github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/docker/user_test.go (about) 1 // Copyright (c) 2018 Intel Corporation 2 // 3 // SPDX-License-Identifier: Apache-2.0 4 5 package docker 6 7 import ( 8 "fmt" 9 "strings" 10 11 . "github.com/onsi/ginkgo" 12 . "github.com/onsi/ginkgo/extensions/table" 13 . "github.com/onsi/gomega" 14 ) 15 16 const ( 17 withAdditionalGroups = true 18 withoutAdditionalGroups = false 19 ) 20 21 func asUser(user string, groups bool, fail bool) TableEntry { 22 // Some groups that do exist in the base image already 23 additionalGroups := []string{"cdrom", "floppy", "video", "audio"} 24 groupsMsg := fmt.Sprintf(" with additional groups %v", additionalGroups) 25 if !groups { 26 groupsMsg = " without additional groups" 27 additionalGroups = []string{} 28 } 29 30 return Entry(fmt.Sprintf("as '%s' user%s", user, groupsMsg), 31 user, additionalGroups, fail) 32 } 33 34 var _ = Describe("users and groups", func() { 35 var ( 36 id string 37 ) 38 39 BeforeEach(func() { 40 id = randomDockerName() 41 }) 42 43 AfterEach(func() { 44 Expect(ExistDockerContainer(id)).NotTo(BeTrue()) 45 }) 46 47 DescribeTable("running container", 48 func(user string, additionalGroups []string, fail bool) { 49 cmd := []string{"--name", id, "--rm"} 50 for _, ag := range additionalGroups { 51 cmd = append(cmd, "--group-add", ag) 52 } 53 if user != "" { 54 cmd = append(cmd, "-u", user) 55 } 56 cmd = append(cmd, Image, "id") 57 58 stdout, stderr, exitCode := dockerRun(cmd...) 59 if fail { 60 Expect(exitCode).ToNot(Equal(0)) 61 Expect(stderr).NotTo(BeEmpty()) 62 // do not check stdout because container failed 63 return 64 } 65 66 // check exit code and stderr 67 Expect(exitCode).To(Equal(0)) 68 Expect(stderr).To(BeEmpty()) 69 70 var u, g string 71 if user != "" { 72 ug := strings.Split(user, ":") 73 if len(ug) > 1 { 74 u, g = ug[0], ug[1] 75 } else { 76 u, g = ug[0], ug[0] 77 } 78 } 79 80 // default user and group is root 81 if u == "" { 82 u = "root" 83 } 84 if g == "" { 85 g = "root" 86 } 87 88 fields := strings.Fields(stdout) 89 90 // busybox id/image is a bit odd in that it does not have any 91 // users in extra groups by default. If you have a --group-add or 92 // you are the root user you will get the '3 field' output. If you 93 // are non-root, you will not (and only get two fields). 94 if len(additionalGroups) != 0 || user == "root" || user == "" { 95 Expect(fields).To(HaveLen(3)) 96 } else { 97 Expect(fields).To(HaveLen(2)) 98 } 99 100 // check user (uid) 101 Expect(fields[0]).To(ContainSubstring(fmt.Sprintf("(%s)", u))) 102 103 // check group (gid) 104 Expect(fields[1]).To(ContainSubstring(fmt.Sprintf("(%s)", g))) 105 106 // check additional groups 107 for _, ag := range additionalGroups { 108 Expect(fields[2]).To(ContainSubstring(fmt.Sprintf("(%s)", ag))) 109 } 110 }, 111 asUser("", withAdditionalGroups, shouldNotFail), 112 asUser("", withoutAdditionalGroups, shouldNotFail), 113 asUser("root", withAdditionalGroups, shouldNotFail), 114 asUser("root", withoutAdditionalGroups, shouldNotFail), 115 asUser("mail", withAdditionalGroups, shouldNotFail), 116 asUser("mail", withoutAdditionalGroups, shouldNotFail), 117 asUser(":mail", withAdditionalGroups, shouldNotFail), 118 asUser(":mail", withoutAdditionalGroups, shouldNotFail), 119 asUser("mail:mail", withAdditionalGroups, shouldNotFail), 120 asUser("mail:mail", withoutAdditionalGroups, shouldNotFail), 121 asUser("root:mail", withAdditionalGroups, shouldNotFail), 122 asUser("root:mail", withoutAdditionalGroups, shouldNotFail), 123 asUser("nonexistentuser", withAdditionalGroups, shouldFail), 124 asUser("nonexistentuser", withoutAdditionalGroups, shouldFail), 125 asUser("nonexistentuser:mail", withAdditionalGroups, shouldFail), 126 asUser("nonexistentuser:mail", withoutAdditionalGroups, shouldFail), 127 asUser(":nonexistentuser", withAdditionalGroups, shouldFail), 128 asUser(":nonexistentuser", withoutAdditionalGroups, shouldFail), 129 ) 130 })