kitchen-docker 3.0.0 → 3.2.3

data/lib/kitchen/docker/helpers/dockerfile_helper.rb

@@ -11,38 +11,40 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'kitchen'
-require 'kitchen/configurable'
+require "kitchen"
+require "kitchen/configurable"
 
 module Kitchen
   module Docker
     module Helpers
-      module DockerfileHelper     
+      module DockerfileHelper
         include Configurable
 
         def dockerfile_platform
           case config[:platform]
-          when 'arch'
+          when "arch"
             arch_platform
-          when 'debian', 'ubuntu'
+          when "debian", "ubuntu"
             debian_platform
-          when 'fedora'
+          when "fedora"
             fedora_platform
-          when 'gentoo'
+          when "gentoo"
             gentoo_platform
-          when 'gentoo-paludis'
+          when "gentoo-paludis"
             gentoo_paludis_platform
-          when 'opensuse/tumbleweed', 'opensuse/leap', 'opensuse', 'sles'
+          when "opensuse/tumbleweed", "opensuse/leap", "opensuse", "sles"
             opensuse_platform
-          when 'rhel', 'centos', 'oraclelinux', 'amazonlinux'
+          when "rhel", "centos", "oraclelinux"
             rhel_platform
-          when 'centosstream'
+          when "amazonlinux"
+            amazonlinux_platform
+          when "centosstream"
             centosstream_platform
-          when 'almalinux'
+          when "almalinux"
             almalinux_platform
-          when 'rockylinux'
+          when "rockylinux"
             rockylinux_platform
-          when 'photon'
+          when "photon"
             photonos_platform
           else
             raise ActionFailed, "Unknown platform '#{config[:platform]}'"
@@ -50,15 +52,11 @@ module Kitchen
         end
 
         def arch_platform
-          # See https://bugs.archlinux.org/task/47052 for why we
-          # blank out limits.conf.
           <<-CODE
             RUN pacman --noconfirm -Sy archlinux-keyring
             RUN pacman-db-upgrade
             RUN pacman --noconfirm -Syu openssl openssh sudo curl
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
-            RUN echo >/etc/security/limits.conf
           CODE
         end
 
@@ -68,8 +66,8 @@ module Kitchen
                 && ln -sf /bin/true /sbin/initctl
           CODE
           packages = <<-CODE
-            ENV DEBIAN_FRONTEND noninteractive
-            ENV container docker
+            ENV DEBIAN_FRONTEND=noninteractive
+            ENV container=docker
             RUN apt-get update
             RUN apt-get install -y sudo openssh-server curl lsb-release
           CODE
@@ -78,11 +76,10 @@ module Kitchen
 
         def fedora_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN dnf clean all
             RUN dnf install -y sudo openssh-server openssh-clients which curl
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
           CODE
         end
 
@@ -91,7 +88,6 @@ module Kitchen
             RUN emerge-webrsync
             RUN emerge --quiet --noreplace net-misc/openssh app-admin/sudo
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
           CODE
         end
 
@@ -100,13 +96,12 @@ module Kitchen
             RUN cave sync
             RUN cave resolve -zx net-misc/openssh app-admin/sudo
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -A -t rsa -f /etc/ssh/ssh_host_rsa_key
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -A -t dsa -f /etc/ssh/ssh_host_dsa_key
           CODE
         end
 
         def opensuse_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN zypper install -y sudo openssh which curl gawk
             RUN /usr/sbin/sshd-gen-keys-start
           CODE
@@ -114,47 +109,52 @@ module Kitchen
 
         def rhel_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN yum clean all
             RUN yum install -y sudo openssh-server openssh-clients which curl
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+          CODE
+        end
+
+        def amazonlinux_platform
+          <<-CODE
+            ENV container=docker
+            RUN yum clean all
+            RUN yum install -y --allowerasing sudo openssh-server openssh-clients which curl
+            RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
           CODE
         end
 
         def centosstream_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN yum clean all
             RUN yum install -y sudo openssh-server openssh-clients which
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
           CODE
         end
 
