File: capabilities_test.go

package info (click to toggle)
docker.io 20.10.24%2Bdfsg1-1%2Bdeb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bookworm-proposed-updates
  • size: 60,824 kB
  • sloc: sh: 5,621; makefile: 593; ansic: 179; python: 162; asm: 7
file content (119 lines) | stat: -rw-r--r-- 2,474 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
package opts

import (
	"strconv"
	"testing"

	"gotest.tools/v3/assert"
)

func TestNormalizeCapability(t *testing.T) {
	tests := []struct{ in, out string }{
		{in: "ALL", out: "ALL"},
		{in: "FOO", out: "CAP_FOO"},
		{in: "CAP_FOO", out: "CAP_FOO"},
		{in: "CAPFOO", out: "CAP_CAPFOO"},

		// case-insensitive handling
		{in: "aLl", out: "ALL"},
		{in: "foO", out: "CAP_FOO"},
		{in: "cAp_foO", out: "CAP_FOO"},

		// white space handling. strictly, these could be considered "invalid",
		// but are a likely situation, so handling these for now.
		{in: "  ALL  ", out: "ALL"},
		{in: "  FOO  ", out: "CAP_FOO"},
		{in: "  CAP_FOO  ", out: "CAP_FOO"},
		{in: " 	 ALL 	 ", out: "ALL"},
		{in: " 	 FOO 	 ", out: "CAP_FOO"},
		{in: " 	 CAP_FOO 	 ", out: "CAP_FOO"},

		// weird values: no validation takes place currently, so these
		// are handled same as values above; we could consider not accepting
		// these in future
		{in: "SOME CAP", out: "CAP_SOME CAP"},
		{in: "_FOO", out: "CAP__FOO"},
	}

	for _, tc := range tests {
		tc := tc
		t.Run(tc.in, func(t *testing.T) {
			assert.Equal(t, NormalizeCapability(tc.in), tc.out)
		})
	}
}

func TestEffectiveCapAddCapDrop(t *testing.T) {
	type caps struct {
		add, drop []string
	}

	tests := []struct {
		in, out caps
	}{
		{
			in: caps{
				add:  []string{"one", "two"},
				drop: []string{"one", "two"},
			},
			out: caps{
				add: []string{"CAP_ONE", "CAP_TWO"},
			},
		},
		{
			in: caps{
				add:  []string{"CAP_ONE", "cap_one", "CAP_TWO"},
				drop: []string{"one", "cap_two"},
			},
			out: caps{
				add: []string{"CAP_ONE", "CAP_TWO"},
			},
		},
		{
			in: caps{
				add:  []string{"CAP_ONE", "CAP_TWO"},
				drop: []string{"CAP_ONE", "CAP_THREE"},
			},
			out: caps{
				add:  []string{"CAP_ONE", "CAP_TWO"},
				drop: []string{"CAP_THREE"},
			},
		},
		{
			in: caps{
				add:  []string{"ALL"},
				drop: []string{"CAP_ONE", "CAP_TWO"},
			},
			out: caps{
				add:  []string{"ALL"},
				drop: []string{"CAP_ONE", "CAP_TWO"},
			},
		},
		{
			in: caps{
				add: []string{"ALL", "CAP_ONE"},
			},
			out: caps{
				add: []string{"ALL"},
			},
		},
		{
			in: caps{
				drop: []string{"ALL", "CAP_ONE"},
			},
			out: caps{
				drop: []string{"ALL"},
			},
		},
	}

	for i, tc := range tests {
		tc := tc
		t.Run(strconv.Itoa(i), func(t *testing.T) {
			add, drop := EffectiveCapAddCapDrop(tc.in.add, tc.in.drop)
			assert.DeepEqual(t, add, tc.out.add)
			assert.DeepEqual(t, drop, tc.out.drop)

		})
	}
}