-
Notifications
You must be signed in to change notification settings - Fork 142
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
validation: add a generate smoke-test
To avoid cases where our own validation code would consider our defaults unsafe (which has happened in the past several times), add a smoke-test to ensure that this won't happen. Our defaults should not be intentionally invalid, as that confuses downstreams like umoci which use runtime-tools for the default as well as for validation of the generated configuration. Signed-off-by: Aleksa Sarai <asarai@suse.de>
- Loading branch information
Showing
1 changed file
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
package validation | ||
|
||
import ( | ||
"io/ioutil" | ||
"os" | ||
"path/filepath" | ||
"runtime" | ||
"testing" | ||
|
||
rfc2119 "github.com/opencontainers/runtime-tools/error" | ||
"github.com/opencontainers/runtime-tools/generate" | ||
"github.com/opencontainers/runtime-tools/specerror" | ||
"github.com/opencontainers/runtime-tools/validate" | ||
) | ||
|
||
// Smoke test to ensure that _at the very least_ our default configuration | ||
// passes the validation tests. If this test fails, something is _very_ wrong | ||
// and needs to be fixed immediately (as it will break downstreams that depend | ||
// on us for a "sane default" and do compliance testing -- such as umoci). | ||
func TestGenerateValid(t *testing.T) { | ||
bundle, err := ioutil.TempDir("", "TestGenerateValid_bundle") | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
defer os.RemoveAll(bundle) | ||
|
||
// Create our toy bundle. | ||
rootfsPath := filepath.Join(bundle, "rootfs") | ||
if err := os.Mkdir(rootfsPath, 0755); err != nil { | ||
t.Fatal(err) | ||
} | ||
configPath := filepath.Join(bundle, "config.json") | ||
g := generate.New() | ||
if err := (&g).SaveToFile(configPath, generate.ExportOptions{Seccomp: false}); err != nil { | ||
t.Fatal(err) | ||
} | ||
|
||
// Validate the bundle. | ||
v, err := validate.NewValidatorFromPath(bundle, true, runtime.GOOS) | ||
if err != nil { | ||
t.Errorf("unexpected NewValidatorFromPath error: %+v", err) | ||
} | ||
if err := v.CheckAll(); err != nil { | ||
levelErrors, err := specerror.SplitLevel(err, rfc2119.Must) | ||
if err != nil { | ||
t.Errorf("unexpected non-multierror: %+v", err) | ||
return | ||
} | ||
for _, e := range levelErrors.Warnings { | ||
t.Logf("unexpected warning: %v", e) | ||
} | ||
if err := levelErrors.Error; err != nil { | ||
t.Errorf("unexpected MUST error(s): %+v", err) | ||
} | ||
} | ||
} |