add WithAdditionalGIDs test

junnplus · AkihiroSuda · commit b45e30292ce9 · 2023-02-10T17:38:28.000+09:00
Signed-off-by: Ye Sijun <junnplus@gmail.com> (cherry picked from commit 72b87ad) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
diff --git a/oci/spec_opts.go b/oci/spec_opts.go
@@ -733,7 +733,7 @@ func WithUsername(username string) SpecOpts {
 }
 
 // WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed
-// for a particular user in the /etc/groups file of the image's root filesystem
+// for a particular user in the /etc/group file of the image's root filesystem
 // The passed in user can be either a uid or a username.
 func WithAdditionalGIDs(userstr string) SpecOpts {
 	return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) {
diff --git a/oci/spec_opts_linux_test.go b/oci/spec_opts_linux_test.go
@@ -30,6 +30,71 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// nolint:gosec
+func TestWithAdditionalGIDs(t *testing.T) {
+	t.Parallel()
+	expectedPasswd := `root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+`
+	expectedGroup := `root:x:0:root
+bin:x:1:root,bin,daemon
+daemon:x:2:root,bin,daemon
+sys:x:3:root,bin,adm
+`
+	td := t.TempDir()
+	apply := fstest.Apply(
+		fstest.CreateDir("/etc", 0777),
+		fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
+		fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
+	)
+	if err := apply.Apply(td); err != nil {
+		t.Fatalf("failed to apply: %v", err)
+	}
+	c := containers.Container{ID: t.Name()}
+
+	testCases := []struct {
+		name     string
+		user     string
+		expected []uint32
+	}{
+		{
+			user:     "root",
+			expected: []uint32{},
+		},
+		{
+			user:     "1000",
+			expected: []uint32{},
+		},
+		{
+			user:     "bin",
+			expected: []uint32{2, 3},
+		},
+		{
+			user:     "bin:root",
+			expected: []uint32{},
+		},
+		{
+			user:     "daemon",
+			expected: []uint32{1},
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.user, func(t *testing.T) {
+			t.Parallel()
+			s := Spec{
+				Version: specs.Version,
+				Root: &specs.Root{
+					Path: td,
+				},
+			}
+			err := WithAdditionalGIDs(testCase.user)(context.Background(), nil, &c, &s)
+			assert.NoError(t, err)
+			assert.Equal(t, testCase.expected, s.Process.User.AdditionalGids)
+		})
+	}
+}
+
 func TestAddCaps(t *testing.T) {
 	t.Parallel()
 

Original file line number	Diff line number	Diff line change
`@@ -733,7 +733,7 @@ func WithUsername(username string) SpecOpts {`
`733`	`733`	`}`
`734`	`734`
`735`	`735`	`// WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed`
`736`		`-// for a particular user in the /etc/groups file of the image's root filesystem`
	`736`	`+// for a particular user in the /etc/group file of the image's root filesystem`
`737`	`737`	`// The passed in user can be either a uid or a username.`
`738`	`738`	`func WithAdditionalGIDs(userstr string) SpecOpts {`
`739`	`739`	`return func(ctx context.Context, client Client, c containers.Container, s Spec) (err error) {`