container-structure-test 1.19.0__py3-none-win_arm64.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,33 @@
1
+ """Go binary packaged as Python wheel."""
2
+
3
+ import os
4
+ import stat
5
+ import subprocess
6
+ import sys
7
+
8
+ __version__ = "1.19.0"
9
+
10
+
11
+ def get_binary_path():
12
+ """Return the path to the bundled binary."""
13
+ binary = os.path.join(os.path.dirname(__file__), "bin", "container-structure-test.exe")
14
+
15
+ # Ensure binary is executable on Unix
16
+ if sys.platform != "win32":
17
+ current_mode = os.stat(binary).st_mode
18
+ if not (current_mode & stat.S_IXUSR):
19
+ os.chmod(binary, current_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
20
+
21
+ return binary
22
+
23
+
24
+ def main():
25
+ """Execute the bundled binary."""
26
+ binary = get_binary_path()
27
+
28
+ if sys.platform == "win32":
29
+ # On Windows, use subprocess to properly handle signals
30
+ sys.exit(subprocess.call([binary] + sys.argv[1:]))
31
+ else:
32
+ # On Unix, exec replaces the process
33
+ os.execvp(binary, [binary] + sys.argv[1:])
@@ -0,0 +1,2 @@
1
+ from . import main
2
+ main()
@@ -0,0 +1,481 @@
1
+ Metadata-Version: 2.1
2
+ Name: container-structure-test
3
+ Version: 1.19.0
4
+ Summary: Validate the structure of your container images
5
+ License: Apache-2.0
6
+ Home-page: https://github.com/GoogleContainerTools/container-structure-test
7
+ Requires-Python: >=3.10
8
+ Description-Content-Type: text/markdown
9
+
10
+ Container Structure Tests
11
+ ====================
12
+
13
+ The Container Structure Tests provide a powerful framework to validate the structure
14
+ of a container image. These tests can be used to check the output of commands
15
+ in an image, as well as verify metadata and contents of the filesystem.
16
+
17
+ Tests can be run either through a standalone binary, or through a Docker image.
18
+
19
+ **Note: container-structure-test is not an officially supported Google project, and is currently in maintainence mode. Contributions are still welcome!**
20
+
21
+ ## Installation
22
+
23
+ ### OS X
24
+
25
+ Install via [brew](https://brew.sh/):
26
+
27
+ ```bash
28
+ $ brew install container-structure-test
29
+ ```
30
+
31
+ ```shell
32
+ curl -LO https://github.com/GoogleContainerTools/container-structure-test/releases/latest/download/container-structure-test-darwin-arm64 && chmod +x container-structure-test-darwin-amd64 && sudo mv container-structure-test-darwin-amd64 /usr/local/bin/container-structure-test
33
+ ```
34
+
35
+ ### Linux
36
+ ```shell
37
+ curl -LO https://github.com/GoogleContainerTools/container-structure-test/releases/latest/download/container-structure-test-linux-amd64 && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 /usr/local/bin/container-structure-test
38
+ ```
39
+
40
+ If you want to avoid using sudo:
41
+
42
+ ```shell
43
+ curl -LO https://github.com/GoogleContainerTools/container-structure-test/releases/latest/download/container-structure-test-linux-amd64 && chmod +x container-structure-test-linux-amd64 && mkdir -p $HOME/bin && export PATH=$PATH:$HOME/bin && mv container-structure-test-linux-amd64 $HOME/bin/container-structure-test
44
+ ```
45
+
46
+ > [!warning]
47
+ > Container builds are currently not updated with new releases
48
+
49
+ Additionally, a container image for running tests through Google Cloud Builder can be found
50
+ at `gcr.io/gcp-runtimes/container-structure-test:latest`.
