diff --git a/2.4/Dockerfile.rhel9 b/2.4/Dockerfile.rhel9 index aed43584..75760a71 100644 --- a/2.4/Dockerfile.rhel9 +++ b/2.4/Dockerfile.rhel9 @@ -35,7 +35,7 @@ LABEL summary="${SUMMARY}" \ EXPOSE 8080 EXPOSE 8443 -RUN INSTALL_PKGS="gettext hostname nss_wrapper-libs bind9.18-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \ +RUN INSTALL_PKGS="gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \ yum install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ httpd -v | grep -qe "Apache/${HTTPD_VERSION}" && echo "Found VERSION ${HTTPD_VERSION}" && \ yum -y clean all --enablerepo='*' diff --git a/test/test_container_httpd.py b/test/test_container_httpd.py index 1b64e203..9dfe3fb9 100644 --- a/test/test_container_httpd.py +++ b/test/test_container_httpd.py @@ -10,49 +10,41 @@ class TestHttpdAppContainer: - def setup_method(self): self.app = ContainerTestLib(image_name=IMAGE_NAME, s2i_image=True) def teardown_method(self): self.app.cleanup() - @pytest.mark.parametrize( - "container_arg", - [ - "", - "--user 0" - ] - ) + @pytest.mark.parametrize("container_arg", ["", "--user 0"]) def test_default_page(self, container_arg): - assert self.app.create_container(cid_file_name="test_default_page", container_args=container_arg) + assert self.app.create_container( + cid_file_name="test_default_page", container_args=container_arg + ) cip = self.app.get_cip("test_default_page") assert cip response = "HTTP Server" - assert self.app.test_response(url=cip, expected_code=403, expected_output=response, max_attempts=3) + assert self.app.test_response( + url=cip, expected_code=403, expected_output=response, max_attempts=3 + ) def test_run_s2i_usage(self): output = self.app.s2i_usage() assert output - @pytest.mark.parametrize( - "dockerfile", - [ - "Dockerfile", - "Dockerfile.s2i" - ] - ) + @pytest.mark.parametrize("dockerfile", ["Dockerfile", "Dockerfile.s2i"]) def test_dockerfiles(self, dockerfile): assert self.app.build_test_container( - dockerfile=TEST_DIR / "examples" / dockerfile, app_url="https://github.com/sclorg/httpd-ex.git", - app_dir="app-src" + dockerfile=TEST_DIR / "examples" / dockerfile, + app_url="https://github.com/sclorg/httpd-ex.git", + app_dir="app-src", ) assert self.app.test_app_dockerfile() cip = self.app.get_cip() assert cip assert self.app.test_response( url=f"http://{cip}", - expected_output="Welcome to your static httpd application on OpenShift" + expected_output="Welcome to your static httpd application on OpenShift", ) @pytest.mark.parametrize( @@ -61,11 +53,14 @@ def test_dockerfiles(self, dockerfile): "worker", "event", "prefork", - ] + ], ) def test_mpm_config(self, mpm_config): cid_name = f"test_mpm_{mpm_config}" - assert self.app.create_container(cid_file_name=cid_name, container_args=f"-e HTTPD_MPM={mpm_config} --user 1001") + assert self.app.create_container( + cid_file_name=cid_name, + container_args=f"-e HTTPD_MPM={mpm_config} --user 1001", + ) cip = self.app.get_cip(cid_file_name=cid_name) # Let's check that server really response HTTP-403 # See function here: in test/run `_run_mpm_config_test` @@ -74,45 +69,44 @@ def test_mpm_config(self, mpm_config): logs = self.app.get_logs(cid_file_name=cid_name) assert re.search(f"mpm_{mpm_config}:notice.*resuming normal operations", logs) - def test_log_to_data_volume(self): data_dir = tempfile.mkdtemp(prefix="/tmp/httpd-test_log_dir") ContainerTestLibUtils.commands_to_run( - commands_to_run = [ + commands_to_run=[ f"mkdir -p {data_dir}", f"chown -R 1001:1001 {data_dir}", - f"chcon -Rvt svirt_sandbox_file_t {data_dir}/" + f"chcon -Rvt svirt_sandbox_file_t {data_dir}/", ] ) assert self.app.create_container( cid_file_name="test_log_dir", - container_args=f"-e HTTPD_LOG_TO_VOLUME=1 --user 0 -v {data_dir}:/var/log/httpd" + container_args=f"-e HTTPD_LOG_TO_VOLUME=1 --user 0 -v {data_dir}:/var/log/httpd", ) cip = self.app.get_cip(cid_file_name="test_log_dir") assert self.app.test_response(url=f"http://{cip}", expected_code=403) assert ContainerTestLibUtils.check_files_are_present( - dir_name=data_dir, file_name_to_check=[ + dir_name=data_dir, + file_name_to_check=[ "access_log", "error_log", "ssl_access_log", "ssl_error_log", "ssl_request_log", - ] + ], ) def test_data_volume(self): data_dir = tempfile.mkdtemp(prefix="/tmp/httpd-test-volume") ContainerTestLibUtils.commands_to_run( - commands_to_run = [ + commands_to_run=[ f"mkdir -p {data_dir}/html", f"echo hello > {data_dir}/html/index.html", f"chown -R 1001:1001 {data_dir}", - f"chcon -Rvt svirt_sandbox_file_t {data_dir}/" + f"chcon -Rvt svirt_sandbox_file_t {data_dir}/", ] ) assert self.app.create_container( - cid_file_name="doc_root", - container_args=f"-v {data_dir}:/var/www" + cid_file_name="doc_root", container_args=f"-v {data_dir}:/var/www" ) cip = self.app.get_cip(cid_file_name="doc_root") assert cip diff --git a/test/test_container_httpd_s2i.py b/test/test_container_httpd_s2i.py index 38d819db..617718ba 100644 --- a/test/test_container_httpd_s2i.py +++ b/test/test_container_httpd_s2i.py @@ -21,13 +21,12 @@ def build_s2i_app(app_path: Path) -> ContainerTestLib: app_path=app_path, s2i_args="--pull-policy=never", src_image=IMAGE_NAME, - dst_image=f"{IMAGE_NAME}-{app_name}" + dst_image=f"{IMAGE_NAME}-{app_name}", ) return s2i_app class TestHttpdS2IPreInitContainer: - def setup_method(self): self.s2i_app = build_s2i_app(pre_init_test_app) @@ -35,17 +34,18 @@ def teardown_method(self): self.s2i_app.cleanup() def test_run_pre_init_test(self): - assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000") + assert self.s2i_app.create_container( + cid_file_name=self.s2i_app.app_name, container_args="--user 1000" + ) cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name) assert cip assert self.s2i_app.test_response( url=f"http://{cip}", - expected_output="This content was replaced by pre-init script." + expected_output="This content was replaced by pre-init script.", ) class TestHttpdS2ISampleAppContainer: - def setup_method(self): self.s2i_app = build_s2i_app(sample_test_app) @@ -53,23 +53,19 @@ def teardown_method(self): self.s2i_app.cleanup() def test_sample_app(self): - assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000") + assert self.s2i_app.create_container( + cid_file_name=self.s2i_app.app_name, container_args="--user 1000" + ) cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name) assert cip response = "This is a sample s2i application with static content." + assert self.s2i_app.test_response(url=f"http://{cip}", expected_output=response) assert self.s2i_app.test_response( - url=f"http://{cip}", - expected_output=response - ) - assert self.s2i_app.test_response( - url=f"https://{cip}", - port=8443, - expected_output=response + url=f"https://{cip}", port=8443, expected_output=response ) class TestHttpdCertAgeContainer: - def setup_method(self): self.s2i_app = build_s2i_app(sample_test_app) @@ -82,41 +78,64 @@ def test_cert_age(self): because shipping the same certs in the image would make it easy to exploit Let's see how old the certificate is and compare with how old the image is """ - assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000") - image_age_s = PodmanCLIWrapper.podman_inspect( - field="{{.Created}}", src_image=IMAGE_NAME - ).strip().split(' ') - image_age = time.time() - float(ContainerTestLibUtils.run_command( - cmd=f"date -d '{image_age_s[0]} {image_age_s[1]} {image_age_s[2]}' '+%s'" - )) + assert self.s2i_app.create_container( + cid_file_name=self.s2i_app.app_name, container_args="--user 1000" + ) + image_age_s = ( + PodmanCLIWrapper.podman_inspect(field="{{.Created}}", src_image=IMAGE_NAME) + .strip() + .split(" ") + ) + image_age = time.time() - float( + ContainerTestLibUtils.run_command( + cmd=f"date -d '{image_age_s[0]} {image_age_s[1]} {image_age_s[2]}' '+%s'" + ) + ) cid = self.s2i_app.get_cid(self.s2i_app.app_name) # Testing of not presence of a certificate in the production image - certificate_content = PodmanCLIWrapper.podman_exec_shell_command( - cid_file_name=cid, cmd="cat \\$HTTPD_TLS_CERT_PATH/localhost.crt" + cert_file_path = PodmanCLIWrapper.podman_exec_shell_command( + cid_file_name=cid, cmd="echo $HTTPD_TLS_CERT_PATH" + ).strip() + assert cert_file_path + certificate_path = f"{cert_file_path}/localhost.crt" + assert certificate_path + certificate_content = PodmanCLIWrapper.podman_get_file_content( + cid_file_name=cid, filename=certificate_path ) assert certificate_content certificate_dir = tempfile.mkdtemp(prefix="/tmp/cert_dir") with open(Path(certificate_dir) / "cert", mode="w") as f: f.write(certificate_content.strip()) - certificate_age_s = ContainerTestLibUtils.run_command( - cmd=f"openssl x509 -startdate -noout -in {Path(certificate_dir)}/cert" - ).strip().replace("notBefore=", "") - certificate_age = time.time() - float(ContainerTestLibUtils.run_command( - cmd=f"date '+%s' --date='{certificate_age_s}'") + certificate_age_s = ( + ContainerTestLibUtils.run_command( + cmd=f"openssl x509 -startdate -noout -in {Path(certificate_dir)}/cert" + ) + .strip() + .replace("notBefore=", "") + ) + certificate_age = time.time() - float( + ContainerTestLibUtils.run_command( + cmd=f"date '+%s' --date='{certificate_age_s}'" + ) ) # Testing whether the certificate was freshly generated after the image assert certificate_age < image_age + # Testing of not presence of a certificate in the production image + assert not PodmanCLIWrapper.podman_run_command_and_remove( + cid_file_name=IMAGE_NAME, + cmd=f"test -e {cert_file_path}/localhost.crt", + ) # Testing presence and permissions of the generated certificate assert PodmanCLIWrapper.podman_exec_shell_command( - cid_file_name=cid, cmd="ls -l \\$HTTPD_TLS_CERT_PATH/localhost.crt" + cid_file_name=cid, cmd=f"ls -l {certificate_path}" ) # Testing presence and permissions of the generated certificate assert PodmanCLIWrapper.podman_exec_shell_command( - cid_file_name=cid, cmd="ls -l \\$HTTPD_TLS_CERT_PATH/localhost.key" + cid_file_name=cid, cmd=f"ls -l {cert_file_path}/localhost.key" ) -class TestHttpdS2ISslSelfSignedAppContainer: +class TestHttpdS2ISslSelfSignedAppContainer: def setup_method(self): self.s2i_app = build_s2i_app(self_cert_test) @@ -130,11 +149,17 @@ def test_self_cert_test(self): it from Docker hub """ self.s2i_app.set_new_image(image_name=f"{IMAGE_NAME}-{self.s2i_app.app_name}") - assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000") + assert self.s2i_app.create_container( + cid_file_name=self.s2i_app.app_name, container_args="--user 1000" + ) cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name) assert cip - assert self.s2i_app.test_response(url=f"http://{cip}", expected_output="SSL test works") - assert self.s2i_app.test_response(url=f"https://{cip}", port=8443, expected_output="SSL test works") + assert self.s2i_app.test_response( + url=f"http://{cip}", expected_output="SSL test works" + ) + assert self.s2i_app.test_response( + url=f"https://{cip}", port=8443, expected_output="SSL test works" + ) server_cmd = f"openssl s_client -showcerts -servername {cip} -connect {cip}:8443 2>/dev/null" server_output = ContainerTestLibUtils.run_command(cmd=server_cmd) certificate_dir = tempfile.mkdtemp(prefix="/tmp/server_cert_dir") @@ -143,6 +168,8 @@ def test_self_cert_test(self): server_cert = ContainerTestLibUtils.run_command( cmd=f"openssl x509 -inform pem -noout -text -in {Path(certificate_dir)}/output" ) - config_cmd = f"openssl x509 -in {TEST_DIR}/{self.s2i_app.app_name}/httpd-ssl/certs/server-cert-selfsigned.pem -inform pem -noout -text" + pem_file = f"{TEST_DIR}/{self.s2i_app.app_name}/httpd-ssl/certs/server-cert-selfsigned.pem" + assert Path(pem_file).exists() + config_cmd = f"openssl x509 -in {pem_file} -inform pem -noout -text" config_cert = ContainerTestLibUtils.run_command(cmd=config_cmd) assert server_cert == config_cert diff --git a/test/test_ocp_ex_template.py b/test/test_ocp_ex_template.py index 555745c2..22f542e6 100644 --- a/test/test_ocp_ex_template.py +++ b/test/test_ocp_ex_template.py @@ -1,8 +1,6 @@ import os import sys -import pytest - from pathlib import Path from container_ci_suite.openshift import OpenShiftAPI @@ -19,7 +17,6 @@ class TestHTTPDExExampleRepo: - def setup_method(self): self.template_name = get_service_image(IMAGE_NAME) self.oc_api = OpenShiftAPI(pod_name_prefix=self.template_name, version=VERSION) @@ -30,10 +27,11 @@ def teardown_method(self): def test_httpd_ex_template_inside_cluster(self): assert self.oc_api.deploy_s2i_app( image_name=IMAGE_NAME, - app=f"https://github.com/sclorg/httpd-ex#master", - context="." + app="https://github.com/sclorg/httpd-ex#master", + context=".", ) assert self.oc_api.is_template_deployed(name_in_template=self.template_name) assert self.oc_api.check_response_inside_cluster( - name_in_template=self.template_name, expected_output="Welcome to your static httpd" + name_in_template=self.template_name, + expected_output="Welcome to your static httpd", ) diff --git a/test/test_ocp_imagestream_s2i.py b/test/test_ocp_imagestream_s2i.py index 6f35f3cf..b4396187 100644 --- a/test/test_ocp_imagestream_s2i.py +++ b/test/test_ocp_imagestream_s2i.py @@ -1,8 +1,6 @@ import os import sys -import pytest - from container_ci_suite.openshift import OpenShiftAPI from container_ci_suite.utils import get_service_image, check_variables @@ -17,7 +15,6 @@ class TestHTTPDImagestreamS2I: - def setup_method(self): self.template_name = get_service_image(IMAGE_NAME) self.oc_api = OpenShiftAPI(pod_name_prefix=self.template_name, version=VERSION) @@ -26,15 +23,16 @@ def teardown_method(self): self.oc_api.delete_project() def test_inside_cluster(self): - os_name = ''.join(i for i in OS if not i.isdigit()) + os_name = "".join(i for i in OS if not i.isdigit()) assert self.oc_api.deploy_imagestream_s2i( imagestream_file=f"imagestreams/httpd-{os_name}.json", image_name=IMAGE_NAME, app="https://github.com/sclorg/httpd-container.git", context="examples/sample-test-app", - service_name=self.template_name + service_name=self.template_name, ) assert self.oc_api.is_s2i_pod_running(pod_name_prefix=self.template_name) assert self.oc_api.check_response_inside_cluster( - name_in_template=self.template_name, expected_output="This is a sample s2i application with static content" + name_in_template=self.template_name, + expected_output="This is a sample s2i application with static content", ) diff --git a/test/test_ocp_integration.py b/test/test_ocp_integration.py index c400cd96..402088fb 100644 --- a/test/test_ocp_integration.py +++ b/test/test_ocp_integration.py @@ -15,7 +15,6 @@ class TestHTTPDIntegrationTemplate: - def setup_method(self): self.template_name = get_service_image(IMAGE_NAME) self.oc_api = OpenShiftAPI(pod_name_prefix=self.template_name, version=VERSION) @@ -26,10 +25,11 @@ def teardown_method(self): def test_httpd_ex_template_inside_cluster(self): assert self.oc_api.deploy_s2i_app( image_name=IMAGE_NAME, - app=f"https://github.com/sclorg/httpd-container.git", - context="examples/sample-test-app" + app="https://github.com/sclorg/httpd-container.git", + context="examples/sample-test-app", ) assert self.oc_api.is_template_deployed(name_in_template=self.template_name) assert self.oc_api.check_response_inside_cluster( - name_in_template=self.template_name, expected_output="This is a sample s2i application with static content" + name_in_template=self.template_name, + expected_output="This is a sample s2i application with static content", )