# shellcheck shell=bash # # Test a container image. # # Always use sourced from a specific container testfile # # Container CI tests # abbreviated as "ct" # run ct_init before starting the actual testsuite # shellcheck disable=SC2148 if [ -z "${sourced_test_lib:-}" ]; then sourced_test_lib=1 else return 0 fi LINE="==============================================" # may be redefined in the specific container testfile EXPECTED_EXIT_CODE=0 # define UNSTABLE_TESTS if not already defined, as this variable # is not mandatory for containers UNSTABLE_TESTS="${UNSTABLE_TESTS:-""}" # ct_init # -------------------- # This function needs to be called before any container test starts # Sets: $APP_ID_FILE_DIR - path to directory used for storing # IDs of application images used during tests. # Sets: $CID_FILE_DIR - path to directory containing cid_files # Sets: $TEST_SUMMARY - string, where test results are written # Sets: $TESTSUITE_RESULT - overall result of run testuite function ct_init() { APP_ID_FILE_DIR="$(mktemp -d)" CID_FILE_DIR="$(mktemp -d)" TEST_SUMMARY="" TESTSUITE_RESULT=0 ct_enable_cleanup } # ct_cleanup # -------------------- # Cleans up containers used during tests. Stops and removes all containers # referenced by cid_files in CID_FILE_DIR. Dumps logs if a container exited # unexpectedly. Removes the cid_files and CID_FILE_DIR as well. # Uses: $CID_FILE_DIR - path to directory containing cid_files # Uses: $EXPECTED_EXIT_CODE - expected container exit code # Uses: $TESTSUITE_RESULT - overall result of all tests function ct_cleanup() { echo "$LINE" echo "Cleaning of testing containers and images started." echo "It may take a few seconds." echo "$LINE" ct_clean_app_images ct_clean_containers } # ct_build_image_and_parse_id # -------------------- # Return 0 if build was successful, 1 otherwise # Uses: $1 - path to docckerfile # Uses: $2 - build params # Uses: $APP_IMAGE_ID - sets the app image id value to this variable # this should be replaced by the --iidfile parameter # when it becames supported by all versions of podman and docker that we support ct_build_image_and_parse_id() { local tmpdir local log_file local ret_val local dockerfile local command local pid_build local pid_sleep local sleep_time log_file="$(mktemp)" sleep_time="10m" [ -n "$1" ] && dockerfile="-f $1" command="$(echo "docker build --no-cache $dockerfile $2" | tr -d "'")" # running command in subshell, the subshell in background, storing pid to variable ( $command > "$log_file" 2>&1 ) & pid_build=$! # creating second subshell with trap function on ALRM signal # the subshell sleeps for 10m, then kills the first subshell ( trap 'exit 0' ALRM; sleep "$sleep_time" && kill $pid_build ) & pid_sleep=$! # waiting for build subshell to finish, either with success, or killed from sleep subshell wait $pid_build ret_val=$? # send ALRM signal to the sleep subshell, so it exits even in case the 10mins # not yet passed. If the kill was successful (the wait subshell received ALRM signal) # then the build was not finished yet, so the return value is set to 1 kill -s ALRM $pid_sleep 2>/dev/null || ret_val=1 if [ $ret_val -eq 0 ]; then APP_IMAGE_ID="$(tail -n 1 "$log_file")" fi cat "$log_file" ; rm -r "$log_file" return "$ret_val" } # ct_container_running # -------------------- # Return 0 if given container is in running state # Uses: $1 - container id to check function ct_container_running() { local running running="$(docker inspect -f '{{.State.Running}}' "$1")" [ "$running" = "true" ] || return 1 } # ct_container_exists # -------------------- # Return 0 if given container exists # Uses: $1 - container id to check function ct_container_exists() { local exists exists="$(docker ps -q -a -f "id=$1")" [ -n "$exists" ] || return 1 } # ct_clean_app_images # -------------------- # Cleans up application images referenced by APP_ID_FILE_DIR # Uses: $APP_ID_FILE_DIR - path to directory containing image ID files function ct_clean_app_images() { local image if [[ ! -d "${APP_ID_FILE_DIR:-}" ]]; then echo "The \$APP_ID_FILE_DIR=$APP_ID_FILE_DIR is not created. App cleaning is to be skipped." return 0 fi; echo "Examining image ID files in \$APP_ID_FILE_DIR=$APP_ID_FILE_DIR" for file in "${APP_ID_FILE_DIR:?}"/*; do image="$(cat "$file")" docker inspect "$image" > /dev/null 2>&1 || continue containers="$(docker ps -q -a -f ancestor="$image")" [[ -z "$containers" ]] || docker rm -f "$containers" 2>/dev/null docker rmi -f "$image" done rm -fr "$APP_ID_FILE_DIR" } # ct_clean_containers # -------------------- # Cleans up containers referenced by CID_FILE_DIR # Uses: $CID_FILE_DIR - path to directory containing cid_files function ct_clean_containers() { if [[ -z ${CID_FILE_DIR:-} ]]; then echo "The \$CID_FILE_DIR is not set. Container cleaning is to be skipped." return fi; echo "Examining CID files in \$CID_FILE_DIR=$CID_FILE_DIR" for cid_file in "$CID_FILE_DIR"/* ; do [ -f "$cid_file" ] || continue local container container=$(cat "$cid_file") ct_container_exists "$container" || continue echo "Stopping and removing container $container..." if ct_container_running "$container"; then docker stop "$container" fi exit_status=$(docker inspect -f '{{.State.ExitCode}}' "$container") if [ "$exit_status" != "$EXPECTED_EXIT_CODE" ]; then echo "Dumping logs for $container" docker logs "$container" fi docker rm -v "$container" rm -f "$cid_file" done rm -rf "$CID_FILE_DIR" } # ct_show_results # --------------- # Prints results of all test cases that are stored into TEST_SUMMARY variable. # Uses: $IMAGE_NAME - name of the tested container image # Uses: $TEST_SUMMARY - text info about test-cases # Uses: $TESTSUITE_RESULT - overall result of all tests function ct_show_results() { echo "$LINE" #shellcheck disable=SC2153 echo "Tests were run for image ${IMAGE_NAME}" echo "$LINE" echo "Test cases results:" echo echo "${TEST_SUMMARY:-}" if [ -n "${TESTSUITE_RESULT:-}" ] ; then if [ "$TESTSUITE_RESULT" -eq 0 ] ; then # shellcheck disable=SC2153 echo "Tests for ${IMAGE_NAME} succeeded." else # shellcheck disable=SC2153 echo "Tests for ${IMAGE_NAME} failed." fi fi } # ct_enable_cleanup # -------------------- # Enables automatic