From 7b30659629deaddafc7fc925d869324ae754c216 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 19 Jul 2018 11:24:42 -0400 Subject: Enforce namespace checks on container add Signed-off-by: Matthew Heon --- libpod/state_test.go | 100 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 97 insertions(+), 3 deletions(-) (limited to 'libpod/state_test.go') diff --git a/libpod/state_test.go b/libpod/state_test.go index 0c924a1f1..4e9ba8850 100644 --- a/libpod/state_test.go +++ b/libpod/state_test.go @@ -331,6 +331,45 @@ func TestAddCtrDepInDifferentNamespaceFails(t *testing.T) { }) } +func TestAddCtrSameNamespaceSucceeds(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, lockPath string) { + testCtr, err := getTestCtr1(lockPath) + assert.NoError(t, err) + + testCtr.config.Namespace = "test1" + + state.SetNamespace("test1") + + err = state.AddContainer(testCtr) + assert.NoError(t, err) + + retrievedCtr, err := state.Container(testCtr.ID()) + assert.NoError(t, err) + + testContainersEqual(t, testCtr, retrievedCtr) + }) +} + +func TestAddCtrDifferentNamespaceFails(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, lockPath string) { + testCtr, err := getTestCtr1(lockPath) + assert.NoError(t, err) + + testCtr.config.Namespace = "test1" + + state.SetNamespace("test2") + + err = state.AddContainer(testCtr) + assert.Error(t, err) + + state.SetNamespace("") + + ctrs, err := state.AllContainers() + assert.NoError(t, err) + assert.Equal(t, 0, len(ctrs)) + }) +} + func TestGetNonexistentContainerFails(t *testing.T) { runForAllStates(t, func(t *testing.T, state State, lockPath string) { _, err := state.Container("does not exist") @@ -2493,7 +2532,7 @@ func TestRemoveContainersNotInNamespace(t *testing.T) { state.SetNamespace("test2") - err := state.RemovePodContainers(testPod) + err = state.RemovePodContainers(testPod) assert.Error(t, err) }) } @@ -3019,6 +3058,61 @@ func TestAddContainerToPodNamespaceOnPodFails(t *testing.T) { }) } +func TestAddCtrToPodSameNamespaceSucceeds(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, lockPath string) { + testCtr, err := getTestCtr1(lockPath) + assert.NoError(t, err) + + testPod, err := getTestPod2(lockPath) + assert.NoError(t, err) + + testCtr.config.Namespace = "test1" + testPod.config.Namespace = "test1" + testCtr.config.Pod = testPod.ID() + + err = state.AddPod(testPod) + assert.NoError(t, err) + + state.SetNamespace("test1") + + err = state.AddContainerToPod(testPod, testCtr) + assert.NoError(t, err) + + retrievedCtr, err := state.Container(testCtr.ID()) + assert.NoError(t, err) + + testContainersEqual(t, testCtr, retrievedCtr) + }) +} + +func TestAddCtrToPodDifferentNamespaceFails(t *testing.T) { + runForAllStates(t, func(t *testing.T, state State, lockPath string) { + testCtr, err := getTestCtr1(lockPath) + assert.NoError(t, err) + + testPod, err := getTestPod2(lockPath) + assert.NoError(t, err) + + testCtr.config.Namespace = "test1" + testPod.config.Namespace = "test1" + testCtr.config.Pod = testPod.ID() + + state.AddPod(testPod) + assert.NoError(t, err) + + state.SetNamespace("test2") + + err = state.AddContainerToPod(testPod, testCtr) + assert.Error(t, err) + + state.SetNamespace("") + + ctrs, err := state.AllContainers() + assert.NoError(t, err) + assert.Equal(t, 0, len(ctrs)) + }) +} + func TestRemoveContainerFromPodBadPodFails(t *testing.T) { runForAllStates(t, func(t *testing.T, state State, lockPath string) { testCtr, err := getTestCtr1(lockPath) @@ -3291,7 +3385,7 @@ func TestUpdatePodNotInNamespaceFails(t *testing.T) { state.SetNamespace("test2") - _, err = state.UpdatePod(testPod) + err = state.UpdatePod(testPod) assert.Error(t, err) }) } @@ -3325,7 +3419,7 @@ func TestSavePodNotInNamespaceFails(t *testing.T) { state.SetNamespace("test2") - _, err = state.SavePod(testPod) + err = state.SavePod(testPod) assert.Error(t, err) }) } -- cgit v1.2.3-54-g00ecf