Validate container status in volume mount tests

We fixed an issue in CRI-O returning an invalid container status on different mount propagations: cri-o/cri-o#5981 To avoid such failures everywhere, we now also validate the container status in critest. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
kubernetes-sigs · Jun 21, 2022 · 4bb6714 · 4bb6714
1 parent 8bf6347
commit 4bb6714
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 7 deletions.
diff --git a/pkg/framework/test_context.go b/pkg/framework/test_context.go
@@ -120,6 +120,9 @@ var TestContext TestContextType
 // DefaultRegistryPrefix specifies the default prefix used for images
 const DefaultRegistryPrefix = "docker.io/library"
 
+const DockerShimSockPathUnix = "unix:///var/run/dockershim.sock"
+const DockerShimSockPathWindows = "npipe:////./pipe/dockershim"
+
 // RegisterFlags registers flags to e2e test suites.
 func RegisterFlags() {
 	suite, reporter := ginkgo.GinkgoConfiguration()
@@ -139,10 +142,10 @@ func RegisterFlags() {
 	flag.StringVar(&testImagesFilePath, "test-images-file", "", "Optional path to a YAML file containing references to custom container images to be used in tests.")
 	flag.DurationVar(&TestContext.ImageServiceTimeout, "image-service-timeout", 300*time.Second, "Timeout when trying to connect to image service.")
 
-	svcaddr := "unix:///var/run/dockershim.sock"
+	svcaddr := DockerShimSockPathUnix
 	defaultConfigPath := "/etc/crictl.yaml"
 	if runtime.GOOS == "windows" {
-		svcaddr = "npipe:////./pipe/dockershim"
+		svcaddr = DockerShimSockPathWindows
 		defaultConfigPath = filepath.Join(os.Getenv("USERPROFILE"), ".crictl", "crictl.yaml")
 	}
 	flag.StringVar(&TestContext.ConfigPath, "config", defaultConfigPath, "Location of the client config file. If not specified and the default does not exist, the program's directory is searched as well")

diff --git a/pkg/validate/container_linux.go b/pkg/validate/container_linux.go
@@ -211,9 +211,18 @@ func createHostPathForMountPropagation(podID string, propagationOpt runtimeapi.M
 	return mntSource, propagationSrcDir, propagationMntPoint, clearHostPath
 }
 
-// createMountPropagationContainer creates a container with volume and Privileged and fails if it gets error.
-func createMountPropagationContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, prefix string, podID string,
-	podConfig *runtimeapi.PodSandboxConfig, hostPath string, PropagationOpt runtimeapi.MountPropagation) string {
+// createMountPropagationContainer creates a container with volume and
+// privileged security constraints. It also validates the container status
+// after creation and fails if any error occurs.
+func createMountPropagationContainer(
+	rc internalapi.RuntimeService,
+	ic internalapi.ImageManagerService,
+	prefix string,
+	podID string,
+	podConfig *runtimeapi.PodSandboxConfig,
+	hostPath string,
+	propagation runtimeapi.MountPropagation,
+) string {
 	By("create a container with volume and name")
 	containerName := prefix + framework.NewUUID()
 	containerConfig := &runtimeapi.ContainerConfig{
@@ -230,12 +239,30 @@ func createMountPropagationContainer(rc internalapi.RuntimeService, ic internala
 			{
 				HostPath:      hostPath,
 				ContainerPath: hostPath,
-				Propagation:   PropagationOpt,
+				Propagation:   propagation,
 			},
 		},
 	}
 
-	return framework.CreateContainer(rc, ic, containerConfig, podID, podConfig)
+	containerID := framework.CreateContainer(rc, ic, containerConfig, podID, podConfig)
+
+	By("verifying container status")
+	resp, err := rc.ContainerStatus(containerID, true)
+	framework.ExpectNoError(err, "unable to get container status")
+	Expect(len(resp.Status.Mounts), 1)
+	Expect(resp.Status.Mounts[0].ContainerPath).To(Equal(hostPath))
+	Expect(resp.Status.Mounts[0].HostPath).To(Equal(hostPath))
+	Expect(resp.Status.Mounts[0].Readonly).To(BeFalse())
+	Expect(resp.Status.Mounts[0].SelinuxRelabel).To(BeFalse())
+
+	// NOTE: dockershim does not populate that field, so we do not have to test it
+	if framework.TestContext.RuntimeServiceAddr != framework.DockerShimSockPathUnix &&
+		framework.TestContext.RuntimeServiceAddr != framework.DockerShimSockPathWindows {
+		By("verifying container status mount propagation")
+		Expect(resp.Status.Mounts[0].Propagation).To(Equal(propagation))
+	}
+
+	return containerID
 }
 
 // createPropagationMountPoint mount "propagationSrcDir" at "propagationMntPoint",