Merge pull request #521 from Mashimiao/complete-inside-test

Zhou Hao · web-flow · commit 801ab0ce3c00 · 2017-11-21T16:58:43.000+08:00
Complete Container Inside Test
diff --git a/validation/validation_test.go b/validation/validation_test.go
@@ -22,6 +22,9 @@ var (
 	runtimeCommand = "runc"
 )
 
+// build test environment before running container
+type preFunc func(string) error
+
 func init() {
 	runtimeInEnv := os.Getenv("RUNTIME")
 	if runtimeInEnv != "" {
@@ -50,15 +53,22 @@ func prepareBundle() (string, error) {
 func getDefaultGenerator() *generate.Generator {
 	g := generate.New()
 	g.SetRootPath(".")
-	g.SetProcessArgs([]string{"/runtimetest"})
+	g.SetProcessArgs([]string{"/runtimetest", "--path=/"})
 	return &g
 }
 
-func runtimeInsideValidate(g *generate.Generator) error {
+func runtimeInsideValidate(g *generate.Generator, f preFunc) error {
 	bundleDir, err := prepareBundle()
 	if err != nil {
 		return err
 	}
+
+	if f != nil {
+		if err := f(bundleDir); err != nil {
+			return err
+		}
+	}
+
 	r, err := NewRuntime(runtimeCommand, bundleDir)
 	if err != nil {
 		os.RemoveAll(bundleDir)
@@ -85,15 +95,15 @@ func runtimeInsideValidate(g *generate.Generator) error {
 func TestValidateBasic(t *testing.T) {
 	g := getDefaultGenerator()
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test whether rootfs Readonly can be applied as false
 func TestValidateRootFSReadWrite(t *testing.T) {
 	g := getDefaultGenerator()
 	g.SetRootReadonly(false)
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test whether rootfs Readonly can be applied as true
@@ -105,15 +115,40 @@ func TestValidateRootFSReadonly(t *testing.T) {
 	g := getDefaultGenerator()
 	g.SetRootReadonly(true)
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
+}
+
+// Test Process
+func TestValidateProcess(t *testing.T) {
+	g := getDefaultGenerator()
+	g.SetProcessCwd("/test")
+	g.AddProcessEnv("testa", "valuea")
+	g.AddProcessEnv("testb", "123")
+
+	assert.Nil(t, runtimeInsideValidate(g, func(path string) error {
+		pathName := filepath.Join(path, "test")
+		return os.MkdirAll(pathName, 0700)
+	}))
+}
+
+// Test whether Capabilites can be applied or not
+func TestValidateCapabilities(t *testing.T) {
+	if "linux" != runtime.GOOS {
+		t.Skip("skip linux-specific capabilities test")
+	}
+
+	g := getDefaultGenerator()
+	g.SetupPrivileged(true)
+
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test whether hostname can be applied or not
 func TestValidateHostname(t *testing.T) {
 	g := getDefaultGenerator()
 	g.SetHostname("hostname-specific")
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 func TestValidateRootfsPropagationPrivate(t *testing.T) {
@@ -129,15 +164,98 @@ func TestValidateRootfsPropagationShared(t *testing.T) {
 	g.SetupPrivileged(true)
 	g.SetLinuxRootPropagation("shared")
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 func TestValidateRootfsPropagationUnbindable(t *testing.T) {
 	g := getDefaultGenerator()
 	g.SetupPrivileged(true)
 	g.SetLinuxRootPropagation("unbindable")
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
+}
+
+func TestValidateLinuxDevices(t *testing.T) {
+	g := getDefaultGenerator()
+
+	// add char device
+	cdev := rspecs.LinuxDevice{}
+	cdev.Path = "/dev/test1"
+	cdev.Type = "c"
+	cdev.Major = 10
+	cdev.Minor = 666
+	cmode := os.FileMode(int32(432))
+	cdev.FileMode = &cmode
+	cuid := uint32(0)
+	cdev.UID = &cuid
+	cgid := uint32(0)
+	cdev.GID = &cgid
+	g.AddDevice(cdev)
+	// add block device
+	bdev := rspecs.LinuxDevice{}
+	bdev.Path = "/dev/test2"
+	bdev.Type = "b"
+	bdev.Major = 8
+	bdev.Minor = 666
+	bmode := os.FileMode(int32(432))
+	bdev.FileMode = &bmode
+	uid := uint32(0)
+	bdev.UID = &uid
+	gid := uint32(0)
+	bdev.GID = &gid
+	g.AddDevice(bdev)
+	// add fifo device
+	pdev := rspecs.LinuxDevice{}
+	pdev.Path = "/dev/test3"
+	pdev.Type = "p"
+	pdev.Major = 8
+	pdev.Minor = 666
+	pmode := os.FileMode(int32(432))
+	pdev.FileMode = &pmode
+	g.AddDevice(pdev)
+
+	assert.Nil(t, runtimeInsideValidate(g, nil))
+}
+
+func TestValidateMaskedPaths(t *testing.T) {
+	g := getDefaultGenerator()
+	g.AddLinuxMaskedPaths("/masktest")
+
+	assert.Nil(t, runtimeInsideValidate(g, func(path string) error {
+		pathName := filepath.Join(path, "masktest")
+		return os.MkdirAll(pathName, 0700)
+	}))
+}
+
+func TestValidateROPaths(t *testing.T) {
+	g := getDefaultGenerator()
+	g.AddLinuxReadonlyPaths("readonlytest")
+
+	assert.Nil(t, runtimeInsideValidate(g, func(path string) error {
+		pathName := filepath.Join(path, "readonlytest")
+		return os.MkdirAll(pathName, 0700)
+	}))
+}
+
+func TestValidateOOMScoreAdj(t *testing.T) {
+	g := getDefaultGenerator()
+	g.SetProcessOOMScoreAdj(500)
+
+	assert.Nil(t, runtimeInsideValidate(g, nil))
+}
+
+func TestValidateUIDMappings(t *testing.T) {
+	g := getDefaultGenerator()
+	g.AddLinuxUIDMapping(uint32(1000), uint32(0), uint32(3200))
+
+	assert.Nil(t, runtimeInsideValidate(g, nil))
+}
+
+func TestValidateGIDMappings(t *testing.T) {
+	g := getDefaultGenerator()
+	g.AddLinuxGIDMapping(uint32(1000), uint32(0), uint32(3200))
+
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test whether mounts are correctly mounted
@@ -151,15 +269,15 @@ func TestValidateRlimits(t *testing.T) {
 	g := getDefaultGenerator()
 	g.AddProcessRlimits("RLIMIT_NOFILE", 1024, 1024)
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test whether sysctls can be applied or not
 func TestValidateSysctls(t *testing.T) {
 	g := getDefaultGenerator()
 	g.AddLinuxSysctl("net.ipv4.ip_forward", "1")
 
-	assert.Nil(t, runtimeInsideValidate(g))
+	assert.Nil(t, runtimeInsideValidate(g, nil))
 }
 
 // Test Create operation
