Browse code
Increase Coverage of pkg/idtools
Signed-off-by: Danyal Khaliq <danyal.khaliq@tenpearls.com>
Danyal Khaliq authored on 2017/09/26 16:01:08Showing 1 changed files
| ... | ... |
@@ -6,19 +6,27 @@ import ( |
| 6 | 6 |
"fmt" |
| 7 | 7 |
"io/ioutil" |
| 8 | 8 |
"os" |
| 9 |
+ "os/user" |
|
| 9 | 10 |
"path/filepath" |
| 10 | 11 |
"testing" |
| 11 | 12 |
|
| 13 |
+ "github.com/gotestyourself/gotestyourself/skip" |
|
| 14 |
+ "github.com/stretchr/testify/assert" |
|
| 12 | 15 |
"github.com/stretchr/testify/require" |
| 13 | 16 |
"golang.org/x/sys/unix" |
| 14 | 17 |
) |
| 15 | 18 |
|
| 19 |
+const ( |
|
| 20 |
+ tempUser = "tempuser" |
|
| 21 |
+) |
|
| 22 |
+ |
|
| 16 | 23 |
type node struct {
|
| 17 | 24 |
uid int |
| 18 | 25 |
gid int |
| 19 | 26 |
} |
| 20 | 27 |
|
| 21 | 28 |
func TestMkdirAllAs(t *testing.T) {
|
| 29 |
+ RequiresRoot(t) |
|
| 22 | 30 |
dirName, err := ioutil.TempDir("", "mkdirall")
|
| 23 | 31 |
if err != nil {
|
| 24 | 32 |
t.Fatalf("Couldn't create temp dir: %v", err)
|
| ... | ... |
@@ -79,6 +87,7 @@ func TestMkdirAllAs(t *testing.T) {
|
| 79 | 79 |
} |
| 80 | 80 |
|
| 81 | 81 |
func TestMkdirAllAndChownNew(t *testing.T) {
|
| 82 |
+ RequiresRoot(t) |
|
| 82 | 83 |
dirName, err := ioutil.TempDir("", "mkdirnew")
|
| 83 | 84 |
require.NoError(t, err) |
| 84 | 85 |
defer os.RemoveAll(dirName) |
| ... | ... |
@@ -119,7 +128,7 @@ func TestMkdirAllAndChownNew(t *testing.T) {
|
| 119 | 119 |
} |
| 120 | 120 |
|
| 121 | 121 |
func TestMkdirAs(t *testing.T) {
|
| 122 |
- |
|
| 122 |
+ RequiresRoot(t) |
|
| 123 | 123 |
dirName, err := ioutil.TempDir("", "mkdir")
|
| 124 | 124 |
if err != nil {
|
| 125 | 125 |
t.Fatalf("Couldn't create temp dir: %v", err)
|
| ... | ... |
@@ -224,6 +233,11 @@ func compareTrees(left, right map[string]node) error {
|
| 224 | 224 |
return nil |
| 225 | 225 |
} |
| 226 | 226 |
|
| 227 |
+func delUser(t *testing.T, name string) {
|
|
| 228 |
+ _, err := execCmd("userdel", name)
|
|
| 229 |
+ assert.NoError(t, err) |
|
| 230 |
+} |
|
| 231 |
+ |
|
| 227 | 232 |
func TestParseSubidFileWithNewlinesAndComments(t *testing.T) {
|
| 228 | 233 |
tmpDir, err := ioutil.TempDir("", "parsesubid")
|
| 229 | 234 |
if err != nil {
|
| ... | ... |
@@ -251,3 +265,119 @@ dockremap:231072:65536` |
| 251 | 251 |
t.Fatalf("wanted 65536, got %d instead", ranges[0].Length)
|
| 252 | 252 |
} |
| 253 | 253 |
} |
| 254 |
+ |
|
| 255 |
+func TestGetRootUIDGID(t *testing.T) {
|
|
| 256 |
+ uidMap := []IDMap{
|
|
| 257 |
+ {
|
|
| 258 |
+ ContainerID: 0, |
|
| 259 |
+ HostID: os.Getuid(), |
|
| 260 |
+ Size: 1, |
|
| 261 |
+ }, |
|
| 262 |
+ } |
|
| 263 |
+ gidMap := []IDMap{
|
|
| 264 |
+ {
|
|
| 265 |
+ ContainerID: 0, |
|
| 266 |
+ HostID: os.Getgid(), |
|
| 267 |
+ Size: 1, |
|
| 268 |
+ }, |
|
| 269 |
+ } |
|
| 270 |
+ |
|
| 271 |
+ uid, gid, err := GetRootUIDGID(uidMap, gidMap) |
|
| 272 |
+ assert.NoError(t, err) |
|
| 273 |
+ assert.Equal(t, os.Getegid(), uid) |
|
| 274 |
+ assert.Equal(t, os.Getegid(), gid) |
|
| 275 |
+ |
|
| 276 |
+ uidMapError := []IDMap{
|
|
| 277 |
+ {
|
|
| 278 |
+ ContainerID: 1, |
|
| 279 |
+ HostID: os.Getuid(), |
|
| 280 |
+ Size: 1, |
|
| 281 |
+ }, |
|
| 282 |
+ } |
|
| 283 |
+ _, _, err = GetRootUIDGID(uidMapError, gidMap) |
|
| 284 |
+ assert.EqualError(t, err, "Container ID 0 cannot be mapped to a host ID") |
|
| 285 |
+} |
|
| 286 |
+ |
|
| 287 |
