Apq
/
Docker-official-images
réplica de https://github.com/docker-library/official-images.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
							#!/bin/bash
set -e

image="$1"

haveSeccomp=
if docker info --format '{{ join .SecurityOptions "\n" }}' 2>/dev/null |tac|tac| grep -q seccomp; then
	haveSeccomp=1

	# get docker default seccomp profile
	seccomp="$(wget -q -O - 'https://raw.githubusercontent.com/docker/docker/v17.03.1-ce/profiles/seccomp/default.json')"

	# make container with jq since it is not guaranteed on the host
	jqImage='librarytest/mongo-basics-jq:alpine'
	docker build -t "$jqImage" - > /dev/null <<-'EOF'
		FROM alpine:3.5

		RUN apk add --no-cache jq

		ENTRYPOINT ["jq"]
	EOF

	# need set_mempolicy syscall to be able to do numactl for mongodb
	# if "set_mempolicy" is not in the always allowed list, add it
	extraSeccomp="$(echo "$seccomp" | docker run -i --rm "$jqImage" --tab '
		.syscalls[] |= if (
			.action == "SCMP_ACT_ALLOW"
			and .args == []
			and .comment == ""
			and .includes == {}
			and .excludes == {}
		) then (
			if ( .names | index("set_mempolicy") ) > 0 then
				.
			else (
				.names |= . + ["set_mempolicy"]
			) end
		)
		else
			.
		end
	')"
else
	echo >&2 'warning: the current Docker daemon does not appear to support seccomp'
fi

docker_run_seccomp() {
	if [ "$haveSeccomp" ]; then
		docker run --security-opt seccomp=<(echo "$extraSeccomp") "$@"
	else
		docker run "$@"
	fi
}

cname="mongo-container-$RANDOM-$RANDOM"
mongodRunArgs=( -d --name "$cname" )
mongoArgs=( --host mongo )

testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")"
testName="$(basename "$testDir")" # "mongo-basics" or "mongo-auth-basics"
case "$testName" in
	*auth*)
		rootUser="root-$RANDOM"
		rootPass="root-$RANDOM-$RANDOM-password"
		mongodRunArgs+=(
			-e MONGO_INITDB_ROOT_USERNAME="$rootUser"
			-e MONGO_INITDB_ROOT_PASSWORD="$rootPass"
		)
		mongoArgs+=(
			--username="$rootUser"
			--password="$rootPass"
			--authenticationDatabase='admin'
		)
		;;
esac

cid="$(docker_run_seccomp "${mongodRunArgs[@]}" "$image")"
trap "docker rm -vf $cid > /dev/null" EXIT

mongo() {
	docker_run_seccomp --rm -i --link "$cname":mongo "$image" mongo "${mongoArgs[@]}" "$@"
}

mongo_eval() {
	mongo --quiet --eval "$@"
}

tries=10
while ! mongo_eval 'quit(db.stats().ok ? 0 : 1);' &> /dev/null; do
	(( tries-- ))
	if [ $tries -le 0 ]; then
		echo >&2 'mongod failed to accept connections in a reasonable amount of time!'
		( set -x && docker logs "$cid" ) >&2 || true
		mongo --eval 'db.stats();' # to hopefully get a useful error message
		false
	fi
	echo >&2 -n .
	sleep 2
done

[ "$(mongo_eval 'db.test.count();')" = 0 ]
mongo_eval 'db.test.save({ _id: 1, a: 2, b: 3, c: "hello" });' > /dev/null
[ "$(mongo_eval 'db.test.count();')" = 1 ]
mongo_eval 'db.test.save({ _id: 1, a: 3, b: 4, c: "hello" });' > /dev/null
[ "$(mongo_eval 'db.test.count();')" = 1 ]
[ "$(mongo_eval 'db.test.findOne().a;')" = 3 ]

[ "$(mongo_eval 'db.test2.count();')" = 0 ]
mongo_eval 'db.test2.save({ _id: "abc" });' > /dev/null
[ "$(mongo_eval 'db.test2.count();')" = 1 ]
[ "$(mongo_eval 'db.test.count();')" = 1 ]
mongo_eval 'db.test2.drop();' > /dev/null
[ "$(mongo_eval 'db.test2.count();')" = 0 ]
[ "$(mongo_eval 'db.test.count();')" = 1 ]
[ "$(mongo_eval 'db.test.count();' database-that-does-not-exist)" = 0 ]

mongo_eval 'db.dropDatabase();' > /dev/null
[ "$(mongo_eval 'db.test.count();')" = 0 ]