51
+
52
+ ## Setup
53
+ To use container structure tests to validate your containers, you'll need the following:
54
+ - The container structure test binary or docker image
55
+ - A container image to test against
56
+ - A test `.yaml` or `.json` file with user defined structure tests to run inside of the specified container image
57
+
58
+ Note that the test framework looks for the provided image in the local Docker
59
+ daemon (if it is not provided as a tar). The `--pull` flag can optionally
60
+ be provided to force a pull of a remote image before running the tests.
61
+
62
+ ## Example Run
63
+ An example run of the test framework:
64
+ ```shell
65
+ container-structure-test test --image gcr.io/registry/image:latest \
66
+ --config config.yaml
67
+ ```
68
+
69
+ Tests within this framework are specified through a YAML or JSON config file,
70
+ which is provided to the test driver via a CLI flag. Multiple config files may
71
+ be specified in a single test run. The config file will be loaded in by the
72
+ test driver, which will execute the tests in order. Within this config file,
73
+ four types of tests can be written:
74
+
75
+ - Command Tests (testing output/error of a specific command issued)
76
+ - File Existence Tests (making sure a file is, or isn't, present in the
77
+ file system of the image)
78
+ - File Content Tests (making sure files in the file system of the image
79
+ contain, or do not contain, specific contents)
80
+ - Metadata Test, *singular* (making sure certain container metadata is correct)
81
+
82
+ ## Command Tests
83
+ Command tests ensure that certain commands run properly in the target image.
84
+ Regexes can be used to check for expected or excluded strings in both `stdout`
85
+ and `stderr`. Additionally, any number of flags can be passed to the argument
86
+ as normal. Each command in the setup section will run in a separate container
87
+ and then commits a modified image to be the new base image for the test run.
88
+
89
+ #### Supported Fields:
90
+
91
+ **NOTE: `schemaVersion` must be specified in all container-structure-test yamls. The current version is `2.0.0`.**
92
+
93
+ - Name (`string`, **required**): The name of the test
94
+ - Setup (`[][]string`, *optional*): A list of commands
95
+ (each with optional flags) to run before the actual command under test.
96
+ - Teardown (`[][]string`, *optional*): A list of commands
97
+ (each with optional flags) to run after the actual command under test.
98
+ - Command (`string`, **required**): The command to run in the test.
99
+ - Args (`[]string`, *optional*): The arguments to pass to the command.
100
+ - EnvVars (`[]EnvVar`, *optional*): A list of environment variables to set for
101
+ the individual test. See the **Environment Variables** section for more info.
102
+ - Expected Output (`[]string`, *optional*): List of regexes that should
103
+ match the stdout from running the command.
104
+ - Excluded Output (`[]string`, *optional*): List of regexes that should **not**
105
+ match the stdout from running the command.
106
+ - Expected Error (`[]string`, *optional*): List of regexes that should
107
+ match the stderr from running the command.
108
+ - Excluded Error (`[]string`, *optional*): List of regexes that should **not**
109
+ match the stderr from running the command.
110
+ - Exit Code (`int`, *optional*): Exit code that the command should exit with.
111
+
112
+ Example:
113
+ ```yaml
114
+ commandTests:
115
+ - name: "gunicorn flask"
116
+ setup: [["virtualenv", "/env"], ["pip", "install", "gunicorn", "flask"]]
117
+ command: "which"
118
+ args: ["gunicorn"]
119
+ expectedOutput: ["/env/bin/gunicorn"]
120
+ - name: "apt-get upgrade"
121
+ command: "apt-get"
122
+ args: ["-qqs", "upgrade"]
123
+ excludedOutput: [".*Inst.*Security.* | .*Security.*Inst.*"]
124
+ excludedError: [".*Inst.*Security.* | .*Security.*Inst.*"]
125
+ ```
126
+
127
+ Depending on your command the argument section can get quite long. Thus, you
128
+ can make use of YAML's list style option for separation of arguments and the
129
+ literal style option to preserve newlines like so:
130
+
131
+ ```shell
132
+ commandTests:
133
+ - name: "say hello world"
134
+ command: "bash"
135
+ args:
136
+ - -c
137
+ - |
138
+ echo hello &&
139
+ echo world
140
+ ```
141
+
142
+ ### Image Entrypoint
143
+
144
+ To avoid unexpected behavior and output when running commands in the
145
+ containers, **all entrypoints are overwritten by default.** If your
146
+ entrypoint is necessary for the structure of your container, use the
147
+ `setup` field to call any scripts or commands manually before running
148
+ the tests.