container cleanup after tests. function ct_enable_cleanup() { trap ct_trap_on_exit EXIT trap ct_trap_on_sigint SIGINT } # ct_trap_on_exit # -------------------- function ct_trap_on_exit() { local exit_code=$? [ "$exit_code" -eq 130 ] && return # we do not want to catch SIGINT here # We should not really care about what the script returns # as the tests are constructed the way they never exit the shell. # The check is added just to be sure that we catch some not expected behavior # if any is added in the future. echo "Tests finished with EXIT=$exit_code" [ $exit_code -eq 0 ] && exit_code="${TESTSUITE_RESULT:-0}" [ -n "${DEBUG:-}" ] || ct_show_resources ct_cleanup ct_show_results exit "$exit_code" } # ct_trap_on_sigint # -------------------- function ct_trap_on_sigint() { echo "Tests were stopped by SIGINT signal" ct_cleanup ct_show_results exit 130 } # ct_pull_image # ------------- # Function pull an image before tests execution # Argument: image_name - string containing the public name of the image to pull # Argument: exit - in case "true" is defined and pull failed, then script has to exit with 1 and no tests are executed # Argument: loops - how many times to pull image in case of failure # Function returns either 0 in case of pull was successful # Or the test suite exit with 1 in case of pull error function ct_pull_image() { local image_name="$1"; [[ $# -gt 0 ]] && shift local exit_variable=${1:-"false"}; [[ $# -gt 0 ]] && shift local loops=${1:-10} local loop=0 # Let's try to pull image. echo "-> Pulling image $image_name ..." # Sometimes in Fedora case it fails with HTTP 50X # Check if the image is available locally and try to pull it if it is not if [[ "$(docker images -q "$image_name" 2>/dev/null)" != "" ]]; then echo "The image $image_name is already pulled." return 0 fi # Try pulling the image to see if it is accessible # WORKAROUND: Since Fedora registry sometimes fails randomly, let's try it more times while ! docker pull "$image_name"; do ((loop++)) || : echo "Pulling image $image_name failed." if [ "$loop" -gt "$loops" ]; then echo "Pulling of image $image_name failed $loops times in a row. Giving up." echo "!!! ERROR with pulling image $image_name !!!!" # shellcheck disable=SC2268 if [[ x"$exit_variable" == x"false" ]]; then return 1 else exit 1 fi fi echo "Let's wait $((loop*5)) seconds and try again." sleep "$((loop*5))" done } # ct_check_envs_set env_filter check_envs loop_envs [env_format] # -------------------- # Compares values from one list of environment variable definitions against such list, # checking if the values are present and have a specific format. # Argument: env_filter - optional string passed to grep used for # choosing which variables to filter out in env var lists. # Argument: check_envs - list of env var definitions to check values against # Argument: loop_envs - list of env var definitions to check values for # Argument: env_format (optional) - format string for bash substring deletion used # for checking whether the value is contained in check_envs. # Defaults to: "*VALUE*", VALUE string gets replaced by actual value from loop_envs function ct_check_envs_set { local env_filter check_envs env_format env_filter=$1; shift check_envs=$1; shift loop_envs=$1; shift env_format=${1:-"*VALUE*"} while read -r variable; do [ -z "$variable" ] && continue var_name=$(echo "$variable" | awk -F= '{ print $1 }') stripped=$(echo "$variable" | awk -F= '{ print $2 }') filtered_envs=$(echo "$check_envs" | grep "^$var_name=") [ -z "$filtered_envs" ] && { echo "$var_name not found during \` docker exec\`"; return 1; } old_IFS=$IFS # For each such variable compare its content with the `docker exec` result, use `:` as delimiter IFS=: for value in $stripped; do # If the falue checked does not go through env_filter we do not care about it echo "$value" | grep -q "$env_filter" || continue # shellcheck disable=SC2295 if [ -n "${filtered_envs##${env_format//VALUE/$value}}" ]; then echo " Value $value is missing from variable $var_name" echo "$filtered_envs" IFS=$old_IFS return 1 fi done IFS=$old_IFS done <<< "$(echo "$loop_envs" | grep "$env_filter" | grep -v "^PWD=")" } # ct_get_cid [name] # -------------------- # Prints container id from cid_file based on the name of the file. # Argument: name - name of cid_file where the container id will be stored # Uses: $CID_FILE_DIR - path to directory containing cid_files function ct_get_cid() { local name="$1" ; shift || return 1 cat "$CID_FILE_DIR/$name" } # ct_get_cip [id] # -------------------- # Prints container ip address based on the container id. # Argument: id - container id function ct_get_cip() { local id="$1" ; shift docker inspect --format='{{.NetworkSettings.IPAddress}}' "$(ct_get_cid "$id")" } # ct_wait_for_cid [cid_file] # -------------------- # Holds the execution until the cid_file is created. Usually run after container # creation. # Argument: cid_file - name of the cid_file that should be created function ct_wait_for_cid() { local cid_file=$1 local max_attempts=10 local sleep_time=1 local attempt=1 local result=1 while [ $attempt -le $max_attempts ]; do [ -f "$cid_file" ] && [ -s "$cid_file" ] && return 0 echo "Waiting for container start... $attempt" attempt=$(( attempt + 1 )) sleep $sleep_time done return 1 } # ct_assert_container_creation_fails [container_args] # -------------------- # The invocation of docker run should fail based on invalid container_args # passed to the function. Returns 0 when container fails to start properly. # Argument: container_args - all arguments are passed directly to dokcer run # Uses: $CID_FILE_DIR - path to directory containing cid_files function ct_assert_container_creation_fails() { local ret=0 local max_attempts=10 local attempt=1 local cid_file=assert local old_container_args="${CONTAINER_ARGS-}" # we really work with CONTAINER_ARGS as with a string # shellcheck disable=SC2124 CONTAINER_ARGS="$@" if ct_create_container "$cid_file" ; then local cid cid=$(ct_get_cid "$cid_file") while [ "$(docker inspect -f '{{.State.Running}}' "$cid")" == "true" ] ; do sleep 2 attempt=$(( attempt + 1 )) if [ "$attempt" -gt "$max_attempts" ]; then docker