Merge pull request #45 from puppetlabs/cdpe-6808/add-podman-support

(CDPE-6808) Add podman support

Author: abottchen

.github/workflows/unit-test.yml

@@ -2,6 +2,36 @@ name: unit-test
 on:
   - pull_request
 jobs:
+  podman_tests:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: Uninstall docker
+        run: |
+          sudo apt-get update
+          sudo apt-get remove -y docker-ce
+      - name: Install podman
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y podman
+      - run: bundle exec rspec spec/podman_spec.rb
+  docker_tests:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: Uninstall podman
+        run: |
+          sudo apt-get update
+          sudo apt-get remove -y podman
+      - run: bundle exec rspec spec/docker_spec.rb
   unix_tests:
     runs-on: macos-latest
     steps:
@@ -10,7 +40,7 @@ jobs:
         with:
           ruby-version: 2.6
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-      - run: bundle exec rspec spec
+      - run: bundle exec rspec spec/run_cd4pe_job_spec.rb
   windows_tests:
     runs-on: windows-latest
     steps:
@@ -19,4 +49,4 @@ jobs:
         with:
           ruby-version: 2.6
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-      - run: $env:RUN_WINDOWS_UNIT_TESTS = "true"; bundle exec rspec spec
+      - run: $env:RUN_WINDOWS_UNIT_TESTS = "true"; bundle exec rspec spec/run_cd4pe_job_spec.rb

spec/docker_spec.rb

@@ -0,0 +1,113 @@
+require 'open3'
+require 'base64'
+require 'json'
+require 'fileutils'
+require_relative '../tasks/run_cd4pe_job.rb'
+
+describe 'run_cd4pe_job' do
+  before(:all) do
+    @logger = Logger.new
+  end
+
+  before(:each) do
+    @working_dir = File.join(Dir.getwd, "test_working_dir")
+    Dir.mkdir(@working_dir)
+
+    # Ensure tests don't write to /etc/containers/certs.d
+    @certs_dir = File.join(@working_dir, "certs.d")
+    CD4PEJobRunner.send(:remove_const, :DOCKER_CERTS)
+    CD4PEJobRunner.const_set(:DOCKER_CERTS, @certs_dir)
+
+    @web_ui_endpoint = 'https://testtest.com'
+    @job_token = 'alksjdbhfnadhsbf'
+    @job_owner = 'carls cool carl'
+    @job_instance_id = '17'
+    @secrets = {
+      secret1: "hello",
+      secret2: "friend",
+    }
+    @windows_job = ENV['RUN_WINDOWS_UNIT_TESTS']
+  end
+
+  after(:each) do
+    FileUtils.remove_dir(@working_dir)
+    $stdout = STDOUT
+  end
+
+  describe 'cd4pe_job_helper::get_runtime' do
+    it 'Detects docker as the available runtime.' do
+      test_container_image = 'puppetlabs/test:10.0.1'
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+      expect(job_helper.get_runtime).to eq('docker')
+    end
+  end
+
+  describe 'cd4pe_job_helper::update_container_image' do
+    let(:test_container_image) { 'puppetlabs/test:10.0.1' }
+    it 'Generates a docker pull command.' do
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+      docker_pull_command = job_helper.get_image_pull_cmd