         def almalinux_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN yum clean all
             RUN yum install -y sudo openssh-server openssh-clients which
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
           CODE
         end
 
         def rockylinux_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN yum clean all
             RUN yum install -y sudo openssh-server openssh-clients which
             RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
-            RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
           CODE
         end
 
         def photonos_platform
           <<-CODE
-            ENV container docker
+            ENV container=docker
             RUN tdnf clean all
             RUN tdnf install -y sudo openssh-server openssh-clients which curl
             RUN [ -f "/etc/ssh/ssh_host_ecdsa_key" ] || ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''

data/lib/kitchen/docker/helpers/file_helper.rb

@@ -11,7 +11,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'fileutils'
+require "fileutils" unless defined?(FileUtils)
 
 module Kitchen
   module Docker
@@ -19,14 +19,14 @@ module Kitchen
       module FileHelper
         def create_temp_file(file, contents)
           debug("[Docker] Creating temp file #{file}")
-          debug('[Docker] --- Start Temp File Contents ---')
+          debug("[Docker] --- Start Temp File Contents ---")
           debug(contents)
-          debug('[Docker] --- End Temp File Contents ---')
+          debug("[Docker] --- End Temp File Contents ---")
 
           begin
             path = ::File.dirname(file)
             ::FileUtils.mkdir_p(path) unless ::Dir.exist?(path)
-            file = ::File.open(file, 'w')
+            file = ::File.open(file, "w")
             file.write(contents)
           rescue IOError => e
             raise "Failed to write temp file. Error Details: #{e}"

data/lib/kitchen/docker/helpers/image_helper.rb

@@ -11,11 +11,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'kitchen'
-require 'kitchen/configurable'
-require 'pathname'
-require_relative 'cli_helper'
-require_relative 'container_helper'
+require "kitchen"
+require "kitchen/configurable"
+require "pathname" unless defined?(Pathname)
+require_relative "cli_helper"
+require_relative "container_helper"
 
 module Kitchen
   module Docker
@@ -28,38 +28,52 @@ module Kitchen
         def parse_image_id(output)
           output.split("\n").reverse_each do |line|
             if line =~ /writing image (sha256:[[:xdigit:]]{64})(?: \d*\.\ds)? done/i
-              img_id = line[/writing image (sha256:[[:xdigit:]]{64})(?: \d*\.\ds)? done/i,1]
+              img_id = line[/writing image (sha256:[[:xdigit:]]{64})(?: \d*\.\ds)? done/i, 1]
               return img_id
             end
             if line =~ /image id|build successful|successfully built/i
               img_id = line.split(/\s+/).last
               return img_id
             end
+            # Docker ~v4.31 support
+            if line =~ /naming to moby-dangling@(sha256:[[:xdigit:]]{64})(?: \d*\.\ds)? done/i
+              img_id = line[/naming to moby-dangling@(sha256:[[:xdigit:]]{64})(?: \d*\.\ds)? done/i, 1]
+              return img_id
+            end
           end
-          raise ActionFailed, 'Could not parse Docker build output for image ID'
+          raise ActionFailed, "Could not parse Docker build output for image ID"
         end
 
         def remove_image(state)
           image_id = state[:image_id]
-          docker_command("rmi #{image_id}")
+          if image_in_use?(state)
+            info("[Docker] Image ID #{image_id} is in use. Skipping removal")
+          else
+            info("[Docker] Removing image with Image ID #{image_id}.")
+            docker_command("rmi #{image_id}")
+          end
+        end
+
+        def image_in_use?(state)
+          docker_command("ps -a", suppress_output: !logger.debug?).include?(state[:image_id])
         end
 