stop "$cid" ret=1 break fi done exit_status=$(docker inspect -f '{{.State.ExitCode}}' "$cid") if [ "$exit_status" == "0" ]; then ret=1 fi docker rm -v "$cid" rm "$CID_FILE_DIR/$cid_file" fi [ -n "$old_container_args" ] && CONTAINER_ARGS="$old_container_args" return "$ret" } # ct_create_container [name, command] # -------------------- # Creates a container using the IMAGE_NAME and CONTAINER_ARGS variables. Also # stores the container id to a cid_file located in the CID_FILE_DIR, and waits # for the creation of the file. # Argument: name - name of cid_file where the container id will be stored # Argument: command - optional command to be executed in the container # Uses: $CID_FILE_DIR - path to directory containing cid_files # Uses: $CONTAINER_ARGS - optional arguments passed directly to docker run # Uses: $IMAGE_NAME - name of the image being tested function ct_create_container() { local cid_file="$CID_FILE_DIR/$1" ; shift # create container with a cidfile in a directory for cleanup # shellcheck disable=SC2086,SC2153 docker run --cidfile="$cid_file" -d ${CONTAINER_ARGS:-} "$IMAGE_NAME" "$@" ct_wait_for_cid "$cid_file" || return 1 : "Created container $(cat "$cid_file")" } # ct_scl_usage_old [name, command, expected] # -------------------- # Tests three ways of running the SCL, by looking for an expected string # in the output of the command # Argument: name - name of cid_file where the container id will be stored # Argument: command - executed inside the container # Argument: expected - string that is expected to be in the command output # Uses: $CID_FILE_DIR - path to directory containing cid_files # Uses: $IMAGE_NAME - name of the image being tested function ct_scl_usage_old() { local name="$1" local command="$2" local expected="$3" local out="" : " Testing the image SCL enable" out=$(docker run --rm "${IMAGE_NAME}" /bin/bash -c "${command}") if ! echo "${out}" | grep -q "${expected}"; then echo "ERROR[/bin/bash -c \"${command}\"] Expected '${expected}', got '${out}'" >&2 return 1 fi out=$(docker exec "$(ct_get_cid "$name")" /bin/bash -c "${command}" 2>&1) if ! echo "${out}" | grep -q "${expected}"; then echo "ERROR[exec /bin/bash -c \"${command}\"] Expected '${expected}', got '${out}'" >&2 return 1 fi out=$(docker exec "$(ct_get_cid "$name")" /bin/sh -ic "${command}" 2>&1) if ! echo "${out}" | grep -q "${expected}"; then echo "ERROR[exec /bin/sh -ic \"${command}\"] Expected '${expected}', got '${out}'" >&2 return 1 fi } # ct_doc_content_old [strings] # -------------------- # Looks for occurence of stirngs in the documentation files and checks # the format of the files. Files examined: help.1 # Argument: strings - strings expected to appear in the documentation # Uses: $IMAGE_NAME - name of the image being tested function ct_doc_content_old() { local tmpdir tmpdir=$(mktemp -d) local f : " Testing documentation in the container image" # Extract the help files from the container # shellcheck disable=SC2043 for f in help.1 ; do docker run --rm "${IMAGE_NAME}" /bin/bash -c "cat /${f}" >"${tmpdir}/$(basename "${f}")" # Check whether the files contain some important information for term in "$@" ; do if ! grep -E -q -e "${term}" "${tmpdir}/$(basename "${f}")" ; then echo "ERROR: File /${f} does not include '${term}'." >&2 return 1 fi done # Check whether the files use the correct format for term in TH PP SH ; do if ! grep -q "^\.${term}" "${tmpdir}/help.1" ; then echo "ERROR: /help.1 is probably not in troff or groff format, since '${term}' is missing." >&2 return 1 fi done done : " Success!" } # full_ca_file_path # Return string for full path to CA file function full_ca_file_path() { echo "/etc/pki/ca-trust/source/anchors/RH-IT-Root-CA.crt" } # ct_mount_ca_file # ------------------ # Check if /etc/pki/certs/RH-IT-Root-CA.crt file exists # return mount string for containers or empty string function ct_mount_ca_file() { # mount CA file only if NPM_REGISTRY variable is present. local mount_parameter="" if [ -n "$NPM_REGISTRY" ] && [ -f "$(full_ca_file_path)" ]; then mount_parameter="-v $(full_ca_file_path):$(full_ca_file_path):Z" fi echo "$mount_parameter" } # ct_build_s2i_npm_variables URL_TO_NPM_JS_SERVER # ------------------------------------------ # Function returns -e NPM_MIRROR and -v MOUNT_POINT_FOR_CAFILE # or empty string function ct_build_s2i_npm_variables() { npm_variables="" if [ -n "$NPM_REGISTRY" ] && [ -f "$(full_ca_file_path)" ]; then npm_variables="-e NPM_MIRROR=$NPM_REGISTRY $(ct_mount_ca_file)" fi echo "$npm_variables" } # ct_npm_works # -------------------- # Checks existance of the npm tool and runs it. function ct_npm_works() { local tmpdir local cid_file tmpdir=$(mktemp -d) : " Testing npm in the container image" cid_file="$(mktemp --dry-run --tmpdir="${CID_FILE_DIR}")" if ! docker run --rm "${IMAGE_NAME}" /bin/bash -c "npm --version" >"${tmpdir}/version" ; then echo "ERROR: 'npm --version' does not work inside the image ${IMAGE_NAME}." >&2 return 1 fi # shellcheck disable=SC2046 docker run -d $(ct_mount_ca_file) --rm --cidfile="$cid_file" "${IMAGE_NAME}-testapp" # Wait for the container to write it's CID file ct_wait_for_cid "$cid_file" || return 1 if ! docker exec "$(cat "$cid_file")" /bin/bash -c "npm --verbose install jquery && test -f node_modules/jquery/src/jquery.js" >"${tmpdir}/jquery" 2>&1 ; then echo "ERROR: npm could not install jquery inside the image ${IMAGE_NAME}." >&2 cat "${tmpdir}/jquery" return 1 fi if [ -n "$NPM_REGISTRY" ] && [ -f "$(full_ca_file_path)" ]; then if ! grep -qo "$NPM_REGISTRY" "${tmpdir}/jquery"; then echo "ERROR: Internal repository is NOT set. Even it is requested." return 1 fi fi if [ -f "$cid_file" ]; then docker stop "$(cat "$cid_file")" fi : " Success!" } # ct_binary_found_from_df binary [path] # -------------------- # Checks if a binary can be found in PATH during Dockerfile build # Argument: binary - name of the binary to test accessibility for # Argument: path - optional path in which the binary should reside in # /opt/rh by default function ct_binary_found_from_df() { local tmpdir local id_file local binary=$1; shift local binary_path=${1:-"^/opt/rh"} tmpdir=$(mktemp -d) : " Testing $binary in build from Dockerfile" # Create Dockerfile that looks for the binary cat <"$tmpdir/Dockerfile" FROM $IMAGE_NAME RUN command -v $binary | grep "$binary_path" EOF # Build an image, looking for expected path in the output ct_build_image_and_parse_id "$tmpdir/Dockerfile" "$tmpdir" #shellcheck disable=SC2181 if [ $? -ne 0 ]; then echo " ERROR: Failed to find $binary in \$PATH!" >&2 return 1 fi id_file="${APP_ID_FILE_DIR:?