github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/client/allocrunner/taskrunner/validate_hook_test.go (about) 1 package taskrunner 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/nomad/ci" 7 "github.com/hashicorp/nomad/client/config" 8 "github.com/hashicorp/nomad/client/taskenv" 9 "github.com/hashicorp/nomad/nomad/structs" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestTaskRunner_Validate_UserEnforcement(t *testing.T) { 14 ci.Parallel(t) 15 16 taskEnv := taskenv.NewEmptyBuilder().Build() 17 conf := config.DefaultConfig() 18 19 // Try to run as root with exec. 20 task := &structs.Task{ 21 Driver: "exec", 22 User: "root", 23 } 24 if err := validateTask(task, taskEnv, conf); err == nil { 25 t.Fatalf("expected error running as root with exec") 26 } 27 28 // Try to run a non-blacklisted user with exec. 29 task.User = "foobar" 30 require.NoError(t, validateTask(task, taskEnv, conf)) 31 32 // Try to run as root with docker. 33 task.Driver = "docker" 34 task.User = "root" 35 require.NoError(t, validateTask(task, taskEnv, conf)) 36 } 37 38 func TestTaskRunner_Validate_ServiceName(t *testing.T) { 39 ci.Parallel(t) 40 41 builder := taskenv.NewEmptyBuilder() 42 conf := config.DefaultConfig() 43 44 // Create a task with a service for validation 45 task := &structs.Task{ 46 Services: []*structs.Service{ 47 { 48 Name: "ok", 49 }, 50 }, 51 } 52 53 require.NoError(t, validateTask(task, builder.Build(), conf)) 54 55 // Add an env var that should validate 56 builder.SetHookEnv("test", map[string]string{"FOO": "bar"}) 57 task.Services[0].Name = "${FOO}" 58 require.NoError(t, validateTask(task, builder.Build(), conf)) 59 60 // Add an env var that should *not* validate 61 builder.SetHookEnv("test", map[string]string{"BAD": "invalid/in/consul"}) 62 task.Services[0].Name = "${BAD}" 63 require.Error(t, validateTask(task, builder.Build(), conf)) 64 }