+func TestToContainer(t *testing.T) {
|
|
| 288 |
+ uidMap := []IDMap{
|
|
| 289 |
+ {
|
|
| 290 |
+ ContainerID: 2, |
|
| 291 |
+ HostID: 2, |
|
| 292 |
+ Size: 1, |
|
| 293 |
+ }, |
|
| 294 |
+ } |
|
| 295 |
+ |
|
| 296 |
+ containerID, err := toContainer(2, uidMap) |
|
| 297 |
+ assert.NoError(t, err) |
|
| 298 |
+ assert.Equal(t, uidMap[0].ContainerID, containerID) |
|
| 299 |
+} |
|
| 300 |
+ |
|
| 301 |
+func TestNewIDMappings(t *testing.T) {
|
|
| 302 |
+ RequiresRoot(t) |
|
| 303 |
+ _, _, err := AddNamespaceRangesUser(tempUser) |
|
| 304 |
+ assert.NoError(t, err) |
|
| 305 |
+ defer delUser(t, tempUser) |
|
| 306 |
+ |
|
| 307 |
+ tempUser, err := user.Lookup(tempUser) |
|
| 308 |
+ assert.NoError(t, err) |
|
| 309 |
+ |
|
| 310 |
+ gids, err := tempUser.GroupIds() |
|
| 311 |
+ assert.NoError(t, err) |
|
| 312 |
+ group, err := user.LookupGroupId(string(gids[0])) |
|
| 313 |
+ assert.NoError(t, err) |
|
| 314 |
+ |
|
| 315 |
+ idMappings, err := NewIDMappings(tempUser.Username, group.Name) |
|
| 316 |
+ assert.NoError(t, err) |
|
| 317 |
+ |
|
| 318 |
+ rootUID, rootGID, err := GetRootUIDGID(idMappings.UIDs(), idMappings.GIDs()) |
|
| 319 |
+ assert.NoError(t, err) |
|
| 320 |
+ |
|
| 321 |
+ dirName, err := ioutil.TempDir("", "mkdirall")
|
|
| 322 |
+ assert.NoError(t, err, "Couldn't create temp directory") |
|
| 323 |
+ defer os.RemoveAll(dirName) |
|
| 324 |
+ |
|
| 325 |
+ err = MkdirAllAs(dirName, 0700, rootUID, rootGID) |
|
| 326 |
+ assert.NoError(t, err, "Couldn't change ownership of file path. Got error") |
|
| 327 |
+ assert.True(t, CanAccess(dirName, idMappings.RootPair()), fmt.Sprintf("Unable to access %s directory with user UID:%d and GID:%d", dirName, rootUID, rootGID))
|
|
| 328 |
+} |
|
| 329 |
+ |
|
| 330 |
+func TestLookupUserAndGroup(t *testing.T) {
|
|
| 331 |
+ RequiresRoot(t) |
|
| 332 |
+ uid, gid, err := AddNamespaceRangesUser(tempUser) |
|
| 333 |
+ assert.NoError(t, err) |
|
| 334 |
+ defer delUser(t, tempUser) |
|
| 335 |
+ |
|
| 336 |
+ fetchedUser, err := LookupUser(tempUser) |
|
| 337 |
+ assert.NoError(t, err) |
|
| 338 |
+ |
|
| 339 |
+ fetchedUserByID, err := LookupUID(uid) |
|
| 340 |
+ assert.NoError(t, err) |
|
| 341 |
+ assert.Equal(t, fetchedUserByID, fetchedUser) |
|
| 342 |
+ |
|
| 343 |
+ fetchedGroup, err := LookupGroup(tempUser) |
|
| 344 |
+ assert.NoError(t, err) |
|
| 345 |
+ |
|
| 346 |
+ fetchedGroupByID, err := LookupGID(gid) |
|
| 347 |
+ assert.NoError(t, err) |
|
| 348 |
+ assert.Equal(t, fetchedGroupByID, fetchedGroup) |
|
| 349 |
+} |
|
| 350 |
+ |
|
| 351 |
+func TestLookupUserAndGroupThatDoesNotExist(t *testing.T) {
|
|
| 352 |
+ fakeUser := "fakeuser" |
|
| 353 |
+ _, err := LookupUser(fakeUser) |
|
| 354 |
+ assert.EqualError(t, err, "getent unable to find entry \""+fakeUser+"\" in passwd database") |
|
| 355 |
+ |
|
| 356 |
+ _, err = LookupUID(-1) |
|
| 357 |
+ assert.Error(t, err) |
|
| 358 |
+ |
|
| 359 |
+ fakeGroup := "fakegroup" |
|
| 360 |
+ _, err = LookupGroup(fakeGroup) |
|
| 361 |
+ assert.EqualError(t, err, "getent unable to find entry \""+fakeGroup+"\" in group database") |
|
| 362 |
+ |
|
| 363 |
+ _, err = LookupGID(-1) |
|
| 364 |
+ assert.Error(t, err) |
|
| 365 |
+} |
|
| 366 |
+ |
|
| 367 |
+func RequiresRoot(t *testing.T) {
|
|
| 368 |
+ skip.IfCondition(t, os.Getuid() != 0, "skipping test that requires root") |
|
| 369 |
+} |