woodpecker/yaml/transform/validate_test.go

155 lines
4.5 KiB
Go
Raw Normal View History

2016-05-10 05:57:57 +00:00
package transform
import (
"testing"
"github.com/drone/drone/yaml"
"github.com/franela/goblin"
)
func Test_validate(t *testing.T) {
g := goblin.Goblin(t)
g.Describe("validating", func() {
g.Describe("privileged attributes", func() {
g.It("should not error when trusted build", func() {
c := newConfig(&yaml.Container{Privileged: true})
err := Check(c, true)
g.Assert(err == nil).IsTrue("error should be nil")
})
g.It("should error when privleged mode", func() {
c := newConfig(&yaml.Container{
Privileged: true,
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use privileged mode")
})
g.It("should error when privleged service container", func() {
c := newConfigService(&yaml.Container{
Privileged: true,
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use privileged mode")
})
g.It("should error when dns configured", func() {
c := newConfig(&yaml.Container{
DNS: []string{"8.8.8.8"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use custom dns")
})
g.It("should error when dns_search configured", func() {
c := newConfig(&yaml.Container{
DNSSearch: []string{"8.8.8.8"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use dns_search")
})
g.It("should error when devices configured", func() {
c := newConfig(&yaml.Container{
Devices: []string{"/dev/foo"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use devices")
})
g.It("should error when extra_hosts configured", func() {
c := newConfig(&yaml.Container{
ExtraHosts: []string{"1.2.3.4 foo.com"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use extra_hosts")
})
g.It("should error when network configured", func() {
c := newConfig(&yaml.Container{
Network: "host",
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to override the network")
})
g.It("should error when oom_kill_disabled configured", func() {
c := newConfig(&yaml.Container{
OomKillDisable: true,
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to disable oom_kill")
})
g.It("should error when volumes configured", func() {
c := newConfig(&yaml.Container{
Volumes: []string{"/:/tmp"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use volumes")
})
g.It("should error when volumes_from configured", func() {
c := newConfig(&yaml.Container{
VolumesFrom: []string{"drone"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Insufficient privileges to use volumes_from")
})
})
g.Describe("plugin configuration", func() {
g.It("should error when entrypoint is configured", func() {
c := newConfig(&yaml.Container{
Entrypoint: []string{"/bin/sh"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Cannot set plugin Entrypoint")
})
g.It("should error when command is configured", func() {
c := newConfig(&yaml.Container{
Command: []string{"cat", "/proc/1/status"},
})
err := Check(c, false)
g.Assert(err != nil).IsTrue("error should not be nil")
g.Assert(err.Error()).Equal("Cannot set plugin Command")
})
g.It("should not error when empty entrypoint, command", func() {
c := newConfig(&yaml.Container{})
err := Check(c, false)
g.Assert(err == nil).IsTrue("error should be nil")
})
})
})
}
func newConfig(container *yaml.Container) *yaml.Config {
return &yaml.Config{
Pipeline: []*yaml.Container{container},
}
}
func newConfigService(container *yaml.Container) *yaml.Config {
return &yaml.Config{
Services: []*yaml.Container{container},
}
}