0bb6e0c5a77409aba0

data/.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

data/.gitignore

@@ -17,5 +17,5 @@ test/version_tmp
 tmp
 .kitchen/
 .kitchen.local.yml
-Dockerfile*
+Dockerfile
 .DS_Store

data/.kitchen.windows.yml

@@ -18,7 +18,7 @@ provisioner:
 platforms:
 - name: windows
   driver_config:
-    image: mcr.microsoft.com/windows/servercore:1803
+    image: mcr.microsoft.com/windows/servercore:1809
     platform: windows
 
 suites:

data/.kitchen.yml

@@ -27,14 +27,11 @@ platforms:
 - name: oraclelinux-7
 - name: debian-8
 - name: debian-9
-- name: opensuse-42.3
-  driver:
-    image: opensuse/leap:42.3
-- name: opensuse/leap-42
-# - name: arch
-#   driver:
-#     image: base/archlinux
-#     provision_command: true
+# Removing opensuse CI tests temporarily due to an issue with the Chef install script not providing 
+# the correct platform name for opensuse resulting in consistent failures for this platform
+#- name: opensuse-42.3
+#  driver:
+#    image: opensuse/leap:42.3
 - name: unknown
   driver:
     image: ubuntu:16.04

data/.travis.yml

@@ -33,15 +33,20 @@ matrix:
     - os: windows
       language: bash
       install:
+        - choco uninstall ruby
+        - choco install ruby --version=2.6.5.1
+        - export PATH=$(echo "$PATH" | sed -e 's/:\/c\/tools\/ruby27\/bin//')
+        - export PATH=$PATH:/c/tools/ruby26/bin
         - choco install mingw
         - choco install msys2
-        - ridk.cmd exec pacman -S --noconfirm --needed base-devel mingw-w64-x86_64-toolchain
+        - ridk.cmd exec pacman -S --noconfirm --needed base-devel mingw-w64-x86_64-toolchain mingw-w64-x86_64-libxslt
       script:
-        - taskkill -IM "gpg-agent.exe" -F
+        - if [[ $(tasklist | grep "gpg-agent") ]]; then taskkill -IM "gpg-agent.exe" -F; else echo "Process gpg-agent not found. Skipping."; fi        
         - powershell -ExecutionPolicy Bypass -NoLogo -File docker.ps1
         - export KITCHEN_YAML=.kitchen.windows.yml
         - ruby -v
         - gem install bundler
+        - bundle config build.nokogiri --use-system-libraries
         - bundle install
         - bundle exec docker version
         - bundle exec kitchen --version

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Kitchen-Docker Changelog
 
+## 2.11.0 - July 2, 2021
+
+* Update the development dependency on kitchen-inspec to 2.x
+* Retrieve hostname state data after container is launched to avoid failures when `use_internal_docker_network` is set
+* Add a new option for setting container isolation. See the readme for additional details
+* Support GPUs in containers with a new `gpus` option that takes the same arguments that would be passed to `docker run --gpus`
+* suse platform: use system script for ssh key initialization
+* Add support for the `--mount` docker CLI option. See the readme for additional details
+* Use sudo.d files instead of directly editing the sudoers file
+* Allow passing `--tmpfs` entries to the docker run command. See the readme for additional details
+* Use less verbose and quicker setup on Gentoo
+* Lowercase the instance-name to avoid issues since docker does not allow instance with capital cases
+* Fix the error "Could not parse Docker build output for image ID" by improving the output line matching
+* Add support for `almalinux` & `rockylinux`
+
 ## 2.10.0 - Mar 28, 2020
 
 * Switched from require to require_relative to slightly improve load time performance

data/README.md

@@ -7,6 +7,8 @@
 
 A Test Kitchen Driver and Transport for Docker.
 
