Deleted
Added
test_go_isolation.py (1293:40251b822c85) | test_go_isolation.py (1296:77f76e7b800f) |
---|---|
1import pwd 2import grp 3import json 4import unittest 5from unit.applications.lang.go import TestApplicationGo 6from unit.feature.isolation import TestFeatureIsolation 7 8 --- 18 unchanged lines hidden (view full) --- 27 'success', 28 self.conf(isolation, 'applications/ns_inspect/isolation'), 29 'configure isolation', 30 ) 31 32 def test_isolation_values(self): 33 self.load('ns_inspect') 34 | 1import pwd 2import grp 3import json 4import unittest 5from unit.applications.lang.go import TestApplicationGo 6from unit.feature.isolation import TestFeatureIsolation 7 8 --- 18 unchanged lines hidden (view full) --- 27 'success', 28 self.conf(isolation, 'applications/ns_inspect/isolation'), 29 'configure isolation', 30 ) 31 32 def test_isolation_values(self): 33 self.load('ns_inspect') 34 |
35 obj = self.isolation.parsejson(self.get()['body']) | 35 obj = self.getjson()['body'] |
36 37 for ns, ns_value in self.available['features']['isolation'].items(): 38 if ns.upper() in obj['NS']: 39 self.assertEqual( 40 obj['NS'][ns.upper()], ns_value, '%s match' % ns 41 ) 42 43 def test_isolation_user(self): --- 5 unchanged lines hidden (view full) --- 49 50 user_id = pwd.getpwnam('nobody').pw_uid 51 52 try: 53 group_id = grp.getgrnam('nogroup').gr_gid 54 except: 55 group_id = grp.getgrnam('nobody').gr_gid 56 | 36 37 for ns, ns_value in self.available['features']['isolation'].items(): 38 if ns.upper() in obj['NS']: 39 self.assertEqual( 40 obj['NS'][ns.upper()], ns_value, '%s match' % ns 41 ) 42 43 def test_isolation_user(self): --- 5 unchanged lines hidden (view full) --- 49 50 user_id = pwd.getpwnam('nobody').pw_uid 51 52 try: 53 group_id = grp.getgrnam('nogroup').gr_gid 54 except: 55 group_id = grp.getgrnam('nobody').gr_gid 56 |
57 obj = self.isolation.parsejson(self.get()['body']) | 57 obj = self.getjson()['body'] |
58 59 self.assertTrue(obj['UID'] != 0, 'uid not zero') 60 self.assertTrue(obj['GID'] != 0, 'gid not zero') 61 62 if self.is_su: 63 self.assertEqual(obj['UID'], user_id, 'uid match') 64 self.assertEqual(obj['GID'], group_id, 'gid match') 65 else: 66 self.assertEqual(obj['UID'], self.uid, 'uid match') 67 self.assertEqual(obj['GID'], self.gid, 'gid match') 68 69 self.conf_isolation({"namespaces": {"credential": True}}) 70 | 58 59 self.assertTrue(obj['UID'] != 0, 'uid not zero') 60 self.assertTrue(obj['GID'] != 0, 'gid not zero') 61 62 if self.is_su: 63 self.assertEqual(obj['UID'], user_id, 'uid match') 64 self.assertEqual(obj['GID'], group_id, 'gid match') 65 else: 66 self.assertEqual(obj['UID'], self.uid, 'uid match') 67 self.assertEqual(obj['GID'], self.gid, 'gid match') 68 69 self.conf_isolation({"namespaces": {"credential": True}}) 70 |
71 obj = self.isolation.parsejson(self.get()['body']) | 71 obj = self.getjson()['body'] |
72 73 # default uid and gid maps current user to nobody 74 self.assertEqual(obj['UID'], user_id, 'uid nobody') 75 self.assertEqual(obj['GID'], group_id, 'gid nobody') 76 77 self.conf_isolation( 78 { 79 "namespaces": {"credential": True}, 80 "uidmap": [ 81 {"container": user_id, "host": self.uid, "size": 1} 82 ], 83 "gidmap": [ 84 {"container": group_id, "host": self.gid, "size": 1} 85 ], 86 } 87 ) 88 | 72 73 # default uid and gid maps current user to nobody 74 self.assertEqual(obj['UID'], user_id, 'uid nobody') 75 self.assertEqual(obj['GID'], group_id, 'gid nobody') 76 77 self.conf_isolation( 78 { 79 "namespaces": {"credential": True}, 80 "uidmap": [ 81 {"container": user_id, "host": self.uid, "size": 1} 82 ], 83 "gidmap": [ 84 {"container": group_id, "host": self.gid, "size": 1} 85 ], 86 } 87 ) 88 |
89 obj = self.isolation.parsejson(self.get()['body']) | 89 obj = self.getjson()['body'] |
