handling capability modification in the callback function

Signed-off-by: kazuki.massaki <[email protected]>
youki-dev · Dec 26, 2024 · 2b72e74 · 2b72e74
1 parent 098586e
commit 2b72e74
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 15 deletions.
diff --git a/tests/contest/contest/src/tests/process_capabilities_fail/process_capabilities_fail_test.rs b/tests/contest/contest/src/tests/process_capabilities_fail/process_capabilities_fail_test.rs
@@ -1,15 +1,16 @@
-use std::collections::HashSet;
-use std::str::FromStr;
+use std::{collections::HashSet, fs, fs::OpenOptions, io::Write};
 
-use anyhow::{Context, Error, Ok, Result};
+use anyhow::{anyhow, Context, Ok, Result};
 use oci_spec::runtime::{Capability, LinuxCapabilitiesBuilder, ProcessBuilder, Spec, SpecBuilder};
-use test_framework::{Test, TestGroup, TestResult};
+use test_framework::{test_result, Test, TestGroup, TestResult};
 
-fn create_spec() -> Result<Spec> {
-    let capability = Capability::from_str("CAP_TEST").context("invalid capability")?;
+use serde_json::Value;
+
+use crate::utils::{test_inside_container, test_utils::CreateOptions};
 
+fn create_spec() -> Result<Spec> {
     let linux_capability = LinuxCapabilitiesBuilder::default()
-        .bounding(HashSet::from([capability]))
+        .bounding(HashSet::from([Capability::Syslog]))
         .build()?;
 
     let process = ProcessBuilder::default()
@@ -30,15 +31,39 @@ fn create_spec() -> Result<Spec> {
 }
 
 fn process_capabilities_fail_test() -> TestResult {
-    match create_spec() {
-        Result::Ok(_) => TestResult::Failed(Error::msg("create_spec succeeded unexpectedly.")),
-        Err(e) => {
-            if e.to_string() == "invalid capability" {
-                TestResult::Passed
-            } else {
-                TestResult::Failed(Error::msg(format!("unexpected error: {}", e)))
+    let spec = test_result!(create_spec());
+    let result = test_inside_container(spec, &CreateOptions::default(), &|bundle| {
+        let spec_path = bundle.join("../config.json");
+        let spec_str = fs::read_to_string(spec_path.clone()).unwrap();
+
+        let mut spec_json: Value = serde_json::from_str(&spec_str)?;
+
+        if let Some(bounding) = spec_json.pointer_mut("/process/capabilities/bounding") {
+            if let Some(bounding_array) = bounding.as_array_mut() {
+                for capanility in bounding_array.iter_mut() {
+                    if capanility == "CAP_SYSLOG" {
+                        *capanility = Value::String("TEST_CAP".to_string());
+                    }
+                }
             }
         }
+
+        let updated_spec_str = serde_json::to_string_pretty(&spec_json)?;
+
+        let mut file = OpenOptions::new()
+            .write(true)
+            .truncate(true)
+            .open(spec_path)?;
+        file.write_all(updated_spec_str.as_bytes())?;
+
+        Ok(())
+    });
+    match result {
+        TestResult::Failed(_e) => TestResult::Passed,
+        TestResult::Skipped => TestResult::Failed(anyhow!("test was skipped unexpectedly.")),
+        TestResult::Passed => {
+            TestResult::Failed(anyhow!("container creation succeeded unexpectedly."))
+        }
     }
 }
 

diff --git a/tests/contest/contest/src/utils/test_utils.rs b/tests/contest/contest/src/utils/test_utils.rs
@@ -201,7 +201,10 @@ pub fn test_inside_container(
             .join("runtimetest"),
     )
     .unwrap();
-    let create_process = create_container(&id_str, &bundle, options).unwrap();
+    let create_process = match create_container(&id_str, &bundle, options) {
+        Ok(p) => p,
+        Err(e) => return TestResult::Failed(anyhow!("container create failed : {:?}", e)),
+    };
     // here we do not wait for the process by calling wait() as in the test_outside_container
     // function because we need the output of the runtimetest. If we call wait, it will return
     // and we won't have an easy way of getting the stdio of the runtimetest.