From fdea58ce4c9b3642e710ceacbd1e1999775719c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Fri, 2 Aug 2024 18:18:13 +0200 Subject: [PATCH 1/2] Fix handling of the ironbank base container The ironbank base container is a fips container but actually called bci-base. --- bci_tester/data.py | 19 ++++++++++--------- tests/test_base.py | 8 +++++++- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/bci_tester/data.py b/bci_tester/data.py index 134a383b..28983e56 100755 --- a/bci_tester/data.py +++ b/bci_tester/data.py @@ -380,15 +380,16 @@ def create_BCI( image_type="kiwi", bci_type=ImageType.OS, ) - BASE_FIPS_CONTAINERS = [ - create_BCI( - build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base-fips:{OS_CONTAINER_TAG}", - bci_type=ImageType.OS, - # TODO set to _DEFAULT_BASE_OS_VERSIONS once the fips containers are available - # everywhere - available_versions=("15.6",), - ) - ] + if TARGET not in ("dso",): + BASE_FIPS_CONTAINERS = [ + create_BCI( + build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base-fips:{OS_CONTAINER_TAG}", + bci_type=ImageType.OS, + # TODO set to _DEFAULT_BASE_OS_VERSIONS once the fips containers are available + # everywhere + available_versions=("15.6",), + ) + ] if TARGET in ("ibs", "ibs-cr", "ibs-released"): LTSS_BASE_CONTAINERS.extend( create_BCI( diff --git a/tests/test_base.py b/tests/test_base.py index cea9caa4..465c5727 100644 --- a/tests/test_base.py +++ b/tests/test_base.py @@ -16,6 +16,7 @@ from bci_tester.data import LTSS_BASE_CONTAINERS from bci_tester.data import LTSS_BASE_FIPS_CONTAINERS from bci_tester.data import OS_VERSION +from bci_tester.data import TARGET from bci_tester.fips import ALL_DIGESTS from bci_tester.fips import FIPS_DIGESTS from bci_tester.fips import host_fips_enabled @@ -72,6 +73,7 @@ def test_base_size(container: ContainerData, container_runtime): and container.container.baseurl.rpartition("/")[2].startswith( "bci-base-fips" ) + or TARGET in ("dso",) ) #: size limits of the base container per arch in MiB @@ -81,6 +83,9 @@ def test_base_size(container: ContainerData, container_runtime): base_container_max_size: Dict[str, int] = { "x86_64": 130 if OS_VERSION in ("15.3",) else 169, } + if TARGET in ("dso",): + # the dso container is larger than the bci-base-fips container + base_container_max_size["x86_64"] += 10 elif OS_VERSION in ("basalt", "tumbleweed"): base_container_max_size: Dict[str, int] = { "x86_64": 100, @@ -177,7 +182,8 @@ def test_openssl_hashes(container): @pytest.mark.parametrize( "container_per_test", - [*LTSS_BASE_FIPS_CONTAINERS, *BASE_FIPS_CONTAINERS], + [*LTSS_BASE_FIPS_CONTAINERS, *BASE_FIPS_CONTAINERS] + + ([BASE_CONTAINER] if TARGET in ("dso",) else []), indirect=True, ) def test_openssl_fips_hashes(container_per_test): From 8aa32e5c91cdb12f04e79362bef33d13b03cfb0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Thu, 8 Aug 2024 18:29:26 +0200 Subject: [PATCH 2/2] Switch BASE_CONTAINER to a BASE_CONTAINERS list Thereby we can keep it as an empty list in the DSO case and just assign a FIPS container. --- README.rst | 4 ++-- bci_tester/data.py | 40 +++++++++++++++++++++++++------------- tests/test_base.py | 42 +++++++++++++++++++++------------------- tests/test_go.py | 4 ++-- tests/test_metadata.py | 19 +++++------------- tests/test_repository.py | 12 ++++++------ tests/test_spack.py | 6 +++--- 7 files changed, 67 insertions(+), 60 deletions(-) diff --git a/README.rst b/README.rst index fefb376e..548f73e9 100644 --- a/README.rst +++ b/README.rst @@ -50,7 +50,7 @@ The base container ^^^^^^^^^^^^^^^^^^ We are basing most of our tests on _the_ base container (available via the -``BASE_CONTAINER`` variable