+      expect(docker_pull_command).to eq("docker pull #{test_container_image}")
+    end
+
+    context 'with config' do
+      let(:hostname) { 'host1' }
+      let(:creds_json) { {auths: {hostname => {}}}.to_json }
+      let(:creds_b64) { Base64.encode64(creds_json) }
+      let(:cert_txt) { 'junk' }
+      let(:cert_b64) { Base64.encode64(cert_txt) }
+
+      it 'Uses config when present for docker.' do
+        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, image_pull_creds: creds_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+        config_json = File.join(@working_dir, '.docker', 'config.json')
+        expect(File.exist?(config_json)).to be(true)
+        expect(File.read(config_json)).to eq(creds_json)
+
+        docker_pull_command = job_helper.get_image_pull_cmd
+        expect(docker_pull_command).to eq("docker --config #{File.join(@working_dir, '.docker')} pull #{test_container_image}")
+      end
+
+      it 'Registers the CA cert when provided.' do
+        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, image_pull_creds: creds_b64, base_64_ca_cert: cert_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+
+        cert_file = File.join(@certs_dir, hostname, 'ca.crt')
+        expect(File.exist?(cert_file)).to be(true)
+        expect(File.read(cert_file)).to eq(cert_txt)
+      end
+    end
+  end
+
+  describe 'cd4pe_job_helper::get_container_run_cmd' do
+    it 'Generates the correct docker run command.' do
+      test_manifest_type = "AFTER_JOB_SUCCESS"
+      test_container_image = 'puppetlabs/test:10.0.1'
+      arg1 = '--testarg=woot'
+      arg2 = '--otherarg=hello'
+      arg3 = '--whatever=doesntmatter'
+      user_specified_container_run_args = [arg1, arg2, arg3]
+      job_type = 'unix'
+
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, container_run_args: user_specified_container_run_args, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+
+      docker_run_command = job_helper.get_container_run_cmd(test_manifest_type)
+      cmd_parts = docker_run_command.split(' ')
+
+      expect(cmd_parts[0]).to eq('docker')
+      expect(cmd_parts[1]).to eq('run')
+      expect(cmd_parts[2]).to eq('--rm')
+      expect(cmd_parts[3]).to eq(arg1)
+      expect(cmd_parts[4]).to eq(arg2)
+      expect(cmd_parts[5]).to eq(arg3)
+      expect(cmd_parts[6]).to eq('-e')
+      expect(cmd_parts[7]).to eq('secret1')
+      expect(cmd_parts[8]).to eq('-e')
+      expect(cmd_parts[9]).to eq('secret2')
+      expect(cmd_parts[10]).to eq('-v')
+      expect(cmd_parts[11].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/repo:/repo\"")).to be(true)
+      expect(cmd_parts[12]).to eq('-v')
+      expect(cmd_parts[13].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/jobs/#{job_type}:/cd4pe_job\"")).to be(true)
+      expect(cmd_parts[14]).to eq(test_container_image)
+      expect(cmd_parts[15]).to eq('"/cd4pe_job/AFTER_JOB_SUCCESS"')
+    end
+  end
+end

