kitchen-docker 2.8.0 → 2.12.0

data/lib/kitchen/docker/helpers/container_helper.rb

@@ -0,0 +1,172 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'erb'
+require 'json'
+require 'shellwords'
+require 'tempfile'
+require 'uri'
+
+require 'kitchen'
+require 'kitchen/configurable'
+require_relative '../erb_context'
+require_relative 'cli_helper'
+
+module Kitchen
+  module Docker
+    module Helpers
+      module ContainerHelper
+        include Configurable
+        include Kitchen::Docker::Helpers::CliHelper
+
+        def parse_container_id(output)
+          container_id = output.chomp
+
+          unless [12, 64].include?(container_id.size)
+            raise ActionFailed, 'Could not parse Docker run output for container ID'
+          end
+
+          container_id
+        end
+
+        def dockerfile_template
+          template = IO.read(File.expand_path(config[:dockerfile]))
+          context = Kitchen::Docker::ERBContext.new(config.to_hash)
+          ERB.new(template).result(context.get_binding)
+        end
+
+        def remote_socket?
+          config[:socket] ? socket_uri.scheme == 'tcp' : false
+        end
+
+        def socket_uri
+          URI.parse(config[:socket])
+        end
+
+        def dockerfile_path(file)
+          config[:build_context] ? Pathname.new(file.path).relative_path_from(Pathname.pwd).to_s : file.path
+        end
+
+        def container_exists?(state)
+          state[:container_id] && !!docker_command("top #{state[:container_id]}") rescue false
+        end
+
+        def container_exec(state, command)
+          cmd = build_exec_command(state, command)
+          docker_command(cmd)
+        rescue => e
+          raise "Failed to execute command on Docker container. #{e}"
+        end
+
+        def create_dir_on_container(state, path)
+          path = replace_env_variables(state, path)
+          cmd = "mkdir -p #{path}"
+
+          if state[:platform].include?('windows')
+            psh = "-Command if(-not (Test-Path \'#{path}\')) { New-Item -Path \'#{path}\' -Force }"
+            cmd = build_powershell_command(psh)
+          end
+
+          cmd = build_exec_command(state, cmd)
+          docker_command(cmd)
+        rescue => e
+          raise "Failed to create directory #{path} on container. #{e}"
+        end
+
+        def copy_file_to_container(state, local_file, remote_file)
+          debug("Copying local file #{local_file} to #{remote_file} on container")
+
+          remote_file = replace_env_variables(state, remote_file)
+
+          remote_file = "#{state[:container_id]}:#{remote_file}"
+          cmd = build_copy_command(local_file, remote_file)
+          docker_command(cmd)
+        rescue => e
+          raise "Failed to copy file #{local_file} to container. #{e}"
+        end
+
+        def container_env_variables(state)
+          # Retrieves all environment variables from inside container
+          vars = {}
+
+          if state[:platform].include?('windows')
+            cmd = build_powershell_command('-Command [System.Environment]::GetEnvironmentVariables() ^| ConvertTo-Json')
+            cmd = build_exec_command(state, cmd)
+            stdout = docker_command(cmd, suppress_output: !logger.debug?).strip
+            vars = ::JSON.parse(stdout)
+          else
+            cmd = build_exec_command(state, 'printenv')
+            stdout = docker_command(cmd, suppress_output: !logger.debug?).strip
+            stdout.split("\n").each { |line| vars[line.split('=')[0]] = line.split('=')[1] }
+          end
+
+          vars
+        end
+
+        def replace_env_variables(state, str)
+          if str.include?('$env:')
+            key = str[/\$env:(.*?)(\\|$)/, 1]
+            value = container_env_variables(state)[key].to_s.strip
+            str = str.gsub("$env:#{key}", value)
+          elsif str.include?('$')
+            key = str[/\$(.*?)(\/|$)/, 1]
+            value = container_env_variables(state)[key].to_s.strip
+            str = str.gsub("$#{key}", value)
+          end
+
+          str
+        end
+
+        def run_container(state, transport_port = nil)
+          cmd = build_run_command(state[:image_id], transport_port)
+          output = docker_command(cmd)
+          parse_container_id(output)
+        end
+
+        def container_ip_address(state)
+          cmd = "inspect --format '{{ .NetworkSettings.IPAddress }}'"
+          cmd << " #{state[:container_id]}"
+          docker_command(cmd).strip
+        rescue
+          raise ActionFailed, 'Error getting internal IP of Docker container'
+        end
+
+        def remove_container(state)
+          container_id = state[:container_id]
+          docker_command("stop -t 0 #{container_id}")
+          docker_command("rm #{container_id}")
+        end
+
+        def dockerfile_proxy_config
+          env_variables = ''
+          if config[:http_proxy]
+            env_variables << "ENV http_proxy #{config[:http_proxy]}\n"
+            env_variables << "ENV HTTP_PROXY #{config[:http_proxy]}\n"
+          end
+
+          if config[:https_proxy]
+            env_variables << "ENV https_proxy #{config[:https_proxy]}\n"
+            env_variables << "ENV HTTPS_PROXY #{config[:https_proxy]}\n"
+          end
+
+          if config[:no_proxy]
+            env_variables << "ENV no_proxy #{config[:no_proxy]}\n"
+            env_variables << "ENV NO_PROXY #{config[:no_proxy]}\n"
+          end
+
+          env_variables
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/helpers/dockerfile_helper.rb

