github.com/kata-containers/runtime@v0.0.0-20210505125100-04f29832a923/virtcontainers/pkg/compatoci/utils_test.go

github.com/kata-containers/runtime@v0.0.0-20210505125100-04f29832a923/virtcontainers/pkg/compatoci/utils_test.go (about)

     1  // Copyright (c) 2017 Intel Corporation
     2  //
     3  // SPDX-License-Identifier: Apache-2.0
     4  //
     5  
     6  package compatoci
     7  
     8  import (
     9  	"encoding/json"
    10  	"path/filepath"
    11  	"testing"
    12  
    13  	specs "github.com/opencontainers/runtime-spec/specs-go"
    14  	"github.com/stretchr/testify/assert"
    15  )
    16  
    17  const (
    18  	tempBundlePath        = "/tmp/virtc/ocibundle/"
    19  	capabilitiesSpecArray = `
    20  		{
    21  		    "ociVersion": "1.0.0-rc2-dev",
    22  		    "process": {
    23  		        "capabilities": [
    24  		            "CAP_CHOWN",
    25  		            "CAP_DAC_OVERRIDE",
    26  		            "CAP_FSETID"
    27  		        ]
    28  		    }
    29  		}`
    30  
    31  	capabilitiesSpecStruct = `
    32  		{
    33  		    "ociVersion": "1.0.0-rc5",
    34  		    "process": {
    35  		        "capabilities": {
    36  		            "bounding": [
    37  		                "CAP_CHOWN",
    38  		                "CAP_DAC_OVERRIDE",
    39  		                "CAP_FSETID"
    40  		            ],
    41  		            "effective": [
    42  		                "CAP_CHOWN",
    43  		                "CAP_DAC_OVERRIDE",
    44  		                "CAP_FSETID"
    45  		            ],
    46  		            "inheritable": [
    47  		                "CAP_CHOWN",
    48  		                "CAP_DAC_OVERRIDE",
    49  		                "CAP_FSETID"
    50  		            ],
    51  		            "permitted": [
    52  		                "CAP_CHOWN",
    53  		                "CAP_DAC_OVERRIDE",
    54  		                "CAP_FSETID"
    55  		            ]
    56  		        }
    57  		    }
    58  		}`
    59  )
    60  
    61  func TestContainerCapabilities(t *testing.T) {
    62  	var ociSpec compatOCISpec
    63  
    64  	ociSpec.Process = &compatOCIProcess{}
    65  	ociSpec.Process.Capabilities = map[string]interface{}{
    66  		"bounding":    []interface{}{"CAP_KILL"},
    67  		"effective":   []interface{}{"CAP_KILL", "CAP_LEASE"},
    68  		"permitted":   []interface{}{"CAP_SETUID"},
    69  		"inheritable": []interface{}{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"},
    70  		"ambient":     []interface{}{""},
    71  	}
    72  
    73  	c, err := ContainerCapabilities(ociSpec)
    74  	assert.Nil(t, err)
    75  	assert.Equal(t, c.Bounding, []string{"CAP_KILL"})
    76  	assert.Equal(t, c.Effective, []string{"CAP_KILL", "CAP_LEASE"})
    77  	assert.Equal(t, c.Permitted, []string{"CAP_SETUID"})
    78  	assert.Equal(t, c.Inheritable, []string{"CAP_KILL", "CAP_LEASE", "CAP_SYS_ADMIN"})
    79  	assert.Equal(t, c.Ambient, []string{""})
    80  
    81  	ociSpec.Process.Capabilities = []interface{}{"CAP_LEASE", "CAP_SETUID"}
    82  
    83  	c, err = ContainerCapabilities(ociSpec)
    84  	assert.Nil(t, err)
    85  	assert.Equal(t, c.Bounding, []string{"CAP_LEASE", "CAP_SETUID"})
    86  	assert.Equal(t, c.Effective, []string{"CAP_LEASE", "CAP_SETUID"})
    87  	assert.Equal(t, c.Permitted, []string{"CAP_LEASE", "CAP_SETUID"})
    88  	assert.Equal(t, c.Inheritable, []string{"CAP_LEASE", "CAP_SETUID"})
    89  	assert.Equal(t, c.Ambient, []string{"CAP_LEASE", "CAP_SETUID"})
    90  
    91  	ociSpec.Process.Capabilities = nil
    92  
    93  	c, err = ContainerCapabilities(ociSpec)
    94  	assert.Nil(t, err)
    95  	assert.Equal(t, c.Bounding, []string(nil))
    96  	assert.Equal(t, c.Effective, []string(nil))
    97  	assert.Equal(t, c.Permitted, []string(nil))
    98  	assert.Equal(t, c.Inheritable, []string(nil))
    99  	assert.Equal(t, c.Ambient, []string(nil))
   100  }
   101  
   102  // use specs.Spec to decode the spec, the content of capabilities is [] string
   103  func TestCompatOCISpecWithArray(t *testing.T) {
   104  	compatOCISpec := compatOCISpec{}
   105  	err := json.Unmarshal([]byte(capabilitiesSpecArray), &compatOCISpec)
   106  	assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecArray failed")
   107  
   108  	ociSpecJSON, err := json.Marshal(compatOCISpec)
   109  	assert.Nil(t, err, "encode compatOCISpec failed")
   110  
   111  	// use specs.Spec to decode the spec, specs.Spec' capabilities is struct,
   112  	// but the content of spec' capabilities is [] string
   113  	ociSpec := specs.Spec{}
   114  	err = json.Unmarshal(ociSpecJSON, &ociSpec)
   115  	assert.NotNil(t, err, "This test should fail")
   116  
   117  	caps, err := ContainerCapabilities(compatOCISpec)
   118  	assert.Nil(t, err, "decode capabilities failed")
   119  	compatOCISpec.Process.Capabilities = caps
   120  
   121  	ociSpecJSON, err = json.Marshal(compatOCISpec)
   122  	assert.Nil(t, err, "encode compatOCISpec failed")
   123  
   124  	// capabilities has been chaged to struct
   125  	err = json.Unmarshal(ociSpecJSON, &ociSpec)
   126  	assert.Nil(t, err, "This test should fail")
   127  }
   128  
   129  // use specs.Spec to decode the spec, the content of capabilities is struct
   130  func TestCompatOCISpecWithStruct(t *testing.T) {
   131  	compatOCISpec := compatOCISpec{}
   132  	err := json.Unmarshal([]byte(capabilitiesSpecStruct), &compatOCISpec)
   133  	assert.Nil(t, err, "use compatOCISpec to decode capabilitiesSpecStruct failed")
   134  
   135  	ociSpecJSON, err := json.Marshal(compatOCISpec)
   136  	assert.Nil(t, err, "encode compatOCISpec failed")
   137  
   138  	ociSpec := specs.Spec{}
   139  	err = json.Unmarshal(ociSpecJSON, &ociSpec)
   140  	assert.Nil(t, err, "This test should not fail")
   141  }
   142  
   143  func TestGetConfigPath(t *testing.T) {
   144  	expected := filepath.Join(tempBundlePath, "config.json")
   145  	configPath := getConfigPath(tempBundlePath)
   146  	assert.Equal(t, configPath, expected)
   147  }