github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

test: Add unit tests for privileged runtime functions

Browse Source 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This commit is contained in:
Jose Carlos Venegas Munoz
2018-03-20 13:36:24 -06:00
parent ca16bd601a
commit bdc5eee544
2 changed files with 118 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
pkg/server/sandbox_run_test.go
View File

@@ -435,3 +435,58 @@ func TestTypeurlMarshalUnmarshalSandboxMeta(t *testing.T) {
// TODO(random-liu): [P1] Add unit test for different error cases to make sure
// the function cleans up on error properly.
func TestPrivilegedSandbox(t *testing.T) {
privilegedContext := runtime.RunPodSandboxRequest{
Config: &runtime.PodSandboxConfig{
Linux: &runtime.LinuxPodSandboxConfig{
SecurityContext: &runtime.LinuxSandboxSecurityContext{
Privileged: true,
},
},
},
}
nonPrivilegedContext := runtime.RunPodSandboxRequest{
Config: &runtime.PodSandboxConfig{
Linux: &runtime.LinuxPodSandboxConfig{
SecurityContext: &runtime.LinuxSandboxSecurityContext{
Privileged: false,
},
},
},
}
hostNamespace := runtime.RunPodSandboxRequest{
Config: &runtime.PodSandboxConfig{
Linux: &runtime.LinuxPodSandboxConfig{
SecurityContext: &runtime.LinuxSandboxSecurityContext{
Privileged: false,
NamespaceOptions: &runtime.NamespaceOption{
Network: runtime.NamespaceMode_NODE,
Pid: runtime.NamespaceMode_NODE,
Ipc: runtime.NamespaceMode_NODE,
},
},
},
},
}
type args struct {
req *runtime.RunPodSandboxRequest
}
tests := []struct {
name string
args args
want bool
}{
{"Security Context is nil", args{&runtime.RunPodSandboxRequest{}}, false},
{"Security Context is privileged", args{&privilegedContext}, true},
{"Security Context is not privileged", args{&nonPrivilegedContext}, false},
{"Security Context namespace host access", args{&hostNamespace}, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := privilegedSandbox(tt.args.req); got != tt.want {
t.Errorf("privilegedSandbox() = %v, want %v", got, tt.want)
}
})
}
}