+***MAINTAINERS WANTED***: This Test-Kitchen driver is currently without a maintainer and has many known issues. If you're interested in maintaining this driver for the long run including expanding the CI testing please reach out on [Chef Community Slack: #test-kitchen](https://chefcommunity.slack.com/archives/C2B6G1WCQ). Until such a time that this driver is maintained we highly recommend the [kitchen-dokken](https://github.com/test-kitchen/kitchen-dokken) for Chef Infra testing with Docker containers.
+
 ## Requirements
 
 * [Docker][docker_installation] **(>= 1.5)**
@@ -23,7 +25,7 @@ driver:
   name: docker
   env_variables:
     TEST_KEY: TEST_VALUE
-    
+
 platforms:
 - name: ubuntu
   run_list:
@@ -109,8 +111,8 @@ Examples:
 
 ### socket
 
-The Docker daemon socket to use. By default, Docker will listen on `unix:///var/run/docker.sock` (On Windows, `npipe:////./pipe/docker_engine`), 
-and no configuration here is required. If Docker is binding to another host/port or Unix socket, you will need to set this option. 
+The Docker daemon socket to use. By default, Docker will listen on `unix:///var/run/docker.sock` (On Windows, `npipe:////./pipe/docker_engine`),
+and no configuration here is required. If Docker is binding to another host/port or Unix socket, you will need to set this option.
 If a TCP socket is set, its host will be used for SSH access to suite containers.
 
 Examples:
@@ -164,6 +166,19 @@ images using the [Docker Index][docker_index].
 The default will be computed, using the platform name (see the Default
 Configuration section for more details).
 
+### isolation
+
+The isolation technology for the container. This is not set by default and will use the default container isolation settings.
+
+For example, the following driver configuration options can be used to specify the container isolation technology for Windows containers:
+```yaml
+# Hyper-V
+isolation: hyperv
+
+# Process
+isolation: process
+```
+
 ### platform
 
 The platform of the chosen image. This is used to properly bootstrap the
@@ -171,7 +186,7 @@ suite container for Test Kitchen. Kitchen Docker currently supports:
 
