kitchen-docker 3.0.0 → 3.2.3

data/spec/docker_spec.rb

@@ -0,0 +1,108 @@
+#
+# Copyright 2016, Noah Kantrowitz
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Kitchen::Driver::Docker do
+  describe "#config_to_options" do
+    let(:config) {}
+    subject { described_class.new.send(:config_to_options, config) }
+
+    context "with nil" do
+      let(:config) { nil }
+      it { is_expected.to eq "" }
+    end # /context with nil
+
+    context "with a string" do
+      let(:config) { "--foo" }
+      it { is_expected.to eq "--foo" }
+    end # /context with a string
+
+    context "with a string with spaces" do
+      let(:config) { "--foo bar" }
+      it { is_expected.to eq "--foo bar" }
+    end # /context with a string with spaces
+
+    context "with an array of strings" do
+      let(:config) { %w{--foo --bar} }
+      it { is_expected.to eq "--foo --bar" }
+    end # /context with an array of strings
+
+    context "with an array of hashes" do
+      let(:config) { [{ foo: "bar" }, { other: "baz" }] }
+      it { is_expected.to eq "--foo=bar --other=baz" }
+    end # /context with an array of hashes
+
+    context "with a hash of strings" do
+      let(:config) { { foo: "bar", other: "baz" } }
+      it { is_expected.to eq "--foo=bar --other=baz" }
+    end # /context with a hash of strings
+
+    context "with a hash of arrays" do
+      let(:config) { { foo: %w{bar baz} } }
+      it { is_expected.to eq "--foo=bar --foo=baz" }
+    end # /context with a hash of arrays
+
+    context "with a hash of strings with spaces" do
+      let(:config) { { foo: "bar two", other: "baz" } }
+      it { is_expected.to eq '--foo=bar\\ two --other=baz' }
+    end # /context with a hash of strings with spaces
+  end # /describe #config_to_options
+
+  describe "socket default config logic" do
+    def resolve_socket
+      socket = "unix:///var/run/docker.sock"
+      socket = "npipe:////./pipe/docker_engine" if Gem.win_platform?
+      ENV["DOCKER_HOST"] || socket
+    end
+
+    context "on a non-Windows host without DOCKER_HOST set" do
+      before do
+        allow(Gem).to receive(:win_platform?).and_return(false)
+        allow(ENV).to receive(:[]).and_call_original
+        allow(ENV).to receive(:[]).with("DOCKER_HOST").and_return(nil)
+      end
+
+      it "uses the Unix socket" do
+        expect(resolve_socket).to eq("unix:///var/run/docker.sock")
+      end
+    end
+
+    context "on a Windows host without DOCKER_HOST set" do
+      before do
+        allow(Gem).to receive(:win_platform?).and_return(true)
+        allow(ENV).to receive(:[]).and_call_original
+        allow(ENV).to receive(:[]).with("DOCKER_HOST").and_return(nil)
+      end
+
+      it "uses the Windows named pipe" do
+        expect(resolve_socket).to eq("npipe:////./pipe/docker_engine")
+      end
+    end
+
+    context "when DOCKER_HOST env var is set" do
+      before do
+        allow(Gem).to receive(:win_platform?).and_return(false)
+        allow(ENV).to receive(:[]).and_call_original
+        allow(ENV).to receive(:[]).with("DOCKER_HOST").and_return("tcp://192.168.1.1:2375")
+      end
+
+      it "uses DOCKER_HOST over the default socket" do
+        expect(resolve_socket).to eq("tcp://192.168.1.1:2375")
+      end
+    end
+  end
+end

