Replace bind9.18-utils with bind-utils

2.4/Dockerfile.rhel9

@@ -35,7 +35,7 @@ LABEL summary="${SUMMARY}" \
 EXPOSE 8080
 EXPOSE 8443
 
-RUN INSTALL_PKGS="gettext hostname nss_wrapper-libs bind9.18-utils httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \
+RUN INSTALL_PKGS="gettext hostname nss_wrapper-libs httpd mod_ssl mod_ldap mod_session mod_security mod_auth_mellon sscg" && \
     yum install -y --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
     httpd -v | grep -qe "Apache/${HTTPD_VERSION}" && echo "Found VERSION ${HTTPD_VERSION}" && \
     yum -y clean all --enablerepo='*'

test/test_container_httpd.py

@@ -10,49 +10,41 @@
 
 
 class TestHttpdAppContainer:
-
     def setup_method(self):
         self.app = ContainerTestLib(image_name=IMAGE_NAME, s2i_image=True)
 
     def teardown_method(self):
         self.app.cleanup()
 
-    @pytest.mark.parametrize(
-        "container_arg",
-        [
-            "",
-            "--user 0"
-        ]
-    )
+    @pytest.mark.parametrize("container_arg", ["", "--user 0"])
     def test_default_page(self, container_arg):
-        assert self.app.create_container(cid_file_name="test_default_page", container_args=container_arg)
+        assert self.app.create_container(
+            cid_file_name="test_default_page", container_args=container_arg
+        )
         cip = self.app.get_cip("test_default_page")
         assert cip
         response = "HTTP Server"
-        assert self.app.test_response(url=cip, expected_code=403, expected_output=response, max_attempts=3)
+        assert self.app.test_response(
+            url=cip, expected_code=403, expected_output=response, max_attempts=3
+        )
 
     def test_run_s2i_usage(self):
         output = self.app.s2i_usage()
         assert output
 
-    @pytest.mark.parametrize(
-        "dockerfile",
-        [
-            "Dockerfile",
-            "Dockerfile.s2i"
-        ]
-    )
+    @pytest.mark.parametrize("dockerfile", ["Dockerfile", "Dockerfile.s2i"])
     def test_dockerfiles(self, dockerfile):
         assert self.app.build_test_container(
-            dockerfile=TEST_DIR / "examples" / dockerfile, app_url="https://github.com/sclorg/httpd-ex.git",
-            app_dir="app-src"
+            dockerfile=TEST_DIR / "examples" / dockerfile,
+            app_url="https://github.com/sclorg/httpd-ex.git",
+            app_dir="app-src",
         )
         assert self.app.test_app_dockerfile()
         cip = self.app.get_cip()
         assert cip
         assert self.app.test_response(
             url=f"http://{cip}",
-            expected_output="Welcome to your static httpd application on OpenShift"
+            expected_output="Welcome to your static httpd application on OpenShift",
         )
 
     @pytest.mark.parametrize(
@@ -61,11 +53,14 @@ def test_dockerfiles(self, dockerfile):
             "worker",
             "event",
             "prefork",
-        ]
+        ],
     )
     def test_mpm_config(self, mpm_config):
         cid_name = f"test_mpm_{mpm_config}"
-        assert self.app.create_container(cid_file_name=cid_name, container_args=f"-e HTTPD_MPM={mpm_config} --user 1001")
+        assert self.app.create_container(
+            cid_file_name=cid_name,
+            container_args=f"-e HTTPD_MPM={mpm_config} --user 1001",
+        )
         cip = self.app.get_cip(cid_file_name=cid_name)
         # Let's check that server really response HTTP-403
         # See function here: in test/run `_run_mpm_config_test`
@@ -74,45 +69,44 @@ def test_mpm_config(self, mpm_config):
         logs = self.app.get_logs(cid_file_name=cid_name)
         assert re.search(f"mpm_{mpm_config}:notice.*resuming normal operations", logs)
 