 * `arch`
 * `debian` or `ubuntu`
-* `amazonlinux`, `rhel`, `centos`, `fedora` or `oraclelinux`
+* `amazonlinux`, `rhel`, `centos`, `fedora`, `oraclelinux`, `almalinux` or `rockylinux`
 * `gentoo` or `gentoo-paludis`
 * `opensuse/tumbleweed`, `opensuse/leap`, `opensuse` or `sles`
 * `windows`
@@ -312,6 +327,39 @@ Examples:
   - rvm
 ```
 
+### mount
+
+Attach a filesystem mount to the container (**NOTE:** supported only in docker
+17.05 and newer).
+
+Examples:
+
+```yaml
+  mount: type=volume,source=my-volume,destination=/path/in/container
+```
+
+```yaml
+  mount:
+  - type=volume,source=my-volume,destination=/path/in/container
+  - type=tmpfs,tmpfs-size=512M,destination=/path/to/tmpdir
+```
+
+### tmpfs
+
+Adds a tmpfs volume(s) to the suite container.
+
+Examples:
+
+```yaml
+  tmpfs: /tmp
+```
+
+```yaml
+  tmpfs:
+  - /tmp:exec
+  - /run
+```
+
 ### dns
 
 Adjusts `resolv.conf` to use the dns servers specified. Otherwise use
@@ -587,7 +635,7 @@ limitations under the License.
 [docker_upstart_issue]:   https://github.com/dotcloud/docker/issues/223
 [docker_index]:           https://index.docker.io/
 [docker_default_image]:   https://index.docker.io/_/base/
-[test_kitchen_docs]:      http://kitchen.ci/docs/getting-started/
+[test_kitchen_docs]:      https://kitchen.ci/docs/getting-started/introduction/
 [chef_omnibus_dl]:        https://downloads.chef.io/chef-client/
 [cpu_shares]:             https://docs.fedoraproject.org/en-US/Fedora/17/html/Resource_Management_Guide/sec-cpu.html
 [memory_limit]:           https://docs.fedoraproject.org/en-US/Fedora/17/html/Resource_Management_Guide/sec-memory.html

data/kitchen-docker.gemspec

@@ -34,6 +34,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'codecov', '~> 0.0', '>= 0.0.2'
 
   # Integration testing gems.
-  spec.add_development_dependency 'kitchen-inspec', '~> 1.1'
+  spec.add_development_dependency 'kitchen-inspec', '~> 2.0'
   spec.add_development_dependency 'train', '>= 2.1', '< 4.0' # validate 4.x when it's released
 end

data/lib/kitchen/docker/container.rb

@@ -37,13 +37,27 @@ module Kitchen
         end
 
         state[:username] = @config[:username]
-        state[:hostname] = 'localhost'
+      end
+
+      def destroy(state)
+        info("[Docker] Destroying Docker container #{state[:container_id]}") if state[:container_id]
+        remove_container(state) if container_exists?(state)
+
+        if @config[:remove_images] && state[:image_id]
+          remove_image(state) if image_exists?(state)
+        end
+      end
+
+      def hostname(state)
+        hostname = 'localhost'
 
         if remote_socket?
-          state[:hostname] = socket_uri.host
-        elsif config[:use_internal_docker_network]
-          state[:hostname] = container_ip_address(state)
+          hostname = socket_uri.host
+        elsif @config[:use_internal_docker_network]
+          hostname = container_ip_address(state)
         end
+
+        hostname
       end
 
       def upload(locals, remote)
@@ -56,15 +70,6 @@ module Kitchen
 
         files
       end
-
-      def destroy(state)
-        info("[Docker] Destroying Docker container #{state[:container_id]}") if state[:container_id]
-        remove_container(state) if container_exists?(state)
-
-        if @config[:remove_images] && state[:image_id]
-          remove_image(state) if image_exists?(state)
-        end
-      end
     end
   end
 end

data/lib/kitchen/docker/container/linux.rb

@@ -17,11 +17,14 @@ require 'securerandom'
 require 'shellwords'
 
 require_relative '../container'
+require_relative '../helpers/dockerfile_helper'
 
 module Kitchen
   module Docker
     class Container
       class Linux < Kitchen::Docker::Container
+        include Kitchen::Docker::Helpers::DockerfileHelper
+
         MUTEX_FOR_SSH_KEYS = Mutex.new
 
         def initialize(config)
@@ -37,7 +40,7 @@ module Kitchen
           state[:ssh_key] = @config[:private_key]
           state[:image_id] = build_image(state, dockerfile) unless state[:image_id]
           state[:container_id] = run_container(state, 22) unless state[:container_id]
-          state[:hostname] = 'localhost'
+          state[:hostname] = hostname(state)
           state[:port] = container_ssh_port(state)
         end
 
@@ -107,89 +110,11 @@ module Kitchen
           return dockerfile_template if @config[:dockerfile]
 
           from = "FROM #{@config[:image]}"
-
-          platform = case @config[:platform]
