- Test 1: docker-compose.yml is valid YAML
- Test 2: Dockerfile exists and has USER directive
- Test 3: docker-compose.yml has user directive (1000:1000)
- Test 4: Docker image builds successfully
- Test 5: Container runs as non-root (labuser)
- Test 6: docker-compose service verification
GREEN phase check: All infrastructure tests pass
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Defines service with local image build
- Specifies user directive (1000:1000) for non-root execution
- Includes container_name for easy reference
- Follows INF-01 requirement (no root)
- Enables test scripts to verify configuration
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Base image: alpine:3.19 (small, secure)
- Creates non-root user with UID/GID 1000
- Switches to non-root user with USER directive
- CMD demonstrates non-root execution with whoami
- Follows INF-01 requirement (no root execution)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- docker-iam-parallels.md: Conceptual mapping between Docker and AWS IAM
- Side-by-side comparisons with practical examples
- Covers PARA-01, PARA-03, PARA-04 requirements
- Explains least privilege principle and best practices
- Links to AWS documentation for deeper learning
- docker-socket-permissions.md: Docker socket technical specs and access control
- linux-users-groups.md: Linux user management reference with commands
- iam-parallels.md: Quick reference table for IAM parallelism
- Pure reference material with tables and specifications
- Step-by-step verification of IAM configuration
- Multiple methods to verify non-root execution
- Explains principle of least privilege
- Integrates with automated test scripts
- Step-by-step guide for adding users to docker group
- Explains group membership evaluation timing issue
- Shows parallelism with AWS IAM User + Policy
- Includes multiple troubleshooting scenarios
- Step-by-step user creation guide for lab01_student
- Follows 'little often' principle with small incremental steps
- Includes verification at each step
- Troubleshooting section for common issues
- Created run-all-tests.sh to execute test suite in sequence
- Fail-fast approach stops on first failure (TDD RED phase)
- Provides summary and next steps (final verification)
- Can be run from any directory (uses absolute paths)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created 03-non-root-test.sh for INF-01 compliance validation
- Tests verify no container runs as root (safety requirement)
- Checks docker exec whoami, docker inspect, and compose file
- Handles missing infrastructure gracefully with SKIP results
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created test-02-docker-access.sh for socket access validation
- Tests verify socket permissions, docker group existence, and ownership
- Checks for usermod availability in /usr/sbin as well as PATH
- All tests pass against current Docker installation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created test-01-user-creation.sh for Linux user/group validation
- Tests verify user existence, docker group membership, and access control
- Uses helper functions for counter increments to work with set -e
- Handles missing sudo gracefully with SKIP results
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created labs/ directory with 5 lab subdirectories
- Created how-to-guides/ and reference/ directories
- Added placeholder README.md in each lab directory
