Rewrite TestBuildWithInaccessibleFilesInContext to not use fixtures

Signed-off-by: Alexandr Morozov <lk4d4@docker.com>

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore

@@ -1 +0,0 @@
-directoryWeCantStat

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile

@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar

@@ -1 +0,0 @@
-foo

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile

@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar

@@ -1 +0,0 @@
-foo

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile

@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess

@@ -1 +0,0 @@
-should make `docker build` throw an error

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile

@@ -1,2 +0,0 @@
-FROM busybox
-ADD . /foo/

integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g

@@ -1 +0,0 @@
-../../../../../../../../../../../../../../../../../../../azA

integration-cli/docker_cli_build_test.go

@@ -488,31 +488,23 @@ func TestBuildCopyDisallowRemote(t *testing.T) {
 // Issue #5270 - ensure we throw a better error than "unexpected EOF"
 // when we can't access files in the context.
 func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
-	testDirName := "TestBuildWithInaccessibleFilesInContext"
-
-	sourceDirectory := filepath.Join(workingDirectory, "build_tests", testDirName)
-	buildDirectory, err := ioutil.TempDir("", "test-build-inaccessible-directory")
-	defer os.RemoveAll(buildDirectory)
-
-	err = copyWithCP(sourceDirectory, buildDirectory)
-	if err != nil {
-		t.Fatalf("failed to copy files to temporary directory: %s", err)
-	}
-
-	buildDirectory = filepath.Join(buildDirectory, testDirName)
 	{
+		name := "testbuildinaccessiblefiles"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we detect inaccessible files early during build in the cli client
-		pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile")
-		pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess")
+		pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
 
-		err := os.Chown(pathToFileWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToFileWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err))
 		err = os.Chmod(pathToFileWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err))
-
-		buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleFileBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err == nil || exitCode == 0 {
 			t.Fatalf("build should have failed: %s %s", err, out)
@@ -528,21 +520,26 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 		}
 	}
 	{
+		name := "testbuildinaccessibledirectory"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we detect inaccessible directories early during build in the cli client
-		pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "inaccessibledirectory")
-		pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
 
-		err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
 		err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
 		errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
 		err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
 
-		buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err == nil || exitCode == 0 {
 			t.Fatalf("build should have failed: %s %s", err, out)
@@ -559,41 +556,52 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
 
 	}
 	{
+		name := "testlinksok"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
+		if err := os.Symlink(filepath.Join(ctx.Dir, "g"), "../../../../../../../../../../../../../../../../../../../azA"); err != nil {
+			t.Fatal(err)
+		}
 		// This is used to ensure we don't follow links when checking if everything in the context is accessible
 		// This test doesn't require that we run commands as an unprivileged user
-		pathToDirectoryWhichContainsLinks := filepath.Join(buildDirectory, "linksdirectory")
-
-		out, exitCode, err := dockerCmdInDir(t, pathToDirectoryWhichContainsLinks, "build", "-t", "testlinksok", ".")
-		if err != nil || exitCode != 0 {
-			t.Fatalf("build should have worked: %s %s", err, out)
+		if _, err := buildImageFromContext(name, ctx, true); err != nil {
+			t.Fatal(err)
 		}
-
-		deleteImages("testlinksok")
-
 	}
 	{
+		name := "testbuildignoredinaccessible"
+		defer deleteImages(name)
+		ctx, err := fakeContext("FROM scratch\nADD . /foo/",
+			map[string]string{
+				"directoryWeCantStat/bar": "foo",
+				".dockerignore":           "directoryWeCantStat",
+			})
+		if err != nil {
+			t.Fatal(err)
+		}
+		defer ctx.Close()
 		// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
-		pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "ignoredinaccessible")
-		pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
+		pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
 		pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
-		err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
+		err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
 		errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
 		err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
 		errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
 		err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
 		errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
 
-		buildCommandStatement := fmt.Sprintf("%s build -t ignoredinaccessible .", dockerBinary)
-		buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
-		buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
+		buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
+		buildCmd.Dir = ctx.Dir
 		out, exitCode, err := runCommandWithOutput(buildCmd)
 		if err != nil || exitCode != 0 {
 			t.Fatalf("build should have worked: %s %s", err, out)
 		}
-		deleteImages("ignoredinaccessible")
 
 	}
-	deleteImages("inaccessiblefiles")
 	logDone("build - ADD from context with inaccessible files must fail")
 	logDone("build - ADD from context with accessible links must work")
 	logDone("build - ADD from context with ignored inaccessible files must work")

integration-cli/docker_utils.go

@@ -440,6 +440,9 @@ func fakeContext(dockerfile string, files map[string]string) (*FakeContext, erro
 	if err != nil {
 		return nil, err
 	}
+	if err := os.Chmod(tmp, 0755); err != nil {
+		return nil, err
+	}
 	ctx := &FakeContext{tmp}
 	for file, content := range files {
 		if err := ctx.Add(file, content); err != nil {