         def build_image(state, dockerfile)
-          cmd = 'build'
-          cmd << ' --no-cache' unless config[:use_cache]
+          cmd = "build"
+          cmd << " --no-cache" unless config[:use_cache]
           cmd << " --platform=#{config[:docker_platform]}" if config[:docker_platform]
           extra_build_options = config_to_options(config[:build_options])
           cmd << " #{extra_build_options}" unless extra_build_options.empty?
           dockerfile_contents = dockerfile
-          file = Tempfile.new('Dockerfile-kitchen', Pathname.pwd + config[:build_tempdir])
+          file = Tempfile.new("Dockerfile-kitchen", Pathname.pwd + config[:build_tempdir])
           cmd << " -f #{Shellwords.escape(dockerfile_path(file))}" if config[:build_context]
-          build_context = config[:build_context] ? '.' : '-'
+          build_context = config[:build_context] ? "." : "-"
           output = begin
                      file.write(dockerfile)
                      file.close
                      docker_command("#{cmd} #{build_context}",
-                                    input: dockerfile_contents,
-                                    environment: { BUILDKIT_PROGRESS: 'plain' })
+                       input: dockerfile_contents,
+                       environment: { BUILDKIT_PROGRESS: "plain" })
                    ensure
                      file.close unless file.closed?
                      file.unlink

data/lib/kitchen/docker/helpers/inspec_helper.rb

@@ -1,40 +1,62 @@
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# This helper should be removed when the kitchen-inspec gem has been updated to include these runner options
-begin
-  require 'kitchen/verifier/inspec'
-
-  # Add runner options for Docker transport for kitchen-inspec gem
-  module Kitchen
-    module Docker
-      module Helpers
-        module InspecHelper
-          Kitchen::Verifier::Inspec.class_eval do
-            def runner_options_for_docker(config_data)
-              opts = {
-                'backend' => 'docker',
-                'logger' => logger,
-                'host' => config_data[:container_id],
-              }
-              logger.debug "Connect to Container: #{opts['host']}"
-              opts
-            end
-          end
-        end
-      end
-    end
-  end
-rescue LoadError => e
-  logger.debug("[Docker] kitchen-inspec gem not found for InSpec verifier. #{e}")
-end
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This helper patches kitchen-inspec and/or kitchen-cinc-auditor to add Docker
+# transport support. Remove once upstream gems include this natively.
+
+# Patch kitchen-inspec if available
+begin
+  require "kitchen/verifier/inspec"
+  Kitchen::Verifier::Inspec.class_eval do
+    def runner_options_for_docker(config_data)
+      opts = {
+        "backend" => "docker",
+        "logger" => logger,
+        "host" => config_data[:container_id],
+      }
+      logger.debug "Connect to Container: #{opts["host"]}"
+      opts
+    end
+  end
+rescue LoadError
+  # kitchen-inspec not available; skipping patch
+end
+
+# Patch kitchen-cinc-auditor if available
+begin
+  require "kitchen/verifier/cinc_auditor"
+  Kitchen::Verifier::CincAuditor::TransportOptions.class_eval do
+    def build_docker(state)
+      options = {
+        "backend" => "docker",
+        "logger" => logger,
+        "host" => state[:container_id],
+      }
+      logger.debug("Connect to Container: #{options["host"]}")
+      options
+    end
+  end
+rescue LoadError
+  # kitchen-cinc-auditor not available; skipping patch
+end
+
+module Kitchen
+  module Docker
+    module Helpers
+      # Marker module included by the Docker transport Connection class.
+      # Actual verifier patches are applied directly to verifier classes above.
+      module InspecHelper
+      end
+    end
+  end
+end

data/lib/kitchen/driver/docker.rb

@@ -13,17 +13,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'kitchen'
-require 'json'
-require 'securerandom'
-require 'net/ssh'
+require "kitchen"
+require "json" unless defined?(JSON)
+require "securerandom" unless defined?(SecureRandom)
+require "net/ssh" unless defined?(Net::SSH)
 
-require 'kitchen/driver/base'
+require "kitchen/driver/base"
 
