From 2b540b6d74261ec1483e60c00f2bd0b04b5cbe1f Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Thu, 27 Apr 2017 15:29:37 +0800 Subject: [PATCH] Add node e2e tests for hostIPC --- test/e2e_node/security_context_test.go | 81 ++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/test/e2e_node/security_context_test.go b/test/e2e_node/security_context_test.go index 2b33f55e775..f45b97dbb12 100644 --- a/test/e2e_node/security_context_test.go +++ b/test/e2e_node/security_context_test.go @@ -17,6 +17,8 @@ limitations under the License. package e2e_node import ( + "fmt" + "os/exec" "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -114,4 +116,83 @@ var _ = framework.KubeDescribe("Security Context", func() { } }) }) + + Context("when creating a pod in the host IPC namespace", func() { + makeHostIPCPod := func(podName, image string, command []string, hostIPC bool) *v1.Pod { + return &v1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: podName, + }, + Spec: v1.PodSpec{ + RestartPolicy: v1.RestartPolicyNever, + HostIPC: hostIPC, + Containers: []v1.Container{ + { + Image: image, + Name: podName, + Command: command, + }, + }, + }, + } + } + createAndWaitHostIPCPod := func(podName string, hostNetwork bool) { + podClient.Create(makeHostIPCPod(podName, + "gcr.io/google_containers/busybox:1.24", + []string{"sh", "-c", "ipcs -m | awk '{print $2}'"}, + hostNetwork, + )) + + podClient.WaitForSuccess(podName, framework.PodStartTimeout) + } + + hostSharedMemoryID := "" + BeforeEach(func() { + output, err := exec.Command("sh", "-c", "ipcmk -M 1M | awk '{print $NF}'").Output() + if err != nil { + framework.Failf("Failed to create the shared memory on the host: %v", err) + } + hostSharedMemoryID = strings.TrimSpace(string(output)) + framework.Logf("Got host shared memory ID %q", hostSharedMemoryID) + }) + + It("should show the shared memory ID in the host IPC containers", func() { + busyboxPodName := "busybox-hostipc-" + string(uuid.NewUUID()) + createAndWaitHostIPCPod(busyboxPodName, true) + logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName) + if err != nil { + framework.Failf("GetPodLogs for pod %q failed: %v", busyboxPodName, err) + } + + podSharedMemoryIDs := strings.TrimSpace(logs) + framework.Logf("Got shared memory IDs %q from pod %q", podSharedMemoryIDs, busyboxPodName) + if !strings.Contains(podSharedMemoryIDs, hostSharedMemoryID) { + framework.Failf("hostIPC container should show shared memory IDs on host") + } + }) + + It("should not show the shared memory ID in the non-hostIPC containers", func() { + busyboxPodName := "busybox-non-hostipc-" + string(uuid.NewUUID()) + createAndWaitHostIPCPod(busyboxPodName, false) + logs, err := framework.GetPodLogs(f.ClientSet, f.Namespace.Name, busyboxPodName, busyboxPodName) + if err != nil { + framework.Failf("GetPodLogs for pod %q failed: %v", busyboxPodName, err) + } + + podSharedMemoryIDs := strings.TrimSpace(logs) + framework.Logf("Got shared memory IDs %q from pod %q", podSharedMemoryIDs, busyboxPodName) + if strings.Contains(podSharedMemoryIDs, hostSharedMemoryID) { + framework.Failf("non-hostIPC container should not show shared memory IDs on host") + } + }) + + AfterEach(func() { + if hostSharedMemoryID != "" { + _, err := exec.Command("sh", "-c", fmt.Sprintf("ipcrm -m %q", hostSharedMemoryID)).Output() + if err != nil { + framework.Failf("Failed to remove shared memory %q on the host: %v", hostSharedMemoryID, err) + } + } + }) + }) })