Skip to content

Commit

Permalink
Merge pull request #2056 from Starnop/cri-test-modifyHostConfig
Browse files Browse the repository at this point in the history 
test: add test cases about modifyHostConfig
  • Loading branch information
@YaoZengzeng
YaoZengzeng authored Aug 8, 2018
2 parents 1a5b4ef + adea5d1 commit f913361
Show file tree
Hide file tree
Showing 2 changed files with 385 additions and 1 deletion.
192 changes: 192 additions & 0 deletions cri/v1alpha1/cri_utils_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"reflect"
"sort"
"strconv"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -756,6 +757,197 @@ func Test_modifyContainerNamespaceOptions(t *testing.T) {
}
}

func Test_modifyHostConfig(t *testing.T) {
supplementalGroups := []int64{1, 2, 3}
groupAdd := []string{}
for _, group := range supplementalGroups {
groupAdd = append(groupAdd, strconv.FormatInt(group, 10))
}

type args struct {
sc *runtime.LinuxContainerSecurityContext
hostConfig *apitypes.HostConfig
}
tests := []struct {
name string
args args
wantHostConfig *apitypes.HostConfig
wantErr error
}{
{
name: "Normal Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
SupplementalGroups: supplementalGroups,
Privileged: true,
ReadonlyRootfs: true,
Capabilities: &runtime.Capability{
AddCapabilities: []string{"fooAdd1", "fooAdd2"},
DropCapabilities: []string{"fooDrop1", "fooDrop2"},
},
SeccompProfilePath: mgr.ProfileDockerDefault,
ApparmorProfile: mgr.ProfileRuntimeDefault,
NoNewPrivs: true,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
GroupAdd: groupAdd,
Privileged: true,
ReadonlyRootfs: true,
CapAdd: []string{"fooAdd1", "fooAdd2"},
CapDrop: []string{"fooDrop1", "fooDrop2"},
SecurityOpt: []string{"no-new-privileges"},
},
wantErr: nil,
},
{
name: "SupplementalGroups Nil Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
Privileged: true,
ReadonlyRootfs: true,
Capabilities: &runtime.Capability{
AddCapabilities: []string{"fooAdd1", "fooAdd2"},
DropCapabilities: []string{"fooDrop1", "fooDrop2"},
},
SeccompProfilePath: mgr.ProfileDockerDefault,
ApparmorProfile: mgr.ProfileRuntimeDefault,
NoNewPrivs: true,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
Privileged: true,
ReadonlyRootfs: true,
CapAdd: []string{"fooAdd1", "fooAdd2"},
CapDrop: []string{"fooDrop1", "fooDrop2"},
SecurityOpt: []string{"no-new-privileges"},
},
wantErr: nil,
},
{
name: "Capabilities Nil Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
SupplementalGroups: supplementalGroups,
Privileged: true,
ReadonlyRootfs: true,
SeccompProfilePath: mgr.ProfileDockerDefault,
ApparmorProfile: mgr.ProfileRuntimeDefault,
NoNewPrivs: true,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
GroupAdd: groupAdd,
Privileged: true,
ReadonlyRootfs: true,
SecurityOpt: []string{"no-new-privileges"},
},
wantErr: nil,
},
{
name: "GetSeccompSecurityOpts Err Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
SupplementalGroups: supplementalGroups,
Privileged: true,
ReadonlyRootfs: true,
Capabilities: &runtime.Capability{
AddCapabilities: []string{"fooAdd1", "fooAdd2"},
DropCapabilities: []string{"fooDrop1", "fooDrop2"},
},
SeccompProfilePath: "foo",
ApparmorProfile: mgr.ProfileRuntimeDefault,
NoNewPrivs: true,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
GroupAdd: groupAdd,
Privileged: true,
ReadonlyRootfs: true,
CapAdd: []string{"fooAdd1", "fooAdd2"},
CapDrop: []string{"fooDrop1", "fooDrop2"},
},
wantErr: fmt.Errorf("failed to generate seccomp security options: %v", fmt.Errorf("undefault profile %q should prefix with %q", "foo", mgr.ProfileNamePrefix)),
},
{
name: "GetAppArmorSecurityOpts Err Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
SupplementalGroups: supplementalGroups,
Privileged: true,
ReadonlyRootfs: true,
Capabilities: &runtime.Capability{
AddCapabilities: []string{"fooAdd1", "fooAdd2"},
DropCapabilities: []string{"fooDrop1", "fooDrop2"},
},
SeccompProfilePath: mgr.ProfileDockerDefault,
ApparmorProfile: "foo",
NoNewPrivs: true,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
GroupAdd: groupAdd,
Privileged: true,
ReadonlyRootfs: true,
CapAdd: []string{"fooAdd1", "fooAdd2"},
CapDrop: []string{"fooDrop1", "fooDrop2"},
},
wantErr: fmt.Errorf("failed to generate appArmor security options: %v", fmt.Errorf("undefault profile name should prefix with %q", mgr.ProfileNamePrefix)),
},
{
name: "NoNewPrivs False Test",
args: args{
sc: &runtime.LinuxContainerSecurityContext{
SupplementalGroups: supplementalGroups,
Privileged: true,
ReadonlyRootfs: true,
Capabilities: &runtime.Capability{
AddCapabilities: []string{"fooAdd1", "fooAdd2"},
DropCapabilities: []string{"fooDrop1", "fooDrop2"},
},
SeccompProfilePath: mgr.ProfileDockerDefault,
ApparmorProfile: mgr.ProfileRuntimeDefault,
NoNewPrivs: false,
},
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{
GroupAdd: groupAdd,
Privileged: true,
ReadonlyRootfs: true,
CapAdd: []string{"fooAdd1", "fooAdd2"},
CapDrop: []string{"fooDrop1", "fooDrop2"},
},
wantErr: nil,
},
{
name: "Nil Test",
args: args{
hostConfig: &apitypes.HostConfig{},
},
wantHostConfig: &apitypes.HostConfig{},
wantErr: nil,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := modifyHostConfig(tt.args.sc, tt.args.hostConfig)
if !reflect.DeepEqual(tt.args.hostConfig, tt.wantHostConfig) {
t.Errorf("modifyHostConfig() hostConfig = %v, wantHostConfig %v", tt.args.hostConfig, tt.wantHostConfig)
return
}
if !reflect.DeepEqual(err, tt.wantErr) {
t.Errorf("modifyHostConfig() error = %v, wantErr %v", err, tt.wantErr)
}
})
}
}

func Test_applyContainerSecurityContext(t *testing.T) {
type args struct {
lc *runtime.LinuxContainerConfig
Expand Down
Loading

0 comments on commit f913361

Please sign in to comment.