in :file:`bci_tester/data.py`). This container is pulled +``BASE_CONTAINERS`` variable in :file:`bci_tester/data.py`). This container is pulled directly from ``registry.suse.de`` and is being build from the `SUSE:SLE-15-SP3:Update:CR:ToTest/sles15-image `_ @@ -66,7 +66,7 @@ http://dist.nue.suse.com/ibs/SUSE:/SLE-15-SP3:/Update:/BCI/images/repo/. Unfortu you have to hand pick the correct folder (use the one ending with ``-Media1`` and for the correct arch) because the build number is put into the folder name. -The ``BASE_CONTAINER`` will then be rebuild with the ``SLE_BCI`` repository +The ``BASE_CONTAINERS`` will then be rebuild with the ``SLE_BCI`` repository replaced with the one from the ``BCI_DEVEL_REPO`` and all tests will thus use the new repository. diff --git a/bci_tester/data.py b/bci_tester/data.py index 28983e56..3b3edbbf 100755 --- a/bci_tester/data.py +++ b/bci_tester/data.py @@ -369,18 +369,32 @@ def create_BCI( LTSS_BASE_FIPS_CONTAINERS = [] if OS_VERSION == "tumbleweed": - BASE_CONTAINER = create_BCI( - build_tag="tumbleweed:latest", - image_type="kiwi", - bci_type=ImageType.OS, - ) + BASE_CONTAINERS = [ + create_BCI( + build_tag="tumbleweed:latest", + image_type="kiwi", + bci_type=ImageType.OS, + ) + ] else: - BASE_CONTAINER = create_BCI( - build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base:{OS_CONTAINER_TAG}", - image_type="kiwi", - bci_type=ImageType.OS, - ) - if TARGET not in ("dso",): + # DSO has the bci-base container as fips version and no non-fips base container + if TARGET in ("dso",): + BASE_CONTAINERS: list[ParameterSet] = [] + BASE_FIPS_CONTAINERS: list[ParameterSet] = [ + create_BCI( + build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base:{OS_CONTAINER_TAG}", + bci_type=ImageType.OS, + available_versions=("15.6",), + ) + ] + else: + BASE_CONTAINERS = [ + create_BCI( + build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base:{OS_CONTAINER_TAG}", + image_type="kiwi", + bci_type=ImageType.OS, + ) + ] BASE_FIPS_CONTAINERS = [ create_BCI( build_tag=f"{BCI_CONTAINER_PREFIX}/bci-base-fips:{OS_CONTAINER_TAG}", @@ -859,7 +873,6 @@ def create_BCI( CONTAINERS_WITH_ZYPPER = ( [ - BASE_CONTAINER, INIT_CONTAINER, KERNEL_MODULE_CONTAINER, NGINX_CONTAINER, @@ -868,6 +881,7 @@ def create_BCI( PHP_8_FPM, ] + ALERTMANAGER_CONTAINERS + + BASE_CONTAINERS + BASE_FIPS_CONTAINERS + BLACKBOX_CONTAINERS + CONTAINER_389DS_CONTAINERS @@ -931,7 +945,6 @@ def create_BCI( else: L3_CONTAINERS = ( [ - BASE_CONTAINER, BUSYBOX_CONTAINER, DISTRIBUTION_CONTAINER, GIT_CONTAINER, @@ -944,6 +957,7 @@ def create_BCI( PHP_8_CLI, PHP_8_FPM, ] + + BASE_CONTAINERS + BASE_FIPS_CONTAINERS + CONTAINER_389DS_CONTAINERS + GOLANG_CONTAINERS diff --git a/tests/test_base.py b/tests/test_base.py index 465c5727..b9e4f173 100644 --- a/tests/test_base.py +++ b/tests/test_base.py @@ -11,7 +11,7 @@ from pytest_container.container import container_and_marks_from_pytest_param from pytest_container.runtime import LOCALHOST -from bci_tester.data import BASE_CONTAINER +from bci_tester.data import BASE_CONTAINERS from bci_tester.data import BASE_FIPS_CONTAINERS from bci_tester.data import LTSS_BASE_CONTAINERS from bci_tester.data import LTSS_BASE_FIPS_CONTAINERS @@ -26,7 +26,7 @@ from tests.test_fips import openssl_fips_hashes_test_fnct CONTAINER_IMAGES = [ - BASE_CONTAINER, + *BASE_CONTAINERS, *BASE_FIPS_CONTAINERS, *LTSS_BASE_CONTAINERS, *LTSS_BASE_FIPS_CONTAINERS, @@ -182,8 +182,7 @@ def test_openssl_hashes(container): @pytest.mark.parametrize( "container_per_test", - [*LTSS_BASE_FIPS_CONTAINERS, *BASE_FIPS_CONTAINERS] - + ([BASE_CONTAINER] if TARGET in ("dso",) else []), + [*LTSS_BASE_FIPS_CONTAINERS, *BASE_FIPS_CONTAINERS], indirect=True, ) def test_openssl_fips_hashes(container_per_test): @@ -226,24 +225,27 @@ def test_all_openssl_hashes_known(auto_container): #: This is the base container with additional launch arguments applied to it so #: that docker can be launched inside the container -DIND_CONTAINER = pytest.param( - DerivedContainer( - base=container_and_marks_from_pytest_param(BASE_CONTAINER)[0], - **{ - x: getattr(BASE_CONTAINER.values[0], x) - for x in BASE_CONTAINER.values[0].