149
+
150
+ ```yaml
151
+ commandTests:
152
+ ...
153
+ setup: [["my_image_entrypoint.sh"]]
154
+ ...
155
+ ```
156
+
157
+ ### Intermediate Artifacts
158
+ Each command test run creates either a container (with the `docker` driver) or
159
+ tar artifact (with the `tar` driver). By default, these are deleted after the
160
+ test run finishes, but the `--save` flag can optionally be passed to keep
161
+ these around. This would normally be used for debugging purposes.
162
+
163
+
164
+ ## File Existence Tests
165
+ File existence tests check to make sure a specific file (or directory) exist
166
+ within the file system of the image. No contents of the files or directories
167
+ are checked. These tests can also be used to ensure a file or directory is
168
+ **not** present in the file system.
169
+
170
+ #### Supported Fields:
171
+
172
+ - Name (`string`, **required**): The name of the test
173
+ - Path (`string`, **required**): Path to the file or directory under test
174
+ - ShouldExist (`boolean`, **required**): Whether or not the specified file or
175
+ directory should exist in the file system
176
+ - Permissions (`string`, *optional*): The expected Unix permission string (e.g.
177
+ drwxrwxrwx) of the files or directory.
178
+ - Uid (`int`, *optional*): The expected Unix user ID of the owner of the file
179
+ or directory.
180
+ - Gid (`int`, *optional*): The expected Unix group ID of the owner of the file or directory.
181
+ - IsExecutableBy (`string`, *optional*): Checks if file is executable by a given user.
182
+ One of `owner`, `group`, `other` or `any`
183
+
184
+ Example:
185
+ ```yaml
186
+ fileExistenceTests:
187
+ - name: 'Root'
188
+ path: '/'
189
+ shouldExist: true
190
+ permissions: '-rw-r--r--'
191
+ uid: 1000
192
+ gid: 1000
193
+ isExecutableBy: 'group'
194
+ ```
195
+
196
+ ## File Content Tests
197
+ File content tests open a file on the file system and check its contents.
198
+ These tests assume the specified file **is a file**, and that it **exists**
199
+ (if unsure about either or these criteria, see the above
200
+ **File Existence Tests** section). Regexes can again be used to check for
201
+ expected or excluded content in the specified file.
202
+
203
+ #### Supported Fields:
204
+
205
+ - Name (`string`, **required**): The name of the test
206
+ - Path (`string`, **required**): Path to the file under test
207
+ - ExpectedContents (`string[]`, *optional*): List of regexes that
208
+ should match the contents of the file
209
+ - ExcludedContents (`string[]`, *optional*): List of regexes that
210
+ should **not** match the contents of the file
211
+
212
+ Example:
213
+ ```yaml
214
+ fileContentTests:
215
+ - name: 'Debian Sources'
216
+ path: '/etc/apt/sources.list'
217
+ expectedContents: ['.*httpredir\.debian\.org.*']
218
+ excludedContents: ['.*gce_debian_mirror.*']
219
+ ```
220
+
221
+ ## Metadata Test
222
+ The Metadata test ensures the container is configured correctly. All
223
+ of these checks are optional.
224
+
225
+ #### Supported Fields:
226
+
227
+ - EnvVars (`[]EnvVar`): A list of environment variable key/value pairs that should be set
228
+ in the container. isRegex (*optional*) interpretes the value as regex.
229
+ - UnboundEnvVars (`[]EnvVar`): A list of environment variable keys that should **NOT** be set
230
+ in the container.
