Browse code
Merge pull request #29742 from miaoyq/rewrite-validate-privileges
Rewrite the function 'validatePrivileges' without checking order
Vincent Demeester authored on 2017/02/17 18:24:11Showing 3 changed files
| ... | ... |
@@ -3,6 +3,7 @@ package types |
| 3 | 3 |
import ( |
| 4 | 4 |
"encoding/json" |
| 5 | 5 |
"fmt" |
| 6 |
+ "sort" |
|
| 6 | 7 |
) |
| 7 | 8 |
|
| 8 | 9 |
// PluginsListResponse contains the response for the Engine API |
| ... | ... |
@@ -62,3 +63,17 @@ type PluginPrivilege struct {
|
| 62 | 62 |
|
| 63 | 63 |
// PluginPrivileges is a list of PluginPrivilege |
| 64 | 64 |
type PluginPrivileges []PluginPrivilege |
| 65 |
+ |
|
| 66 |
+func (s PluginPrivileges) Len() int {
|
|
| 67 |
+ return len(s) |
|
| 68 |
+} |
|
| 69 |
+ |
|
| 70 |
+func (s PluginPrivileges) Less(i, j int) bool {
|
|
| 71 |
+ return s[i].Name < s[j].Name |
|
| 72 |
+} |
|
| 73 |
+ |
|
| 74 |
+func (s PluginPrivileges) Swap(i, j int) {
|
|
| 75 |
+ sort.Strings(s[i].Value) |
|
| 76 |
+ sort.Strings(s[j].Value) |
|
| 77 |
+ s[i], s[j] = s[j], s[i] |
|
| 78 |
+} |
| ... | ... |
@@ -8,6 +8,7 @@ import ( |
| 8 | 8 |
"path/filepath" |
| 9 | 9 |
"reflect" |
| 10 | 10 |
"regexp" |
| 11 |
+ "sort" |
|
| 11 | 12 |
"strings" |
| 12 | 13 |
"sync" |
| 13 | 14 |
|
| ... | ... |
@@ -314,13 +315,38 @@ func attachToLog(id string) func(libcontainerd.IOPipe) error {
|
| 314 | 314 |
} |
| 315 | 315 |
|
| 316 | 316 |
func validatePrivileges(requiredPrivileges, privileges types.PluginPrivileges) error {
|
| 317 |
- // todo: make a better function that doesn't check order |
|
| 318 |
- if !reflect.DeepEqual(privileges, requiredPrivileges) {
|
|
| 317 |
+ if !isEqual(requiredPrivileges, privileges, isEqualPrivilege) {
|
|
| 319 | 318 |
return errors.New("incorrect privileges")
|
| 320 | 319 |
} |
| 320 |
+ |
|
| 321 | 321 |
return nil |
| 322 | 322 |
} |
| 323 | 323 |
|
| 324 |
+func isEqual(arrOne, arrOther types.PluginPrivileges, compare func(x, y types.PluginPrivilege) bool) bool {
|
|
| 325 |
+ if len(arrOne) != len(arrOther) {
|
|
| 326 |
+ return false |
|
| 327 |
+ } |
|
| 328 |
+ |
|
| 329 |
+ sort.Sort(arrOne) |
|
| 330 |
+ sort.Sort(arrOther) |
|
| 331 |
+ |
|
| 332 |
+ for i := 1; i < arrOne.Len(); i++ {
|
|
| 333 |
+ if !compare(arrOne[i], arrOther[i]) {
|
|
| 334 |
+ return false |
|
| 335 |
+ } |
|
| 336 |
+ } |
|
| 337 |
+ |
|
| 338 |
+ return true |
|
| 339 |
+} |
|
| 340 |
+ |
|
| 341 |
+func isEqualPrivilege(a, b types.PluginPrivilege) bool {
|
|
| 342 |
+ if a.Name != b.Name {
|
|
| 343 |
+ return false |
|
| 344 |
+ } |
|
| 345 |
+ |
|
| 346 |