-
     def test_log_to_data_volume(self):
         data_dir = tempfile.mkdtemp(prefix="/tmp/httpd-test_log_dir")
         ContainerTestLibUtils.commands_to_run(
-            commands_to_run = [
+            commands_to_run=[
                 f"mkdir -p {data_dir}",
                 f"chown -R 1001:1001 {data_dir}",
-                f"chcon -Rvt svirt_sandbox_file_t {data_dir}/"
+                f"chcon -Rvt svirt_sandbox_file_t {data_dir}/",
             ]
         )
         assert self.app.create_container(
             cid_file_name="test_log_dir",
-            container_args=f"-e HTTPD_LOG_TO_VOLUME=1 --user 0 -v {data_dir}:/var/log/httpd"
+            container_args=f"-e HTTPD_LOG_TO_VOLUME=1 --user 0 -v {data_dir}:/var/log/httpd",
         )
         cip = self.app.get_cip(cid_file_name="test_log_dir")
         assert self.app.test_response(url=f"http://{cip}", expected_code=403)
         assert ContainerTestLibUtils.check_files_are_present(
-            dir_name=data_dir, file_name_to_check=[
+            dir_name=data_dir,
+            file_name_to_check=[
                 "access_log",
                 "error_log",
                 "ssl_access_log",
                 "ssl_error_log",
                 "ssl_request_log",
-            ]
+            ],
         )
 
     def test_data_volume(self):
         data_dir = tempfile.mkdtemp(prefix="/tmp/httpd-test-volume")
         ContainerTestLibUtils.commands_to_run(
-            commands_to_run = [
+            commands_to_run=[
                 f"mkdir -p {data_dir}/html",
                 f"echo hello > {data_dir}/html/index.html",
                 f"chown -R 1001:1001 {data_dir}",
-                f"chcon -Rvt svirt_sandbox_file_t {data_dir}/"
+                f"chcon -Rvt svirt_sandbox_file_t {data_dir}/",
             ]
         )
         assert self.app.create_container(
-            cid_file_name="doc_root",
-            container_args=f"-v {data_dir}:/var/www"
+            cid_file_name="doc_root", container_args=f"-v {data_dir}:/var/www"
         )
         cip = self.app.get_cip(cid_file_name="doc_root")
         assert cip

test/test_container_httpd_s2i.py

@@ -21,55 +21,51 @@ def build_s2i_app(app_path: Path) -> ContainerTestLib:
         app_path=app_path,
         s2i_args="--pull-policy=never",
         src_image=IMAGE_NAME,
-        dst_image=f"{IMAGE_NAME}-{app_name}"
+        dst_image=f"{IMAGE_NAME}-{app_name}",
     )
     return s2i_app
 
 
 class TestHttpdS2IPreInitContainer:
-
     def setup_method(self):
         self.s2i_app = build_s2i_app(pre_init_test_app)
 
     def teardown_method(self):
         self.s2i_app.cleanup()
 
     def test_run_pre_init_test(self):
-        assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000")
+        assert self.s2i_app.create_container(
+            cid_file_name=self.s2i_app.app_name, container_args="--user 1000"
+        )
         cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name)
         assert cip
         assert self.s2i_app.test_response(
             url=f"http://{cip}",
-            expected_output="This content was replaced by pre-init script."
+            expected_output="This content was replaced by pre-init script.",
         )
 
 
 class TestHttpdS2ISampleAppContainer:
-
     def setup_method(self):
         self.s2i_app = build_s2i_app(sample_test_app)
 
     def teardown_method(self):
         self.s2i_app.cleanup()
 
     def test_sample_app(self):
-        assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000")
+        assert self.s2i_app.create_container(
+            cid_file_name=self.s2i_app.app_name, container_args="--user 1000"
+        )
         cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name)
         assert cip
         response = "This is a sample s2i application with static content."
+        assert self.s2i_app.test_response(url=f"http://{cip}", expected_output=response)
         assert self.s2i_app.test_response(
-            url=f"http://{cip}",
-            expected_output=response
-        )
-        assert self.s2i_app.test_response(
-            url=f"https://{cip}",
-            port=8443,
-            expected_output=response
+            url=f"https://{cip}", port=8443, expected_output=response
         )
 
 
 class TestHttpdCertAgeContainer:
-
     def setup_method(self):
         self.s2i_app = build_s2i_app(sample_test_app)
 
