Skip to content

Commit

Permalink
PR: rebase, security policy, linting
Browse files Browse the repository at this point in the history
Updated code to for new security policy code.
Updated script for changes to `uvmboot`

Linting issues:
 - `switch` to `if`
 - unused `getContainer()`
 - unused receivers

Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
  • Loading branch information
helsaawy committed Sep 7, 2022
1 parent 7fad287 commit 03a4c3c
Show file tree
Hide file tree
Showing 9 changed files with 49 additions and 33 deletions.
3 changes: 1 addition & 2 deletions scripts/Test-LCOW-UVM.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,7 @@ $boot = '.\bin\tools\uvmboot.exe -gcs lcow ' + `
"-boot-files-path $BootFilesPath " + `
"-root-fs-type $BootFSType " + `
'-kernel-file vmlinux ' + `
"-security-policy=`"`" " + `
"-mount `"$ContainerRootFSPath,$ContainerRootFSMount`" "
"-mount-scsi `"$ContainerRootFSPath,$ContainerRootFSMount`" "

if ( $MountGCSTest ) {
$boot += "-share `"$GCSTestPath,$GCSTestMount`" "
Expand Down
9 changes: 7 additions & 2 deletions test/gcs/container_bench_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func BenchmarkContainerKill(b *testing.B) {
}
}

// container create through till wait and exit
// benchmark container create through wait until exit.
func BenchmarkContainerCompleteExit(b *testing.B) {
requireFeatures(b, featureStandalone)
ctx := context.Background()
Expand Down Expand Up @@ -198,7 +198,12 @@ func BenchmarkContainerExec(b *testing.B) {
cleanupContainer(ctx, b, host, c)
}

func standaloneContainerRequest(ctx context.Context, t testing.TB, host *hcsv2.Host, extra ...oci.SpecOpts) (string, *prot.VMHostedContainerSettingsV2, func()) {
func standaloneContainerRequest(
ctx context.Context,
t testing.TB,
host *hcsv2.Host,
extra ...oci.SpecOpts,
) (string, *prot.VMHostedContainerSettingsV2, func()) {
ctx = namespaces.WithNamespace(ctx, testoci.DefaultNamespace)
id := t.Name() + cri_util.GenerateID()
scratch, rootfs := mountRootfs(ctx, t, host, id)
Expand Down
4 changes: 2 additions & 2 deletions test/gcs/container_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func TestContainerIO(t *testing.T) {

waitContainer(ctx, t, c, p, false)

g.Wait()
_ = g.Wait()
t.Logf("stdout: %q", outStr)
t.Logf("stderr: %q", errStr)

Expand Down Expand Up @@ -223,7 +223,7 @@ func TestContainerExec(t *testing.T) {
t.Errorf("process exited with error code %d", i)
}

g.Wait()
_ = g.Wait()
t.Logf("stdout: %q", outStr)
t.Logf("stderr: %q", errStr)

Expand Down
9 changes: 8 additions & 1 deletion test/gcs/cri_bench_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,14 @@ func BenchmarkCRIWorkload(b *testing.B) {
})
}

func workloadContainerRequest(ctx context.Context, t testing.TB, host *hcsv2.Host, sid string, spid uint32, nns string) (string, *prot.VMHostedContainerSettingsV2, func()) {
func workloadContainerRequest(
ctx context.Context,
t testing.TB,
host *hcsv2.Host,
sid string,
spid uint32,
nns string,
) (string, *prot.VMHostedContainerSettingsV2, func()) {
id := sid + cri_util.GenerateID()
scratch, rootfs := mountRootfs(ctx, t, host, id)
spec := containerSpec(ctx, t,
Expand Down
14 changes: 6 additions & 8 deletions test/gcs/helper_conn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ const (
dialWait = 50 * time.Millisecond
)

// port numbers to assign to connections
// port numbers to assign to connections.
var (
_pipes sync.Map
_portNumber uint32 = 1
Expand All @@ -34,12 +34,12 @@ type PipeTransport struct{}

var _ transport.Transport = &PipeTransport{}

func (t *PipeTransport) Dial(port uint32) (c transport.Connection, err error) {
func (*PipeTransport) Dial(port uint32) (c transport.Connection, err error) {
for i := 0; i < dialRetries; i++ {
c, err = getFakeSocket(port)

switch {
case errors.Is(err, unix.ENOENT): // socket hasn't been created
if errors.Is(err, unix.ENOENT) {
// socket hasn't been created
time.Sleep(dialWait)
continue
}
Expand Down Expand Up @@ -196,7 +196,7 @@ func (s *fakeSocket) CloseWrite() error {
return s.w.Close()
}

func (s *fakeSocket) File() (*os.File, error) {
func (*fakeSocket) File() (*os.File, error) {
return nil, errors.New("fakeSocket does not support File()")
}

Expand Down Expand Up @@ -296,9 +296,7 @@ func TestFakeSocket(t *testing.T) {
t.Logf("guest read %s", b)

_, err = cout.Write(b)
cout.CloseWrite()

return
_ = cout.CloseWrite()
}()

<-chs // wait for guest to dial
Expand Down
12 changes: 1 addition & 11 deletions test/gcs/helper_container_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,16 +67,6 @@ func createContainer(ctx context.Context, t testing.TB, host *hcsv2.Host, id str
return c
}

func getContainer(_ context.Context, t testing.TB, host *hcsv2.Host, id string) *hcsv2.Container {
c, err := host.GetCreatedContainer(id)
if err != nil {
t.Helper()
t.Fatalf("could not get container %q: %v", id, err)
}

return c
}

func removeContainer(_ context.Context, _ testing.TB, host *hcsv2.Host, id string) {
host.RemoveContainer(id)
}
Expand All @@ -91,7 +81,7 @@ func startContainer(ctx context.Context, t testing.TB, c *hcsv2.Container, conn
return getProcess(ctx, t, c, uint32(pid))
}

// waitContainer waits on the container's init process, p
// waitContainer waits on the container's init process, p.
func waitContainer(ctx context.Context, t testing.TB, c *hcsv2.Container, p hcsv2.Process, forced bool) {
t.Helper()

Expand Down
11 changes: 5 additions & 6 deletions test/gcs/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,11 @@ const (
featureStandalone = "StandAlone"
)

var _securityPolicy string

var allFeatures = []string{
featureCRI,
featureStandalone,
}

// flags
var (
flagFeatures = testflag.NewFeatureFlag(allFeatures)
flagJoinGCSCgroup = flag.Bool(
Expand All @@ -57,10 +54,12 @@ var (
)
)

var securityPolicy string

func init() {
var err error
p := securitypolicy.NewOpenDoorPolicy()
_securityPolicy, err = p.EncodeToString()
securityPolicy, err = p.EncodeToString()
if err != nil {
// really should not get here ...
log.Fatal("could not encode open door policy to string: %w", err)
Expand All @@ -78,7 +77,7 @@ func TestMain(m *testing.M) {
}

func setup() (err error) {
os.MkdirAll(guestpath.LCOWRootPrefixInUVM, 0755)
_ = os.MkdirAll(guestpath.LCOWRootPrefixInUVM, 0755)

if vf := flag.Lookup("test.v"); vf != nil {
if vf.Value.String() == strconv.FormatBool(true) {
Expand Down Expand Up @@ -136,7 +135,7 @@ func getHost(_ context.Context, t testing.TB, rt runtime.Runtime) *hcsv2.Host {

func getHostErr(rt runtime.Runtime, tp transport.Transport) (*hcsv2.Host, error) {
h := hcsv2.NewHost(rt, tp)
if err := h.SetSecurityPolicy(_securityPolicy); err != nil {
if err := h.SetSecurityPolicy("", securityPolicy); err != nil {
return nil, fmt.Errorf("could not set host security policy: %w", err)
}

Expand Down
10 changes: 9 additions & 1 deletion test/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.17
require (
github.com/Microsoft/go-winio v0.5.2
github.com/Microsoft/hcsshim v0.9.3
github.com/containerd/cgroups v1.0.3
github.com/containerd/containerd v1.6.6
github.com/containerd/go-runc v1.0.0
github.com/containerd/ttrpc v1.1.0
Expand All @@ -29,18 +30,20 @@ require (
github.com/agnivade/levenshtein v1.0.1 // indirect
github.com/blang/semver v3.5.1+incompatible // indirect
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
github.com/containerd/cgroups v1.0.3 // indirect
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/continuity v0.2.2 // indirect
github.com/containerd/fifo v1.0.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/cli v20.10.17+incompatible // indirect
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/docker/docker v20.10.17+incompatible // indirect
github.com/docker/docker-credential-helpers v0.6.4 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/ghodss/yaml v1.0.0 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/godbus/dbus/v5 v5.0.6 // indirect
github.com/gogo/googleapis v1.4.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.2 // indirect
Expand All @@ -49,9 +52,12 @@ require (
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/klauspost/compress v1.13.6 // indirect
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.5.0 // indirect
github.com/moby/sys/signal v0.6.0 // indirect
github.com/moby/sys/symlink v0.2.0 // indirect
github.com/open-policy-agent/opa v0.42.2 // indirect
github.com/opencontainers/runc v1.1.2 // indirect
github.com/opencontainers/selinux v1.10.1 // indirect
Expand All @@ -60,6 +66,8 @@ require (
github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/vektah/gqlparser/v2 v2.4.5 // indirect
github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 // indirect
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f // indirect
Expand Down
10 changes: 10 additions & 0 deletions test/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -275,9 +275,11 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
Expand Down Expand Up @@ -330,6 +332,7 @@ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI=
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
Expand Down Expand Up @@ -410,9 +413,11 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c h1:RBUpb2b14UnmRHNd2uHz20ZHLDK+SW5Us/vWF5IHRaY=
github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
Expand Down Expand Up @@ -618,6 +623,7 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3 h1:jUp75lepDg0phMUJBCmvaeFDldD2N3S1lBuPwUTszio=
github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
Expand All @@ -633,6 +639,7 @@ github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNx
github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
Expand Down Expand Up @@ -664,6 +671,7 @@ github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdx
github.com/moby/sys/signal v0.6.0 h1:aDpY94H8VlhTGa9sNYUFCFsMZIUh5wm0B6XkIoJj/iY=
github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ=
github.com/moby/sys/symlink v0.2.0 h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc=
github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs=
github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo=
github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A=
Expand Down Expand Up @@ -897,10 +905,12 @@ github.com/vektah/gqlparser/v2 v2.4.5/go.mod h1:flJWIR04IMQPGz+BXLrORkrARBxv/rty
github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 h1:+UB2BJA852UkGH42H+Oee69djmxS3ANzl2b/JtT1YiA=
github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
Expand Down

0 comments on commit 03a4c3c

Please sign in to comment.