+ return reflect.DeepEqual(a.Value, b.Value) |
|
| 347 |
+} |
|
| 348 |
+ |
|
| 324 | 349 |
func configToRootFS(c []byte) (*image.RootFS, error) {
|
| 325 | 350 |
var pluginConfig types.PluginConfig |
| 326 | 351 |
if err := json.Unmarshal(c, &pluginConfig); err != nil {
|
| 327 | 352 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,55 @@ |
| 0 |
+package plugin |
|
| 1 |
+ |
|
| 2 |
+import ( |
|
| 3 |
+ "testing" |
|
| 4 |
+ |
|
| 5 |
+ "github.com/docker/docker/api/types" |
|
| 6 |
+) |
|
| 7 |
+ |
|
| 8 |
+func TestValidatePrivileges(t *testing.T) {
|
|
| 9 |
+ testData := map[string]struct {
|
|
| 10 |
+ requiredPrivileges types.PluginPrivileges |
|
| 11 |
+ privileges types.PluginPrivileges |
|
| 12 |
+ result bool |
|
| 13 |
+ }{
|
|
| 14 |
+ "diff-len": {
|
|
| 15 |
+ requiredPrivileges: []types.PluginPrivilege{
|
|
| 16 |
+ {"Privilege1", "Description", []string{"abc", "def", "ghi"}},
|
|
| 17 |
+ }, |
|
| 18 |
+ privileges: []types.PluginPrivilege{
|
|
| 19 |
+ {"Privilege1", "Description", []string{"abc", "def", "ghi"}},
|
|
| 20 |
+ {"Privilege2", "Description", []string{"123", "456", "789"}},
|
|
| 21 |
+ }, |
|
| 22 |
+ result: false, |
|
| 23 |
+ }, |
|
| 24 |
+ "diff-value": {
|
|
| 25 |
+ requiredPrivileges: []types.PluginPrivilege{
|
|
| 26 |
+ {"Privilege1", "Description", []string{"abc", "def", "GHI"}},
|
|
| 27 |
+ {"Privilege2", "Description", []string{"123", "456", "***"}},
|
|
| 28 |
+ }, |
|
| 29 |
+ privileges: []types.PluginPrivilege{
|
|
| 30 |
+ {"Privilege1", "Description", []string{"abc", "def", "ghi"}},
|
|
| 31 |
+ {"Privilege2", "Description", []string{"123", "456", "789"}},
|
|
| 32 |
+ }, |
|
| 33 |
+ result: false, |
|
| 34 |
+ }, |
|
| 35 |
+ "diff-order-but-same-value": {
|
|
| 36 |
+ requiredPrivileges: []types.PluginPrivilege{
|
|
| 37 |
+ {"Privilege1", "Description", []string{"abc", "def", "GHI"}},
|
|
| 38 |
+ {"Privilege2", "Description", []string{"123", "456", "789"}},
|
|
| 39 |
+ }, |
|
| 40 |
+ privileges: []types.PluginPrivilege{
|
|
| 41 |
+ {"Privilege2", "Description", []string{"123", "456", "789"}},
|
|
| 42 |
+ {"Privilege1", "Description", []string{"GHI", "abc", "def"}},
|
|
| 43 |
+ }, |
|
| 44 |
+ result: true, |
|
| 45 |
+ }, |
|
| 46 |
+ } |
|
| 47 |
+ |
|
| 48 |
+ for key, data := range testData {
|
|
| 49 |
+ err := validatePrivileges(data.requiredPrivileges, data.privileges) |
|
| 50 |
+ if (err == nil) != data.result {
|
|
| 51 |
+ t.Fatalf("Test item %s expected result to be %t, got %t", key, data.result, (err == nil))
|
|
| 52 |
+ } |
|
| 53 |
+ } |
|
| 54 |
+} |