231
+ - Labels (`[]Label`): A list of image labels key/value pairs that should be set on the
232
+ container. isRegex (*optional*) interpretes the value as regex.
233
+ - Entrypoint (`[]string`): The entrypoint of the container.
234
+ - Cmd (`[]string`): The CMD specified in the container.
235
+ - Exposed Ports (`[]string`): The ports exposed in the container.
236
+ - Unexposed Ports (`[]string`): The ports **NOT** exposed in the container.
237
+ - Volumes (`[]string`): The volumes exposed in the container.
238
+ - UnmountedVolumes (`[]string`): The volumes **NOT** exposed in the container.
239
+ - Workdir (`string`): The default working directory of the container.
240
+ - User (`user`): The default user of the container.
241
+
242
+ Example:
243
+ ```yaml
244
+ metadataTest:
245
+ envVars:
246
+ - key: foo
247
+ value: baz
248
+ labels:
249
+ - key: 'com.example.vendor'
250
+ value: 'ACME Incorporated'
251
+ - key: 'build-date'
252
+ value: '^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{6}$'
253
+ isRegex: true
254
+ exposedPorts: ["8080", "2345"]
255
+ volumes: ["/test"]
256
+ entrypoint: []
257
+ cmd: ["/bin/bash"]
258
+ workdir: "/app"
259
+ user: "luke"
260
+ ```
261
+
262
+ ## License Tests
263
+ License tests check a list of copyright files and makes sure all licenses are
264
+ allowed at Google. By default it will look at where Debian lists all copyright
265
+ files, but can also look at an arbitrary list of files.
266
+
267
+ #### Supported Fields:
268
+
269
+ - Debian (`bool`, **required**): If the image is based on Debian, check where
270
+ Debian lists all licenses.
271
+ - Files (`string[]`, *optional*): A list of other files to check.
272
+
273
+ Example:
274
+ ```yaml
275
+ licenseTests:
276
+ - debian: true
277
+ files: ["/foo/bar", "/baz/bat"]
278
+ ```
279
+
280
+ ### Environment Variables
281
+ A list of environment variables can optionally be specified as part of the
282
+ test setup. They can either be set up globally (for all test runs), or
283
+ test-local as part of individual command test runs (see the **Command Tests**
284
+ section above). Each environment variable is specified as a key-value pair.
285
+ Unix-style environment variable substitution is supported.
286
+
287
+ To specify, add a section like this to your config:
288
+
289
+ ```yaml
290
+ globalEnvVars:
291
+ - key: "VIRTUAL_ENV"
292
+ value: "/env"
293
+ - key: "PATH"
294
+ value: "/env/bin:$PATH"
295
+ ```
296
+
297
+ ### Additional Options
298
+ The following fields are used to control various options and flags that may be
299
+ desirable to set for the running container used to perform a structure test
300
+ against an image. This allows an image author to validate certain runtime
301
+ behavior that cannot be modified in the image-under-test such as running a
302
+ container with an alternative user/UID or mounting a volume.
303
+
304
+ Note that these options are currently only supported with the `docker` driver.
305
+
306
+ The following list of options are currently supported:
307
+ ```yaml
308
+ containerRunOptions:
309
+ user: "root" # set the --user/-u flag
310
+ privileged: true # set the --privileged flag (default: false)
311
+ allocateTty: true # set the --tty flag (default: false)
312
+ envFile: path/to/.env # load environment variables from file and pass to container (equivalent to --env-file)
313
+ envVars: # if not empty, read each envVar from the environment and pass to test (equivalent to --env/e)
314
+ - SECRET_KEY_FOO
315
+ - OTHER_SECRET_BAR
316
+ capabilities: # Add list of Linux capabilities (--cap-add)
317
+ - NET_BIND_SERVICE
318
+ bindMounts: # Bind mount a volume (--volume, -v)
319
+ - /etc/example/dir:/etc/dir
320
+ ```
321
+
322
+ ## Running Tests On [Google Cloud Build](https://cloud.google.com/cloud-build/docs/)
323
+
324
+ This tool is released as a builder image, tagged as
325
+ `gcr.io/gcp-runtimes/container-structure-test`, so you can specify tests in your
326
+ `cloudbuild.yaml`:
327
+
328
+ ```yaml
329
+
330
+ steps:
331
+ # Build an image.
