Skip to content

Commit 72b87ad

Browse files
junnplusjunnplus
committed
add WithAdditionalGIDs test
Signed-off-by: Ye Sijun <[email protected]>
1 parent 16992a4 commit 72b87ad

2 files changed

Lines changed: 69 additions & 1 deletion

File tree

oci/spec_opts.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -805,7 +805,7 @@ func WithUsername(username string) SpecOpts {
805805
}
806806

807807
// WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed
808-
// for a particular user in the /etc/groups file of the image's root filesystem
808+
// for a particular user in the /etc/group file of the image's root filesystem
809809
// The passed in user can be either a uid or a username.
810810
func WithAdditionalGIDs(userstr string) SpecOpts {
811811
return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) {

oci/spec_opts_linux_test.go

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,79 @@ import (
2222
"path/filepath"
2323
"testing"
2424

25+
"github.com/containerd/containerd/containers"
2526
"github.com/containerd/containerd/pkg/testutil"
27+
"github.com/containerd/continuity/fs/fstest"
2628
specs "github.com/opencontainers/runtime-spec/specs-go"
29+
"github.com/stretchr/testify/assert"
2730
"golang.org/x/sys/unix"
2831
)
2932

33+
// nolint:gosec
34+
func TestWithAdditionalGIDs(t *testing.T) {
35+
t.Parallel()
36+
expectedPasswd := `root:x:0:0:root:/root:/bin/ash
37+
bin:x:1:1:bin:/bin:/sbin/nologin
38+
daemon:x:2:2:daemon:/sbin:/sbin/nologin
39+
`
40+
expectedGroup := `root:x:0:root
41+
bin:x:1:root,bin,daemon
42+
daemon:x:2:root,bin,daemon
43+
sys:x:3:root,bin,adm
44+
`
45+
td := t.TempDir()
46+
apply := fstest.Apply(
47+
fstest.CreateDir("/etc", 0777),
48+
fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
49+
fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
50+
)
51+
if err := apply.Apply(td); err != nil {
52+
t.Fatalf("failed to apply: %v", err)
53+
}
54+
c := containers.Container{ID: t.Name()}
55+
56+
testCases := []struct {
57+
name string
58+
user string
59+
expected []uint32
60+
}{
61+
{
62+
user: "root",
63+
expected: []uint32{},
64+
},
65+
{
66+
user: "1000",
67+
expected: []uint32{},
68+
},
69+
{
70+
user: "bin",
71+
expected: []uint32{2, 3},
72+
},
73+
{
74+
user: "bin:root",
75+
expected: []uint32{},
76+
},
77+
{
78+
user: "daemon",
79+
expected: []uint32{1},
80+
},
81+
}
82+
for _, testCase := range testCases {
83+
t.Run(testCase.user, func(t *testing.T) {
84+
t.Parallel()
85+
s := Spec{
86+
Version: specs.Version,
87+
Root: &specs.Root{
88+
Path: td,
89+
},
90+
}
91+
err := WithAdditionalGIDs(testCase.user)(context.Background(), nil, &c, &s)
92+
assert.NoError(t, err)
93+
assert.Equal(t, testCase.expected, s.Process.User.AdditionalGids)
94+
})
95+
}
96+
}
97+
3098
func TestAddCaps(t *testing.T) {
3199
t.Parallel()
32100

0 commit comments

Comments
 (0)