1. docker
  2. Blame
integration-cli/docker_cli_authz_plugin_v2_test.go
2b045027 
 // +build !windows
 
 package main
 
 import (
 	"fmt"
 	"strings"
33968e6c 
 	"github.com/docker/docker/integration-cli/checker"
48de91a3 
 	"github.com/docker/docker/integration-cli/daemon"
2b045027 
 	"github.com/go-check/check"
 )
 
 var (
f4798b98 
 	authzPluginName            = "riyaz/authz-no-volume-plugin"
2b045027 
 	authzPluginTag             = "latest"
 	authzPluginNameWithTag     = authzPluginName + ":" + authzPluginTag
f4798b98 
 	authzPluginBadManifestName = "riyaz/authz-plugin-bad-manifest"
2b045027 
 	nonexistentAuthzPluginName = "riyaz/nonexistent-authz-plugin"
 )
 
 func init() {
 	check.Suite(&DockerAuthzV2Suite{
 		ds: &DockerSuite{},
 	})
 }
 
 type DockerAuthzV2Suite struct {
 	ds *DockerSuite
48de91a3 
 	d  *daemon.Daemon
2b045027 
 }
 
 func (s *DockerAuthzV2Suite) SetUpTest(c *check.C) {
c410222e 
 	testRequires(c, DaemonIsLinux, Network)
48de91a3 
 	s.d = daemon.New(c, dockerBinary, dockerdBinary, daemon.Config{
c8016e66 
 		Experimental: testEnv.ExperimentalDaemon(),
48de91a3 
 	})
c502fb49 
 	s.d.Start(c)
2b045027 
 }
 
 func (s *DockerAuthzV2Suite) TearDownTest(c *check.C) {
5890091c 
 	if s.d != nil {
c502fb49 
 		s.d.Stop(c)
5890091c 
 		s.ds.TearDownTest(c)
 	}
2b045027 
 }
 
 func (s *DockerAuthzV2Suite) TestAuthZPluginAllowNonVolumeRequest(c *check.C) {
ebff8c79 
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
2b045027 
 	// Install authz plugin
 	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
 	c.Assert(err, checker.IsNil)
 	// start the daemon with the plugin and load busybox, --net=none build fails otherwise
 	// because it needs to pull busybox
c502fb49 
 	s.d.Restart(c, "--authorization-plugin="+authzPluginNameWithTag)
2b045027 
 	c.Assert(s.d.LoadBusybox(), check.IsNil)
 
 	// defer disabling the plugin
 	defer func() {
c502fb49 
 		s.d.Restart(c)
2b045027 
 		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
 		c.Assert(err, checker.IsNil)
 		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
 		c.Assert(err, checker.IsNil)
 	}()
 
 	// Ensure docker run command and accompanying docker ps are successful
 	out, err := s.d.Cmd("run", "-d", "busybox", "top")
 	c.Assert(err, check.IsNil)
 
 	id := strings.TrimSpace(out)
 
 	out, err = s.d.Cmd("ps")
 	c.Assert(err, check.IsNil)
 	c.Assert(assertContainerList(out, []string{id}), check.Equals, true)
 }
 
 func (s *DockerAuthzV2Suite) TestAuthZPluginRejectVolumeRequests(c *check.C) {
ebff8c79 
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
2b045027 
 	// Install authz plugin
 	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginNameWithTag)
 	c.Assert(err, checker.IsNil)
 
 	// restart the daemon with the plugin
c502fb49 
 	s.d.Restart(c, "--authorization-plugin="+authzPluginNameWithTag)
2b045027 
 
 	// defer disabling the plugin
 	defer func() {
c502fb49 
 		s.d.Restart(c)
2b045027 
 		_, err = s.d.Cmd("plugin", "disable", authzPluginNameWithTag)
 		c.Assert(err, checker.IsNil)
 		_, err = s.d.Cmd("plugin", "rm", authzPluginNameWithTag)
 		c.Assert(err, checker.IsNil)
 	}()
 
 	out, err := s.d.Cmd("volume", "create")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
 
 	out, err = s.d.Cmd("volume", "ls")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
 
 	// The plugin will block the command before it can determine the volume does not exist
 	out, err = s.d.Cmd("volume", "rm", "test")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
 
 	out, err = s.d.Cmd("volume", "inspect", "test")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
 
 	out, err = s.d.Cmd("volume", "prune", "-f")
 	c.Assert(err, check.NotNil)
 	c.Assert(out, checker.Contains, fmt.Sprintf("Error response from daemon: plugin %s failed with error:", authzPluginNameWithTag))
 }
 
 func (s *DockerAuthzV2Suite) TestAuthZPluginBadManifestFailsDaemonStart(c *check.C) {
ebff8c79 
 	testRequires(c, DaemonIsLinux, IsAmd64, Network)
2b045027 
 	// Install authz plugin with bad manifest
 	_, err := s.d.Cmd("plugin", "install", "--grant-all-permissions", authzPluginBadManifestName)
 	c.Assert(err, checker.IsNil)
 
 	// start the daemon with the plugin, it will error
c502fb49 
 	c.Assert(s.d.RestartWithError("--authorization-plugin="+authzPluginBadManifestName), check.NotNil)
2b045027 
 
 	// restarting the daemon without requiring the plugin will succeed
c502fb49 
 	s.d.Restart(c)
2b045027 
 }
 
 func (s *DockerAuthzV2Suite) TestNonexistentAuthZPluginFailsDaemonStart(c *check.C) {
ebff8c79 
 	testRequires(c, DaemonIsLinux, Network)
2b045027 
 	// start the daemon with a non-existent authz plugin, it will error
c502fb49 
 	c.Assert(s.d.RestartWithError("--authorization-plugin="+nonexistentAuthzPluginName), check.NotNil)
2b045027 
 
 	// restarting the daemon without requiring the plugin will succeed
c502fb49 
 	s.d.Start(c)
2b045027 
 }