fix: resolve remaining Docker integration test failures
Fixed 2 remaining test failures: 1. NODE_DB_PATH environment variable test: - Issue: Null byte handling error in shell command - Fix: Use existing getProcessEnv helper function that properly escapes null bytes - This helper was already designed for reading /proc/*/environ files 2. User switching test: - Issue: Test checked PID 1 (su process) instead of actual node process - Fix: Find and check the node process owner, not the su wrapper - When using --user root, entrypoint uses 'su' to switch to nodejs user - The su process (PID 1) runs as root but spawns node as nodejs Also increased timeouts to 3s for better CI stability.
This commit is contained in:
czlonkowski
@@ -244,16 +244,14 @@ describeDocker('Docker Entrypoint Script', () => {
|
|||||||
`docker run -d --name ${containerName} -e NODE_DB_PATH=/tmp/custom/test.db -e AUTH_TOKEN=test ${imageName}`
|
`docker run -d --name ${containerName} -e NODE_DB_PATH=/tmp/custom/test.db -e AUTH_TOKEN=test ${imageName}`
|
||||||
);
|
);
|
||||||
|
|
||||||
// Give it time to start
|
// Give it more time to start and stabilize
|
||||||
await new Promise(resolve => setTimeout(resolve, 2000));
|
await new Promise(resolve => setTimeout(resolve, 3000));
|
||||||
|
|
||||||
// Check the actual process environment
|
// Check the actual process environment using the helper function
|
||||||
const { stdout } = await exec(
|
const nodeDbPath = await getProcessEnv(containerName, 'NODE_DB_PATH');
|
||||||
`docker exec ${containerName} sh -c "cat /proc/1/environ | tr '\0' '\n' | grep NODE_DB_PATH || echo 'NODE_DB_PATH not found'"`
|
|
||||||
);
|
|
||||||
|
|
||||||
expect(stdout.trim()).toBe('NODE_DB_PATH=/tmp/custom/test.db');
|
expect(nodeDbPath).toBe('/tmp/custom/test.db');
|
||||||
});
|
}, 15000);
|
||||||
|
|
||||||
it('should validate NODE_DB_PATH format', async () => {
|
it('should validate NODE_DB_PATH format', async () => {
|
||||||
if (!dockerAvailable) return;
|
if (!dockerAvailable) return;
|
||||||
@@ -307,14 +305,21 @@ describeDocker('Docker Entrypoint Script', () => {
|
|||||||
// We need to run a detached container to check the actual user
|
// We need to run a detached container to check the actual user
|
||||||
await exec(`docker run -d --name ${containerName} --user root ${imageName}`);
|
await exec(`docker run -d --name ${containerName} --user root ${imageName}`);
|
||||||
|
|
||||||
// Give it a moment to start
|
// Give it more time to start and for the user switch to complete
|
||||||
await new Promise(resolve => setTimeout(resolve, 2000));
|
await new Promise(resolve => setTimeout(resolve, 3000));
|
||||||
|
|
||||||
// Check the effective user of the main process
|
// Check that the node process is running as nodejs user
|
||||||
const { stdout } = await exec(`docker exec ${containerName} whoami`);
|
// When running as root, the entrypoint uses 'su' to run as nodejs
|
||||||
|
// We need to find the actual node process, not the su process
|
||||||
|
const { stdout } = await exec(
|
||||||
|
`docker exec ${containerName} sh -c "ps aux | grep 'node.*dist' | grep -v grep | head -1"`
|
||||||
|
);
|
||||||
|
|
||||||
expect(stdout.trim()).toBe('nodejs');
|
// The process should be owned by nodejs user (check first column)
|
||||||
}, 10000);
|
expect(stdout.trim()).not.toBe(''); // Ensure we found a process
|
||||||
|
const processOwner = stdout.trim().split(/\s+/)[0];
|
||||||
|
expect(processOwner).toBe('nodejs');
|
||||||
|
}, 15000);
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('Auth token validation', () => {
|
describe('Auth token validation', () => {
|
||||||
|
|||||||
Reference in New Issue
Block a user