Rename e2e test files to include _test.go suffix

The test were working fine. Just my IDE doesn't like the files
without the suffix and I don't like red errors.

Signed-off-by: Paul Holzinger <paul.holzinger@web.de>

1 files changed, 151 insertions, 0 deletions

diff --git a/test/e2e/run_security_labels_test.go b/test/e2e/run_security_labels_test.go
new file mode 100644
index 000000000..0c5621e3f
--- /dev/null
+++ b/test/e2e/run_security_labels_test.go
@@ -0,0 +1,151 @@
+package integration
+
+import (
+	"os"
+	"strings"
+
+	. "github.com/containers/podman/v2/test/utils"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman generate kube", func() {
+	var (
+		tempdir    string
+		err        error
+		podmanTest *PodmanTestIntegration
+	)
+
+	BeforeEach(func() {
+		tempdir, err = CreateTempDirInTempDir()
+		if err != nil {
+			os.Exit(1)
+		}
+		podmanTest = PodmanTestCreate(tempdir)
+		podmanTest.Setup()
+		podmanTest.SeedImages()
+
+	})
+
+	AfterEach(func() {
+		podmanTest.Cleanup()
+		f := CurrentGinkgoTestDescription()
+		processTestResult(f)
+	})
+
+	It("podman security labels", func() {
+		test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Equal("CAP_SETUID,CAP_SETGID"))
+	})
+
+	It("podman bad security labels", func() {
+		test1 := podmanTest.Podman([]string{"create", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Not(Equal("CAP_SYS_ADMIN")))
+	})
+
+	It("podman --cap-add sys_admin security labels", func() {
+		test1 := podmanTest.Podman([]string{"create", "--cap-add", "SYS_ADMIN", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Equal("CAP_SYS_ADMIN"))
+	})
+
+	It("podman --cap-drop all sys_admin security labels", func() {
+		test1 := podmanTest.Podman([]string{"create", "--cap-drop", "all", "--label", "io.containers.capabilities=sys_admin", "--name", "test1", "alpine", "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Equal(""))
+	})
+
+	It("podman security labels from image", func() {
+		test1 := podmanTest.Podman([]string{"create", "--name", "test1", "alpine", "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		commit := podmanTest.Podman([]string{"commit", "-c", "label=io.containers.capabilities=sys_chroot,setuid", "test1", "image1"})
+		commit.WaitWithDefaultTimeout()
+		Expect(commit.ExitCode()).To(BeZero())
+
+		image1 := podmanTest.Podman([]string{"create", "--name", "test2", "image1", "echo", "test1"})
+		image1.WaitWithDefaultTimeout()
+		Expect(image1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test2"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Equal("CAP_SYS_CHROOT,CAP_SETUID"))
+
+	})
+
+	It("podman --privileged security labels", func() {
+		pull := podmanTest.Podman([]string{"create", "--privileged", "--label", "io.containers.capabilities=setuid,setgid", "--name", "test1", "alpine", "echo", "test"})
+		pull.WaitWithDefaultTimeout()
+		Expect(pull.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Not(Equal("CAP_SETUID,CAP_SETGID")))
+	})
+
+	It("podman container runlabel (podman --version)", func() {
+		SkipIfRemote("runlabel not supported on podman-remote")
+		PodmanDockerfile := `
+FROM  alpine:latest
+LABEL io.containers.capabilities=chown,kill`
+
+		image := "podman-caps:podman"
+		podmanTest.BuildImage(PodmanDockerfile, image, "false")
+
+		test1 := podmanTest.Podman([]string{"create", "--name", "test1", image, "echo", "test1"})
+		test1.WaitWithDefaultTimeout()
+		Expect(test1.ExitCode()).To(BeZero())
+
+		inspect := podmanTest.Podman([]string{"inspect", "test1"})
+		inspect.WaitWithDefaultTimeout()
+		Expect(inspect.ExitCode()).To(Equal(0))
+
+		ctr := inspect.InspectContainerToJSON()
+		caps := strings.Join(ctr[0].EffectiveCaps, ",")
+		Expect(caps).To(Equal("CAP_CHOWN,CAP_KILL"))
+	})
+
+})