@@ -0,0 +1,136 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'kitchen'
+require 'kitchen/configurable'
+
+module Kitchen
+  module Docker
+    module Helpers
+      module DockerfileHelper     
+        include Configurable
+
+        def dockerfile_platform
+          case config[:platform]
+          when 'arch'
+            arch_platform
+          when 'debian', 'ubuntu'
+            debian_platform
+          when 'fedora'
+            fedora_platform
+          when 'gentoo'
+            gentoo_platform
+          when 'gentoo-paludis'
+            gentoo_paludis_platform
+          when 'opensuse/tumbleweed', 'opensuse/leap', 'opensuse', 'sles'
+            opensuse_platform
+          when 'rhel', 'centos', 'oraclelinux', 'amazonlinux', 'almalinux', 'rockylinux'
+            rhel_platform
+          else
+            raise ActionFailed, "Unknown platform '#{config[:platform]}'"
+          end
+        end
+
+        def arch_platform
+          # See https://bugs.archlinux.org/task/47052 for why we
+          # blank out limits.conf.
+          <<-CODE
+            RUN pacman --noconfirm -Sy archlinux-keyring
+            RUN pacman-db-upgrade
+            RUN pacman --noconfirm -Syu openssl openssh sudo curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+            RUN echo >/etc/security/limits.conf
+          CODE
+        end
+
+        def debian_platform
+          disable_upstart = <<-CODE
+            RUN [ ! -f "/sbin/initctl" ] || dpkg-divert --local --rename --add /sbin/initctl \
+                && ln -sf /bin/true /sbin/initctl
+          CODE
+          packages = <<-CODE
+            ENV DEBIAN_FRONTEND noninteractive
+            ENV container docker
+            RUN apt-get update
+            RUN apt-get install -y sudo openssh-server curl lsb-release
+          CODE
+          config[:disable_upstart] ? disable_upstart + packages : packages
+        end
+
+        def fedora_platform
+          <<-CODE
+            ENV container docker
+            RUN dnf clean all
+            RUN dnf install -y sudo openssh-server openssh-clients which curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+          CODE
+        end
+
+        def gentoo_platform
+          <<-CODE
+            RUN emerge-webrsync
+            RUN emerge --quiet --noreplace net-misc/openssh app-admin/sudo
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+          CODE
+        end
+
+        def gentoo_paludis_platform
+          <<-CODE
+            RUN cave sync
+            RUN cave resolve -zx net-misc/openssh app-admin/sudo
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
+          CODE
+        end
+
+        def opensuse_platform
+          <<-CODE
+            ENV container docker
+            RUN zypper install -y sudo openssh which curl
+            RUN /usr/sbin/sshd-gen-keys-start
+          CODE
+        end
+
+        def rhel_platform
+          <<-CODE
+            ENV container docker
+            RUN yum clean all
+            RUN yum install -y sudo openssh-server openssh-clients which curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+          CODE
+        end
+
+        def dockerfile_base_linux(username, homedir)
+          <<-CODE
+            RUN if ! getent passwd #{username}; then \
+                  useradd -d #{homedir} -m -s /bin/bash -p '*' #{username}; \
+                fi
+            RUN echo "#{username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/#{username}
+            RUN echo "Defaults !requiretty" >> /etc/sudoers.d/#{username}
+            RUN mkdir -p #{homedir}/.ssh
+            RUN chown -R #{username} #{homedir}/.ssh
+            RUN chmod 0700 #{homedir}/.ssh
+            RUN touch #{homedir}/.ssh/authorized_keys
+            RUN chown #{username} #{homedir}/.ssh/authorized_keys
+            RUN chmod 0600 #{homedir}/.ssh/authorized_keys
+            RUN mkdir -p /run/sshd
+          CODE
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/helpers/file_helper.rb