-                     when 'debian', 'ubuntu'
-                       disable_upstart = <<-CODE
-                         RUN [ ! -f "/sbin/initctl" ] || dpkg-divert --local --rename --add /sbin/initctl && ln -sf /bin/true /sbin/initctl
-                       CODE
-                       packages = <<-CODE
-                         ENV DEBIAN_FRONTEND noninteractive
-                         ENV container docker
-                         RUN apt-get update
-                         RUN apt-get install -y sudo openssh-server curl lsb-release
-                       CODE
-                       @config[:disable_upstart] ? disable_upstart + packages : packages
-                     when 'rhel', 'centos', 'oraclelinux', 'amazonlinux'
-                       <<-CODE
-                         ENV container docker
-                         RUN yum clean all
-                         RUN yum install -y sudo openssh-server openssh-clients which curl
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-                       CODE
-                     when 'fedora'
-                       <<-CODE
-                         ENV container docker
-                         RUN dnf clean all
-                         RUN dnf install -y sudo openssh-server openssh-clients which curl
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-                       CODE
-                     when 'opensuse/tumbleweed', 'opensuse/leap', 'opensuse', 'sles'
-                       <<-CODE
-                         ENV container docker
-                         RUN zypper install -y sudo openssh which curl
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
-                       CODE
-                     when 'arch'
-                       # See https://bugs.archlinux.org/task/47052 for why we
-                       # blank out limits.conf.
-                       <<-CODE
-                         RUN pacman --noconfirm -Sy archlinux-keyring
-                         RUN pacman-db-upgrade
-                         RUN pacman --noconfirm -Syu openssl openssh sudo curl
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
-                         RUN echo >/etc/security/limits.conf
-                       CODE
-                     when 'gentoo'
-                       <<-CODE
-                         RUN emerge --sync
-                         RUN emerge net-misc/openssh app-admin/sudo
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
-                       CODE
-                     when 'gentoo-paludis'
-                       <<-CODE
-                         RUN cave sync
-                         RUN cave resolve -zx net-misc/openssh app-admin/sudo
-                         RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-                         RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
-                       CODE
-                     else
-                       raise ActionFailed, "Unknown platform '#{@config[:platform]}'"
-                     end
-
+          platform = dockerfile_platform
           username = @config[:username]
           public_key = IO.read(@config[:public_key]).strip
           homedir = username == 'root' ? '/root' : "/home/#{username}"
-
-          base = <<-CODE
-            RUN if ! getent passwd #{username}; then \
-                  useradd -d #{homedir} -m -s /bin/bash -p '*' #{username}; \
-                fi
-            RUN echo "#{username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-            RUN echo "Defaults !requiretty" >> /etc/sudoers
-            RUN mkdir -p #{homedir}/.ssh
-            RUN chown -R #{username} #{homedir}/.ssh
-            RUN chmod 0700 #{homedir}/.ssh
-            RUN touch #{homedir}/.ssh/authorized_keys
-            RUN chown #{username} #{homedir}/.ssh/authorized_keys
-            RUN chmod 0600 #{homedir}/.ssh/authorized_keys
-            RUN mkdir -p /run/sshd
-          CODE
+          base = dockerfile_base_linux(username, homedir)
 
           custom = ''
           Array(@config[:provision_command]).each do |cmd|

data/lib/kitchen/docker/container/windows.rb

@@ -30,6 +30,7 @@ module Kitchen
           state[:username] = @config[:username]
           state[:image_id] = build_image(state, dockerfile) unless state[:image_id]
           state[:container_id] = run_container(state) unless state[:container_id]
+          state[:hostname] = hostname(state)
         end
 
         def execute(command)

