Test upsteam container images #429
Merged
Commits on Aug 22, 2023
-
Use --entrypoint to override image entrypoint in podman run
This makes it possible to run using the same command line regardless of the image having an entrypoint set or not. Also, allow passing arguments to the command inside the container Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Add helper function limeconPullImage
The helper function limeconPullImage will pull an image from a remote registry and optionally tag it with a name and tag locally. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Test with verifier and registrar images from registry
Enable container tests to run against images obtained from registries instead of built locally. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Add plan to test upstream containers
Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Modify containers test plan to test using images from upstream registry for the verifier, registrar, and agent. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Library: Expand Dockerfile path only if not found
If a Dockerfile for any component is provided via environment variable, check if it exists and, only if not found, try to find in limeLibraryDir. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Library: Use entrypoint to chown certificate dir for agent
Use --entrypoint to override the image entrypoint in case it has an entrypoint set. The agent needs the certificate directory to be accessible by the internal 'keylime' user in order to drop privileges inside the container. For this, it is necessary for the files owner uid to match the internal 'keylime' uid. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Library: Allow passing working directory for agent container
The agent will store data in /var/lib/keylime which needs to be accessible by the unprivileged user in the container. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Avoid the need for python inside the agent container
Replace the python payload action with a shell payload action to avoid the need for python inside the agent container. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Create container for revocation webhook.
Use a separate container for the revocation webhook. Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
-
Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.