@@ -82,41 +78,64 @@ def test_cert_age(self):
         because shipping the same certs in the image would make it easy to exploit
         Let's see how old the certificate is and compare with how old the image is
         """
-        assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000")
-        image_age_s = PodmanCLIWrapper.podman_inspect(
-            field="{{.Created}}", src_image=IMAGE_NAME
-        ).strip().split(' ')
-        image_age = time.time() - float(ContainerTestLibUtils.run_command(
-            cmd=f"date -d '{image_age_s[0]} {image_age_s[1]} {image_age_s[2]}' '+%s'"
-        ))
+        assert self.s2i_app.create_container(
+            cid_file_name=self.s2i_app.app_name, container_args="--user 1000"
+        )
+        image_age_s = (
+            PodmanCLIWrapper.podman_inspect(field="{{.Created}}", src_image=IMAGE_NAME)
+            .strip()
+            .split(" ")
+        )
+        image_age = time.time() - float(
+            ContainerTestLibUtils.run_command(
+                cmd=f"date -d '{image_age_s[0]} {image_age_s[1]} {image_age_s[2]}' '+%s'"
+            )
+        )
         cid = self.s2i_app.get_cid(self.s2i_app.app_name)
         # Testing of not presence of a certificate in the production image
-        certificate_content = PodmanCLIWrapper.podman_exec_shell_command(
-            cid_file_name=cid, cmd="cat \\$HTTPD_TLS_CERT_PATH/localhost.crt"
+        cert_file_path = PodmanCLIWrapper.podman_exec_shell_command(
+            cid_file_name=cid, cmd="echo $HTTPD_TLS_CERT_PATH"
+        ).strip()
+        assert cert_file_path
+        certificate_path = f"{cert_file_path}/localhost.crt"
+        assert certificate_path
+        certificate_content = PodmanCLIWrapper.podman_get_file_content(
+            cid_file_name=cid, filename=certificate_path
         )
         assert certificate_content
         certificate_dir = tempfile.mkdtemp(prefix="/tmp/cert_dir")
         with open(Path(certificate_dir) / "cert", mode="w") as f:
             f.write(certificate_content.strip())
-        certificate_age_s = ContainerTestLibUtils.run_command(
-            cmd=f"openssl x509 -startdate -noout -in {Path(certificate_dir)}/cert"
-        ).strip().replace("notBefore=", "")
-        certificate_age = time.time() - float(ContainerTestLibUtils.run_command(
-            cmd=f"date '+%s' --date='{certificate_age_s}'")
+        certificate_age_s = (
+            ContainerTestLibUtils.run_command(
+                cmd=f"openssl x509 -startdate -noout -in {Path(certificate_dir)}/cert"
+            )
+            .strip()
+            .replace("notBefore=", "")
+        )
+        certificate_age = time.time() - float(
+            ContainerTestLibUtils.run_command(
+                cmd=f"date '+%s' --date='{certificate_age_s}'"
+            )
         )
         # Testing whether the certificate was freshly generated after the image
         assert certificate_age < image_age
+        # Testing of not presence of a certificate in the production image
+        assert not PodmanCLIWrapper.podman_run_command_and_remove(
+            cid_file_name=IMAGE_NAME,
+            cmd=f"test -e {cert_file_path}/localhost.crt",
+        )
         # Testing presence and permissions of the generated certificate
         assert PodmanCLIWrapper.podman_exec_shell_command(
-            cid_file_name=cid, cmd="ls -l \\$HTTPD_TLS_CERT_PATH/localhost.crt"
+            cid_file_name=cid, cmd=f"ls -l {certificate_path}"
         )
         # Testing presence and permissions of the generated certificate
         assert PodmanCLIWrapper.podman_exec_shell_command(
-            cid_file_name=cid, cmd="ls -l \\$HTTPD_TLS_CERT_PATH/localhost.key"
+            cid_file_name=cid, cmd=f"ls -l {cert_file_path}/localhost.key"
         )
 
-class TestHttpdS2ISslSelfSignedAppContainer:
 
+class TestHttpdS2ISslSelfSignedAppContainer:
     def setup_method(self):
         self.s2i_app = build_s2i_app(self_cert_test)
 