90 91 self.assertEqual(obj['UID'], user_id, 'uid match') 92 self.assertEqual(obj['GID'], group_id, 'gid match') 93 94 def test_isolation_mnt(self): 95 if not self.isolation_key('mnt'): 96 print('mnt namespace is not supported') 97 raise unittest.SkipTest() 98 99 if not self.isolation_key('unprivileged_userns_clone'): 100 print('unprivileged clone is not available') 101 raise unittest.SkipTest() 102 103 self.load('ns_inspect') 104 self.conf_isolation( 105 {"namespaces": {"mount": True, "credential": True}} 106 ) 107 | 90 91 self.assertEqual(obj['UID'], user_id, 'uid match') 92 self.assertEqual(obj['GID'], group_id, 'gid match') 93 94 def test_isolation_mnt(self): 95 if not self.isolation_key('mnt'): 96 print('mnt namespace is not supported') 97 raise unittest.SkipTest() 98 99 if not self.isolation_key('unprivileged_userns_clone'): 100 print('unprivileged clone is not available') 101 raise unittest.SkipTest() 102 103 self.load('ns_inspect') 104 self.conf_isolation( 105 {"namespaces": {"mount": True, "credential": True}} 106 ) 107 |
108 obj = self.isolation.parsejson(self.get()['body']) | 108 obj = self.getjson()['body'] |
109 110 # all but user and mnt 111 allns = list(self.available['features']['isolation'].keys()) 112 allns.remove('user') 113 allns.remove('mnt') 114 115 for ns in allns: 116 if ns.upper() in obj['NS']: --- 17 unchanged lines hidden (view full) --- 134 135 if not self.isolation_key('unprivileged_userns_clone'): 136 print('unprivileged clone is not available') 137 raise unittest.SkipTest() 138 139 self.load('ns_inspect') 140 self.conf_isolation({"namespaces": {"pid": True, "credential": True}}) 141 | 109 110 # all but user and mnt 111 allns = list(self.available['features']['isolation'].keys()) 112 allns.remove('user') 113 allns.remove('mnt') 114 115 for ns in allns: 116 if ns.upper() in obj['NS']: --- 17 unchanged lines hidden (view full) --- 134 135 if not self.isolation_key('unprivileged_userns_clone'): 136 print('unprivileged clone is not available') 137 raise unittest.SkipTest() 138 139 self.load('ns_inspect') 140 self.conf_isolation({"namespaces": {"pid": True, "credential": True}}) 141 |
142 obj = self.isolation.parsejson(self.get()['body']) | 142 obj = self.getjson()['body'] |
143 144 self.assertEqual(obj['PID'], 1, 'pid of container is 1') 145 146 def test_isolation_namespace_false(self): 147 self.load('ns_inspect') 148 allns = list(self.available['features']['isolation'].keys()) 149 150 remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup'] --- 9 unchanged lines hidden (view full) --- 160 namespaces['network'] = False 161 elif ns == 'uts': 162 namespaces['uname'] = False 163 else: 164 namespaces[ns] = False 165 166 self.conf_isolation({"namespaces": namespaces}) 167 | 143 144 self.assertEqual(obj['PID'], 1, 'pid of container is 1') 145 146 def test_isolation_namespace_false(self): 147 self.load('ns_inspect') 148 allns = list(self.available['features']['isolation'].keys()) 149 150 remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup'] --- 9 unchanged lines hidden (view full) --- 160 namespaces['network'] = False 161 elif ns == 'uts': 162 namespaces['uname'] = False 163 else: 164 namespaces[ns] = False 165 166 self.conf_isolation({"namespaces": namespaces}) 167 |
168 obj = self.isolation.parsejson(self.get()['body']) | 168 obj = self.getjson()['body'] |
169 170 for ns in allns: 171 if ns.upper() in obj['NS']: 172 self.assertEqual( 173 obj['NS'][ns.upper()], 174 self.available['features']['isolation'][ns], 175 '%s match' % ns, 176 ) 177 178 179if __name__ == '__main__': 180 TestGoIsolation.main() | 169 170 for ns in allns: 171 if ns.upper() in obj['NS']: 172 self.assertEqual( 173 obj['NS'][ns.upper()], 174 self.available['features']['isolation'][ns], 175 '%s match' % ns, 176 ) 177 178 179if __name__ == '__main__': 180 TestGoIsolation.main() |