-require_relative '../docker/container/linux'
-require_relative '../docker/container/windows'
-require_relative '../docker/helpers/cli_helper'
-require_relative '../docker/helpers/container_helper'
+require_relative "../docker/container/linux"
+require_relative "../docker/container/windows"
+require_relative "../docker/helpers/cli_helper"
+require_relative "../docker/helpers/container_helper"
 
 module Kitchen
   module Driver
@@ -35,7 +35,7 @@ module Kitchen
       include Kitchen::Docker::Helpers::ContainerHelper
       include ShellOut
 
-      default_config :binary,        'docker'
+      default_config :binary,        "docker"
       default_config :build_options, nil
       default_config :build_tempdir, Dir.pwd
       default_config :cap_add,       nil
@@ -44,9 +44,9 @@ module Kitchen
       default_config :env_variables, nil
       default_config :isolation,     nil
       default_config :interactive,   false
-      default_config :private_key,   File.join(Dir.pwd, '.kitchen', 'docker_id_rsa')
+      default_config :private_key,   File.join(Dir.pwd, ".kitchen", "docker_id_rsa")
       default_config :privileged,    false
-      default_config :public_key,    File.join(Dir.pwd, '.kitchen', 'docker_id_rsa.pub')
+      default_config :public_key,    File.join(Dir.pwd, ".kitchen", "docker_id_rsa.pub")
       default_config :publish_all,   false
       default_config :remove_images, false
       default_config :run_options,   nil
@@ -66,43 +66,39 @@ module Kitchen
         !driver.remote_socket?
       end
 
-      default_config :image do |driver|
-        driver.default_image
-      end
+      default_config :image, &:default_image
 
       default_config :instance_name do |driver|
         # Borrowed from kitchen-rackspace
         [
-          driver.instance.name.gsub(/\W/, ''),
-          (Etc.getlogin || 'nologin').gsub(/\W/, ''),
-          Socket.gethostname.gsub(/\W/, '')[0..20],
-          Array.new(8) { rand(36).to_s(36) }.join
-        ].join('-').downcase
+          driver.instance.name.gsub(/\W/, ""),
+          (Etc.getlogin || "nologin").gsub(/\W/, ""),
+          Socket.gethostname.gsub(/\W/, "")[0..20],
+          Array.new(8) { rand(36).to_s(36) }.join,
+        ].join("-").downcase
       end
 
-      default_config :platform do |driver|
-        driver.default_platform
-      end
+      default_config :platform, &:default_platform
 
       default_config :run_command do |driver|
         if driver.windows_os?
           # Launch arbitrary process to keep the Windows container alive
           # If running in interactive mode, launch powershell.exe instead
           if driver[:interactive]
-            'powershell.exe'
+            "powershell.exe"
           else
-            'ping -t localhost'
+            "ping -t localhost"
           end
         else
-          '/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes '\
-          '-o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid'
+          "/usr/sbin/sshd -D -o UseDNS=no -o UsePAM=no -o PasswordAuthentication=yes " \
+          "-o UsePrivilegeSeparation=no -o PidFile=/tmp/sshd.pid"
         end
       end
 
       default_config :socket do |driver|
-        socket = 'unix:///var/run/docker.sock'
-        socket = 'npipe:////./pipe/docker_engine' if driver.windows_os?
-        ENV['DOCKER_HOST'] || socket
+        socket = "unix:///var/run/docker.sock"
+        socket = "npipe:////./pipe/docker_engine" if Gem.win_platform?
+        ENV["DOCKER_HOST"] || socket
       end
 
       default_config :username do |driver|
@@ -111,14 +107,14 @@ module Kitchen
         if driver.windows_os?
           nil
         else
-          'kitchen'
+          "kitchen"
         end
       end
 
       def verify_dependencies
         run_command("#{config[:binary]} >> #{dev_null} 2>&1", quiet: true, use_sudo: config[:use_sudo])
       rescue
-        raise UserError, 'You must first install the Docker CLI tool https://www.docker.com/get-started'
+        raise UserError, "You must first install the Docker CLI tool https://www.docker.com/get-started"
       end
 
       def create(state)
@@ -133,22 +129,20 @@ module Kitchen
 
       def wait_for_transport(state)
         if config[:wait_for_transport]
-          instance.transport.connection(state) do |conn|
-            conn.wait_until_ready
-          end
+          instance.transport.connection(state, &:wait_until_ready)
         end
       end
 