332
+ - name: 'gcr.io/cloud-builders/docker'
333
+ args: ['build', '-t', 'gcr.io/$PROJECT_ID/image', '.']
334
+ # Test the image.
335
+ - name: 'gcr.io/gcp-runtimes/container-structure-test'
336
+ args: ['test', '--image', 'gcr.io/$PROJECT_ID/image', '--config', 'test_config.yaml']
337
+
338
+ # Push the image.
339
+ images: ['gcr.io/$PROJECT_ID/image']
340
+ ```
341
+
342
+ ## Running File Tests Without Docker
343
+
344
+ Container images can be represented in multiple formats, and the Docker image
345
+ is just one of them. At their core, images are just a series of layers, each
346
+ of which is a tarball, and so can be interacted with without a working Docker
347
+ daemon. While running command tests currently requires a functioning Docker
348
+ daemon on the host machine, File Existence/Content tests do not. This can be
349
+ useful when dealing with images which have been `docker export`ed
350
+ or saved in a different image format than the Docker format, or when you're simply
351
+ trying to run structure tests in an environment where Docker can't be installed.
352
+
353
+ To run tests without using a Docker daemon, users can specify a different
354
+ "driver" to use in the tests, with the `--driver` flag.
355
+
356
+ An example test run with a different driver looks like:
357
+ ```shell
358
+ container-structure-test test --driver tar --image gcr.io/registry/image:latest \
359
+ --config config.yaml
360
+ ```
361
+
362
+ The currently supported drivers in the framework are:
363
+ - `docker`: the default driver.
364
+ Supports all tests, and uses the Docker daemon on the host to run them. You can
365
+ set the runtime to use (by example `runsc` to run with gVisor) using `--runtime`
366
+ flag.
367
+ - `tar`: a tar driver, which extracts an image filesystem to wherever tests are
368
+ running, and runs file/metadata tests against it.
369
+ Does *not* support command tests.
370
+
371
+
372
+ ### Running Structure Tests Through Bazel
373
+ Structure tests can also be run through `bazel`.
374
+
375
+ With Bazel 6 and bzlmod, just see https://registry.bazel.build/modules/container_structure_test.
376
+ Otherwise, load the rule and its dependencies in your `WORKSPACE`, see bazel/test/WORKSPACE.bazel in this repo.
377
+
378
+ Load the rule definition in your BUILD file and declare a `container_structure_test` target, passing in your image and config file as parameters:
379
+
380
+ ```bazel
381
+ load("@container_structure_test//:defs.bzl", "container_structure_test")
382
+
383
+ container_structure_test(
384
+ name = "hello_test",
385
+ configs = ["testdata/hello.yaml"],
386
+ image = ":hello",
387
+ )
388
+ ```
389
+
390
+ ### Flags:
391
+ `container-structure-test test -h`
392
+ ```
393
+ -c, --config stringArray test config files
394
+ --default-image-tag string default image tag to used when loading images to the daemon. required when --image-from-oci-layout refers to a oci layout lacking the reference annotation.
395
+ -d, --driver string driver to use when running tests (default "docker")
396
+ -f, --force force run of host driver (without user prompt)
397
+ -h, --help help for test
398
+ -i, --image string path to test image
399
+ --image-from-oci-layout string path to the oci layout to test against
400
+ --metadata string path to image metadata file
401
+ --no-color no color in the output
402
+ -o, --output string output format for the test report (available format: text, json, junit) (default "text")
403
+ --platform string Set platform if host is multi-platform capable (default "linux/amd64")
404
+ --pull force a pull of the image before running tests
405
+ -q, --quiet flag to suppress output
406
+ --runtime string runtime to use with docker driver
407
+ --save preserve created containers after test run
408
+ --test-report string generate test report and write it to specified file (supported format: json, junit; default: json)
409
+ ```
410
+ See this [example repo](https://github.com/nkubala/structure-test-examples) for a full working example.
