From f95d574f94a969a52467f4623c1aa20135f2fc7b Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 25 Nov 2024 00:03:54 -0800 Subject: [PATCH 1/2] bake: fix entitlement test when running from symlink temp As the paths returned by validator have the symlinks resolved, the test needs to resolve the symlinks also in the expected values. Previously this would fail if t.TempDir() or os.GetWd() returned a path that contained a symlink. The issue was purely in the test and not in the entitlements validation logic. Signed-off-by: Tonis Tiigi --- bake/entitlements_test.go | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/bake/entitlements_test.go b/bake/entitlements_test.go index c3ac586f337b..ef2f0505906e 100644 --- a/bake/entitlements_test.go +++ b/bake/entitlements_test.go @@ -180,10 +180,18 @@ func TestValidateEntitlements(t *testing.T) { dir2, err := osutil.GetLongPathName(t.TempDir()) require.NoError(t, err) + // the paths returned by entitlements validation will have symlinks resolved + expDir1, err := filepath.EvalSymlinks(dir1) + require.NoError(t, err) + expDir2, err := filepath.EvalSymlinks(dir2) + require.NoError(t, err) + escapeLink := filepath.Join(dir1, "escape_link") require.NoError(t, os.Symlink("../../aa", escapeLink)) wd := osutil.GetWd() + expWd, err := filepath.EvalSymlinks(wd) + require.NoError(t, err) tcases := []struct { name string @@ -208,7 +216,7 @@ func TestValidateEntitlements(t *testing.T) { }, expected: EntitlementConf{ NetworkHost: true, - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -222,7 +230,7 @@ func TestValidateEntitlements(t *testing.T) { }, }, expected: EntitlementConf{ - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -236,7 +244,7 @@ func TestValidateEntitlements(t *testing.T) { expected: EntitlementConf{ NetworkHost: true, SecurityInsecure: true, - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -252,7 +260,7 @@ func TestValidateEntitlements(t *testing.T) { }, expected: EntitlementConf{ SecurityInsecure: true, - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -266,7 +274,7 @@ func TestValidateEntitlements(t *testing.T) { }, expected: EntitlementConf{ SSH: true, - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -295,11 +303,11 @@ func TestValidateEntitlements(t *testing.T) { }, expected: EntitlementConf{ FSWrite: func() []string { - exp := []string{dir1, dir2} + exp := []string{expDir1, expDir2} slices.Sort(exp) return exp }(), - FSRead: []string{wd}, + FSRead: []string{expWd}, }, }, { @@ -328,7 +336,7 @@ func TestValidateEntitlements(t *testing.T) { FSRead: []string{wd, dir1}, }, expected: EntitlementConf{ - FSRead: []string{filepath.Join(dir1, "../..")}, + FSRead: []string{filepath.Join(expDir1, "../..")}, }, }, { From 3148c098a2789c150bac14c53122c19533203c52 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Mon, 25 Nov 2024 08:26:02 -0800 Subject: [PATCH 2/2] bake: remove unnecessary GetLongPathName calls Signed-off-by: Tonis Tiigi --- bake/entitlements_test.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/bake/entitlements_test.go b/bake/entitlements_test.go index ef2f0505906e..6610554527ae 100644 --- a/bake/entitlements_test.go +++ b/bake/entitlements_test.go @@ -175,10 +175,8 @@ func TestDedupePaths(t *testing.T) { } func TestValidateEntitlements(t *testing.T) { - dir1, err := osutil.GetLongPathName(t.TempDir()) - require.NoError(t, err) - dir2, err := osutil.GetLongPathName(t.TempDir()) - require.NoError(t, err) + dir1 := t.TempDir() + dir2 := t.TempDir() // the paths returned by entitlements validation will have symlinks resolved expDir1, err := filepath.EvalSymlinks(dir1) @@ -189,7 +187,8 @@ func TestValidateEntitlements(t *testing.T) { escapeLink := filepath.Join(dir1, "escape_link") require.NoError(t, os.Symlink("../../aa", escapeLink)) - wd := osutil.GetWd() + wd, err := os.Getwd() + require.NoError(t, err) expWd, err := filepath.EvalSymlinks(wd) require.NoError(t, err)