       def default_image
-        platform, release = instance.platform.name.split('-')
-        if platform == 'centos' && release
-          release = 'centos' + release.split('.').first
+        platform, release = instance.platform.name.split("-")
+        if platform == "centos" && release
+          release = "centos" + release.split(".").first
         end
-        release ? [platform, release].join(':') : platform
+        release ? [platform, release].join(":") : platform
       end
 
       def default_platform
-        instance.platform.name.split('-').first
+        instance.platform.name.split("-").first
       end
 
       protected

data/lib/kitchen/transport/docker.rb

@@ -11,25 +11,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require 'kitchen'
+require "kitchen"
 
-require_relative '../docker/container/linux'
-require_relative '../docker/container/windows'
+require_relative "../docker/container/linux"
+require_relative "../docker/container/windows"
 
-require_relative '../docker/helpers/inspec_helper'
+require_relative "../docker/helpers/inspec_helper"
 
-require_relative '../../docker/version.rb'
-require_relative '../../train/docker.rb'
+# require_relative "../../docker/version"
 
 module Kitchen
   module Transport
     class Docker < Kitchen::Transport::Base
       class DockerFailed < TransportFailed; end
 
-      kitchen_transport_api_version 1
+      # kitchen_transport_api_version 1
       plugin_version Kitchen::VERSION
 
-      default_config :binary,        'docker'
+      default_config :binary,        "docker"
       default_config :env_variables, nil
       default_config :interactive,   false
       default_config :privileged,    false
@@ -42,16 +41,16 @@ module Kitchen
       default_config :working_dir,   nil
 
       default_config :socket do |transport|
-        socket = 'unix:///var/run/docker.sock'
-        socket = 'npipe:////./pipe/docker_engine' if transport.windows_os?
-        ENV['DOCKER_HOST'] || socket
+        socket = "unix:///var/run/docker.sock"
+        socket = "npipe:////./pipe/docker_engine" if Gem.win_platform?
+        ENV["DOCKER_HOST"] || socket
       end
 
       default_config :temp_dir do |transport|
         if transport.windows_os?
-          '$env:TEMP'
+          "$env:TEMP"
         else
-          '/tmp'
+          "/tmp"
         end
       end
 
@@ -61,7 +60,7 @@ module Kitchen
         if transport.windows_os?
           nil
         else
-          'kitchen'
+          "kitchen"
         end
       end
 
@@ -73,7 +72,7 @@ module Kitchen
         # This allows Windows systems to use the TCP socket for the InSpec verifier
         # See the lib/docker.rb file here: https://github.com/swipely/docker-api/blob/master/lib/docker.rb
         # default_socket_url is set to a Unix socket and env_url requires an environment variable to be set
-        ENV['DOCKER_HOST'] = options[:socket] if !options[:socket].nil? && ENV['DOCKER_HOST'].nil?
+        ENV["DOCKER_HOST"] = options[:socket] if !options[:socket].nil? && ENV["DOCKER_HOST"].nil?
 
         Kitchen::Transport::Docker::Connection.new(options, &block)
       end
@@ -98,7 +97,7 @@ module Kitchen
         end
 
         def container
-          @container ||= if @options[:platform].include?('windows')
+          @container ||= if @options[:platform].include?("windows")
                            Kitchen::Docker::Container::Windows.new(@options)
                          else
                            Kitchen::Docker::Container::Linux.new(@options)

data/release-please-config.json

@@ -0,0 +1,12 @@
+{
+  "packages": {
+    ".": {
+      "package-name": "kitchen-docker",
+      "changelog-path": "CHANGELOG.md",
+      "release-type": "ruby",
+      "include-component-in-tag": false,
+      "version-file": "lib/kitchen/docker/docker_version.rb"
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}

data/renovate.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":disableDependencyDashboard",
+    "schedule:automergeEarlyMondays"
+  ]
+}