411
+
412
+ ## Output formats
413
+
414
+ Reports are generated using one of the following output formats: `text`, `json` or `junit`.
415
+ Formats like `json` and `junit` can also be used to write a report to a specified file using the `--test-report`.
416
+
417
+ ### Output samples
418
+
419
+ #### Text
420
+
421
+ ```text
422
+ ====================================
423
+ ====== Test file: config.yaml ======
424
+ ====================================
425
+ === RUN: File Existence Test: whoami
426
+ --- PASS
427
+ duration: 0s
428
+ === RUN: Metadata Test
429
+ --- PASS
430
+ duration: 0s
431
+
432
+ =====================================
433
+ ============== RESULTS ==============
434
+ =====================================
435
+ Passes: 2
436
+ Failures: 0
437
+ Duration: 0s
438
+ Total tests: 2
439
+
440
+ PASS
441
+ ```
442
+
443
+ #### JSON
444
+
445
+ The following sample has been formatted.
446
+
447
+ ```json
448
+ {
449
+ "Pass": 2,
450
+ "Fail": 0,
451
+ "Total": 2,
452
+ "Duration": 0,
453
+ "Results": [
454
+ {
455
+ "Name": "File Existence Test: whoami",
456
+ "Pass": true,
457
+ "Duration": 0
458
+ },
459
+ {
460
+ "Name": "Metadata Test",
461
+ "Pass": true,
462
+ "Duration": 0
463
+ }
464
+ ]
465
+ }
466
+ ```
467
+
468
+ ### JUnit
469
+
470
+ The following sample has been formatted.
471
+
472
+ ```xml
473
+ <?xml version="1.0"?>
474
+ <testsuites failures="0" tests="2" time="0">
475
+ <testsuite>
476
+ <testcase name="File Existence Test: whoami" time="0"/>
477
+ <testcase name="Metadata Test" time="0"/>
478
+ </testsuite>
479
+ </testsuites>
480
+ ```
481
+
@@ -0,0 +1,7 @@
1
+ container_structure_test/__init__.py,sha256=rpQ2rFaqT-ToV-w4wXkV3HTwltrApHM8tO1Di3OIEZ4,904
2
+ container_structure_test/__main__.py,sha256=IvTjTYhvVO6h9Jpa45i-FfzjcKcJy1jwkAZY_CkgibQ,26
3
+ container_structure_test/bin/container-structure-test.exe,sha256=0K457_EPP8B9fxQiWigmFW-l3qt2_0hQO-SRbJqW0dI,11531776
4
+ container_structure_test-1.19.0.dist-info/METADATA,sha256=wcFO_ZC3rPl5i54V31R8jZcwHA1zH-kHTwt1w_kMQ_Q,18062
5
+ container_structure_test-1.19.0.dist-info/WHEEL,sha256=RM2yzFWRquAEAXaVsUwfb9bWleCWQAapuqMXyIhwCUI,95
6
+ container_structure_test-1.19.0.dist-info/entry_points.txt,sha256=t8a8VftelshMrJo_1Z-AwySX91xVP00mkYLU7pEFGDQ,75
7
+ container_structure_test-1.19.0.dist-info/RECORD,,
@@ -0,0 +1,4 @@
1
+ Wheel-Version: 1.0
2
+ Generator: go-to-wheel 0.1.0
3
+ Root-Is-Purelib: false
4
+ Tag: py3-none-win_arm64
@@ -0,0 +1,2 @@
1
+ [console_scripts]
2
+ container-structure-test = container_structure_test:main