}"/"$RANDOM" echo "$APP_IMAGE_ID" > "$id_file" } # ct_check_exec_env_vars [env_filter] # -------------------- # Checks if all relevant environment variables from `docker run` # can be found in `docker exec` as well. # Argument: env_filter - optional string passed to grep used for # choosing which variables to check in the test case. # Defaults to X_SCLS and variables containing /opt/app-root, /opt/rh # Uses: $CID_FILE_DIR - path to directory containing cid_files # Uses: $IMAGE_NAME - name of the image being tested function ct_check_exec_env_vars() { local tmpdir exec_envs cid old_IFS env_filter local var_name stripped filtered_envs run_envs env_filter=${1:-"^X_SCLS=\|/opt/rh\|/opt/app-root"} tmpdir=$(mktemp -d) CID_FILE_DIR=${CID_FILE_DIR:-$(mktemp -d)} # Get environment variables from `docker run` run_envs=$(docker run --rm "$IMAGE_NAME" /bin/bash -c "env") # Get environment variables from `docker exec` ct_create_container "test_exec_envs" bash -c "sleep 1000" >/dev/null cid=$(ct_get_cid "test_exec_envs") exec_envs=$(docker exec "$cid" env) # Filter out variables we are not interested in # Always check X_SCLS, ignore PWD # Check variables from `docker run` that have alternative paths inside (/opt/rh, /opt/app-root) ct_check_envs_set "$env_filter" "$exec_envs" "$run_envs" "*VALUE*" || return 1 echo " All values present in \`docker exec\`" return 0 } # ct_check_scl_enable_vars [env_filter] # -------------------- # Checks if all relevant environment variables from `docker run` # are set twice after a second call of `scl enable $SCLS`. # Argument: env_filter - optional string passed to grep used for # choosing which variables to check in the test case. # Defaults to paths containing enabled SCLS in the image # Uses: $IMAGE_NAME - name of the image being tested function ct_check_scl_enable_vars() { local tmpdir exec_envs cid old_IFS env_filter enabled_scls local var_name stripped filtered_envs loop_envs env_filter=$1 tmpdir=$(mktemp -d) enabled_scls=$(docker run --rm "$IMAGE_NAME" /bin/bash -c "echo \$X_SCLS") if [ -z "$env_filter" ]; then for scl in $enabled_scls; do [ -z "$env_filter" ] && env_filter="/$scl" && continue # env_filter not empty, append to the existing list env_filter="$env_filter|/$scl" done fi # Get environment variables from `docker run` loop_envs=$(docker run --rm "$IMAGE_NAME" /bin/bash -c "env") run_envs=$(docker run --rm "$IMAGE_NAME" /bin/bash -c "X_SCLS= scl enable $enabled_scls env") # Check if the values are set twice in the second set of envs ct_check_envs_set "$env_filter" "$run_envs" "$loop_envs" "*VALUE*VALUE*" || return 1 echo " All scl_enable values present" return 0 } # ct_path_append PATH_VARNAME DIRECTORY # ------------------------------------- # Append DIRECTORY to VARIABLE of name PATH_VARNAME, the VARIABLE must consist # of colon-separated list of directories. ct_path_append () { if eval "test -n \"\${$1-}\""; then eval "$1=\$2:\$$1" else eval "$1=\$2" fi } # ct_path_foreach PATH ACTION [ARGS ...] # -------------------------------------- # For each DIR in PATH execute ACTION (path is colon separated list of # directories). The particular calls to ACTION will look like # '$ ACTION directory [ARGS ...]' ct_path_foreach () { local dir dirlist action save_IFS save_IFS=$IFS IFS=: dirlist=$1 action=$2 shift 2 for dir in $dirlist; do "$action" "$dir" "$@" ; done IFS=$save_IFS } # ct_gen_self_signed_cert_pem # --------------------------- # Generates a self-signed PEM certificate pair into specified directory. # Argument: output_dir - output directory path # Argument: base_name - base name of the certificate files # Resulted files will be those: # /-cert-selfsigned.pem -- public PEM cert # /-key.pem -- PEM private key ct_gen_self_signed_cert_pem() { local output_dir=$1 ; shift local base_name=$1 ; shift mkdir -p "${output_dir}" openssl req -newkey rsa:2048 -nodes -keyout "${output_dir}"/"${base_name}"-key.pem -subj '/C=GB/ST=Berkshire/L=Newbury/O=My Server Company' > "${base_name}"-req.pem openssl req -new -x509 -nodes -key "${output_dir}"/"${base_name}"-key.pem -batch > "${output_dir}"/"${base_name}"-cert-selfsigned.pem } # ct_obtain_input FILE|DIR|URL # -------------------- # Either copies a file or a directory to a tmp location for local copies, or # downloads the file from remote location. # Resulted file path is printed, so it can be later used by calling function. # Arguments: input - local file, directory or remote URL function ct_obtain_input() { local input=$1 local extension="${input##*.}" # Try to use same extension for the temporary file if possible [[ "${extension}" =~ ^[a-z0-9]*$ ]] && extension=".${extension}" || extension="" local output output=$(mktemp "/var/tmp/test-input-XXXXXX$extension") if [ -f "${input}" ] ; then cp -f "${input}" "${output}" elif [ -d "${input}" ] ; then rm -f "${output}" cp -r -LH "${input}" "${output}" elif echo "${input}" | grep -qe '^http\(s\)\?://' ; then curl "${input}" > "${output}" else echo "ERROR: file type not known: ${input}" >&2 return 1 fi echo "${output}" } # ct_test_response # ---------------- # Perform GET request to the application container, checks output with # a reg-exp and HTTP response code. # Argument: url - request URL path # Argument: expected_code - expected HTTP response code # Argument: body_regexp - PCRE regular expression that must match the response body # Argument: max_attempts - Optional number of attempts (default: 20), three seconds sleep between # Argument: ignore_error_attempts - Optional number of attempts when we ignore error output (default: 10) ct_test_response() { local url="$1" local expected_code="$2" local body_regexp="$3" local max_attempts=${4:-20} local ignore_error_attempts=${5:-10} echo " Testing