-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrun
executable file
·308 lines (270 loc) · 8.46 KB
/
run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
#!/bin/bash
#
# Test the Redis image.
#
# IMAGE_NAME specifies the name of the candidate image used for testing.
# The image has to be available before this script is executed.
#
set -o nounset
shopt -s nullglob
[ "${DEBUG:-0}" -eq 1 ] && set -x
test -n "${IMAGE_NAME-}" || { echo 'make sure $IMAGE_NAME is defined' && false ;}
test -n "${VERSION-}" || { echo 'make sure $VERSION is defined' && false; }
test -n "${OS-}" || { echo 'make sure $OS is defined' && false; }
TEST_LIST="\
run_container_creation_tests
run_tests_no_root
run_tests_no_pass
run_tests_no_pass_altuid
run_tests_no_root_altuid
run_change_password_test
run_doc_test
run_bind_address_test
run_no_bind_address_test
"
THISDIR=$(dirname ${BASH_SOURCE[0]})
source "${THISDIR}"/test-lib.sh
function connection_works() {
local container_ip="$1"; shift
local password="$1"; shift
if [ "$(valkey_cmd "$container_ip" "$password" ping)" == "PONG" ] ; then
return 0
fi
return 1
}
function valkey_cmd() {
local container_ip="$1"; shift
local password="$1"; shift
# if empty password is given, then no password will be specified
docker run --rm "$IMAGE_NAME" valkey-cli -h "$container_ip" ${password:+-a "$password"} "$@"
}
function test_connection() {
local name=$1 ; shift
local password=$1 ; shift
local ip
ip=$(ct_get_cip $name)
echo " Testing Valkey connection to $ip (password='${password:-}')..."
local max_attempts=10
local sleep_time=2
local i
for i in $(seq $max_attempts); do
echo " Trying to connect..."
if connection_works "$ip" "$password" ; then
echo " Success!"
echo
return 0
fi
sleep $sleep_time
done
echo " Giving up: Failed to connect. Logs:"
docker logs $(ct_get_cid $name)
return 1
}
function test_valkey() {
local container_ip="$1"
local password="$2"
echo " Testing Valkey (password='${password:-}')"
valkey_cmd "$container_ip" "$password" set a 1 >/dev/null
ct_check_testcase_result $?
valkey_cmd "$container_ip" "$password" set b 2 >/dev/null
ct_check_testcase_result $?
test "$(valkey_cmd "$container_ip" "$password" get b)" == '2'
echo " Success!"
echo
}
function create_container() {
local name=$1 ; shift
cidfile="$CID_FILE_DIR/$name"
# create container with a cidfile in a directory for cleanup
local container_id
[ "${DEBUG:-0}" -eq 1 ] && echo "DEBUG: docker run ${DOCKER_ARGS:-} --cidfile \"$cidfile\" -d \"$@\" $IMAGE_NAME ${CONTAINER_ARGS:-}" >&2
container_id="$(docker run ${DOCKER_ARGS:-} --cidfile "$cidfile" -d "$@" $IMAGE_NAME ${CONTAINER_ARGS:-})"
[ "${DEBUG:-0}" -eq 1 ] && echo "Created container $container_id"
[ x"$container_id" == "x" ] && return 1 || return 0
}
function run_change_password_test() {
local tmpdir=$(mktemp -d)
mkdir "${tmpdir}/data" && chmod -R a+rwx "${tmpdir}"
# Create Valkey container with persistent volume and set the initial password
create_container "testpass1" -e VALKEY_PASSWORD=foo \
-v ${tmpdir}:/var/lib/valkey/data:Z
ct_check_testcase_result $?
test_connection testpass1 foo
ct_check_testcase_result $?
docker stop $(ct_get_cid testpass1) >/dev/null
# Create second container with changed password
create_container "testpass2" -e VALKEY_PASSWORD=bar \
-v ${tmpdir}:/var/lib/valkey/data:Z
ct_check_testcase_result $?
test_connection testpass2 bar
ct_check_testcase_result $?
# The old password should not work anymore
container_ip="$(ct_get_cip testpass2)"
! connection_works "$container_ip" foo
ct_check_testcase_result $?
}
function assert_login_access() {
local container_ip=$1; shift
local PASS=$1 ; shift
local success=$1 ; shift
if connection_works "$container_ip" "$PASS" ; then
if $success ; then
echo " Connection ($PASS) access granted as expected"
return 0
fi
else
if ! $success ; then
echo " Connection ($PASS) access denied as expected"
return 0
fi
fi
echo " Connection ($PASS) login assertion failed"
return 1
}
function assert_local_access() {
local id="$1" ; shift
docker exec $(ct_get_cid "$id") bash -c 'valkey-cli ping'
}
function assert_bind_address() {
local name="$1"
local run_cmd="[ -f \${VALKEY_CONF} ] && grep \"^bind 127.0.0.1\" \${VALKEY_CONF}"
echo "Checking if bind is set to 127.0.0.1 in valkey.conf file."