@@ -130,11 +149,17 @@ def test_self_cert_test(self):
         it from Docker hub
         """
         self.s2i_app.set_new_image(image_name=f"{IMAGE_NAME}-{self.s2i_app.app_name}")
-        assert self.s2i_app.create_container(cid_file_name=self.s2i_app.app_name, container_args="--user 1000")
+        assert self.s2i_app.create_container(
+            cid_file_name=self.s2i_app.app_name, container_args="--user 1000"
+        )
         cip = self.s2i_app.get_cip(cid_file_name=self.s2i_app.app_name)
         assert cip
-        assert self.s2i_app.test_response(url=f"http://{cip}", expected_output="SSL test works")
-        assert self.s2i_app.test_response(url=f"https://{cip}", port=8443, expected_output="SSL test works")
+        assert self.s2i_app.test_response(
+            url=f"http://{cip}", expected_output="SSL test works"
+        )
+        assert self.s2i_app.test_response(
+            url=f"https://{cip}", port=8443, expected_output="SSL test works"
+        )
         server_cmd = f"openssl s_client -showcerts -servername {cip} -connect {cip}:8443 2>/dev/null"
         server_output = ContainerTestLibUtils.run_command(cmd=server_cmd)
         certificate_dir = tempfile.mkdtemp(prefix="/tmp/server_cert_dir")
@@ -143,6 +168,8 @@ def test_self_cert_test(self):
         server_cert = ContainerTestLibUtils.run_command(
             cmd=f"openssl x509 -inform pem -noout -text -in {Path(certificate_dir)}/output"
         )
-        config_cmd = f"openssl x509 -in {TEST_DIR}/{self.s2i_app.app_name}/httpd-ssl/certs/server-cert-selfsigned.pem -inform pem -noout -text"
+        pem_file = f"{TEST_DIR}/{self.s2i_app.app_name}/httpd-ssl/certs/server-cert-selfsigned.pem"
+        assert Path(pem_file).exists()
+        config_cmd = f"openssl x509 -in {pem_file} -inform pem -noout -text"
         config_cert = ContainerTestLibUtils.run_command(cmd=config_cmd)
         assert server_cert == config_cert

test/test_ocp_ex_template.py

@@ -1,8 +1,6 @@
 import os
 import sys
 
-import pytest
-
 from pathlib import Path
 
 from container_ci_suite.openshift import OpenShiftAPI
@@ -19,7 +17,6 @@
 
 
 class TestHTTPDExExampleRepo:
-
     def setup_method(self):
         self.template_name = get_service_image(IMAGE_NAME)
         self.oc_api = OpenShiftAPI(pod_name_prefix=self.template_name, version=VERSION)
@@ -30,10 +27,11 @@ def teardown_method(self):
     def test_httpd_ex_template_inside_cluster(self):
         assert self.oc_api.deploy_s2i_app(
             image_name=IMAGE_NAME,
-            app=f"https://github.com/sclorg/httpd-ex#master",
-            context="."
+            app="https://github.com/sclorg/httpd-ex#master",
+            context=".",
         )
         assert self.oc_api.is_template_deployed(name_in_template=self.template_name)
         assert self.oc_api.check_response_inside_cluster(
-            name_in_template=self.template_name, expected_output="Welcome to your static httpd"
+            name_in_template=self.template_name,
+            expected_output="Welcome to your static httpd",
         )

test/test_ocp_imagestream_s2i.py

@@ -1,8 +1,6 @@
 import os
 import sys
 
-import pytest
-
 from container_ci_suite.openshift import OpenShiftAPI
 from container_ci_suite.utils import get_service_image, check_variables
 
@@ -17,7 +15,6 @@
 
 
 class TestHTTPDImagestreamS2I:
-
     def setup_method(self):
         self.template_name = get_service_image(IMAGE_NAME)
         self.oc_api = OpenShiftAPI(pod_name_prefix=self.template_name, version=VERSION)
@@ -26,15 +23,16 @@ def teardown_method(self):
         self.oc_api.delete_project()
 
     def test_inside_cluster(self):
-        os_name = ''.join(i for i in OS if not i.isdigit())
+        os_name = "".join(i for i in OS if not i.isdigit())
         assert self.oc_api.deploy_imagestream_s2i(
             imagestream_file=f"imagestreams/httpd-{os_name}.json",
             image_name=IMAGE_NAME,
             app="https://github.com/sclorg/httpd-container.git",
             context="examples/sample-test-app",
-            service_name=self.template_name
+            service_name=self.template_name,
         )
         assert self.oc_api.is_s2i_pod_running(pod_name_prefix=self.template_name)
         assert self.oc_api.check_response_inside_cluster(
-            name_in_template=self.template_name, expected_output="This is a sample s2i application with static content"
+            name_in_template=self.template_name,
+            expected_output="This is a sample s2i application with static content",
         )