spec/podman_spec.rb

@@ -0,0 +1,113 @@
+require 'open3'
+require 'base64'
+require 'json'
+require 'fileutils'
+require_relative '../tasks/run_cd4pe_job.rb'
+
+describe 'run_cd4pe_job' do
+  before(:all) do
+    @logger = Logger.new
+  end
+
+  before(:each) do
+    @working_dir = File.join(Dir.getwd, "test_working_dir")
+    Dir.mkdir(@working_dir)
+
+    # Ensure tests don't write to /etc/containers/certs.d
+    @certs_dir = File.join(@working_dir, "certs.d")
+    CD4PEJobRunner.send(:remove_const, :PODMAN_CERTS)
+    CD4PEJobRunner.const_set(:PODMAN_CERTS, @certs_dir)
+
+    @web_ui_endpoint = 'https://testtest.com'
+    @job_token = 'alksjdbhfnadhsbf'
+    @job_owner = 'carls cool carl'
+    @job_instance_id = '17'
+    @secrets = {
+      secret1: "hello",
+      secret2: "friend",
+    }
+    @windows_job = ENV['RUN_WINDOWS_UNIT_TESTS']
+  end
+
+  after(:each) do
+    FileUtils.remove_dir(@working_dir)
+    $stdout = STDOUT
+  end
+
+  describe 'cd4pe_job_helper::get_runtime' do
+    it 'Detects podman as the available runtime.' do
+      test_container_image = 'puppetlabs/test:10.0.1'
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+      expect(job_helper.get_runtime).to eq('podman')
+    end
+  end
+
+  describe 'cd4pe_job_helper::update_container_image' do
+    let(:test_container_image) { 'puppetlabs/test:10.0.1' }
+    it 'Generates a podman pull command.' do
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+      podman_pull_command = job_helper.get_image_pull_cmd
+      expect(podman_pull_command).to eq("podman pull #{test_container_image}")
+    end
+
+    context 'with config' do
+      let(:hostname) { 'host1' }
+      let(:creds_json) { {auths: {hostname => {}}}.to_json }
+      let(:creds_b64) { Base64.encode64(creds_json) }
+      let(:cert_txt) { 'junk' }
+      let(:cert_b64) { Base64.encode64(cert_txt) }
+
+      it 'Uses config when present for podman.' do
+        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, image_pull_creds: creds_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+        config_json = File.join(@working_dir, '.docker', 'config.json')
+        expect(File.exist?(config_json)).to be(true)
+        expect(File.read(config_json)).to eq(creds_json)
+
+        podman_pull_command = job_helper.get_image_pull_cmd
+        expect(podman_pull_command).to eq("podman --config #{File.join(@working_dir, '.docker')} pull #{test_container_image}")
+      end
+
+      it 'Registers the CA cert when provided.' do
+        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, image_pull_creds: creds_b64, base_64_ca_cert: cert_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+
+        cert_file = File.join(@certs_dir, hostname, 'ca.crt')
+        expect(File.exist?(cert_file)).to be(true)
+        expect(File.read(cert_file)).to eq(cert_txt)
+      end
+    end
+  end
+
+  describe 'cd4pe_job_helper::get_container_run_cmd' do
+    it 'Generates the correct podman run command.' do
+      test_manifest_type = "AFTER_JOB_SUCCESS"
+      test_container_image = 'puppetlabs/test:10.0.1'
+      arg1 = '--testarg=woot'
+      arg2 = '--otherarg=hello'
+      arg3 = '--whatever=doesntmatter'
+      user_specified_container_run_args = [arg1, arg2, arg3]
+      job_type = 'unix'
+
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_image: test_container_image, container_run_args: user_specified_container_run_args, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+
+      podman_run_command = job_helper.get_container_run_cmd(test_manifest_type)
+      cmd_parts = podman_run_command.split(' ')
+
+      expect(cmd_parts[0]).to eq('podman')
+      expect(cmd_parts[1]).to eq('run')
+      expect(cmd_parts[2]).to eq('--rm')
+      expect(cmd_parts[3]).to eq(arg1)
+      expect(cmd_parts[4]).to eq(arg2)
+      expect(cmd_parts[5]).to eq(arg3)
+      expect(cmd_parts[6]).to eq('-e')
+      expect(cmd_parts[7]).to eq('secret1')
+      expect(cmd_parts[8]).to eq('-e')
+      expect(cmd_parts[9]).to eq('secret2')
+      expect(cmd_parts[10]).to eq('-v')
+      expect(cmd_parts[11].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/repo:/repo:z\"")).to be(true)
+      expect(cmd_parts[12]).to eq('-v')
+      expect(cmd_parts[13].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/jobs/#{job_type}:/cd4pe_job:z\"")).to be(true)
+      expect(cmd_parts[14]).to eq(test_container_image)
+      expect(cmd_parts[15]).to eq('"/cd4pe_job/AFTER_JOB_SUCCESS"')
+    end
+  end
+end

spec/run_cd4pe_job_spec.rb

@@ -139,15 +139,15 @@
   end
 
   describe 'cd4pe_job_helper::initialize' do
-    it 'Passes the docker run args through without modifying the structure.' do
+    it 'Passes the container run args through without modifying the structure.' do
       arg1 = '--testarg=woot'
       arg2 = '--otherarg=hello'
       arg3 = '--whatever=isclever'
-      user_specified_docker_run_args = [arg1, arg2, arg3]
+      user_specified_container_run_args = [arg1, arg2, arg3]
 
-      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, docker_run_args: user_specified_docker_run_args, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
+      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, container_run_args: user_specified_container_run_args, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
 
-      expect(job_helper.docker_run_args).to eq("#{arg1} #{arg2} #{arg3}")
+      expect(job_helper.container_run_args).to eq("#{arg1} #{arg2} #{arg3}")
     end
 