docker exec $(ct_get_cid "$name") /bin/bash -c "${run_cmd}"
}
function assert_no_bind_address() {
local name="$1"
local run_cmd="[ -f \${VALKEY_CONF} ] && ! grep \"^bind 127.0.0.1\" \${VALKEY_CONF}"
echo "Checking if bind is not set in valkey.conf file."
docker exec $(ct_get_cid "$name") /bin/bash -c "${run_cmd}"
}
# Make sure the invocation of docker run fails.
function assert_container_creation_fails() {
# Time the docker run command. It should fail. If it doesn't fail,
# valkey will keep running so we kill it with SIGKILL to make sure
# timeout returns a non-zero value.
local ret=0
timeout -s 9 --preserve-status 60s docker run --rm "$@" $IMAGE_NAME >/dev/null || ret=$?
# Timeout will exit with a high number.
if [ $ret -gt 10 ]; then
return 1
fi
}
function try_image_invalid_combinations() {
assert_container_creation_fails -e VALKEY_PASSWORD="pass with space" "$@"
ct_check_testcase_result $?
}
function run_container_creation_tests() {
local ret
echo " Testing image entrypoint usage"
try_image_invalid_combinations
ret=$?
if [ $ret -eq 0 ]; then
echo " Success!"
else
echo " Failed!"
fi
echo
return $ret
}
test_scl_usage() {
local name="$1"
local run_cmd="$2"
local expected="$3"
echo " Testing the image SCL enable"
local out
out=$(docker run --rm ${IMAGE_NAME} /bin/bash -c "${run_cmd}")
if ! echo "${out}" | grep -q "${expected}"; then
echo "ERROR[/bin/bash -c "${run_cmd}"] Expected '${expected}', got '${out}'"
return 1
fi
out=$(docker exec $(ct_get_cid $name) /bin/bash -c "${run_cmd}" 2>&1)
if ! echo "${out}" | grep -q "${expected}"; then
echo "ERROR[exec /bin/bash -c "${run_cmd}"] Expected '${expected}', got '${out}'"
return 1
fi
out=$(docker exec $(ct_get_cid $name) /bin/sh -ic "${run_cmd}" 2>&1)
if ! echo "${out}" | grep -q "${expected}"; then
echo "ERROR[exec /bin/sh -ic "${run_cmd}"] Expected '${expected}', got '${out}'"
return 1
fi
}
run_doc_test() {
ct_doc_content_old 6379 "VALKEY.*PASSWORD" volume
return $?
}
function run_tests() {
local name=$1 ; shift
local ret
envs=${PASS:+"-e VALKEY_PASSWORD=$PASS"}
PASS=${PASS:-}
create_container $name $envs
ret=$?
ct_check_testcase_result $ret
# Only check version on rhel/centos builds
if [ "$OS" != "fedora" ]; then
echo " Testing scl usage"
test_scl_usage "$name" 'valkey-server --version' "$VERSION"
ct_check_testcase_result $?
fi
if [ "$name" == "bind_address_test" ]; then
echo " Testing bind_address test"
assert_bind_address "$name"
ct_check_testcase_result $?
# Quit test suite. valkey container will not response. bind is set to localhost
return
fi
if [ "$name" == "no_bind_address_test" ]; then
echo " Testing no bind_address test"
assert_no_bind_address "$name"
ct_check_testcase_result $?
fi
test_connection "$name" "$PASS"
ret=$?
ct_check_testcase_result $ret
echo " Testing login accesses"
local container_ip
container_ip=$(ct_get_cip $name)
assert_login_access "$container_ip" "$PASS" true
ret=$?
ct_check_testcase_result $ret
if [ -n "$PASS" ] ; then
assert_login_access "$container_ip" "${PASS}_foo" false
ct_check_testcase_result $?
fi
assert_local_access "$name"
ret=$?
ct_check_testcase_result $ret
if [ $ret -ne 0 ]; then
echo " Local access FAILED."
else
echo " Local access SUCCESS."
fi
echo
test_valkey "$container_ip" "$PASS"
ct_check_testcase_result $?
}
function run_tests_no_root() {
# Normal tests with password
PASS=pass run_tests no_root
}
function run_tests_no_pass() {
# Normal tests without password
run_tests no_pass
}
function run_tests_no_pass_altuid() {
# Test with arbitrary uid for the container without password
DOCKER_ARGS="-u 12345" run_tests no_pass_altuid
}
function run_tests_no_root_altuid() {
# Test with arbitrary uid for the container with password
DOCKER_ARGS="-u 12345" PASS=pass run_tests no_root_altuid
}
function run_bind_address_test() {
DOCKER_ARGS="-e BIND_ADDRESS=127.0.0.1" run_tests bind_address_test
}
function run_no_bind_address_test() {
run_tests no_bind_address_test
}
ct_init
TEST_SET=${TESTS:-$TEST_LIST} ct_run_tests_from_testset "valkey_tests"
# vim: set tabstop=2:shiftwidth=2:expandtab: