iSulad/0054-add-CI-for-additional-gid.patch

From 31ed5d907341363408c8d90aa72a6eee12ad7ccb Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Sat, 3 Dec 2022 17:10:38 +0800
Subject: [PATCH 54/54] add CI for additional gid

Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
 .../container_cases/exec_additional_gids.sh   | 92 +++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100755 CI/test_cases/container_cases/exec_additional_gids.sh

diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh
new file mode 100755
index 00000000..f24678d3
--- /dev/null
+++ b/CI/test_cases/container_cases/exec_additional_gids.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+# attributes: isulad exec check additional gids
+# concurrent: YES
+# spend time: 1
+
+#######################################################################
+##- Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
+# - iSulad licensed under the Mulan PSL v2.
+# - You can use this software according to the terms and conditions of the Mulan PSL v2.
+# - You may obtain a copy of Mulan PSL v2 at:
+# -     http://license.coscl.org.cn/MulanPSL2
+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# - PURPOSE.
+# - See the Mulan PSL v2 for more details.
+##- @Description:CI
+##- @Author: zhangxiaoyu
+##- @Create: 2022-12-03
+#######################################################################
+
+curr_path=$(dirname $(readlink -f "$0"))
+data_path=$(realpath $curr_path/../data)
+source ../helpers.sh
+test="exec additional gids test => test_exec_additional_gids"
+test_log=$(mktemp /tmp/additional_gids_test_XXX)
+
+USERNAME="user"
+USER_UID="1000"
+USER_GID="$USER_UID"
+ADDITIONAL_GID="1001"
+ADDITIONAL_GROUP="additional"
+
+cont_name=add_gids_test
+file_info="Keep it secret, keep it safe"
+
+function additional_gids_test()
+{
+    local ret=0
+
+    isula rm -f `isula ps -a -q`
+
+    isula run -tid -n $cont_name ubuntu bash
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++))
+
+    isula exec $cont_name bash -c "groupadd --gid $USER_GID $USERNAME \
+        && groupadd --gid $ADDITIONAL_GID $ADDITIONAL_GROUP \
+        && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME -G $ADDITIONAL_GROUP \
+        && mkdir /app && chown ${USERNAME}:${USERNAME} /app \
+        && echo $file_info > /app/sekrit.txt \
+        && chown 0:${USER_GID} /app/sekrit.txt \
+        && chmod 606 /app/sekrit.txt"
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create user and group failed" && ((ret++))
+
+    /usr/bin/expect <<- EOF > ${test_log} 2>&1
+set timeout 10
+spawn isula exec -it --workdir /app -u $USERNAME $cont_name bash
+expect "${USERNAME}*"
+send "newgrp ${ADDITIONAL_GROUP}\n"
+expect "*"
+send "groups\n"
+expect "$"
+send "cat sekrit.txt\n"
+expect "*"
+send "exit\n"
+expect "${USERNAME}*"
+send "exit\n"
+expect eof
+EOF
+
+    cat $test_log | grep "$file_info"
+    [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read file success, but should fail" && ((ret++))
+
+    cat $test_log | grep "Permission denied"
+    [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read error message failed" && ((ret++))
+
+    isula rm -f `isula ps -a -q`
+
+    return ${ret}
+}
+
+declare -i ans=0
+
+msg_info "${test} starting..."
+
+additional_gids_test || ((ans++))
+
+rm -rf ${test_log}
+
+msg_info "${test} finished with return ${ret}..."
+
+show_result ${ans} "${curr_path}/${0}"
-- 
2.25.1
update from upstream Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> 2022-12-06 14:34:53 +08:00			`From 31ed5d907341363408c8d90aa72a6eee12ad7ccb Mon Sep 17 00:00:00 2001`
			`From: zhangxiaoyu <zhangxiaoyu58@huawei.com>`
			`Date: Sat, 3 Dec 2022 17:10:38 +0800`
			`Subject: [PATCH 54/54] add CI for additional gid`

			`Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>`
			`---`
			`.../container_cases/exec_additional_gids.sh \| 92 +++++++++++++++++++`
			`1 file changed, 92 insertions(+)`
			`create mode 100755 CI/test_cases/container_cases/exec_additional_gids.sh`

