add WithAdditionalGIDs test

Signed-off-by: Ye Sijun <junnplus@gmail.com> (cherry picked from commit 72b87ad) Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
containerd · Feb 10, 2023 · b45e302 · b45e302
1 parent 0a06c28
commit b45e302
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 1 deletion.
diff --git a/oci/spec_opts.go b/oci/spec_opts.go
@@ -733,7 +733,7 @@ func WithUsername(username string) SpecOpts {
 }
 
 // WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed
-// for a particular user in the /etc/groups file of the image's root filesystem
+// for a particular user in the /etc/group file of the image's root filesystem
 // The passed in user can be either a uid or a username.
 func WithAdditionalGIDs(userstr string) SpecOpts {
 	return func(ctx context.Context, client Client, c *containers.Container, s *Spec) (err error) {

diff --git a/oci/spec_opts_linux_test.go b/oci/spec_opts_linux_test.go
@@ -30,6 +30,71 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+// nolint:gosec
+func TestWithAdditionalGIDs(t *testing.T) {
+	t.Parallel()
+	expectedPasswd := `root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+`
+	expectedGroup := `root:x:0:root
+bin:x:1:root,bin,daemon
+daemon:x:2:root,bin,daemon
+sys:x:3:root,bin,adm
+`
+	td := t.TempDir()
+	apply := fstest.Apply(
+		fstest.CreateDir("/etc", 0777),
+		fstest.CreateFile("/etc/passwd", []byte(expectedPasswd), 0777),
+		fstest.CreateFile("/etc/group", []byte(expectedGroup), 0777),
+	)
+	if err := apply.Apply(td); err != nil {
+		t.Fatalf("failed to apply: %v", err)
+	}
+	c := containers.Container{ID: t.Name()}
+
+	testCases := []struct {
+		name     string
+		user     string
+		expected []uint32
+	}{
+		{
+			user:     "root",
+			expected: []uint32{},
+		},
+		{
+			user:     "1000",
+			expected: []uint32{},
+		},
+		{
+			user:     "bin",
+			expected: []uint32{2, 3},
+		},
+		{
+			user:     "bin:root",
+			expected: []uint32{},
+		},
+		{
+			user:     "daemon",
+			expected: []uint32{1},
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.user, func(t *testing.T) {
+			t.Parallel()
+			s := Spec{
+				Version: specs.Version,
+				Root: &specs.Root{
+					Path: td,
+				},
+			}
+			err := WithAdditionalGIDs(testCase.user)(context.Background(), nil, &c, &s)
+			assert.NoError(t, err)
+			assert.Equal(t, testCase.expected, s.Process.User.AdditionalGids)
+		})
+	}
+}
+
 func TestAddCaps(t *testing.T) {
 	t.Parallel()