From dca4acdd0c70cc68738d2b967c8975ee908d1ac7 Mon Sep 17 00:00:00 2001 From: Seth Hoenig Date: Sat, 15 May 2021 17:45:39 -0600 Subject: [PATCH] drivers: fixup linux version dependent test cases The error output being checked depends on the linux caps supported by the particular operating system. Fix these test cases to just check that an error did occur. --- drivers/docker/config.go | 30 -------------------- drivers/shared/capabilities/defaults_test.go | 28 +++++++++++++----- 2 files changed, 21 insertions(+), 37 deletions(-) diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 898d9172c870..aff5c5d69690 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -42,36 +42,6 @@ const ( dockerAuthHelperPrefix = "docker-credential-" ) -// nomadDefaultCaps is the subset of dockerDefaultCaps that Nomad enables by -// default and is used to compute the set of capabilities to add/drop given -// docker driver configuration. -func nomadDefaultCaps() []string { - return []string{ - "AUDIT_WRITE", - "CHOWN", - "DAC_OVERRIDE", - "FOWNER", - "FSETID", - "KILL", - "MKNOD", - "NET_BIND_SERVICE", - "SETFCAP", - "SETGID", - "SETPCAP", - "SETUID", - "SYS_CHROOT", - } -} - -// dockerDefaultCaps is a list of Linux capabilities enabled by docker by default -// and is used to compute the set of capabilities to add/drop given docker driver -// configuration, as well as Nomad built-in limitations. -// -// https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities -func dockerDefaultCaps() []string { - return append(nomadDefaultCaps(), "NET_RAW") -} - func PluginLoader(opts map[string]string) (map[string]interface{}, error) { conf := map[string]interface{}{} if v, ok := opts["docker.endpoint"]; ok { diff --git a/drivers/shared/capabilities/defaults_test.go b/drivers/shared/capabilities/defaults_test.go index 408f954ea0c7..7fd03513ea8f 100644 --- a/drivers/shared/capabilities/defaults_test.go +++ b/drivers/shared/capabilities/defaults_test.go @@ -33,8 +33,9 @@ func TestCaps_Calculate(t *testing.T) { capDrop []string // task config // output - exp []string - err error + exp []string + err error + skip bool // error message is linux version dependent }{ { name: "the default setting", @@ -77,6 +78,7 @@ func TestCaps_Calculate(t *testing.T) { err: nil, }, { + skip: true, name: "allow defaults and add all", allowCaps: NomadDefaults().Slice(false), capAdd: []string{"all"}, @@ -135,8 +137,13 @@ func TestCaps_Calculate(t *testing.T) { } { t.Run(tc.name, func(t *testing.T) { caps, err := Calculate(NomadDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop) - require.Equal(t, tc.err, err) - require.Equal(t, tc.exp, caps) + if !tc.skip { + require.Equal(t, tc.err, err) + require.Equal(t, tc.exp, caps) + } else { + require.Error(t, err) + require.Equal(t, tc.exp, caps) + } }) } } @@ -154,6 +161,7 @@ func TestCaps_Delta(t *testing.T) { expAdd []string expDrop []string err error + skip bool // error message is linux version dependent }{ { name: "the default setting", @@ -249,6 +257,7 @@ func TestCaps_Delta(t *testing.T) { err: nil, }, { + skip: true, name: "add all atop defaults", allowCaps: NomadDefaults().Slice(false), capAdd: []string{"all"}, @@ -260,9 +269,14 @@ func TestCaps_Delta(t *testing.T) { } { t.Run(tc.name, func(t *testing.T) { add, drop, err := Delta(DockerDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop) - require.Equal(t, tc.err, err) - require.Equal(t, tc.expAdd, add) - require.Equal(t, tc.expDrop, drop) + if !tc.skip { + require.Equal(t, tc.err, err) + require.Equal(t, tc.expAdd, add) + require.Equal(t, tc.expDrop, drop) + } else { + require.Error(t, err) + require.Equal(t, tc.expDrop, drop) + } }) } }