From cce5e47d75adae3c8d0607a2483ee06a6a7a72e7 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Sat, 15 May 2021 17:45:39 -0600 Subject: [PATCH] drivers: fixup linux version dependent test cases The error output being checked depends on the linux caps supported by the particular operating system. Fix these test cases to just check that an error did occur. --- drivers/docker/config.go | 30 -------------------- drivers/docker/driver_default.go | 21 -------------- drivers/shared/capabilities/defaults_test.go | 28 +++++++++++++----- 3 files changed, 21 insertions(+), 58 deletions(-) diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 898d9172c870..aff5c5d69690 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -42,36 +42,6 @@ const ( dockerAuthHelperPrefix = "docker-credential-" ) -// nomadDefaultCaps is the subset of dockerDefaultCaps that Nomad enables by -// default and is used to compute the set of capabilities to add/drop given -// docker driver configuration. -func nomadDefaultCaps() []string { - return []string{ - "AUDIT_WRITE", - "CHOWN", - "DAC_OVERRIDE", - "FOWNER", - "FSETID", - "KILL", - "MKNOD", - "NET_BIND_SERVICE", - "SETFCAP", - "SETGID", - "SETPCAP", - "SETUID", - "SYS_CHROOT", - } -} - -// dockerDefaultCaps is a list of Linux capabilities enabled by docker by default -// and is used to compute the set of capabilities to add/drop given docker driver -// configuration, as well as Nomad built-in limitations. -// -// https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities -func dockerDefaultCaps() []string { - return append(nomadDefaultCaps(), "NET_RAW") -} - func PluginLoader(opts map[string]string) (map[string]interface{}, error) { conf := map[string]interface{}{} if v, ok := opts["docker.endpoint"]; ok { diff --git a/drivers/docker/driver_default.go b/drivers/docker/driver_default.go index 45086f7bff0f..b180ae8f92bf 100644 --- a/drivers/docker/driver_default.go +++ b/drivers/docker/driver_default.go @@ -3,30 +3,9 @@ package docker import ( - "github.com/docker/docker/oci/caps" docker "github.com/fsouza/go-dockerclient" ) func getPortBinding(ip string, port string) docker.PortBinding { return docker.PortBinding{HostIP: ip, HostPort: port} } - -func tweakCapabilities(basics, adds, drops []string) ([]string, error) { - // Moby mixes 2 different capabilities formats: prefixed with "CAP_" - // and not. We do the conversion here to have a consistent, - // non-prefixed format on the Nomad side. - for i, cap := range basics { - basics[i] = "CAP_" + cap - } - - effectiveCaps, err := caps.TweakCapabilities(basics, adds, drops, nil, false) - if err != nil { - return effectiveCaps, err - } - - for i, cap := range effectiveCaps { - effectiveCaps[i] = cap[len("CAP_"):] - } - - return effectiveCaps, nil -} diff --git a/drivers/shared/capabilities/defaults_test.go b/drivers/shared/capabilities/defaults_test.go index 408f954ea0c7..7fd03513ea8f 100644 --- a/drivers/shared/capabilities/defaults_test.go +++ b/drivers/shared/capabilities/defaults_test.go @@ -33,8 +33,9 @@ func TestCaps_Calculate(t *testing.T) { capDrop []string // task config // output - exp []string - err error + exp []string + err error + skip bool // error message is linux version dependent }{ { name: "the default setting", @@ -77,6 +78,7 @@ func TestCaps_Calculate(t *testing.T) { err: nil, }, { + skip: true, name: "allow defaults and add all", allowCaps: NomadDefaults().Slice(false), capAdd: []string{"all"}, @@ -135,8 +137,13 @@ func TestCaps_Calculate(t *testing.T) { } { t.Run(tc.name, func(t *testing.T) { caps, err := Calculate(NomadDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop) - require.Equal(t, tc.err, err) - require.Equal(t, tc.exp, caps) + if !tc.skip { + require.Equal(t, tc.err, err) + require.Equal(t, tc.exp, caps) + } else { + require.Error(t, err) + require.Equal(t, tc.exp, caps) + } }) } } @@ -154,6 +161,7 @@ func TestCaps_Delta(t *testing.T) { expAdd []string expDrop []string err error + skip bool // error message is linux version dependent }{ { name: "the default setting", @@ -249,6 +257,7 @@ func TestCaps_Delta(t *testing.T) { err: nil, }, { + skip: true, name: "add all atop defaults", allowCaps: NomadDefaults().Slice(false), capAdd: []string{"all"}, @@ -260,9 +269,14 @@ func TestCaps_Delta(t *testing.T) { } { t.Run(tc.name, func(t *testing.T) { add, drop, err := Delta(DockerDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop) - require.Equal(t, tc.err, err) - require.Equal(t, tc.expAdd, add) - require.Equal(t, tc.expDrop, drop) + if !tc.skip { + require.Equal(t, tc.err, err) + require.Equal(t, tc.expAdd, add) + require.Equal(t, tc.expDrop, drop) + } else { + require.Error(t, err) + require.Equal(t, tc.expDrop, drop) + } }) } }