File: capabilities_test.go

package info (click to toggle)
golang-github-containers-common 0.33.4%2Bds1-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 856 kB
  • sloc: makefile: 118; sh: 25
file content (82 lines) | stat: -rw-r--r-- 2,385 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
package capabilities

import (
	"testing"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestAllCapabilities(t *testing.T) {
	caps := AllCapabilities()
	assert.True(t, len(caps) > 0)
	err := ValidateCapabilities(caps)
	require.Nil(t, err)
}

func TestMergeCapabilitiesDropVerify(t *testing.T) {
	adds := []string{"CAP_SYS_ADMIN", "CAP_SETUID"}
	drops := []string{"CAP_NET_ADMIN", "cap_chown"}
	base := []string{"CHOWN"}
	caps, err := MergeCapabilities(base, adds, drops)
	require.Nil(t, err)
	assert.Equal(t, []string{"CAP_SYS_ADMIN", "CAP_SETUID"}, caps)
}

func TestMergeCapabilitiesDropAddConflict(t *testing.T) {
	adds := []string{"CAP_SYS_ADMIN", "NET_ADMIN"}
	drops := []string{"CAP_NET_ADMIN", "cap_chown"}
	base := []string{"CHOWN"}
	_, err := MergeCapabilities(base, adds, drops)
	assert.Error(t, err)
}

func TestMergeCapabilitiesDrop(t *testing.T) {
	adds := []string{"CAP_SYS_ADMIN"}
	drops := []string{"CAP_NET_ADMIN", "cap_chown"}
	base := []string{"CHOWN"}
	caps, err := MergeCapabilities(base, adds, drops)
	require.Nil(t, err)
	assert.Equal(t, []string{"CAP_SYS_ADMIN"}, caps)
}

func TestMergeCapabilitiesDropAll(t *testing.T) {
	adds := []string{"CAP_SYS_ADMIN", "CAP_NET_ADMIN", "CAP_CHOWN"}
	drops := []string{"all"}
	base := []string{"CAP_SETUID"}
	caps, err := MergeCapabilities(base, adds, drops)
	require.Nil(t, err)
	assert.Equal(t, caps, adds)
}

func TestMergeCapabilitiesAddAll(t *testing.T) {
	base := []string{"CAP_SYS_ADMIN", "CAP_NET_ADMIN", "CAP_CHOWN"}
	adds := []string{"all"}
	drops := []string{}
	caps, err := MergeCapabilities(base, adds, drops)
	require.Nil(t, err)
	assert.Equal(t, caps, AllCapabilities())
}

func TestNormalizeCapabilities(t *testing.T) {
	strSlice := []string{"SYS_ADMIN", "net_admin", "CAP_CHOWN"}
	caps, err := NormalizeCapabilities(strSlice)
	require.Nil(t, err)
	err = ValidateCapabilities(caps)
	require.Nil(t, err)
	strSlice = []string{"no_ADMIN", "net_admin", "CAP_CHMOD"}
	_, err = NormalizeCapabilities(strSlice)
	assert.Error(t, err)
}

func TestValidateCapabilities(t *testing.T) {
	strSlice := []string{"CAP_SYS_ADMIN", "CAP_NET_ADMIN"}
	err := ValidateCapabilities(strSlice)
	require.Nil(t, err)
}

func TestValidateCapabilitieBadCapabilities(t *testing.T) {
	strSlice := []string{"CAP_SYS_ADMIN", "NO_ADMIN"}
	err := ValidateCapabilities(strSlice)
	assert.Error(t, err)
}