the HTTP(S) response for <${url}>" local sleep_time=3 local attempt=1 local result=1 local status local response_code local response_file response_file=$(mktemp /tmp/ct_test_response_XXXXXX) while [ "${attempt}" -le "${max_attempts}" ]; do echo "Trying to connect ... ${attempt}" curl --connect-timeout 10 -s -w '%{http_code}' "${url}" >"${response_file}" && status=0 || status=1 if [ "${status}" -eq 0 ]; then response_code=$(tail -c 3 "${response_file}") if [ "${response_code}" -eq "${expected_code}" ]; then result=0 fi grep -qP -e "${body_regexp}" "${response_file}" || result=1; # Some services return 40x code until they are ready, so let's give them # some chance and not end with failure right away # Do not wait if we already have expected outcome though if [ "${result}" -eq 0 ] || [ "${attempt}" -gt "${ignore_error_attempts}" ] || [ "${attempt}" -eq "${max_attempts}" ] ; then break fi fi attempt=$(( attempt + 1 )) sleep "${sleep_time}" done rm -f "${response_file}" return "${result}" } # ct_registry_from_os OS # ---------------- # Transform operating system string [os] into registry url # Argument: OS - string containing the os version ct_registry_from_os() { local registry="" case $1 in rhel*) registry=registry.redhat.io ;; *) registry=quay.io ;; esac echo "$registry" } # ct_get_public_image_name OS BASE_IMAGE_NAME VERSION # ---------------- # Transform the arguments into public image name # Argument: OS - string containing the os version # Argument: BASE_IMAGE_NAME - string containing the base name of the image as defined in the Makefile # Argument: VERSION - string containing the version of the image as defined in the Makefile ct_get_public_image_name() { local os=$1; shift local base_image_name=$1; shift local version=$1; shift local public_image_name local registry registry=$(ct_registry_from_os "$os") if [ "$os" == "rhel8" ]; then public_image_name=$registry/rhel8/$base_image_name-${version//./} elif [ "$os" == "rhel9" ]; then public_image_name=$registry/rhel9/$base_image_name-${version//./} elif [ "$os" == "c9s" ]; then public_image_name=$registry/sclorg/$base_image_name-${version//./}-c9s elif [ "$os" == "c10s" ]; then public_image_name=$registry/sclorg/$base_image_name-${version//./}-c10s fi echo "$public_image_name" } # ct_assert_cmd_success CMD # ---------------- # Evaluates [cmd] and fails if it does not succeed. # Argument: CMD - Command to be run function ct_assert_cmd_success() { echo "Checking '$*' for success ..." # shellcheck disable=SC2294 if ! eval "$@" &>/dev/null; then echo " FAIL" return 1 fi echo " PASS" return 0 } # ct_assert_cmd_failure CMD # ---------------- # Evaluates [cmd] and fails if it succeeds. # Argument: CMD - Command to be run function ct_assert_cmd_failure() { echo "Checking '$*' for failure ..." # shellcheck disable=SC2294 if eval "$@" &>/dev/null; then echo " FAIL" return 1 fi echo " PASS" return 0 } # ct_random_string [LENGTH=10] # ---------------------------- # Generate pseudorandom alphanumeric string of LENGTH bytes, the # default length is 10. The string is printed on stdout. ct_random_string() ( export LC_ALL=C dd if=/dev/urandom count=1 bs=10k 2>/dev/null \ | tr -dc 'a-z0-9' \ | fold -w "${1-10}" \ | head -n 1 ) # ct_s2i_usage IMG_NAME [S2I_ARGS] # ---------------------------- # Create a container and run the usage script inside # Argument: IMG_NAME - name of the image to be used for the container run # Argument: S2I_ARGS - Additional list of source-to-image arguments, currently unused. ct_s2i_usage() { local img_name=$1; shift local s2i_args="$*"; local usage_command="/usr/libexec/s2i/usage" docker run --rm "$img_name" bash -c "$usage_command" } # ct_s2i_build_as_df APP_PATH SRC_IMAGE DST_IMAGE [S2I_ARGS] # ---------------------------- # Create a new s2i app image from local sources in a similar way as source-to-image would have used. # This function is wrapper for ct_s2i_build_as_df_build_args in case user do not want to add build args # This function is used in all https://github.com/sclorg/*-container test cases and we do not # want to break functionality # Argument: APP_PATH - local path to the app sources to be used in the test # Argument: SRC_IMAGE - image to be used as a base for the s2i build # Argument: DST_IMAGE - image name to be used during the tagging of the s2i build result # Argument: S2I_ARGS - Additional list of source-to-image arguments. # Only used to check for pull-policy=never and environment variable definitions. ct_s2i_build_as_df() { local app_path=$1; shift local src_image=$1; shift local dst_image=$1; shift local s2i_args="$*"; ct_s2i_build_as_df_build_args "$app_path" "$src_image" "$dst_image" "" "$s2i_args" } # ct_s2i_build_as_df_build_args APP_PATH SRC_IMAGE DST_IMAGE BUILD_ARGS [S2I_ARGS] # ---------------------------- # Create a new s2i app image from local sources in a similar way as source-to-image would have used. # Argument: APP_PATH - local path to the app sources to be used in the test # Argument: SRC_IMAGE - image to be used as a base for the s2i build # Argument: DST_IMAGE - image name to be used during the tagging of the s2i build result # Argument: BUILD_ARGS - Build arguments to be used in the s2i build # Argument: S2I_ARGS - Additional list of source-to-image arguments. # Only used to check for pull-policy=never and environment variable definitions. ct_s2i_build_as_df_build_args() { local app_path=$1; shift local src_image=$1; shift local dst_image=$1; shift local build_args=$1; shift local s2i_args="$*"; local local_app=upload/src/ local local_scripts=upload/scripts/ local user_id= local df_name= local tmpdir= local incremental=false local mount_options=() local id_file # Run the entire thing inside a subshell so that we do not leak shell options outside of the function ( # FIXME: removed temporarily, need proper fixing # Error out if any part of the build fails # set -e # Use /tmp to not pollute cwd tmpdir=$(mktemp -d) df_name=$(mktemp -p "$tmpdir" Dockerfile.XXXX) cd "$tmpdir" || return 1 # Check if the image is available locally and try to pull it if it is not docker images "$src_image" &>/dev/null || echo "$s2i_args" | grep -q "pull-policy=never" || docker