Enable TestVolumeOwnership on Windows

This change enables the TestVolumeOwnership on Windows. The test assumes that the volume-ownership image is built on Windows, thus ensuring that Windows file security info (ACLs and ownership info) are attached to the C:\volumes\test_dir path. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2021-11-19 17:11:24 +02:00
parent 292b0c1561
commit 22dc60e059
3 changed files with 123 additions and 10 deletions
--- a/integration/volume_copy_up_test.go
+++ b/integration/volume_copy_up_test.go
@@ -27,6 +27,13 @@ import (
 	exec "golang.org/x/sys/execabs"
 )

+const (
+	containerUserName = "ContainerUser"
+	// containerUserSID is a well known SID that is set on the
+	// ContainerUser username inside a Windows container.
+	containerUserSID = "S-1-5-93-2-2"
+)
+
 func TestVolumeCopyUp(t *testing.T) {
 	var (
 		testImage   = GetImage(VolumeCopyUp)
@@ -84,9 +91,6 @@ func TestVolumeCopyUp(t *testing.T) {
 }

 func TestVolumeOwnership(t *testing.T) {
-	if goruntime.GOOS == "windows" {
-		t.Skip("Skipped on Windows.")
-	}
 	var (
 		testImage   = GetImage(VolumeOwnership)
 		execTimeout = time.Minute
@@ -101,7 +105,7 @@ func TestVolumeOwnership(t *testing.T) {
 	cnConfig := ContainerConfig(
 		"container",
 		testImage,
-		WithCommand("tail", "-f", "/dev/null"),
+		WithCommand("sleep", "150"),
 	)
 	cn, err := runtimeService.CreateContainer(sb, cnConfig, sbConfig)
 	require.NoError(t, err)
@@ -111,17 +115,32 @@ func TestVolumeOwnership(t *testing.T) {

 	// ghcr.io/containerd/volume-ownership:2.1 contains a test_dir
 	// volume, which is owned by nobody:nogroup.
+	// On Windows, the folder is situated in C:\volumes\test_dir and is owned
+	// by ContainerUser (SID: S-1-5-93-2-2). A helper tool get_owner.exe should
+	// exist inside the container that returns the owner in the form of USERNAME:SID.
 	t.Logf("Check ownership of test directory inside container")
-	stdout, stderr, err := runtimeService.ExecSync(cn, []string{
+
+	cmd := []string{
 		"stat", "-c", "%U:%G", "/test_dir",
-	}, execTimeout)
+	}
+	expectedContainerOutput := "nobody:nogroup\n"
+	expectedHostOutput := "nobody:nogroup\n"
+	if goruntime.GOOS == "windows" {
+		cmd = []string{
+			"C:\\bin\\get_owner.exe",
+			"C:\\volumes\\test_dir",
+		}
+		expectedContainerOutput = fmt.Sprintf("%s:%s", containerUserName, containerUserSID)
+		// The username is unknown on the host, but we can still get the SID.
+		expectedHostOutput = containerUserSID
+	}
+	stdout, stderr, err := runtimeService.ExecSync(cn, cmd, execTimeout)
 	require.NoError(t, err)
 	assert.Empty(t, stderr)
-	assert.Equal(t, "nobody:nogroup\n", string(stdout))
+	assert.Equal(t, expectedContainerOutput, string(stdout))

 	t.Logf("Check ownership of test directory on the host")
-	hostCmd := fmt.Sprintf("find %s/containers/%s/volumes/* | xargs stat -c %%U:%%G", *criRoot, cn)
-	output, err := exec.Command("sh", "-c", hostCmd).CombinedOutput()
+	output, err := getVolumeHostPathOwnership(*criRoot, cn)
 	require.NoError(t, err)
-	assert.Equal(t, "nobody:nogroup\n", string(output))
+	assert.Equal(t, expectedHostOutput, output)
 }