data/lib/kitchen/docker/docker_version.rb

@@ -16,6 +16,6 @@
 module Kitchen
   module Docker
     # Version string for Docker Kitchen driver
-    DOCKER_VERSION = "2.10.0"
+    DOCKER_VERSION = "2.11.0"
   end
 end

data/lib/kitchen/docker/helpers/cli_helper.rb

@@ -49,14 +49,18 @@ module Kitchen
           Array(config[:volumes_from]).each { |container| cmd << " --volumes-from #{container}" }
           Array(config[:links]).each { |link| cmd << " --link #{link}" }
           Array(config[:devices]).each { |device| cmd << " --device #{device}" }
+          Array(config[:mount]).each {|mount| cmd << " --mount #{mount}"}
+          Array(config[:tmpfs]).each {|tmpfs| cmd << " --tmpfs #{tmpfs}"}
           cmd << " --name #{config[:instance_name]}" if config[:instance_name]
           cmd << ' -P' if config[:publish_all]
           cmd << " -h #{config[:hostname]}" if config[:hostname]
           cmd << " -m #{config[:memory]}" if config[:memory]
           cmd << " -c #{config[:cpu]}" if config[:cpu]
+          cmd << " --gpus #{config[:gpus]}" if config[:gpus]
           cmd << " -e http_proxy=#{config[:http_proxy]}" if config[:http_proxy]
           cmd << " -e https_proxy=#{config[:https_proxy]}" if config[:https_proxy]
           cmd << ' --privileged' if config[:privileged]
+          cmd << " --isolation #{config[:isolation]}" if config[:isolation]
           Array(config[:cap_add]).each { |cap| cmd << " --cap-add=#{cap}"} if config[:cap_add]
           Array(config[:cap_drop]).each { |cap| cmd << " --cap-drop=#{cap}"} if config[:cap_drop]
           Array(config[:security_opt]).each { |opt| cmd << " --security-opt=#{opt}"} if config[:security_opt]

data/lib/kitchen/docker/helpers/dockerfile_helper.rb

@@ -0,0 +1,136 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'kitchen'
+require 'kitchen/configurable'
+
+module Kitchen
+  module Docker
+    module Helpers
+      module DockerfileHelper     
+        include Configurable
+
+        def dockerfile_platform
+          case config[:platform]
+          when 'arch'
+            arch_platform
+          when 'debian', 'ubuntu'
+            debian_platform
+          when 'fedora'
+            fedora_platform
+          when 'gentoo'
+            gentoo_platform
+          when 'gentoo-paludis'
+            gentoo_paludis_platform
+          when 'opensuse/tumbleweed', 'opensuse/leap', 'opensuse', 'sles'
+            opensuse_platform
+          when 'rhel', 'centos', 'oraclelinux', 'amazonlinux', 'almalinux', 'rockylinux'
+            rhel_platform
+          else
+            raise ActionFailed, "Unknown platform '#{config[:platform]}'"
+          end
+        end
+
+        def arch_platform
+          # See https://bugs.archlinux.org/task/47052 for why we
+          # blank out limits.conf.
+          <<-CODE
+            RUN pacman --noconfirm -Sy archlinux-keyring
+            RUN pacman-db-upgrade
+            RUN pacman --noconfirm -Syu openssl openssh sudo curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+            RUN echo >/etc/security/limits.conf
+          CODE
+        end
+
+        def debian_platform
+          disable_upstart = <<-CODE
+            RUN [ ! -f "/sbin/initctl" ] || dpkg-divert --local --rename --add /sbin/initctl \
+                && ln -sf /bin/true /sbin/initctl
+          CODE
+          packages = <<-CODE
+            ENV DEBIAN_FRONTEND noninteractive
+            ENV container docker
+            RUN apt-get update
+            RUN apt-get install -y sudo openssh-server curl lsb-release
+          CODE
+          config[:disable_upstart] ? disable_upstart + packages : packages
+        end
+
+        def fedora_platform
+          <<-CODE
+            ENV container docker
+            RUN dnf clean all
+            RUN dnf install -y sudo openssh-server openssh-clients which curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+          CODE
+        end
+
+        def gentoo_platform
+          <<-CODE
+            RUN emerge-webrsync
+            RUN emerge --quiet --noreplace net-misc/openssh app-admin/sudo
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+          CODE
+        end
+
+        def gentoo_paludis_platform
+          <<-CODE
+            RUN cave sync
+            RUN cave resolve -zx net-misc/openssh app-admin/sudo
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+          CODE
+        end
+
+        def opensuse_platform