pull "$src_image" user=$(docker inspect -f "{{.Config.User}}" "$src_image") # Default to root if no user is set by the image user=${user:-0} # run the user through the image in case it is non-numeric or does not exist if ! user_id=$(ct_get_uid_from_image "$user" "$src_image"); then echo "Terminating s2i build." return 1 fi echo "$s2i_args" | grep -q "\--incremental" && incremental=true if $incremental; then inc_tmp=$(mktemp -d --tmpdir incremental.XXXX) setfacl -m "u:$user_id:rwx" "$inc_tmp" # Check if the image exists, build should fail (for testing use case) if it does not docker images "$dst_image" &>/dev/null || (echo "Image $dst_image not found."; false) # Run the original image with a mounted in volume and get the artifacts out of it cmd="if [ -s /usr/libexec/s2i/save-artifacts ]; then /usr/libexec/s2i/save-artifacts > \"$inc_tmp/artifacts.tar\"; else touch \"$inc_tmp/artifacts.tar\"; fi" docker run --rm -v "$inc_tmp:$inc_tmp:Z" "$dst_image" bash -c "$cmd" # Move the created content into the $tmpdir for the build to pick it up mv "$inc_tmp/artifacts.tar" "$tmpdir/" fi # Strip file:// from APP_PATH and copy its contents into current context mkdir -p "$local_app" cp -r "${app_path/file:\/\//}/." "$local_app" [ -d "$local_app/.s2i/bin/" ] && mv "$local_app/.s2i/bin" "$local_scripts" # Create a Dockerfile named df_name and fill it with proper content #FIXME: Some commands could be combined into a single layer but not sure if worth the trouble for testing purposes cat <"$df_name" FROM $src_image LABEL "io.openshift.s2i.build.image"="$src_image" \\ "io.openshift.s2i.build.source-location"="$app_path" USER root COPY $local_app /tmp/src EOF [ -d "$local_scripts" ] && echo "COPY $local_scripts /tmp/scripts" >> "$df_name" && echo "RUN chown -R $user_id:0 /tmp/scripts" >>"$df_name" echo "RUN chown -R $user_id:0 /tmp/src" >>"$df_name" # Check for custom environment variables inside .s2i/ folder if [ -e "$local_app/.s2i/environment" ]; then # Remove any comments and add the contents as ENV commands to the Dockerfile sed '/^\s*#.*$/d' "$local_app/.s2i/environment" | while read -r line; do echo "ENV $line" >>"$df_name" done fi # Filter out env var definitions from $s2i_args and create Dockerfile ENV commands out of them echo "$s2i_args" | grep -o -e '\(-e\|--env\)[[:space:]=]\S*=\S*' | sed -e 's/-e /ENV /' -e 's/--env[ =]/ENV /' >>"$df_name" # Check if CA autority is present on host and add it into Dockerfile [ -f "$(full_ca_file_path)" ] && echo "RUN cd /etc/pki/ca-trust/source/anchors && update-ca-trust extract" >>"$df_name" # Add in artifacts if doing an incremental build if $incremental; then { echo "RUN mkdir /tmp/artifacts" echo "ADD artifacts.tar /tmp/artifacts" echo "RUN chown -R $user_id:0 /tmp/artifacts" ; } >>"$df_name" fi echo "USER $user_id" >>"$df_name" # If exists, run the custom assemble script, else default to /usr/libexec/s2i/assemble if [ -x "$local_scripts/assemble" ]; then echo "RUN /tmp/scripts/assemble" >>"$df_name" else echo "RUN /usr/libexec/s2i/assemble" >>"$df_name" fi # If exists, set the custom run script as CMD, else default to /usr/libexec/s2i/run if [ -x "$local_scripts/run" ]; then echo "CMD /tmp/scripts/run" >>"$df_name" else echo "CMD /usr/libexec/s2i/run" >>"$df_name" fi # Check if -v parameter is present in s2i_args and add it into docker build command read -ra mount_options <<< "$(echo "$s2i_args" | grep -o -e '\(-v\)[[:space:]]\.*\S*' || true)" # Run the build and tag the result ct_build_image_and_parse_id "$df_name" "${mount_options[*]+${mount_options[*]}} -t $dst_image . $build_args" #shellcheck disable=SC2181 if [ "$?" -ne 0 ]; then echo " ERROR: Failed to to build $df_name" >&2 return 1 fi id_file="${APP_ID_FILE_DIR:?}"/"$RANDOM" echo "$APP_IMAGE_ID" > "$id_file" ) } # ct_s2i_multistage_build APP_PATH SRC_IMAGE DST_IMAGE SEC_IMAGE [S2I_ARGS] # ---------------------------- # Create a new s2i app image from local sources in a similar way as source-to-image would have used. # Argument: APP_PATH - local path to the app sources to be used in the test # Argument: SRC_IMAGE - image to be used as a base for the s2i build process # Argument: SEC_IMAGE - image to be used as the base for the result of the build process # Argument: DST_IMAGE - image name to be used during the tagging of the s2i build result # Argument: S2I_ARGS - Additional list of source-to-image arguments. # Only used to check for environment variable definitions. ct_s2i_multistage_build() { local app_path=$1; shift local src_image=$1; shift local sec_image=$1; shift local dst_image=$1; shift local s2i_args=$*; local local_app="app-src" local user_id= local mount_options=() local id_file # Run the entire thing inside a subshell so that we do not leak shell options outside of the function ( # FIXME: removed temporarily, need proper fixing # Error out if any part of the build fails # set -e user=$(docker inspect -f "{{.Config.User}}" "$src_image") # Default to root if no user is set by the image user=${user:-0} # run the user through the image in case it is non-numeric or does not exist if ! user_id=$(ct_get_uid_from_image "$user" "$src_image"); then echo "Terminating s2i build." return 1 fi # Use /tmp to not pollute cwd tmpdir=$(mktemp -d) df_name=$(mktemp -p "$tmpdir" Dockerfile.XXXX) cd "$tmpdir" || return 1 # If the path exists on the local host, copy it into the directory for the build # Otherwise handle it as a link to a git repository if [ -e "${app_path/file:\/\//}/." ] ; then mkdir -p "$local_app" # Strip file:// from APP_PATH and copy its contents into current context cp -r "${app_path/file:\/\//}/." "$local_app" else ct_clone_git_repository "$app_path" "$local_app" fi cat <"$df_name" # First stage builds the application FROM $src_image as builder # Add application sources to a directory that the assemble script expects them # and set permissions so that the container runs without root access USER 0 ADD app-src /tmp/src RUN chown -R 1001:0 /tmp/src $(echo "$s2i_args" | grep -o -e '\(-e\|--env\)[[:space:]=]\S*=\S*' | sed -e 's/-e /ENV /' -e 's/--env[ =]/ENV /') # Check if CA autority is present on host and add it into Dockerfile $([ -f "$(full_ca_file_path)" ] && echo "RUN cd /etc/pki/ca-trust/source/anchors && update-ca-trust extract") USER $user_id # Install the dependencies RUN /usr/libexec/s2i/assemble # Second stage copies the application to the minimal image FROM $sec_image # Copy the application source and build artifacts from the builder image to this one COPY --from=builder \$HOME \$HOME # Set the default command for the resulting image CMD /usr/libexec/s2i/run EOF # Check if -v parameter is present in s2i_args and add it into docker build command read -ra mount_options <<< "$(echo "$s2i_args" | grep -o -e '\(-v\)[[:space:]]\.