__dict__ - if x not in ("extra_launch_args", "base") - }, - extra_launch_args=[ - "--privileged=true", - "-v", - "/var/run/docker.sock:/var/run/docker.sock", - ], - ), -) +DIND_CONTAINERS = [ + pytest.param( + DerivedContainer( + base=container_and_marks_from_pytest_param(c)[0], + **{ + x: getattr(c.values[0], x) + for x in c.values[0].__dict__ + if x not in ("extra_launch_args", "base") + }, + extra_launch_args=[ + "--privileged=true", + "-v", + "/var/run/docker.sock:/var/run/docker.sock", + ], + ) + ) + for c in BASE_CONTAINERS +] -@pytest.mark.parametrize("container_per_test", [DIND_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", DIND_CONTAINERS, indirect=True) @pytest.mark.xfail( OS_VERSION in ("15.7",), reason="SLE BCI repository not yet available" ) diff --git a/tests/test_go.py b/tests/test_go.py index e7b4efb8..ec7a422a 100644 --- a/tests/test_go.py +++ b/tests/test_go.py @@ -7,7 +7,7 @@ from pytest_container.container import ContainerData from pytest_container.runtime import LOCALHOST -from bci_tester.data import BASE_CONTAINER +from bci_tester.data import BASE_CONTAINERS from bci_tester.data import GOLANG_CONTAINERS from bci_tester.runtime_choice import DOCKER_SELECTED @@ -102,7 +102,7 @@ def test_go_get_binary_in_path(auto_container_per_test): ) -@pytest.mark.parametrize("container", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container", BASE_CONTAINERS, indirect=True) def test_base_PATH_present(auto_container, container): """Regression test that we did not accidentally omit parts of ``$PATH`` that are present in he base container in the golang containers. diff --git a/tests/test_metadata.py b/tests/test_metadata.py index cc18e375..514d906f 100644 --- a/tests/test_metadata.py +++ b/tests/test_metadata.py @@ -29,7 +29,7 @@ from bci_tester.data import ACC_CONTAINERS from bci_tester.data import ALERTMANAGER_CONTAINERS from bci_tester.data import ALL_CONTAINERS -from bci_tester.data import BASE_CONTAINER +from bci_tester.data import BASE_CONTAINERS from bci_tester.data import BASE_FIPS_CONTAINERS from bci_tester.data import BLACKBOX_CONTAINERS from bci_tester.data import BUSYBOX_CONTAINER @@ -114,7 +114,9 @@ def _get_container_label_prefix( IMAGES_AND_NAMES: List[ParameterSet] = [ pytest.param(cont, name, img_type, marks=cont.marks) for cont, name, img_type in [ - (BASE_CONTAINER, "base", ImageType.OS), + (c, "base-fips", ImageType.OS) for c in BASE_CONTAINERS + ] + + [ (GIT_CONTAINER, "git", ImageType.APPLICATION), (HELM_CONTAINER, "helm", ImageType.APPLICATION), (MINIMAL_CONTAINER, "minimal", ImageType.OS), @@ -485,18 +487,7 @@ def test_disturl_can_be_checked_out( if ( cont not in L3_CONTAINERS and cont not in ACC_CONTAINERS - and cont != BASE_CONTAINER - ) - ] - + [ - pytest.param( - BASE_CONTAINER.values, - marks=BASE_CONTAINER.marks - + [ - pytest.mark.xfail( - reason="Base container for SLE 15 SP6 is not using the techpreview label (https://build.suse.de/request/show/325200)" - ) - ], + and cont not in BASE_CONTAINERS ) ], indirect=True, diff --git a/tests/test_repository.py b/tests/test_repository.py index 126c9e8a..4c7576ac 100644 --- a/tests/test_repository.py +++ b/tests/test_repository.py @@ -10,7 +10,7 @@ import pytest from bci_tester.data import ALLOWED_BCI_REPO_OS_VERSIONS -from bci_tester.data import BASE_CONTAINER +from bci_tester.data import BASE_CONTAINERS from bci_tester.data import BCI_REPO_NAME from bci_tester.data import OS_VERSION @@ -55,7 +55,7 @@ def f(pkg_name: str) -> bool: @pytest.mark.skipif( OS_VERSION == "tumbleweed", reason="No testing for openSUSE" ) -@pytest.mark.parametrize("container_per_test", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", BASE_CONTAINERS, indirect=True) def test_installcheck(container_per_test): """Run installcheck against the SLE_BCI repo + locally installed packages.""" # Let zypper fetch the repo data and generate solv files. @@ -72,7 +72,7 @@ def test_installcheck(container_per_test): @pytest.mark.skipif( OS_VERSION == "tumbleweed", reason="No testing for openSUSE" ) -@pytest.mark.parametrize("container_per_test", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", BASE_CONTAINERS, indirect=True) def test_sle_bci_forbidden_packages(container_per_test): """Regression test that no packages containing the following strings are in the ``SLE_BCI`` repository: @@ -143,7 +143,7 @@ def test_sle_bci_forbidden_packages(container_per_test): reason="no included BCI repository - can't test", ) @pytest.mark.parametrize("pkg", ("git", "curl", "wget", "unzip")) -@pytest.mark.parametrize("container_per_test", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", BASE_CONTAINERS, indirect=True) def test_package_installation(container_per_test, pkg): """Check that some basic packages (:command:`wget`, :command:`git`, :command:`curl` and :command:`unzip`) can be installed. @@ -164,7 +164,7 @@ def test_package_installation(container_per_test, pkg): OS_VERSION not in ALLOWED_BCI_REPO_OS_VERSIONS, reason="no included BCI repository - can't test", ) -@pytest.mark.parametrize("container_per_test", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", BASE_CONTAINERS, indirect=True) def test_repo_content_licensing(container_per_test) -> None: conn = container_per_test.connection conn.check_output("timeout 2m zypper ref && zypper -n in libsolv-tools") @@ -195,7 +195,7 @@ def test_repo_content_licensing(container_per_test) -> None: "libboost_program_options1_66_0", # bsc#1229894 ], ) -@pytest.mark.parametrize("container_per_test", [BASE_CONTAINER], indirect=True) +@pytest.mark.parametrize("container_per_test", BASE_CONTAINERS, indirect=True) def test_sle15_packages(container_per_test, pkg): """Test that packages that we received reports by users for as missing/broken remain installable and available. diff --git a/tests/test_spack.py b/tests/test_spack.py index b42a2a8a..2317909d 100644 --- a/tests/test_spack.py +++ b/tests/test_spack.py @@ -12,7 +12,7 @@ from pytest_container.helpers import get_extra_build_args from pytest_container.helpers import get_extra_run_args -from bci_tester.data import BASE_CONTAINER +from bci_tester.data import BASE_CONTAINERS from bci_tester.data import SPACK_CONTAINERS from bci_tester.runtime_choice import PODMAN_SELECTED @@ -55,7 +55,7 @@ def test_spack( format: docker images: build: "{container.image_url_or_id}" - final: "{DerivedContainer.get_base(container_and_marks_from_pytest_param(BASE_CONTAINER)[0]).url}" + final: "{DerivedContainer.get_base(container_and_marks_from_pytest_param(BASE_CONTAINERS[0])[0]).url}" """ ) ) @@ -75,7 +75,7 @@ def test_spack( multi_stage_build = MultiStageBuild( containers={ "builder": container.container, - "runner": BASE_CONTAINER, + "runner": BASE_CONTAINERS[0], }, containerfile_template=containerfile.replace("$", "$$"), )