-
Notifications
You must be signed in to change notification settings - Fork 87
/
Copy pathtest_image_prod.py
69 lines (55 loc) · 1.85 KB
/
test_image_prod.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import pytest
import subprocess
import testinfra
@pytest.fixture(scope="session")
def host():
subprocess.check_call(["docker", "build", "-t", "radicale-under-test", "."])
docker_id = (
subprocess.check_output(
[
"docker",
"run",
"-d",
"--init",
"--read-only",
"--security-opt=no-new-privileges:true",
# Not able to use cap-drop=all and make the container start
# '--cap-drop', 'ALL',
# '--cap-add', 'SYS_ADMIN',
# '--cap-add', 'CHOWN',
# '--cap-add', 'SETUID',
# '--cap-add', 'SETGID',
# '--cap-add', 'KILL',
"--pids-limit",
"50",
"--memory",
"256M",
"radicale-under-test",
]
)
.decode()
.strip()
)
yield testinfra.get_host("docker://" + docker_id)
# teardown
subprocess.check_call(["docker", "rm", "-f", docker_id])
def test_process(host):
process = host.process.get(comm="radicale")
assert process.pid != 1
assert process.user == "radicale"
assert process.group == "radicale"
def test_port(host):
assert host.socket("tcp://0.0.0.0:5232").is_listening
def test_version(host):
assert host.check_output("/venv/bin/radicale --version") == "3.4.0"
def test_user(host):
user = "radicale"
assert host.user(user).uid == 2999
assert host.user(user).gid == 2999
assert host.user(user).shell == "/bin/false"
assert "radicale L " in host.check_output("passwd --status radicale")
def test_data_folder_writable(host):
folder = "/data"
assert host.file(folder).user == "radicale"
assert host.file(folder).group == "radicale"
assert host.file(folder).mode == 0o770