*\S*' || true)" ct_build_image_and_parse_id "$df_name" "${mount_options[*]+${mount_options[*]}} -t $dst_image ." #shellcheck disable=SC2181 if [ "$?" -ne 0 ]; then echo " ERROR: Failed to to build $df_name" >&2 return 1 fi id_file="${APP_ID_FILE_DIR:?}"/"$RANDOM" echo "$APP_IMAGE_ID" > "$id_file" ) } # ct_check_image_availability PUBLIC_IMAGE_NAME # ---------------------------- # Pull an image from the public repositories to see if the image is already available. # Argument: PUBLIC_IMAGE_NAME - string containing the public name of the image to pull ct_check_image_availability() { local public_image_name=$1; # Try pulling the image to see if it is accessible if ! ct_pull_image "$public_image_name" &>/dev/null; then echo "$public_image_name could not be downloaded via 'docker'" return 1 fi } # ct_check_latest_imagestreams # ----------------------------- # Check if the latest version present in Makefile in the variable VERSIONS # is present in all imagestreams. # Also the latest tag in the imagestreams has to contain the latest version ct_check_latest_imagestreams() { local latest_version= local test_lib_dir= # We only maintain imagestreams for RHEL and CentOS (Community) if [[ "$OS" =~ ^fedora.* ]] ; then echo "Imagestreams for Fedora are not maintained, skipping ct_check_latest_imagestreams" return 0 fi # Check only lines which starts with VERSIONS latest_version=$(grep '^VERSIONS' Makefile | rev | cut -d ' ' -f 1 | rev ) # Fall back to previous version if the latest is excluded for this OS [ -f "$latest_version/.exclude-$OS" ] && latest_version=$(grep '^VERSIONS' Makefile | rev | cut -d ' ' -f 2 | rev ) # Only test the imagestream once, when the version matches # ignore the SC warning, $VERSION is always available test_lib_dir=$(dirname "$(readlink -f "$0")") python3 "${test_lib_dir}/show_all_imagestreams.py" # shellcheck disable=SC2153 if [ "$latest_version" == "$VERSION" ]; then python3 "${test_lib_dir}/check_imagestreams.py" "$latest_version" else echo "Image version $VERSION is not latest, skipping ct_check_latest_imagestreams" fi } # ct_show_resources # ---------------- # Prints the available resources ct_show_resources() { echo echo "$LINE" echo "Resources info:" echo "Memory:" free -h echo "Storage:" df -h || : echo "CPU" lscpu echo "$LINE" echo "Image ${IMAGE_NAME} information:" echo "$LINE" echo "Uncompressed size of the image: $(ct_get_image_size_uncompresseed "${IMAGE_NAME}")" echo "Compressed size of the image: $(ct_get_image_size_compresseed "${IMAGE_NAME}")" echo } # ct_clone_git_repository # ----------------------------- # Argument: app_url - git URI pointing to a repository, supports "@" to indicate a different branch # Argument: app_dir (optional) - name of the directory to clone the repository into ct_clone_git_repository() { local app_url=$1; shift local app_dir=$1 # If app_url contains @, the string after @ is considered # as a name of a branch to clone instead of the main/master branch IFS='@' read -ra git_url_parts <<< "${app_url}" if [ -n "${git_url_parts[1]}" ]; then git_clone_cmd="git clone --branch ${git_url_parts[1]} ${git_url_parts[0]} ${app_dir}" else git_clone_cmd="git clone ${app_url} ${app_dir}" fi if ! $git_clone_cmd ; then echo "ERROR: Git repository ${app_url} cannot be cloned into ${app_dir}." return 1 fi } # ct_get_uid_from_image # ----------------------------- # Argument: user - user to get uid for inside the image # Argument: src_image - image to use for user information ct_get_uid_from_image() { local user=$1; shift local src_image=$1 local user_id= # NOTE: The '-eq' test is used to check if $user is numeric as it will fail if $user is not an integer if ! [ "$user" -eq "$user" ] 2>/dev/null && ! user_id=$(docker run --rm "$src_image" bash -c "id -u $user 2>/dev/null"); then echo "ERROR: id of user $user not found inside image $src_image." return 1 else echo "${user_id:-$user}" fi } # ct_test_app_dockerfile # ----------------------------- # Argument: dockerfile - path to a Dockerfile that will be used for building an image # (must work with an application directory called 'app-src') # Argument: app_url - git or local URI with a testing application, supports "@" to indicate a different branch # Argument: body_regexp - PCRE regular expression that must match the response body # Argument: app_dir - name of the application directory that is used in the Dockerfile # Argument: build_args - build args that will be used for building an image ct_test_app_dockerfile() { local dockerfile=$1 local app_url=$2 local expected_text=$3 local app_dir=$4 # this is a directory that must match with the name in the Dockerfile local build_args=${5:-""} local port=8080 local app_image_name=myapp local ret local cname=app_dockerfile local id_file if [ -z "$app_dir" ] ; then echo "ERROR: Option app_dir not set. Terminating the Dockerfile build." return 1 fi if ! [ -r "${dockerfile}" ] || ! [ -s "${dockerfile}" ] ; then echo "ERROR: Dockerfile ${dockerfile} does not exist or is empty." echo "Terminating the Dockerfile build." return 1 fi CID_FILE_DIR=${CID_FILE_DIR:-$(mktemp -d)} local dockerfile_abs dockerfile_abs=$(readlink -f "${dockerfile}") tmpdir=$(mktemp -d) pushd "$tmpdir" >/dev/null || return 1 cp "${dockerfile_abs}" Dockerfile # Rewrite the source image to what we test sed -i -e "s|^FROM.