data/spec/dockerfile_helper_spec.rb

@@ -0,0 +1,109 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "kitchen/docker/helpers/dockerfile_helper"
+
+describe Kitchen::Docker::Helpers::DockerfileHelper do
+  let(:helper_class) do
+    Class.new do
+      include Kitchen::Docker::Helpers::DockerfileHelper
+      attr_accessor :config
+
+      def initialize(config = {})
+        @config = config
+      end
+    end
+  end
+
+  let(:helper) { helper_class.new(platform:) }
+
+  describe "#amazonlinux_platform" do
+    let(:platform) { "amazonlinux" }
+
+    it "includes --allowerasing flag for yum install" do
+      result = helper.amazonlinux_platform
+      expect(result).to include("yum install -y --allowerasing")
+    end
+
+    it "installs required packages including curl" do
+      result = helper.amazonlinux_platform
+      expect(result).to include("sudo openssh-server openssh-clients which curl")
+    end
+
+    it "sets container environment variable" do
+      result = helper.amazonlinux_platform
+      expect(result).to include("ENV container=docker")
+    end
+
+    it "generates SSH host key if missing" do
+      result = helper.amazonlinux_platform
+      expect(result).to include("ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key")
+    end
+  end
+
+  describe "#rhel_platform" do
+    let(:platform) { "rhel" }
+
+    it "does not include --allowerasing flag" do
+      result = helper.rhel_platform
+      expect(result).not_to include("--allowerasing")
+    end
+
+    it "installs required packages including curl" do
+      result = helper.rhel_platform
+      expect(result).to include("sudo openssh-server openssh-clients which curl")
+    end
+  end
+
+  describe "#dockerfile_platform" do
+    context "when platform is amazonlinux" do
+      let(:platform) { "amazonlinux" }
+
+      it "calls amazonlinux_platform method" do
+        expect(helper).to receive(:amazonlinux_platform).and_call_original
+        result = helper.dockerfile_platform
+        expect(result).to include("--allowerasing")
+      end
+    end
+
+    context "when platform is rhel" do
+      let(:platform) { "rhel" }
+
+      it "calls rhel_platform method" do
+        expect(helper).to receive(:rhel_platform).and_call_original
+        result = helper.dockerfile_platform
+        expect(result).not_to include("--allowerasing")
+      end
+    end
+
+    context "when platform is centos" do
+      let(:platform) { "centos" }
+
+      it "calls rhel_platform method" do
+        expect(helper).to receive(:rhel_platform).and_call_original
+        helper.dockerfile_platform
+      end
+    end
+
+    context "when platform is oraclelinux" do
+      let(:platform) { "oraclelinux" }
+
+      it "calls rhel_platform method" do
+        expect(helper).to receive(:rhel_platform).and_call_original
+        helper.dockerfile_platform
+      end
+    end
+  end
+end

data/spec/inspec_helper_spec.rb

@@ -0,0 +1,58 @@
+require "spec_helper"
+require "logger"
+
+RSpec.describe "inspec_helper patches" do
+  let(:helper_path) { File.expand_path("../lib/kitchen/docker/helpers/inspec_helper.rb", __dir__) }
+
+  describe "kitchen-inspec patch" do
+    # Test actual post-load state rather than trying to stub Kernel.require,
+    # which does not intercept require calls made inside a load'd file in Ruby 3.4.
+    if defined?(Kitchen::Verifier::Inspec)
+      it "adds runner_options_for_docker to Kitchen::Verifier::Inspec" do
+        expect(Kitchen::Verifier::Inspec.method_defined?(:runner_options_for_docker)).to be true
+      end
+    else
+      it "Kitchen::Verifier::Inspec not available — patch correctly skipped" do
+        expect(defined?(Kitchen::Verifier::Inspec)).to be_falsy
+      end
+    end
+
+    context "when kitchen-inspec is not available" do
+      before do
+        allow(Kernel).to receive(:require).and_call_original
+        allow(Kernel).to receive(:require).with("kitchen/verifier/inspec").and_raise(LoadError)
+        allow(Kernel).to receive(:require).with("kitchen/verifier/cinc_auditor").and_raise(LoadError)
+      end
+
+      it "does not raise when loading the helper" do
+        expect { load helper_path }.not_to raise_error
+      end
+    end
+  end
+
+  describe "kitchen-cinc-auditor patch" do
+    # Test actual post-load state rather than trying to stub Kernel.require.
+    if defined?(Kitchen::Verifier::CincAuditor) &&
+        defined?(Kitchen::Verifier::CincAuditor::TransportOptions)
+      it "adds build_docker to Kitchen::Verifier::CincAuditor::TransportOptions" do
+        expect(Kitchen::Verifier::CincAuditor::TransportOptions.method_defined?(:build_docker)).to be true
+      end
+    else
+      it "Kitchen::Verifier::CincAuditor not available — patch correctly skipped" do
+        expect(defined?(Kitchen::Verifier::CincAuditor)).to be_falsy
+      end
+    end
+
+    context "when kitchen-cinc-auditor is not available" do
+      before do
+        allow(Kernel).to receive(:require).and_call_original
+        allow(Kernel).to receive(:require).with("kitchen/verifier/inspec").and_raise(LoadError)
+        allow(Kernel).to receive(:require).with("kitchen/verifier/cinc_auditor").and_raise(LoadError)
+      end
+
+      it "does not raise when loading the helper" do
+        expect { load helper_path }.not_to raise_error
+      end
+    end
+  end
+end

data/{test/spec → spec}/spec_helper.rb

@@ -14,32 +14,11 @@
 # limitations under the License.
 #
 
-require 'rake'
-require 'rspec'
-require 'rspec/its'
-require 'simplecov'
+require "rake"
+require "rspec"
+require "rspec/its"
 
-# Check for coverage stuffs
-formatters = []
-
-if ENV['CODECOV_TOKEN'] || ENV['CI']
-  require 'codecov'
-  formatters << SimpleCov::Formatter::Codecov
-end
-
-unless formatters.empty?
-  SimpleCov.formatters = formatters
-end
-
-SimpleCov.start do
-  # Don't get coverage on the test cases themselves.
-  add_filter '/spec/'
-  add_filter '/test/'
-  # Codecov doesn't automatically ignore vendored files.
-  add_filter '/vendor/'
-end
-
-require 'kitchen/driver/docker'
+require "kitchen/driver/docker"
 
 RSpec.configure do |config|
   # Basic configuraiton
@@ -50,5 +29,5 @@ RSpec.configure do |config|
   # order dependency and want to debug it, you can fix the order by providing
   # the seed, which is printed after each run.
   #     --seed 1234
-  config.order = 'random'
+  config.order = "random"
 end

data/test/Dockerfile

@@ -1,8 +1,7 @@
-FROM centos:7
-RUN yum clean all
-RUN yum install -y sudo openssh-server openssh-clients which curl htop
+FROM almalinux:latest
+RUN dnf clean all
+RUN dnf install -y sudo openssh-server openssh-clients which curl
 RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
-RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
 RUN mkdir -p /var/run/sshd
 RUN useradd -d /home/<%= @username %> -m -s /bin/bash <%= @username %>
 RUN echo <%= "#{@username}:#{@password}" %> | chpasswd
@@ -13,5 +12,5 @@ RUN chmod 0700 /home/<%= @username %>/.ssh
 RUN touch /home/<%= @username %>/.ssh/authorized_keys
 RUN chown <%= @username %> /home/<%= @username %>/.ssh/authorized_keys
 RUN chmod 0600 /home/<%= @username %>/.ssh/authorized_keys
-RUN curl -L https://www.chef.io/chef/install.sh | bash
+RUN curl -L https://omnitruck.cinc.sh/install.sh | bash
 RUN echo '<%= IO.read(@public_key).strip %>' >> /home/<%= @username %>/.ssh/authorized_keys

data/test/cookbooks/cinc_test/metadata.rb

@@ -0,0 +1,2 @@
+name "cinc_test"
+version "0.0.1"

data/test/cookbooks/cinc_test/recipes/default.rb

@@ -0,0 +1,10 @@
+file_path = if windows?
+              "C:/cinc-converged"
+            else
+              "/tmp/cinc-converged"
+            end
+
+file file_path do
+  content "ok\n"
+  mode "0644"
+end

data/test/cookbooks/docker_test/attributes/default.rb

@@ -0,0 +1 @@
+default["docker_test"]["revision"] = "main"

data/test/cookbooks/docker_test/metadata.rb

@@ -0,0 +1,3 @@
+name "dokken_test"
+version "0.0.1"
+depends "docker"