@@ -0,0 +1,40 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'fileutils'
+
+module Kitchen
+  module Docker
+    module Helpers
+      module FileHelper
+        def create_temp_file(file, contents)
+          debug("[Docker] Creating temp file #{file}")
+          debug('[Docker] --- Start Temp File Contents ---')
+          debug(contents)
+          debug('[Docker] --- End Temp File Contents ---')
+
+          begin
+            path = ::File.dirname(file)
+            ::FileUtils.mkdir_p(path) unless ::Dir.exist?(path)
+            file = ::File.open(file, 'w')
+            file.write(contents)
+          rescue IOError => e
+            raise "Failed to write temp file. Error Details: #{e}"
+          ensure
+            file.close unless file.nil?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/helpers/image_helper.rb

@@ -0,0 +1,76 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'kitchen'
+require 'kitchen/configurable'
+require_relative 'cli_helper'
+require_relative 'container_helper'
+
+module Kitchen
+  module Docker
+    module Helpers
+      module ImageHelper
+        include Configurable
+        include Kitchen::Docker::Helpers::CliHelper
+        include Kitchen::Docker::Helpers::ContainerHelper
+
+        def parse_image_id(output)
+          output.each_line do |line|
+            if line =~ /writing image sha256:[[:xdigit:]]{64} done/i
+              img_id = line[/writing image (sha256:[[:xdigit:]]{64}) done/i,1]
+              return img_id
+            end
+            if line =~ /image id|build successful|successfully built/i
+              img_id = line.split(/\s+/).last
+              return img_id
+            end
+          end
+          raise ActionFailed, 'Could not parse Docker build output for image ID'
+        end
+
+        def remove_image(state)
+          image_id = state[:image_id]
+          docker_command("rmi #{image_id}")
+        end
+
+        def build_image(state, dockerfile)
+          cmd = 'build'
+          cmd << ' --no-cache' unless config[:use_cache]
+          cmd << " --platform=#{config[:docker_platform]}" if config[:docker_platform]
+          extra_build_options = config_to_options(config[:build_options])
+          cmd << " #{extra_build_options}" unless extra_build_options.empty?
+          dockerfile_contents = dockerfile
+          file = Tempfile.new('Dockerfile-kitchen', Dir.pwd)
+          cmd << " -f #{Shellwords.escape(dockerfile_path(file))}" if config[:build_context]
+          build_context = config[:build_context] ? '.' : '-'
+          output = begin
+                     file.write(dockerfile)
+                     file.close
+                     docker_command("#{cmd} #{build_context}",
+                                    input: dockerfile_contents,
+                                    environment: { BUILDKIT_PROGRESS: 'plain' })
+                   ensure
+                     file.close unless file.closed?
+                     file.unlink
+                   end
+
+          parse_image_id(output)
+        end
+
+        def image_exists?(state)
+          state[:image_id] && !!docker_command("inspect --type=image #{state[:image_id]}") rescue false
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/docker/helpers/inspec_helper.rb

@@ -0,0 +1,40 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This helper should be removed when the kitchen-inspec gem has been updated to include these runner options
+begin
+  require 'kitchen/verifier/inspec'
+
+  # Add runner options for Docker transport for kitchen-inspec gem
+  module Kitchen
+    module Docker
+      module Helpers
+        module InspecHelper
+          Kitchen::Verifier::Inspec.class_eval do
+            def runner_options_for_docker(config_data)
+              opts = {
+                'backend' => 'docker',
+                'logger' => logger,
+                'host' => config_data[:container_id],
+              }
+              logger.debug "Connect to Container: #{opts['host']}"
+              opts
+            end
+          end
+        end
+      end
+    end
+  end
+rescue LoadError => e
+  logger.debug("[Docker] kitchen-inspec gem not found for InSpec verifier. #{e}")
+end