update unit tests

aws · May 11, 2024 · 018faab · 018faab
1 parent ecbaf37
commit 018faab
Showing 1 changed file with 60 additions and 4 deletions.
diff --git a/ecs-init/apparmor/apparmor_test.go b/ecs-init/apparmor/apparmor_test.go
@@ -19,7 +19,6 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/containerd/containerd/pkg/apparmor"
 	"github.com/docker/docker/pkg/aaparser"
 	aaprofile "github.com/docker/docker/profiles/apparmor"
 	"github.com/stretchr/testify/assert"
@@ -33,6 +32,8 @@ func TestLoadDefaultProfile(t *testing.T) {
 		isLoadedResponse bool
 		isLoadedError    error
 		loadError        error
+		statErrors       map[string]error
+		profileContent   []string
 		expectedError    error
 	}{
 		{
@@ -41,6 +42,7 @@ func TestLoadDefaultProfile(t *testing.T) {
 			isLoadedResponse: true,
 			isLoadedError:    nil,
 			loadError:        nil,
+			profileContent:   []string{"#include <tunables/global>", "#include <abstractions/base>"},
 			expectedError:    nil,
 		},
 		{
@@ -49,6 +51,7 @@ func TestLoadDefaultProfile(t *testing.T) {
 			isLoadedResponse: false,
 			isLoadedError:    nil,
 			loadError:        nil,
+			profileContent:   []string{"#include <tunables/global>", "#include <abstractions/base>"},
 			expectedError:    nil,
 		},
 		{
@@ -67,37 +70,90 @@ func TestLoadDefaultProfile(t *testing.T) {
 			loadError:        errors.New("mock load error"),
 			expectedError:    errors.New("mock load error"),
 		},
+		{
+			name:        "MissingTunablesGlobal",
+			profileName: "testProfile.txt",
+			statErrors: map[string]error{
+				"tunables/global": os.ErrNotExist,
+			},
+			profileContent: []string{"@{PROC}=/proc/", "#include <abstractions/base>"},
+		},
+		{
+			name:        "MissingAbstractionsBase",
+			profileName: "testProfile.txt",
+			statErrors: map[string]error{
+				"abstractions/base": os.ErrNotExist,
+			},
+			profileContent: []string{"#include <tunables/global>"},
+		},
+		{
+			name:        "MissingIncludes",
+			profileName: "testProfile.txt",
+			statErrors: map[string]error{
+				"tunables/global":   os.ErrNotExist,
+				"abstractions/base": os.ErrNotExist,
+			},
+			profileContent: []string{"@{PROC}=/proc/"},
+		},
+		{
+			name:        "StatError",
+			profileName: "testProfile.txt",
+			statErrors: map[string]error{
+				"tunables/global": os.ErrPermission,
+			},
+			expectedError: os.ErrPermission,
+		},
 	}
 	defer func() {
 		isProfileLoaded = aaprofile.IsLoaded
 		loadPath = aaparser.LoadProfile
 		createFile = os.Create
+		statFile = os.Stat
 	}()
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			if !apparmor.HostSupports() {
-				t.Skip()
-			}
 			tmpdir := os.TempDir()
 			filePath, err := os.MkdirTemp(tmpdir, "test")
 			require.NoError(t, err)
+
+			var profilePath string
 			createFile = func(profileName string) (*os.File, error) {
 				f, err := os.Create(filepath.Join(filePath, tc.profileName))
+				profilePath = f.Name()
 				return f, err
 			}
+
+			statFile = func(fileName string) (os.FileInfo, error) {
+				relativePath, err := filepath.Rel(appArmorProfileDir, fileName)
+				require.NoError(t, err)
+				return nil, tc.statErrors[relativePath]
+			}
+
 			defer os.RemoveAll(filePath)
 			isProfileLoaded = func(profileName string) (bool, error) {
 				return tc.isLoadedResponse, tc.isLoadedError
 			}
+
 			loadPath = func(profile string) error {
 				return tc.loadError
 			}
+
 			err = LoadDefaultProfile(tc.profileName)
 			if tc.loadError == nil {
 				assert.Equal(t, tc.expectedError, err)
 			} else {
 				assert.Error(t, err)
 			}
+
+			if err == nil {
+				b, err := os.ReadFile(profilePath)
+				require.NoError(t, err)
+				profile := string(b)
+
+				for _, s := range tc.profileContent {
+					assert.Contains(t, profile, s)
+				}
+			}
 		})
 	}
 }