+          <<-CODE
+            ENV container docker
+            RUN zypper install -y sudo openssh which curl
+            RUN /usr/sbin/sshd-gen-keys-start
+          CODE
+        end
+
+        def rhel_platform
+          <<-CODE
+            ENV container docker
+            RUN yum clean all
+            RUN yum install -y sudo openssh-server openssh-clients which curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+          CODE
+        end
+
+        def dockerfile_base_linux(username, homedir)
+          <<-CODE
+            RUN if ! getent passwd #{username}; then \
+                  useradd -d #{homedir} -m -s /bin/bash -p '*' #{username}; \
+                fi
+            RUN echo "#{username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/#{username}
+            RUN echo "Defaults !requiretty" >> /etc/sudoers.d/#{username}
+            RUN mkdir -p #{homedir}/.ssh
+            RUN chown -R #{username} #{homedir}/.ssh
+            RUN chmod 0700 #{homedir}/.ssh
+            RUN touch #{homedir}/.ssh/authorized_keys
+            RUN chown #{username} #{homedir}/.ssh/authorized_keys
+            RUN chmod 0600 #{homedir}/.ssh/authorized_keys
+            RUN mkdir -p /run/sshd
+          CODE
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/helpers/image_helper.rb

@@ -26,8 +26,9 @@ module Kitchen
 
         def parse_image_id(output)
           output.each_line do |line|
-            if line =~ /image id|build successful|successfully built/i
-              return line.split(/\s+/).last
+            if line =~ /image id|build successful|successfully built|writing image/i
+              img_id = line.split(/\s+/).last
+              return img_id
             end
           end
           raise ActionFailed, 'Could not parse Docker build output for image ID'
@@ -50,7 +51,8 @@ module Kitchen
                      file.write(dockerfile)
                      file.close
                      docker_command("#{cmd} -f #{Shellwords.escape(dockerfile_path(file))} #{build_context}",
-                                    input: dockerfile_contents)
+                                    input: dockerfile_contents,
+                                    environment: { DOCKER_BUILDKIT: '0' })
                    ensure
                      file.close unless file.closed?
                      file.unlink

data/lib/kitchen/driver/docker.rb

@@ -1,164 +1,165 @@
-#
-# Copyright (C) 2014, Sean Porter
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require 'kitchen'
-require 'json'
-require 'securerandom'
-require 'net/ssh'
-
-require 'kitchen/driver/base'
-
-require_relative '../docker/container/linux'
-require_relative '../docker/container/windows'
-require_relative '../docker/helpers/cli_helper'
-require_relative '../docker/helpers/container_helper'
-
-module Kitchen
-  module Driver
-    # Docker driver for Kitchen.
-    #
-    # @author Sean Porter <portertech@gmail.com>
-    class Docker < Kitchen::Driver::Base
-      include Kitchen::Docker::Helpers::CliHelper
-      include Kitchen::Docker::Helpers::ContainerHelper
-      include ShellOut
-
-      default_config :binary,        'docker'
-      default_config :build_options, nil
-      default_config :cap_add,       nil
-      default_config :cap_drop,      nil
-      default_config :disable_upstart, true
-      default_config :env_variables, nil
-      default_config :interactive,   false
-      default_config :private_key,   File.join(Dir.pwd, '.kitchen', 'docker_id_rsa')
-      default_config :privileged,    false
-      default_config :public_key,    File.join(Dir.pwd, '.kitchen', 'docker_id_rsa.pub')
-      default_config :publish_all,   false
-      default_config :remove_images, false
-      default_config :run_options,   nil
-      default_config :security_opt,  nil
-      default_config :tls,           false
-      default_config :tls_cacert,    nil
-      default_config :tls_cert,      nil
-      default_config :tls_key,       nil
-      default_config :tls_verify,    false
-      default_config :tty,           false
-      default_config :use_cache,     true
-      default_config :use_internal_docker_network, false
-      default_config :use_sudo, false
-      default_config :wait_for_transport, true
-
-      default_config :build_context do |driver|
-        !driver.remote_socket?
-      end
-
-      default_config :image do |driver|
-        driver.default_image
-      end
-
