1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2025-01-03 12:20:55 +00:00
docker-socket-proxy/tests/test_service.py

88 lines
2.6 KiB
Python
Raw Normal View History

import logging
import pytest
from plumbum import ProcessExecutionError
from plumbum.cmd import docker
logger = logging.getLogger()
def _check_permissions(allowed_calls, forbidden_calls):
for args in allowed_calls:
docker(*args)
for args in forbidden_calls:
with pytest.raises(ProcessExecutionError):
docker(*args)
2021-01-21 13:14:50 +00:00
def test_default_permissions(proxy_factory):
with proxy_factory() as test_container:
allowed_calls = (("version",),)
forbidden_calls = (
("pull", "alpine"),
("--rm", "alpine", "--name", test_container),
("logs", test_container),
("wait", test_container),
("rm", "-f", test_container),
("restart", test_container),
("network", "ls"),
("config", "ls"),
("service", "ls"),
("stack", "ls"),
("secret", "ls"),
("plugin", "ls"),
("info",),
("system", "info"),
("build", "."),
2021-10-09 11:13:52 +00:00
("buildx build", "."),
("swarm", "init"),
)
_check_permissions(allowed_calls, forbidden_calls)
2021-01-21 13:14:50 +00:00
def test_container_permissions(proxy_factory):
with proxy_factory(CONTAINERS=1) as test_container:
allowed_calls = [
("logs", test_container),
("inspect", test_container),
]
forbidden_calls = [
("wait", test_container),
("run", "--rm", "alpine"),
("rm", "-f", test_container),
("restart", test_container),
]
_check_permissions(allowed_calls, forbidden_calls)
2021-01-21 13:14:50 +00:00
def test_post_permissions(proxy_factory):
with proxy_factory(POST=1) as test_container:
allowed_calls = []
forbidden_calls = [
("rm", "-f", test_container),
("pull", "alpine"),
("run", "--rm", "alpine"),
("network", "create", "foobar"),
]
_check_permissions(allowed_calls, forbidden_calls)
2021-01-21 13:14:50 +00:00
def test_network_post_permissions(proxy_factory):
with proxy_factory(POST=1, NETWORKS=1):
allowed_calls = [
("network", "ls"),
("network", "create", "foo"),
("network", "rm", "foo"),
]
forbidden_calls = []
_check_permissions(allowed_calls, forbidden_calls)
def test_exec_permissions(proxy_factory):
with proxy_factory(CONTAINERS=1, EXEC=1, POST=1) as container_id:
allowed_calls = [
("exec", container_id, "ls"),
]
forbidden_calls = []
_check_permissions(allowed_calls, forbidden_calls)