Use Universal Base Image
This commit is contained in:
Arthur Barr
committed by
Stephen Marshall
Stephen Marshall
parent
3fb2d3fe61
commit
5ff269d2e3
@@ -1,7 +1,7 @@
|
||||
// +build mqdev
|
||||
|
||||
/*
|
||||
© Copyright IBM Corporation 2018
|
||||
© Copyright IBM Corporation 2018, 2019
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
@@ -138,7 +138,7 @@ func TestDevWebDisabled(t *testing.T) {
|
||||
Env: []string{
|
||||
"LICENSE=accept",
|
||||
"MQ_QMGR_NAME=qm1",
|
||||
"MQ_DISABLE_WEB_CONSOLE=true",
|
||||
"MQ_BETA_ENABLE_WEB_SERVER=false",
|
||||
},
|
||||
}
|
||||
id := runContainer(t, cli, &containerConfig)
|
||||
|
||||
@@ -24,7 +24,6 @@ import (
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"strings"
|
||||
"testing"
|
||||
@@ -34,8 +33,6 @@ import (
|
||||
"github.com/docker/docker/api/types/network"
|
||||
"github.com/docker/docker/client"
|
||||
"github.com/docker/go-connections/nat"
|
||||
|
||||
"github.com/ibm-messaging/mq-container/internal/command"
|
||||
)
|
||||
|
||||
func TestLicenseNotSet(t *testing.T) {
|
||||
@@ -112,75 +109,41 @@ func goldenPath(t *testing.T, metric bool) {
|
||||
stopContainer(t, cli, id)
|
||||
}
|
||||
|
||||
// TestSecurityVulnerabilitiesUbuntu checks for any vulnerabilities in the image, as reported
|
||||
// by Ubuntu
|
||||
func TestSecurityVulnerabilitiesUbuntu(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -d /etc/apt")
|
||||
if rc != 0 {
|
||||
t.Skip("Skipping test because container is not Ubuntu-based")
|
||||
}
|
||||
// Override the entrypoint to make "apt" only receive security updates, then check for updates
|
||||
var url string
|
||||
if runtime.GOARCH == "amd64" {
|
||||
url = "http://security.ubuntu.com/ubuntu/"
|
||||
} else {
|
||||
url = "http://ports.ubuntu.com/ubuntu-ports/"
|
||||
}
|
||||
rc, log := runContainerOneShot(t, cli, "bash", "-c", "source /etc/os-release && echo \"deb "+url+" ${VERSION_CODENAME}-security main restricted\" > /etc/apt/sources.list && apt-get update 2>&1 >/dev/null && apt-get --simulate -qq upgrade")
|
||||
if rc != 0 {
|
||||
t.Fatalf("Expected success, got %v", rc)
|
||||
}
|
||||
lines := strings.Split(strings.TrimSpace(log), "\n")
|
||||
if len(lines) > 0 && lines[0] != "" {
|
||||
t.Errorf("Expected no vulnerabilities, found the following:\n%v", log)
|
||||
}
|
||||
}
|
||||
|
||||
// TestSecurityVulnerabilitiesRedHat checks for any vulnerabilities in the image, as reported
|
||||
// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported
|
||||
// by Red Hat
|
||||
func TestSecurityVulnerabilitiesRedHat(t *testing.T) {
|
||||
func TestSecurityVulnerabilities(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
cli, err := client.NewEnvClient()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, ret, _ := command.Run("bash", "-c", "test -f /etc/redhat-release")
|
||||
if ret != 0 {
|
||||
t.Skip("Skipping test because host is not RedHat-based")
|
||||
}
|
||||
rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -f /etc/redhat-release")
|
||||
rc, _ := runContainerOneShot(t, cli, "bash", "-c", "command -v microdnf && test -e /etc/yum.repos.d/ubi.repo")
|
||||
if rc != 0 {
|
||||
t.Skip("Skipping test because container is not RedHat-based")
|
||||
}
|
||||
id, _, err := command.Run("sudo", "buildah", "from", imageName())
|
||||
if err != nil {
|
||||
t.Log(id)
|
||||
t.Fatal(err)
|
||||
}
|
||||
id = strings.TrimSpace(id)
|
||||
defer command.Run("buildah", "rm", id)
|
||||
mnt, _, err := command.Run("sudo", "buildah", "mount", id)
|
||||
if err != nil {
|
||||
t.Log(mnt)
|
||||
t.Fatal(err)
|
||||
}
|
||||
mnt = strings.TrimSpace(mnt)
|
||||
out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/"))
|
||||
if err != nil {
|
||||
t.Log(out)
|
||||
t.Fatal(err)
|
||||
}
|
||||
out, ret, _ = command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
|
||||
if ret != 1 {
|
||||
t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
|
||||
t.Skip("Skipping test because container is based on ubi-minimal, which doesn't include yum")
|
||||
}
|
||||
// id, _, err := command.Run("sudo", "buildah", "from", imageName())
|
||||
// if err != nil {
|
||||
// t.Log(id)
|
||||
// t.Fatal(err)
|
||||
// }
|
||||
// id = strings.TrimSpace(id)
|
||||
// defer command.Run("buildah", "rm", id)
|
||||
// mnt, _, err := command.Run("sudo", "buildah", "mount", id)
|
||||
// if err != nil {
|
||||
// t.Log(mnt)
|
||||
// t.Fatal(err)
|
||||
// }
|
||||
// mnt = strings.TrimSpace(mnt)
|
||||
// out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/"))
|
||||
// if err != nil {
|
||||
// t.Log(out)
|
||||
// t.Fatal(err)
|
||||
// }
|
||||
// out, ret, _ := command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec")
|
||||
// if ret != 1 {
|
||||
// t.Errorf("Expected no vulnerabilities, found the following:\n%v", out)
|
||||
// }
|
||||
}
|
||||
|
||||
func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) {
|
||||
|
||||
Reference in New Issue
Block a user