-      default_config :instance_name do |driver|
-        # Borrowed from kitchen-rackspace
-        [
-          driver.instance.name.gsub(/\W/, ''),
-          (Etc.getlogin || 'nologin').gsub(/\W/, ''),
-          Socket.gethostname.gsub(/\W/, '')[0..20],
-          Array.new(8) { rand(36).to_s(36) }.join
-        ].join('-')
-      end
-
-      default_config :platform do |driver|
-        driver.default_platform
-      end
-
-      default_config :run_command do |driver|
-        if driver.windows_os?
-          # Launch arbitrary process to keep the Windows container alive
-          # If running in interactive mode, launch powershell.exe instead
-          if driver[:interactive]
-            'powershell.exe'
-          else
-            'ping -t localhost'
-          end
-        else
-          '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes '\
-          '-o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid'
-        end
-      end
-
-      default_config :socket do |driver|
-        socket = 'unix:///var/run/docker.sock'
-        socket = 'npipe:////./pipe/docker_engine' if driver.windows_os?
-        ENV['DOCKER_HOST'] || socket
-      end
-
-      default_config :username do |driver|
-        # Return nil to prevent username from being added to Docker
-        # command line args for Windows if a username was not specified
-        if driver.windows_os?
-          nil
-        else
-          'kitchen'
-        end
-      end
-
-      def verify_dependencies
-        run_command("#{config[:binary]} >> #{dev_null} 2>&1", quiet: true, use_sudo: config[:use_sudo])
-      rescue
-        raise UserError, 'You must first install the Docker CLI tool https://www.docker.com/get-started'
-      end
-
-      def create(state)
-        container.create(state)
-
-        wait_for_transport(state)
-      end
-
-      def destroy(state)
-        container.destroy(state)
-      end
-
-      def wait_for_transport(state)
-        if config[:wait_for_transport]
-          instance.transport.connection(state) do |conn|
-            conn.wait_until_ready
-          end
-        end
-      end
-
-      def default_image
-        platform, release = instance.platform.name.split('-')
-        if platform == 'centos' && release
-          release = 'centos' + release.split('.').first
-        end
-        release ? [platform, release].join(':') : platform
-      end
-
-      def default_platform
-        instance.platform.name.split('-').first
-      end
-
-      protected
-
-      def container
-        @container ||= if windows_os?
-                         Kitchen::Docker::Container::Windows.new(config)
-                       else
-                         Kitchen::Docker::Container::Linux.new(config)
-                       end
-        @container
-      end
-    end
-  end
-end
+#
+# Copyright (C) 2014, Sean Porter
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'kitchen'
+require 'json'
+require 'securerandom'
+require 'net/ssh'
+
+require 'kitchen/driver/base'
+
+require_relative '../docker/container/linux'
+require_relative '../docker/container/windows'
+require_relative '../docker/helpers/cli_helper'
+require_relative '../docker/helpers/container_helper'
+
+module Kitchen
+  module Driver
+    # Docker driver for Kitchen.
+    #
+    # @author Sean Porter <portertech@gmail.com>
+    class Docker < Kitchen::Driver::Base
+      include Kitchen::Docker::Helpers::CliHelper
+      include Kitchen::Docker::Helpers::ContainerHelper
+      include ShellOut
+
+      default_config :binary,        'docker'
+      default_config :build_options, nil
+      default_config :cap_add,       nil
+      default_config :cap_drop,      nil
+      default_config :disable_upstart, true
+      default_config :env_variables, nil
+      default_config :isolation,     nil
+      default_config :interactive,   false
+      default_config :private_key,   File.join(Dir.pwd, '.kitchen', 'docker_id_rsa')
+      default_config :privileged,    false
+      default_config :public_key,    File.join(Dir.pwd, '.kitchen', 'docker_id_rsa.pub')
+      default_config :publish_all,   false
+      default_config :remove_images, false
+      default_config :run_options,   nil
+      default_config :security_opt,  nil
+      default_config :tls,           false
+      default_config :tls_cacert,    nil
+      default_config :tls_cert,      nil
+      default_config :tls_key,       nil
+      default_config :tls_verify,    false
