1
0
mirror of https://github.com/Tecnativa/docker-socket-proxy synced 2025-01-20 04:30:58 +00:00

Make tests run in parallel

This commit is contained in:
João Marques 2020-11-25 08:19:53 +00:00
parent b21d6d8a71
commit 0b7c5d9dcb
2 changed files with 133 additions and 42 deletions

View File

@ -30,7 +30,6 @@ def _start_proxy(
def _stop_and_delete_proxy( def _stop_and_delete_proxy(
container_name=CONTAINER_NAME, container_name=CONTAINER_NAME,
socket_proxy=SOCKET_PROXY,
): ):
logger.info(f"Removing {container_name}...") logger.info(f"Removing {container_name}...")
docker( docker(
@ -55,8 +54,10 @@ def _query_docker_with_proxy(socket_proxy=SOCKET_PROXY, extra_args=None):
return stdout + stderr return stdout + stderr
def _check_permission(assertion, extra_args=None): def _check_permission(assertion, socket_proxy=SOCKET_PROXY, extra_args=None):
if "forbidden" in _query_docker_with_proxy(extra_args=extra_args): if "forbidden" in _query_docker_with_proxy(
socket_proxy=socket_proxy, extra_args=extra_args
):
result = "forbidden" result = "forbidden"
else: else:
result = "allowed" result = "allowed"
@ -64,58 +65,148 @@ def _check_permission(assertion, extra_args=None):
def test_default_permissions(): def test_default_permissions():
container_name = f"{CONTAINER_NAME}_1"
socket_proxy = "127.0.0.1:2375"
try: try:
_start_proxy() _start_proxy(container_name=container_name, socket_proxy=socket_proxy)
_check_permission("allowed", extra_args="version") _check_permission("allowed", socket_proxy=socket_proxy, extra_args="version")
_check_permission("forbidden", ["run", "--rm", "alpine"]) _check_permission(
_check_permission("forbidden", ["pull", "alpine"]) "forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"]
_check_permission("forbidden", ["logs", CONTAINER_NAME]) )
_check_permission("forbidden", ["wait", CONTAINER_NAME]) _check_permission(
_check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) "forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"]
_check_permission("forbidden", ["restart", CONTAINER_NAME]) )
_check_permission("forbidden", ["network", "ls"]) _check_permission(
_check_permission("forbidden", ["config", "ls"]) "forbidden", socket_proxy=socket_proxy, extra_args=["logs", container_name]
_check_permission("forbidden", ["service", "ls"]) )
_check_permission("forbidden", ["stack", "ls"]) _check_permission(
_check_permission("forbidden", ["secret", "ls"]) "forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name]
_check_permission("forbidden", ["plugin", "ls"]) )
_check_permission("forbidden", ["info"]) _check_permission(
_check_permission("forbidden", ["system", "info"]) "forbidden",
_check_permission("forbidden", ["build", "."]) socket_proxy=socket_proxy,
_check_permission("forbidden", ["swarm", "init"]) extra_args=["rm", "-f", container_name],
)
_check_permission(
"forbidden",
socket_proxy=socket_proxy,
extra_args=["restart", container_name],
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["network", "ls"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["config", "ls"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["service", "ls"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["stack", "ls"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["secret", "ls"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["plugin", "ls"]
)
_check_permission("forbidden", socket_proxy=socket_proxy, extra_args=["info"])
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["system", "info"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["build", "."]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["swarm", "init"]
)
finally: finally:
_stop_and_delete_proxy() _stop_and_delete_proxy(container_name=container_name)
def test_container_permissions(): def test_container_permissions():
container_name = f"{CONTAINER_NAME}_2"
socket_proxy = "127.0.0.1:2376"
try: try:
_start_proxy(extra_args=["-e", "CONTAINERS=1"]) _start_proxy(
_check_permission("allowed", ["logs", CONTAINER_NAME]) container_name=container_name,
_check_permission("allowed", ["inspect", CONTAINER_NAME]) socket_proxy=socket_proxy,
_check_permission("forbidden", ["wait", CONTAINER_NAME]) extra_args=["-e", "CONTAINERS=1"],
_check_permission("forbidden", ["run", "--rm", "alpine"]) )
_check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) _check_permission(
_check_permission("forbidden", ["restart", CONTAINER_NAME]) "allowed", socket_proxy=socket_proxy, extra_args=["logs", container_name]
)
_check_permission(
"allowed", socket_proxy=socket_proxy, extra_args=["inspect", container_name]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["wait", container_name]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"]
)
_check_permission(
"forbidden",
socket_proxy=socket_proxy,
extra_args=["rm", "-f", container_name],
)
_check_permission(
"forbidden",
socket_proxy=socket_proxy,
extra_args=["restart", container_name],
)
finally: finally:
_stop_and_delete_proxy() _stop_and_delete_proxy(container_name=container_name)
def test_post_permissions(): def test_post_permissions():
container_name = f"{CONTAINER_NAME}_3"
socket_proxy = "127.0.0.1:2377"
try: try:
_start_proxy(extra_args=["-e", "POST=1"]) _start_proxy(
_check_permission("forbidden", ["rm", "-f", CONTAINER_NAME]) container_name=container_name,
_check_permission("forbidden", ["pull", "alpine"]) socket_proxy=socket_proxy,
_check_permission("forbidden", ["run", "--rm", "alpine"]) extra_args=["-e", "POST=1"],
_check_permission("forbidden", ["network", "create", "foobar"]) )
_check_permission(
"forbidden",
socket_proxy=socket_proxy,
extra_args=["rm", "-f", container_name],
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["pull", "alpine"]
)
_check_permission(
"forbidden", socket_proxy=socket_proxy, extra_args=["run", "--rm", "alpine"]
)
_check_permission(
"forbidden",
socket_proxy=socket_proxy,
extra_args=["network", "create", "foobar"],
)
finally: finally:
_stop_and_delete_proxy() _stop_and_delete_proxy(container_name=container_name)
def test_network_post_permissions(): def test_network_post_permissions():
container_name = f"{CONTAINER_NAME}_4"
socket_proxy = "127.0.0.1:2378"
try: try:
_start_proxy(extra_args=["-e", "POST=1", "-e", "NETWORKS=1"]) _start_proxy(
_check_permission("allowed", ["network", "ls"]) container_name=container_name,
_check_permission("allowed", ["network", "create", "foo"]) socket_proxy=socket_proxy,
_check_permission("allowed", ["network", "rm", "foo"]) extra_args=["-e", "POST=1", "-e", "NETWORKS=1"],
)
_check_permission(
"allowed", socket_proxy=socket_proxy, extra_args=["network", "ls"]
)
_check_permission(
"allowed",
socket_proxy=socket_proxy,
extra_args=["network", "create", "foo"],
)
_check_permission(
"allowed", socket_proxy=socket_proxy, extra_args=["network", "rm", "foo"]
)
finally: finally:
_stop_and_delete_proxy() _stop_and_delete_proxy(container_name=container_name)