*$|FROM $IMAGE_NAME|" Dockerfile # a bit more verbose, but should help debugging failures echo "Using this Dockerfile:" cat Dockerfile if [ -d "$app_url" ] ; then echo "Copying local folder: $app_url -> $app_dir." cp -Lr "$app_url" "$app_dir" else if ! ct_clone_git_repository "$app_url" "$app_dir" ; then echo "Terminating the Dockerfile build." return 1 fi fi echo "Building '${app_image_name}' image using docker build" if ! ct_build_image_and_parse_id "" "-t ${app_image_name} . $build_args"; then echo "ERROR: The image cannot be built from ${dockerfile} and application ${app_url}." echo "Terminating the Dockerfile build." return 1 fi id_file="${APP_ID_FILE_DIR:?}"/"$RANDOM" echo "$APP_IMAGE_ID" > "$id_file" if ! docker run -d --cidfile="${CID_FILE_DIR}/app_dockerfile" --rm "${app_image_name}" ; then echo "ERROR: The image ${app_image_name} cannot be run for ${dockerfile} and application ${app_url}." echo "Terminating the Dockerfile build." return 1 fi echo "Waiting for ${app_image_name} to start" ct_wait_for_cid "${CID_FILE_DIR}/app_dockerfile" ip="$(ct_get_cip "${cname}")" if [ -z "$ip" ]; then echo "ERROR: Cannot get container's IP address." return 1 fi ct_test_response "http://$ip:${port}" 200 "${expected_text}" ret=$? [[ $ret -eq 0 ]] || docker logs "$(ct_get_cid "${cname}")" # cleanup docker kill "$(ct_get_cid "${cname}")" sleep 2 docker rmi "${app_image_name}" popd >/dev/null || return 1 rm -rf "${tmpdir}" rm -f "${CID_FILE_DIR}/${cname}" return $ret } # ct_check_testcase_result # ----------------------------- # Check if testcase ended in success or error # Argument: result - testcase result value # Uses: $TESTCASE_RESULT - result of the testcase # Uses: $IMAGE_NAME - name of the image being tested ct_check_testcase_result() { local result="$1" if [[ "$result" != "0" ]]; then echo "Test for image '${IMAGE_NAME}' FAILED (exit code: ${result})" TESTCASE_RESULT=1 fi return "$result" } # ct_update_test_result # ----------------------------- # adds result to the $TEST_SUMMARY variable # Argument: test_msg # Argument: app_name # Argument: test_name # Argument: time_diff (optional) # Uses: $TEST_SUMMARY - variable for storing test results ct_update_test_result() { local test_msg="$1" local app_name="$2" local test_case="$3" local time_diff="${4:-}" printf -v TEST_SUMMARY "%s %s for '%s' %s (%s)\n" "${TEST_SUMMARY:-}" "${test_msg}" "${app_name}" "$test_case" "$time_diff" } # ct_run_tests_from_testset # ----------------------------- # Runs all tests in $TEST_SET, prints result to # the $TEST_SUMMARY variable # Argument: app_name - application name to log # Uses: $TEST_SET - set of test cases to run # Uses: $TEST_SUMMARY - variable for storing test results # Uses: $IMAGE_NAME - name of the image being tested # Uses: $UNSTABLE_TESTS - set of tests, whose result can be ignored # Uses: $IGNORE_UNSTABLE_TESTS - flag to ignore unstable tests ct_run_tests_from_testset() { local app_name="${1:-appnamenotset}" local time_beg_pretty local time_beg local time_end local time_diff local test_msg local is_unstable # Let's store in the log what change do we test echo git show -s echo echo "Running tests for image ${IMAGE_NAME}" for test_case in $TEST_SET; do TESTCASE_RESULT=0 # shellcheck disable=SC2076 if [[ " ${UNSTABLE_TESTS[*]} " =~ " ${app_name} " ]] || \ [[ " ${UNSTABLE_TESTS[*]} " =~ " ${test_case} " ]]; then is_unstable=1 else is_unstable=0 fi time_beg_pretty=$(ct_timestamp_pretty) time_beg=$(ct_timestamp_s) echo "-----------------------------------------------" echo "Running test $test_case (starting at $time_beg_pretty) ... " echo "-----------------------------------------------" $test_case ct_check_testcase_result $? time_end=$(ct_timestamp_s) if [ $TESTCASE_RESULT -eq 0 ]; then test_msg="[PASSED]" else if [ -n "${IGNORE_UNSTABLE_TESTS:-""}" ] && [ $is_unstable -eq 1 ]; then test_msg="[FAILED][UNSTABLE-IGNORED]" else test_msg="[FAILED]" TESTSUITE_RESULT=1 fi fi # As soon as test is finished # switch the project from sclorg-test- to default. if [ "${CT_OCP4_TEST:-false}" == "true" ]; then oc project default fi time_diff=$(ct_timestamp_diff "$time_beg" "$time_end") ct_update_test_result "${test_msg}" "${app_name}" "$test_case" "$time_diff" done } # ct_timestamp_s # -------------- # Returns timestamp in seconds since unix era -- a large integer function ct_timestamp_s() { date '+%s' } # ct_timestamp_pretty # ----------------- # Returns timestamp readable to a human, like 2022-05-18 10:52:44+02:00 function ct_timestamp_pretty() { date --rfc-3339=seconds } # ct_timestamp_diff # ----------------- # Computes a time diff between two timestamps # Argument: start_date - Beginning (in seconds since unix era -- a large integer) # Argument: final_date - End (in seconds since unix era -- a large integer) # Returns: Time difference in format HH:MM:SS function ct_timestamp_diff() { local start_date=$1 local final_date=$2 date -u -d "0 $final_date seconds - $start_date seconds" +"%H:%M:%S" } # ct_get_certificate_timestamp # ---------------------------- # Looks into a running container into a specified file (certificate) and extracts # a notBefore date. # Argument: container - ID of a running container # Argument: path - path to the certificate inside the running container # Returns: timestamp (seconds since Unix era) for the certificate generation function ct_get_certificate_timestamp() { local container=$1 local path=$2 date '+%s' --date="$(docker exec "$container" bash -c "cat $path" | openssl x509 -startdate -noout | grep notBefore | sed -e 's/notBefore=//')" } # ct_get_certificate_age_s # ------------------------ # Looks into a running container into a specified file and retuns age of the certificate # Argument: container - ID of a running container # Argument: path - path inside the running container # Returns: age of the certificate in seconds function ct_get_certificate_age_s() { local container=$1 local path=$2 local now local cert_timestamp now=$(date '+%s') cert_timestamp=$(ct_get_certificate_timestamp "$container" "$path") echo $(( now - cert_timestamp )) } # ct_get_image_age_s # ------------------ # Retuns age of a given image in seconds # Argument: image_name - name of a given image # Returns: age of the image in seconds function ct_get_image_age_s() { local image_name=$1 local now local image_created local image_timestamp now=$(date '+%s') # docker inspect returns format