moby/builder/dockerfile/internals_linux_test.go
Salahuddin Khan 763d839261 Add ADD/COPY --chown flag support to Windows
This implements chown support on Windows. Built-in accounts as well
as accounts included in the SAM database of the container are supported.

NOTE: IDPair is now named Identity and IDMappings is now named
IdentityMapping.

The following are valid examples:
ADD --chown=Guest . <some directory>
COPY --chown=Administrator . <some directory>
COPY --chown=Guests . <some directory>
COPY --chown=ContainerUser . <some directory>

On Windows an owner is only granted the permission to read the security
descriptor and read/write the discretionary access control list. This
fix also grants read/write and execute permissions to the owner.

Signed-off-by: Salahuddin Khan <salah@docker.com>
2018-08-13 21:59:11 -07:00

163 lines
4.6 KiB
Go

package dockerfile // import "github.com/docker/docker/builder/dockerfile"
import (
"os"
"path/filepath"
"testing"
"github.com/docker/docker/api/types"
"github.com/docker/docker/pkg/idtools"
"gotest.tools/assert"
is "gotest.tools/assert/cmp"
)
func TestChownFlagParsing(t *testing.T) {
testFiles := map[string]string{
"passwd": `root:x:0:0::/bin:/bin/false
bin:x:1:1::/bin:/bin/false
wwwwww:x:21:33::/bin:/bin/false
unicorn:x:1001:1002::/bin:/bin/false
`,
"group": `root:x:0:
bin:x:1:
wwwwww:x:33:
unicorn:x:1002:
somegrp:x:5555:
othergrp:x:6666:
`,
}
// test mappings for validating use of maps
idMaps := []idtools.IDMap{
{
ContainerID: 0,
HostID: 100000,
Size: 65536,
},
}
remapped := idtools.NewIDMappingsFromMaps(idMaps, idMaps)
unmapped := &idtools.IdentityMapping{}
contextDir, cleanup := createTestTempDir(t, "", "builder-chown-parse-test")
defer cleanup()
if err := os.Mkdir(filepath.Join(contextDir, "etc"), 0755); err != nil {
t.Fatalf("error creating test directory: %v", err)
}
for filename, content := range testFiles {
createTestTempFile(t, filepath.Join(contextDir, "etc"), filename, content, 0644)
}
// positive tests
for _, testcase := range []struct {
builder *Builder
name string
chownStr string
idMapping *idtools.IdentityMapping
state *dispatchState
expected idtools.Identity
}{
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UIDNoMap",
chownStr: "1",
idMapping: unmapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 1, GID: 1},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UIDGIDNoMap",
chownStr: "0:1",
idMapping: unmapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 0, GID: 1},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UIDWithMap",
chownStr: "0",
idMapping: remapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 100000, GID: 100000},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UIDGIDWithMap",
chownStr: "1:33",
idMapping: remapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 100001, GID: 100033},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UserNoMap",
chownStr: "bin:5555",
idMapping: unmapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 1, GID: 5555},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "GroupWithMap",
chownStr: "0:unicorn",
idMapping: remapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 100000, GID: 101002},
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UserOnlyWithMap",
chownStr: "unicorn",
idMapping: remapped,
state: &dispatchState{},
expected: idtools.Identity{UID: 101001, GID: 101002},
},
} {
t.Run(testcase.name, func(t *testing.T) {
idPair, err := parseChownFlag(testcase.builder, testcase.state, testcase.chownStr, contextDir, testcase.idMapping)
assert.NilError(t, err, "Failed to parse chown flag: %q", testcase.chownStr)
assert.Check(t, is.DeepEqual(testcase.expected, idPair), "chown flag mapping failure")
})
}
// error tests
for _, testcase := range []struct {
builder *Builder
name string
chownStr string
idMapping *idtools.IdentityMapping
state *dispatchState
descr string
}{
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "BadChownFlagFormat",
chownStr: "bob:1:555",
idMapping: unmapped,
state: &dispatchState{},
descr: "invalid chown string format: bob:1:555",
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "UserNoExist",
chownStr: "bob",
idMapping: unmapped,
state: &dispatchState{},
descr: "can't find uid for user bob: no such user: bob",
},
{
builder: &Builder{options: &types.ImageBuildOptions{Platform: "linux"}},
name: "GroupNoExist",
chownStr: "root:bob",
idMapping: unmapped,
state: &dispatchState{},
descr: "can't find gid for group bob: no such group: bob",
},
} {
t.Run(testcase.name, func(t *testing.T) {
_, err := parseChownFlag(testcase.builder, testcase.state, testcase.chownStr, contextDir, testcase.idMapping)
assert.Check(t, is.Error(err, testcase.descr), "Expected error string doesn't match")
})
}
}