unit tests

aws · Oct 1, 2023 · 5944501 · 5944501
1 parent 4a5deed
commit 5944501
Show file tree

Hide file tree

Showing 4 changed files with 169 additions and 4 deletions.
diff --git a/ecs-init/apparmor/apparmor.go b/ecs-init/apparmor/apparmor.go
@@ -52,6 +52,10 @@ profile ecs-default flags=(attach_disconnected,mediate_deleted) {
 }
 `
 
+var createFile = func(name string) (*os.File, error) {
+	return os.Create(name)
+}
+
 // LoadDefaultProfile ensures the default profile to be loaded with the given name.
 // Returns nil error if the profile is already loaded.
 func LoadDefaultProfile(profileName string) error {
@@ -63,7 +67,7 @@ func LoadDefaultProfile(profileName string) error {
 		return nil
 	}
 
-	f, err := os.Create(filepath.Join(appArmorProfileDir, profileName))
+	f, err := createFile(filepath.Join(appArmorProfileDir, profileName))
 	if err != nil {
 		return err
 	}
@@ -75,7 +79,7 @@ func LoadDefaultProfile(profileName string) error {
 	path := f.Name()
 
 	if err := load(path); err != nil {
-		return fmt.Errorf("load apparmor profile %s: %w", path, err)
+		return fmt.Errorf("error loading apparmor profile %s: %w", path, err)
 	}
 	return nil
 }
diff --git a/ecs-init/apparmor/apparmor_test.go b/ecs-init/apparmor/apparmor_test.go
@@ -0,0 +1,107 @@
+//go:build test
+// +build test
+
+// Copyright 2015-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package apparmor
+
+import (
+	"errors"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type FileWriter interface {
+	WriteString(string) (int, error)
+}
+
+type MockFileWriter struct {
+	FileContent string
+	Err         error
+}
+
+func (m *MockFileWriter) WriteString(fileContent string) (int, error) {
+	m.FileContent = fileContent
+	return len(fileContent), m.Err
+}
+
+func TestLoadDefaultProfile(t *testing.T) {
+	testCases := []struct {
+		name             string
+		profileName      string
+		isLoadedResponse bool
+		isLoadedError    error
+		loadError        error
+		expectedError    error
+	}{
+		{
+			name:             "ProfileIsAlreadyLoaded",
+			profileName:      "testProfile",
+			isLoadedResponse: true,
+			isLoadedError:    nil,
+			loadError:        nil,
+			expectedError:    nil,
+		},
+		{
+			name:             "ProfileNotLoaded",
+			profileName:      "testProfile",
+			isLoadedResponse: false,
+			isLoadedError:    nil,
+			loadError:        nil,
+			expectedError:    nil,
+		},
+		{
+			name:             "IsLoadedError",
+			profileName:      "testProfile",
+			isLoadedResponse: false,
+			isLoadedError:    errors.New("Mock isLoaded error"),
+			loadError:        nil,
+			expectedError:    errors.New("error loading apparmor profile /etc/apparmor.d/testProfile: Mock load error"),
+		},
+		{
+			name:             "LoadProfileError",
+			profileName:      "testProfile",
+			isLoadedResponse: false,
+			isLoadedError:    nil,
+			loadError:        errors.New("Mock load error"),
+			expectedError:    errors.New("error loading apparmor profile /etc/apparmor.d/testProfile: Mock load error"),
+		},
+	}
+	defer func() {
+		mockIsLoaded = isLoaded
+		mockLoad = load
+		osCreate = createFile
+	}()
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			mockFileWriter = &MockFileWriter{Err: nil}
+			mockIsLoaded = func(profileName string) (bool, error) {
+				return tc.isLoadedResponse, tc.isLoadedError
+			}
+			mockLoad = func(profile string) error {
+				return tc.loadError
+			}
+			osCreate = func(profileName string) (*os.File, error) {
+				return &os.File{}, nil
+			}
+			//writeFile = (MockFileWriter)func(profile string) (int, error) {
+			//	return _, nil
+			//}
+			err := LoadDefaultProfile(tc.profileName)
+			assert.Equal(t, tc.expectedError, err)
+		})
+	}
+}
diff --git a/ecs-init/engine/engine.go b/ecs-init/engine/engine.go
@@ -53,6 +53,14 @@ var getDockerClient = func() (dockerClient, error) {
 	return docker.Client()
 }
 
+var hostSupports = func() bool {
+	return ctrdapparmor.HostSupports()
+}
+
+var loadDefaultProfile = func(defaultProfile string) error {
+	return apparmor.LoadDefaultProfile(defaultProfile)
+}
+
 func dockerError(err error) error {
 	return engineError("could not create docker client", err)
 }
@@ -198,9 +206,9 @@ func (e *Engine) PreStartGPU() error {
 // PreStartAppArmor sets up the ecs-default AppArmor profile if we're running
 // on an AppArmor-enabled system.
 func (e *Engine) PreStartAppArmor() error {
-	if ctrdapparmor.HostSupports() {
+	if hostSupports() {
 		log.Infof("pre-start: setting up %s AppArmor profile", apparmor.ECSDefaultProfileName)
-		return apparmor.LoadDefaultProfile(apparmor.ECSDefaultProfileName)
+		return loadDefaultProfile(apparmor.ECSDefaultProfileName)
 	}
 	return nil
 }

diff --git a/ecs-init/engine/engine_test.go b/ecs-init/engine/engine_test.go
@@ -27,6 +27,7 @@ import (
 	"github.com/aws/amazon-ecs-agent/ecs-init/cache"
 	"github.com/aws/amazon-ecs-agent/ecs-init/gpu"
 	"github.com/golang/mock/gomock"
+	"github.com/stretchr/testify/assert"
 )
 
 // getDockerClientMock backs up getDockerClient package-level function and replaces it with the mock passed as
@@ -584,3 +585,48 @@ func TestPostStopCredentialsProxyRouteRemoveError(t *testing.T) {
 		t.Errorf("engine post-stop error: %v", err)
 	}
 }
+
+func TestPreStartAppArmorSetupSuccessful(t *testing.T) {
+	testCases := []struct {
+		name             string
+		hostSupports     bool
+		loadProfileError error
+		expectedError    error
+	}{
+		{
+			name:             "HostNotSupported",
+			hostSupports:     false,
+			loadProfileError: nil,
+			expectedError:    nil,
+		},
+		{
+			name:             "HostSupportedNoError",
+			hostSupports:     true,
+			loadProfileError: nil,
+			expectedError:    nil,
+		},
+		{
+			name:             "HostSupportedWithError",
+			hostSupports:     true,
+			loadProfileError: errors.New("error loading apparmor profile"),
+			expectedError:    errors.New("error loading apparmor profile"),
+		},
+	}
+	defer func() {
+		hostSupport = hostSupports
+		loadProfile = loadDefaultProfile
+	}()
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			hostSupport = func() bool {
+				return tc.hostSupports
+			}
+			loadProfile = func(profile string) error {
+				return tc.loadProfileError
+			}
+			engine := &Engine{}
+			err := engine.PreStartAppArmor()
+			assert.Equal(t, tc.expectedError, err)
+		})
+	}
+}