gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/microstack_support_test.go

gitee.com/mysnapcore/mysnapd@v0.1.0/interfaces/builtin/microstack_support_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package builtin_test
    21  
    22  import (
    23  	. "gopkg.in/check.v1"
    24  
    25  	"gitee.com/mysnapcore/mysnapd/interfaces"
    26  	"gitee.com/mysnapcore/mysnapd/interfaces/apparmor"
    27  	"gitee.com/mysnapcore/mysnapd/interfaces/builtin"
    28  	"gitee.com/mysnapcore/mysnapd/interfaces/kmod"
    29  	"gitee.com/mysnapcore/mysnapd/interfaces/seccomp"
    30  	"gitee.com/mysnapcore/mysnapd/interfaces/udev"
    31  	"gitee.com/mysnapcore/mysnapd/snap"
    32  	"gitee.com/mysnapcore/mysnapd/testutil"
    33  )
    34  
    35  type microStackSupportInterfaceSuite struct {
    36  	iface    interfaces.Interface
    37  	slotInfo *snap.SlotInfo
    38  	slot     *interfaces.ConnectedSlot
    39  	plugInfo *snap.PlugInfo
    40  	plug     *interfaces.ConnectedPlug
    41  }
    42  
    43  const microStackSupportMockPlugSnapInfoYaml = `name: microstack
    44  version: 1.0
    45  apps:
    46   app:
    47    command: foo
    48    plugs: [microstack-support]
    49  `
    50  
    51  const microstackSupportCoreYaml = `name: core
    52  version: 0
    53  type: os
    54  slots:
    55    microstack-support:
    56  `
    57  
    58  var _ = Suite(&microStackSupportInterfaceSuite{
    59  	iface: builtin.MustInterface("microstack-support"),
    60  })
    61  
    62  func (s *microStackSupportInterfaceSuite) SetUpTest(c *C) {
    63  	s.slot, s.slotInfo = MockConnectedSlot(c, microstackSupportCoreYaml, nil, "microstack-support")
    64  	s.plug, s.plugInfo = MockConnectedPlug(c, microStackSupportMockPlugSnapInfoYaml, nil, "microstack-support")
    65  }
    66  
    67  func (s *microStackSupportInterfaceSuite) TestName(c *C) {
    68  	c.Assert(s.iface.Name(), Equals, "microstack-support")
    69  }
    70  
    71  func (s *microStackSupportInterfaceSuite) TestUsedSecuritySystems(c *C) {
    72  	// connected plugs have a non-nil security snippet for apparmor
    73  	apparmorSpec := &apparmor.Specification{}
    74  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    75  	c.Assert(err, IsNil)
    76  	c.Assert(apparmorSpec.SecurityTags(), HasLen, 1)
    77  
    78  	// connected plugs have a non-nil security snippet for seccomp
    79  	seccompSpec := &seccomp.Specification{}
    80  	err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    81  	c.Assert(err, IsNil)
    82  	c.Assert(seccompSpec.Snippets(), HasLen, 1)
    83  }
    84  
    85  func (s *microStackSupportInterfaceSuite) TestConnectedPlugSnippet(c *C) {
    86  	apparmorSpec := &apparmor.Specification{}
    87  	err := apparmorSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    88  	c.Assert(err, IsNil)
    89  	c.Assert(apparmorSpec.SecurityTags(), DeepEquals, []string{"snap.microstack.app"})
    90  	c.Assert(apparmorSpec.SnippetForTag("snap.microstack.app"), testutil.Contains, "/dev/vhost-net rw,\n")
    91  	c.Assert(apparmorSpec.SnippetForTag("snap.microstack.app"), testutil.Contains, "/dev/microstack-*/{,**} rw,\n")
    92  	c.Assert(apparmorSpec.SnippetForTag("snap.microstack.app"), testutil.Contains, "unmount /run/netns/ovnmeta-*,\n")
    93  
    94  	seccompSpec := &seccomp.Specification{}
    95  	err = seccompSpec.AddConnectedPlug(s.iface, s.plug, s.slot)
    96  	c.Assert(err, IsNil)
    97  	c.Assert(seccompSpec.SecurityTags(), DeepEquals, []string{"snap.microstack.app"})
    98  	c.Check(seccompSpec.SnippetForTag("snap.microstack.app"), testutil.Contains, "mknod - |S_IFBLK -\nmknodat - - |S_IFBLK -")
    99  }
   100  
   101  func (s *microStackSupportInterfaceSuite) TestSanitizeSlot(c *C) {
   102  	c.Assert(interfaces.BeforePrepareSlot(s.iface, s.slotInfo), IsNil)
   103  }
   104  
   105  func (s *microStackSupportInterfaceSuite) TestSanitizePlug(c *C) {
   106  	c.Assert(interfaces.BeforePreparePlug(s.iface, s.plugInfo), IsNil)
   107  }
   108  
   109  func (s *microStackSupportInterfaceSuite) TestKModConnectedPlug(c *C) {
   110  	spec := &kmod.Specification{}
   111  	err := spec.AddConnectedPlug(s.iface, s.plug, s.slot)
   112  	c.Assert(err, IsNil)
   113  	c.Assert(spec.Modules(), DeepEquals, map[string]bool{
   114  		"vhost":           true,
   115  		"vhost-net":       true,
   116  		"vhost-scsi":      true,
   117  		"vhost-vsock":     true,
   118  		"pci-stub":        true,
   119  		"vfio":            true,
   120  		"vfio-pci":        true,
   121  		"nbd":             true,
   122  		"dm-mod":          true,
   123  		"dm-thin-pool":    true,
   124  		"dm-snapshot":     true,
   125  		"iscsi-tcp":       true,
   126  		"target-core-mod": true,
   127  	})
   128  }
   129  
   130  func (s *microStackSupportInterfaceSuite) TestUDevConnectedPlug(c *C) {
   131  	spec := &udev.Specification{}
   132  	// no udev specs because the interface controls it's own device cgroups
   133  	err := spec.AddConnectedPlug(s.iface, s.plug, s.slot)
   134  	c.Assert(err, IsNil)
   135  	c.Assert(spec.Snippets(), HasLen, 0)
   136  }
   137  
   138  func (s *microStackSupportInterfaceSuite) TestInterfaces(c *C) {
   139  	c.Check(builtin.Interfaces(), testutil.DeepContains, s.iface)
   140  }