+      default_config :tty,           false
+      default_config :use_cache,     true
+      default_config :use_internal_docker_network, false
+      default_config :use_sudo, false
+      default_config :wait_for_transport, true
+
+      default_config :build_context do |driver|
+        !driver.remote_socket?
+      end
+
+      default_config :image do |driver|
+        driver.default_image
+      end
+
+      default_config :instance_name do |driver|
+        # Borrowed from kitchen-rackspace
+        [
+          driver.instance.name.gsub(/\W/, ''),
+          (Etc.getlogin || 'nologin').gsub(/\W/, ''),
+          Socket.gethostname.gsub(/\W/, '')[0..20],
+          Array.new(8) { rand(36).to_s(36) }.join
+        ].join('-').downcase
+      end
+
+      default_config :platform do |driver|
+        driver.default_platform
+      end
+
+      default_config :run_command do |driver|
+        if driver.windows_os?
+          # Launch arbitrary process to keep the Windows container alive
+          # If running in interactive mode, launch powershell.exe instead
+          if driver[:interactive]
+            'powershell.exe'
+          else
+            'ping -t localhost'
+          end
+        else
+          '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes '\
+          '-o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid'
+        end
+      end
+
+      default_config :socket do |driver|
+        socket = 'unix:///var/run/docker.sock'
+        socket = 'npipe:////./pipe/docker_engine' if driver.windows_os?
+        ENV['DOCKER_HOST'] || socket
+      end
+
+      default_config :username do |driver|
+        # Return nil to prevent username from being added to Docker
+        # command line args for Windows if a username was not specified
+        if driver.windows_os?
+          nil
+        else
+          'kitchen'
+        end
+      end
+
+      def verify_dependencies
+        run_command("#{config[:binary]} >> #{dev_null} 2>&1", quiet: true, use_sudo: config[:use_sudo])
+      rescue
+        raise UserError, 'You must first install the Docker CLI tool https://www.docker.com/get-started'
+      end
+
+      def create(state)
+        container.create(state)
+
+        wait_for_transport(state)
+      end
+
+      def destroy(state)
+        container.destroy(state)
+      end
+
+      def wait_for_transport(state)
+        if config[:wait_for_transport]
+          instance.transport.connection(state) do |conn|
+            conn.wait_until_ready
+          end
+        end
+      end
+
+      def default_image
+        platform, release = instance.platform.name.split('-')
+        if platform == 'centos' && release
+          release = 'centos' + release.split('.').first
+        end
+        release ? [platform, release].join(':') : platform
+      end
+
+      def default_platform
+        instance.platform.name.split('-').first
+      end
+
+      protected
+
+      def container
+        @container ||= if windows_os?
+                         Kitchen::Docker::Container::Windows.new(config)
+                       else
+                         Kitchen::Docker::Container::Linux.new(config)
+                       end
+        @container
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitchen-docker
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.11.0
 platform: ruby
 authors:
 - Sean Porter
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-28 00:00:00.000000000 Z
+date: 2021-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-kitchen
@@ -176,14 +176,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: train
   requirement: !ruby/object:Gem::Requirement
@@ -212,6 +212,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".cane"
+- ".github/dependabot.yml"
 - ".gitignore"
 - ".kitchen.windows.yml"
 - ".kitchen.yml"
@@ -232,6 +233,7 @@ files:
 - lib/kitchen/docker/erb_context.rb
 - lib/kitchen/docker/helpers/cli_helper.rb
 - lib/kitchen/docker/helpers/container_helper.rb
+- lib/kitchen/docker/helpers/dockerfile_helper.rb
 - lib/kitchen/docker/helpers/file_helper.rb
 - lib/kitchen/docker/helpers/image_helper.rb
 - lib/kitchen/docker/helpers/inspec_helper.rb
@@ -249,7 +251,7 @@ homepage: https://github.com/test-kitchen/kitchen-docker
 licenses:
 - Apache 2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -264,8 +266,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: A Docker Driver for Test Kitchen
 test_files: