add WithAdditionalGIDs test
Signed-off-by: Ye Sijun <junnplus@gmail.com>
This commit is contained in:
Ye Sijun
parent
16992a4a2e
commit
72b87ad004
@ -805,7 +805,7 @@ func WithUsername(username string) SpecOpts {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed
|
// WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed
|
||||||
// for a particular user in the /etc/groups file of the image's root filesystem
|
// for a particular user in the /etc/group file of the image's root filesystem
|
||||||
// The passed in user can be either a uid or a username.
|
// The passed in user can be either a uid or a username.
|
||||||
func WithAdditionalGIDs(userstr string) SpecOpts {
|
func WithAdditionalGIDs(userstr string) SpecOpts {
|
||||||
return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) {
|
return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) {
|
||||||
|
|||||||
@ -22,11 +22,79 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/containerd/containerd/containers"
|
||||||
"github.com/containerd/containerd/pkg/testutil"
|
"github.com/containerd/containerd/pkg/testutil"
|
||||||
|
"github.com/containerd/continuity/fs/fstest"
|
||||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// nolint:gosec
|
||||||
|
func TestWithAdditionalGIDs(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
expectedPasswd := `root:x:0:0:root:/root:/bin/ash
|
||||||
|
bin:x:1:1:bin:/bin:/sbin/nologin
|
||||||
|
daemon:x:2:2:daemon:/sbin:/sbin/nologin
|
||||||
|
`
|
||||||
|
expectedGroup := `root:x:0:root
|
||||||
|
bin:x:1:root,bin,daemon
|
||||||
|
daemon:x:2:root,bin,daemon
|
||||||
|
sys:x:3:root,bin,adm
|
||||||
|
`
|
||||||
|
td := t.TempDir()
|
||||||
|
apply := fstest.Apply(
|
||||||
|
fstest.CreateDir("/etc", 0777),
|
||||||
|
fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
|
||||||
|
fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
|
||||||
|
)
|
||||||
|
if err := apply.Apply(td); err != nil {
|
||||||
|
t.Fatalf("failed to apply: %v", err)
|
||||||
|
}
|
||||||
|
c := containers.Container{ID: t.Name()}
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
name string
|
||||||
|
user string
|
||||||
|
expected []uint32
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
user: "root",
|
||||||
|
expected: []uint32{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
user: "1000",
|
||||||
|
expected: []uint32{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
user: "bin",
|
||||||
|
expected: []uint32{2, 3},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
user: "bin:root",
|
||||||
|
expected: []uint32{},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
user: "daemon",
|
||||||
|
expected: []uint32{1},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, testCase := range testCases {
|
||||||
|
t.Run(testCase.user, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
s := Spec{
|
||||||
|
Version: specs.Version,
|
||||||
|
Root: &specs.Root{
|
||||||
|
Path: td,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
err := WithAdditionalGIDs(testCase.user)(context.Background(), nil, &c, &s)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, testCase.expected, s.Process.User.AdditionalGids)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestAddCaps(t *testing.T) {
|
func TestAddCaps(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user