			`diff --git a/CI/test_cases/container_cases/exec_additional_gids.sh b/CI/test_cases/container_cases/exec_additional_gids.sh`
			`new file mode 100755`
			`index 00000000..f24678d3`
			`--- /dev/null`
			`+++ b/CI/test_cases/container_cases/exec_additional_gids.sh`
			`@@ -0,0 +1,92 @@`
			`+#!/bin/bash`
			`+#`
			`+# attributes: isulad exec check additional gids`
			`+# concurrent: YES`
			`+# spend time: 1`
			`+`
			`+#######################################################################`
			`+##- Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.`
			`+# - iSulad licensed under the Mulan PSL v2.`
			`+# - You can use this software according to the terms and conditions of the Mulan PSL v2.`
			`+# - You may obtain a copy of Mulan PSL v2 at:`
			`+# - http://license.coscl.org.cn/MulanPSL2`
			`+# - THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR`
			`+# - IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR`
			`+# - PURPOSE.`
			`+# - See the Mulan PSL v2 for more details.`
			`+##- @Description:CI`
			`+##- @Author: zhangxiaoyu`
			`+##- @Create: 2022-12-03`
			`+#######################################################################`
			`+`
			`+curr_path=$(dirname $(readlink -f "$0"))`
			`+data_path=$(realpath $curr_path/../data)`
			`+source ../helpers.sh`
			`+test="exec additional gids test => test_exec_additional_gids"`
			`+test_log=$(mktemp /tmp/additional_gids_test_XXX)`
			`+`
			`+USERNAME="user"`
			`+USER_UID="1000"`
			`+USER_GID="$USER_UID"`
			`+ADDITIONAL_GID="1001"`
			`+ADDITIONAL_GROUP="additional"`
			`+`
			`+cont_name=add_gids_test`
			`+file_info="Keep it secret, keep it safe"`
			`+`
			`+function additional_gids_test()`
			`+{`
			`+ local ret=0`
			`+`
			+ isula rm -f `isula ps -a -q`
			`+`
			`+ isula run -tid -n $cont_name ubuntu bash`
			`+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - failed to run container" && ((ret++))`
			`+`
			`+ isula exec $cont_name bash -c "groupadd --gid $USER_GID $USERNAME \`
			`+ && groupadd --gid $ADDITIONAL_GID $ADDITIONAL_GROUP \`
			`+ && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME -G $ADDITIONAL_GROUP \`
			`+ && mkdir /app && chown ${USERNAME}:${USERNAME} /app \`
			`+ && echo $file_info > /app/sekrit.txt \`
			`+ && chown 0:${USER_GID} /app/sekrit.txt \`
			`+ && chmod 606 /app/sekrit.txt"`
			`+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - create user and group failed" && ((ret++))`
			`+`
			`+ /usr/bin/expect <<- EOF > ${test_log} 2>&1`
			`+set timeout 10`
			`+spawn isula exec -it --workdir /app -u $USERNAME $cont_name bash`
			`+expect "${USERNAME}*"`
			`+send "newgrp ${ADDITIONAL_GROUP}\n"`
			`+expect "*"`
			`+send "groups\n"`
			`+expect "$"`
			`+send "cat sekrit.txt\n"`
			`+expect "*"`
			`+send "exit\n"`
			`+expect "${USERNAME}*"`
			`+send "exit\n"`
			`+expect eof`
			`+EOF`
			`+`
			`+ cat $test_log \| grep "$file_info"`
			`+ [[ $? -eq 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read file success, but should fail" && ((ret++))`
			`+`
			`+ cat $test_log \| grep "Permission denied"`
			`+ [[ $? -ne 0 ]] && msg_err "${FUNCNAME[0]}:${LINENO} - read error message failed" && ((ret++))`
			`+`
			+ isula rm -f `isula ps -a -q`
			`+`
			`+ return ${ret}`
			`+}`
			`+`
			`+declare -i ans=0`
			`+`
			`+msg_info "${test} starting..."`
			`+`
			`+additional_gids_test \|\| ((ans++))`
			`+`
			`+rm -rf ${test_log}`
			`+`
			`+msg_info "${test} finished with return ${ret}..."`
			`+`
			`+show_result ${ans} "${curr_path}/${0}"`
			`--`
			`2.25.1`