data/test/cookbooks/docker_test/recipes/default.rb

@@ -0,0 +1,94 @@
+user "notroot" do
+  home "/home/notroot"
+  manage_home true
+  action :create
+end
+
+package %w{
+  gcc-c++
+  gcc
+  git
+  iputils
+  libffi
+  libffi-devel
+  make
+  net-tools
+  nmap
+  procps-ng
+  redhat-rpm-config
+  ruby
+  ruby-devel
+  rubygem-bundler
+  rubygem-io-console
+  rubygem-rake
+  telnet
+  which
+}
+
+docker_service "default" do
+  host ["tcp://127.0.0.1"]
+  action %i{create start}
+end
+
+git "/home/notroot/kitchen-docker" do
+  repository "/opt/kitchen-docker/.git"
+  revision node["docker_test"]["revision"]
+  user "notroot"
+  action :sync
+end
+
+execute "install gem bundle" do
+  command "/usr/bin/bundle install --without development --path vendor/bundle"
+  cwd "/home/notroot/kitchen-docker"
+  user "notroot"
+  live_stream false
+  creates "/home/notroot/kitchen-docker/Gemfile.lock"
+  environment "HOME" => "/home/notroot"
+  action :run
+end
+
+execute "Test Kitchen verify hello" do
+  command <<-EOH.gsub(/^\s{4}/, "").chomp
+    /usr/bin/bundle exec kitchen create hello -l debug
+    /usr/bin/bundle exec kitchen converge hello -l debug
+    /usr/bin/bundle exec kitchen verify hello -l debug
+  EOH
+  cwd "/home/notroot/kitchen-docker"
+  user "notroot"
+  live_stream true
+  environment "PATH" => "/usr/bin:/usr/local/bin:/home/notroot/bin",
+    "HOME" => "/home/notroot",
+    "DOCKER_HOST" => "tcp://127.0.0.1:2375",
+    "CHEF_LICENSE" => "accept-no-persist"
+  action :run
+end
+
+execute "destroy hello again suite" do
+  command "/usr/bin/bundle exec kitchen destroy helloagain"
+  cwd "/home/notroot/kitchen-docker"
+  user "notroot"
+  live_stream true
+  environment "PATH" => "/usr/bin:/usr/local/bin:/home/notroot/bin",
+    "HOME" => "/home/notroot",
+    "DOCKER_HOST" => "tcp://127.0.0.1:2375"
+  action :run
+end
+
+docker_tag "local-example" do
+  target_repo "fedora"
+  target_tag "latest"
+  to_repo "local-example"
+  to_tag "latest"
+end
+
+execute "Test Kitchen verify without image pull" do
+  command "/usr/bin/bundle exec kitchen test local_image -l debug"
+  cwd "/home/notroot/kitchen-docker"
+  user "notroot"
+  live_stream true
+  environment "PATH" => "/usr/bin:/usr/local/bin:/home/notroot/bin",
+    "HOME" => "/home/notroot",
+    "DOCKER_HOST" => "tcp://127.0.0.1:2375",
+    "CHEF_LICENSE" => "accept-no-persist"
+  action :run
+end

data/test/integration/cinc/inspec/cinc_spec.rb

@@ -0,0 +1,21 @@
+file_path = if os.windows?
+              "C:/cinc-converged"
+            else
+              "/tmp/cinc-converged"
+            end
+
+describe file(file_path) do
+  it { should exist }
+  its(:content) { should eq "ok\n" }
+end
+
+cinc_cmd = if os.windows?
+             'C:\cinc-project\cinc\bin\cinc-client --version'
+           else
+             "/opt/cinc/bin/cinc-client --version"
+           end
+
+describe command(cinc_cmd) do
+  its(:exit_status) { should eq 0 }
+  its(:stdout) { should match(/Cinc Client/) }
+end

data/test/integration/default/disabled/default_spec.rb

@@ -14,11 +14,11 @@
 # limitations under the License.
 #
 
-# Disable now busser-serever is gone.
-# require 'serverspec'
-# require 'spec_helper'
-
-# # Just make sure the image launched and is reachable.
-# describe command('true') do
+# Disable now busser-server is gone.
+# require "serverspec"
+# require "spec_helper"
+#
+# Just make sure the image launched and is reachable.
+# describe command("true") do
 #   its(:exit_status) { is_expected.to eq 0 }
 # end

data/test/integration/inspec/inspec_spec.rb

@@ -15,12 +15,12 @@
 #
 
 # Just make sure the image launched and is reachable.
-if os[:family] == 'windows'
-  describe command('echo 1') do
+if os[:family] == "windows"
+  describe command("echo 1") do
     its(:exit_status) { is_expected.to eq 0 }
   end
 else
-  describe command('true') do
+  describe command("true") do
     its(:exit_status) { is_expected.to eq 0 }
   end
 end