beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rewrite TestBuildWithInaccessibleFilesInContext to not use fixtures

Browse source 
Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
This commit is contained in:
Alexandr Morozov 2014-09-24 16:42:17 +04:00
parent 52cf331206
commit 51a56399f6
11 changed files with 52 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/.dockerignore
View file

@ -1 +0,0 @@
directoryWeCantStat

2
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/Dockerfile
View file

@ -1,2 +0,0 @@
FROM busybox
ADD . /foo/

1
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/ignoredinaccessible/directoryWeCantStat/bar
View file

@ -1 +0,0 @@
foo

2
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/Dockerfile
View file

@ -1,2 +0,0 @@
FROM busybox
ADD . /foo/

1
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessibledirectory/directoryWeCantStat/bar
View file

@ -1 +0,0 @@
foo

2
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/Dockerfile
View file

@ -1,2 +0,0 @@
FROM busybox
ADD . /foo/

1
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/inaccessiblefile/fileWithoutReadAccess
View file

@ -1 +0,0 @@
should make `docker build` throw an error

2
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/Dockerfile
View file

@ -1,2 +0,0 @@
FROM busybox
ADD . /foo/

1
integration-cli/build_tests/TestBuildWithInaccessibleFilesInContext/linksdirectory/g
View file

@ -1 +0,0 @@
../../../../../../../../../../../../../../../../../../../azA

90
integration-cli/docker_cli_build_test.go
View file

@ -488,31 +488,23 @@ func TestBuildCopyDisallowRemote(t *testing.T) {
// Issue #5270 - ensure we throw a better error than "unexpected EOF"
// when we can't access files in the context.
func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
testDirName := "TestBuildWithInaccessibleFilesInContext"
sourceDirectory := filepath.Join(workingDirectory, "build_tests", testDirName)
buildDirectory, err := ioutil.TempDir("", "test-build-inaccessible-directory")
defer os.RemoveAll(buildDirectory)
err = copyWithCP(sourceDirectory, buildDirectory)
if err != nil {
t.Fatalf("failed to copy files to temporary directory: %s", err)
}
buildDirectory = filepath.Join(buildDirectory, testDirName)
{
name := "testbuildinaccessiblefiles"
defer deleteImages(name)
ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"fileWithoutReadAccess": "foo"})
if err != nil {
t.Fatal(err)
}
defer ctx.Close()
// This is used to ensure we detect inaccessible files early during build in the cli client
pathToInaccessibleFileBuildDirectory := filepath.Join(buildDirectory, "inaccessiblefile")
pathToFileWithoutReadAccess := filepath.Join(pathToInaccessibleFileBuildDirectory, "fileWithoutReadAccess")
pathToFileWithoutReadAccess := filepath.Join(ctx.Dir, "fileWithoutReadAccess")
err := os.Chown(pathToFileWithoutReadAccess, 0, 0)
err = os.Chown(pathToFileWithoutReadAccess, 0, 0)
errorOut(err, t, fmt.Sprintf("failed to chown file to root: %s", err))
err = os.Chmod(pathToFileWithoutReadAccess, 0700)
errorOut(err, t, fmt.Sprintf("failed to chmod file to 700: %s", err))
buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
buildCmd.Dir = pathToInaccessibleFileBuildDirectory
buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
buildCmd.Dir = ctx.Dir
out, exitCode, err := runCommandWithOutput(buildCmd)
if err == nil || exitCode == 0 {
t.Fatalf("build should have failed: %s %s", err, out)
@ -528,21 +520,26 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
}
}
{
name := "testbuildinaccessibledirectory"
defer deleteImages(name)
ctx, err := fakeContext("FROM scratch\nADD . /foo/", map[string]string{"directoryWeCantStat/bar": "foo"})
if err != nil {
t.Fatal(err)
}
defer ctx.Close()
// This is used to ensure we detect inaccessible directories early during build in the cli client
pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "inaccessibledirectory")
pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
buildCommandStatement := fmt.Sprintf("%s build -t inaccessiblefiles .", dockerBinary)
buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
buildCmd.Dir = ctx.Dir
out, exitCode, err := runCommandWithOutput(buildCmd)
if err == nil || exitCode == 0 {
t.Fatalf("build should have failed: %s %s", err, out)
@ -559,41 +556,52 @@ func TestBuildWithInaccessibleFilesInContext(t *testing.T) {
}
{
name := "testlinksok"
defer deleteImages(name)
ctx, err := fakeContext("FROM scratch\nADD . /foo/", nil)
if err != nil {
t.Fatal(err)
}
defer ctx.Close()
if err := os.Symlink(filepath.Join(ctx.Dir, "g"), "../../../../../../../../../../../../../../../../../../../azA"); err != nil {
t.Fatal(err)
}
// This is used to ensure we don't follow links when checking if everything in the context is accessible
// This test doesn't require that we run commands as an unprivileged user
pathToDirectoryWhichContainsLinks := filepath.Join(buildDirectory, "linksdirectory")
out, exitCode, err := dockerCmdInDir(t, pathToDirectoryWhichContainsLinks, "build", "-t", "testlinksok", ".")
if err != nil || exitCode != 0 {
t.Fatalf("build should have worked: %s %s", err, out)
if _, err := buildImageFromContext(name, ctx, true); err != nil {
t.Fatal(err)
}
deleteImages("testlinksok")
}
{
name := "testbuildignoredinaccessible"
defer deleteImages(name)
ctx, err := fakeContext("FROM scratch\nADD . /foo/",
map[string]string{
"directoryWeCantStat/bar": "foo",
".dockerignore": "directoryWeCantStat",
})
if err != nil {
t.Fatal(err)
}
defer ctx.Close()
// This is used to ensure we don't try to add inaccessible files when they are ignored by a .dockerignore pattern
pathToInaccessibleDirectoryBuildDirectory := filepath.Join(buildDirectory, "ignoredinaccessible")
pathToDirectoryWithoutReadAccess := filepath.Join(pathToInaccessibleDirectoryBuildDirectory, "directoryWeCantStat")
pathToDirectoryWithoutReadAccess := filepath.Join(ctx.Dir, "directoryWeCantStat")
pathToFileInDirectoryWithoutReadAccess := filepath.Join(pathToDirectoryWithoutReadAccess, "bar")
err := os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
err = os.Chown(pathToDirectoryWithoutReadAccess, 0, 0)
errorOut(err, t, fmt.Sprintf("failed to chown directory to root: %s", err))
err = os.Chmod(pathToDirectoryWithoutReadAccess, 0444)
errorOut(err, t, fmt.Sprintf("failed to chmod directory to 755: %s", err))
err = os.Chmod(pathToFileInDirectoryWithoutReadAccess, 0700)
errorOut(err, t, fmt.Sprintf("failed to chmod file to 444: %s", err))
buildCommandStatement := fmt.Sprintf("%s build -t ignoredinaccessible .", dockerBinary)
buildCmd := exec.Command("su", "unprivilegeduser", "-c", buildCommandStatement)
buildCmd.Dir = pathToInaccessibleDirectoryBuildDirectory
buildCmd := exec.Command("su", "unprivilegeduser", "-c", fmt.Sprintf("%s build -t %s .", dockerBinary, name))
buildCmd.Dir = ctx.Dir
out, exitCode, err := runCommandWithOutput(buildCmd)
if err != nil || exitCode != 0 {
t.Fatalf("build should have worked: %s %s", err, out)
}
deleteImages("ignoredinaccessible")
}
deleteImages("inaccessiblefiles")
logDone("build - ADD from context with inaccessible files must fail")
logDone("build - ADD from context with accessible links must work")
logDone("build - ADD from context with ignored inaccessible files must work")

3
integration-cli/docker_utils.go
View file

@ -440,6 +440,9 @@ func fakeContext(dockerfile string, files map[string]string) (*FakeContext, erro
if err != nil {
return nil, err
}
if err := os.Chmod(tmp, 0755); err != nil {
return nil, err
}
ctx := &FakeContext{tmp}
for file, content := range files {
if err := ctx.Add(file, content); err != nil {