     it 'Sets the HOME and REPO_DIR env vars' do
@@ -157,75 +157,6 @@
       expect(ENV['REPO_DIR']).to eq("#{@working_dir}/cd4pe_job/repo")
     end
   end
-
-  describe 'cd4pe_job_helper::update_docker_image' do
-    let(:test_docker_image) { 'puppetlabs/test:10.0.1' }
-    it 'Generates a docker pull command.' do
-      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, docker_image: test_docker_image, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
-      docker_pull_command = job_helper.get_docker_pull_cmd
-      expect(docker_pull_command).to eq("docker pull #{test_docker_image}")
-    end
-
-    context 'with config' do
-      let(:hostname) { 'host1' }
-      let(:creds_json) { {auths: {hostname => {}}}.to_json }
-      let(:creds_b64) { Base64.encode64(creds_json) }
-      let(:cert_txt) { 'junk' }
-      let(:cert_b64) { Base64.encode64(cert_txt) }
-
-      it 'Uses config when present.' do
-        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, docker_image: test_docker_image, docker_pull_creds: creds_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
-        config_json = File.join(@working_dir, '.docker', 'config.json')
-        expect(File.exist?(config_json)).to be(true)
-        expect(File.read(config_json)).to eq(creds_json)
-
-        docker_pull_command = job_helper.get_docker_pull_cmd
-        expect(docker_pull_command).to eq("docker --config #{File.join(@working_dir, '.docker')} pull #{test_docker_image}")
-      end
-
-      it 'Registers the CA cert when provided.' do
-        job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, docker_image: test_docker_image, docker_pull_creds: creds_b64, base_64_ca_cert: cert_b64, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
-
-        cert_file = File.join(@certs_dir, hostname, 'ca.crt')
-        expect(File.exist?(cert_file)).to be(true)
-        expect(File.read(cert_file)).to eq(cert_txt)
-      end
-    end
-  end
-
-  describe 'cd4pe_job_helper::get_docker_run_cmd' do
-    it 'Generates the correct docker run command.' do
-      test_manifest_type = "AFTER_JOB_SUCCESS"
-      test_docker_image = 'puppetlabs/test:10.0.1'
-      arg1 = '--testarg=woot'
-      arg2 = '--otherarg=hello'
-      arg3 = '--whatever=doesntmatter'
-      user_specified_docker_run_args = [arg1, arg2, arg3]
-      job_type = @windows_job ? 'windows' : 'unix'
-
-      job_helper = CD4PEJobRunner.new(windows_job: @windows_job, working_dir: @working_dir, docker_image: test_docker_image, docker_run_args: user_specified_docker_run_args, job_token: @job_token, web_ui_endpoint: @web_ui_endpoint, job_owner: @job_owner, job_instance_id: @job_instance_id, logger: @logger, secrets: @secrets)
-
-      docker_run_command = job_helper.get_docker_run_cmd(test_manifest_type)
-      cmd_parts = docker_run_command.split(' ')
-
-      expect(cmd_parts[0]).to eq('docker')
-      expect(cmd_parts[1]).to eq('run')
-      expect(cmd_parts[2]).to eq('--rm')
-      expect(cmd_parts[3]).to eq(arg1)
-      expect(cmd_parts[4]).to eq(arg2)
-      expect(cmd_parts[5]).to eq(arg3)
-      expect(cmd_parts[6]).to eq('-e')
-      expect(cmd_parts[7]).to eq('secret1')
-      expect(cmd_parts[8]).to eq('-e')
-      expect(cmd_parts[9]).to eq('secret2')
-      expect(cmd_parts[10]).to eq('-v')
-      expect(cmd_parts[11].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/repo:/repo\"")).to be(true)
-      expect(cmd_parts[12]).to eq('-v')
-      expect(cmd_parts[13].end_with?("/#{File.basename(@working_dir)}/cd4pe_job/jobs/#{job_type}:/cd4pe_job\"")).to be(true)
-      expect(cmd_parts[14]).to eq(test_docker_image)
-      expect(cmd_parts[15]).to eq('"/cd4pe_job/AFTER_JOB_SUCCESS"')
-    end
-  end
 end
 
 describe 'cd4pe_job_helper::run_job' do

tasks/run_cd4pe_job.json

@@ -24,15 +24,15 @@
     },
     "docker_image": {
       "type": "Optional[String[1]]",
-      "description": "If specified, the job will attempt to run inside the docker container."
+      "description": "If specified, the job will attempt to run inside a container."
     },
     "docker_run_args": {
       "type": "Optional[Array[String[1]]]",
-      "description": "If specified, the arguements will be passed to docker if docker image is specified."
+      "description": "The arguments to pass to the container runtime."
     },
     "docker_pull_creds": {
       "type": "Optional[String[1]]",
-      "description": "Base64-encoded docker config.json to use when pulling the specified docker image.",
+      "description": "Base64-encoded config.json to use when pulling the specified container image.",
       "sensitive": true
     },
     "base_64_ca_cert": {