github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/client/allocrunner/taskrunner/validate_hook_test.go (about) 1 package taskrunner 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/nomad/client/config" 7 "github.com/hashicorp/nomad/client/taskenv" 8 "github.com/hashicorp/nomad/nomad/structs" 9 "github.com/stretchr/testify/require" 10 ) 11 12 func TestTaskRunner_Validate_UserEnforcement(t *testing.T) { 13 t.Parallel() 14 15 taskEnv := taskenv.NewEmptyBuilder().Build() 16 conf := config.DefaultConfig() 17 18 // Try to run as root with exec. 19 task := &structs.Task{ 20 Driver: "exec", 21 User: "root", 22 } 23 if err := validateTask(task, taskEnv, conf); err == nil { 24 t.Fatalf("expected error running as root with exec") 25 } 26 27 // Try to run a non-blacklisted user with exec. 28 task.User = "foobar" 29 require.NoError(t, validateTask(task, taskEnv, conf)) 30 31 // Try to run as root with docker. 32 task.Driver = "docker" 33 task.User = "root" 34 require.NoError(t, validateTask(task, taskEnv, conf)) 35 } 36 37 func TestTaskRunner_Validate_ServiceName(t *testing.T) { 38 t.Parallel() 39 40 builder := taskenv.NewEmptyBuilder() 41 conf := config.DefaultConfig() 42 43 // Create a task with a service for validation 44 task := &structs.Task{ 45 Services: []*structs.Service{ 46 { 47 Name: "ok", 48 }, 49 }, 50 } 51 52 require.NoError(t, validateTask(task, builder.Build(), conf)) 53 54 // Add an env var that should validate 55 builder.SetHookEnv("test", map[string]string{"FOO": "bar"}) 56 task.Services[0].Name = "${FOO}" 57 require.NoError(t, validateTask(task, builder.Build(), conf)) 58 59 // Add an env var that should *not* validate 60 builder.SetHookEnv("test", map[string]string{"BAD": "invalid/in/consul"}) 61 task.Services[0].Name = "${BAD}" 62 require.Error(t, validateTask(task, builder.Build(), conf)) 63 }