mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
52c1a2fae8
Older versions of Go don't format comments, so committing this as a separate commit, so that we can already make these changes before we upgrade to Go 1.19. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
443 lines
18 KiB
Go
443 lines
18 KiB
Go
package main
|
|
|
|
import (
|
|
"os"
|
|
"testing"
|
|
|
|
"gotest.tools/v3/assert"
|
|
)
|
|
|
|
// Try all of the test cases from the archive package which implements the
|
|
// internals of `docker cp` and ensure that the behavior matches when actually
|
|
// copying to and from containers.
|
|
|
|
// Basic assumptions about SRC and DST:
|
|
// 1. SRC must exist.
|
|
// 2. If SRC ends with a trailing separator, it must be a directory.
|
|
// 3. DST parent directory must exist.
|
|
// 4. If DST exists as a file, it must not end with a trailing separator.
|
|
|
|
// Check that copying from a local path to a symlink in a container copies to
|
|
// the symlink target and does not overwrite the container symlink itself.
|
|
func (s *DockerCLICpSuite) TestCpToSymlinkDestination(c *testing.T) {
|
|
// stat /tmp/test-cp-to-symlink-destination-262430901/vol3 gets permission denied for the user
|
|
testRequires(c, NotUserNamespace)
|
|
testRequires(c, DaemonIsLinux)
|
|
testRequires(c, testEnv.IsLocalDaemon) // Requires local volume mount bind.
|
|
|
|
testVol := getTestDir(c, "test-cp-to-symlink-destination-")
|
|
defer os.RemoveAll(testVol)
|
|
|
|
makeTestContentInDir(c, testVol)
|
|
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
volumes: defaultVolumes(testVol), // Our bind mount is at /vol2
|
|
})
|
|
|
|
// First, copy a local file to a symlink to a file in the container. This
|
|
// should overwrite the symlink target contents with the source contents.
|
|
srcPath := cpPath(testVol, "file2")
|
|
dstPath := containerCpPath(containerID, "/vol2/symlinkToFile1")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToFile1"), "file1"), "The symlink should not have been modified")
|
|
assert.NilError(c, fileContentEquals(c, cpPath(testVol, "file1"), "file2\n"), `The file should have the contents of "file2" now`)
|
|
|
|
// Next, copy a local file to a symlink to a directory in the container.
|
|
// This should copy the file into the symlink target directory.
|
|
dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), "The symlink should not have been modified")
|
|
assert.NilError(c, fileContentEquals(c, cpPath(testVol, "file2"), "file2\n"), `The file should have the contents of "file2"" now`)
|
|
|
|
// Next, copy a file to a symlink to a file that does not exist (a broken
|
|
// symlink) in the container. This should create the target file with the
|
|
// contents of the source file.
|
|
dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToFileX")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToFileX"), "fileX"), "The symlink should not have been modified")
|
|
assert.NilError(c, fileContentEquals(c, cpPath(testVol, "fileX"), "file2\n"), `The file should have the contents of "file2"" now`)
|
|
|
|
// Next, copy a local directory to a symlink to a directory in the
|
|
// container. This should copy the directory into the symlink target
|
|
// directory and not modify the symlink.
|
|
srcPath = cpPath(testVol, "/dir2")
|
|
dstPath = containerCpPath(containerID, "/vol2/symlinkToDir1")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "symlinkToDir1"), "dir1"), "The symlink should not have been modified")
|
|
assert.NilError(c, fileContentEquals(c, cpPath(testVol, "dir1/dir2/file2-1"), "file2-1\n"), `The directory should now contain a copy of "dir2"`)
|
|
|
|
// Next, copy a local directory to a symlink to a local directory that does
|
|
// not exist (a broken symlink) in the container. This should create the
|
|
// target as a directory with the contents of the source directory. It
|
|
// should not modify the symlink.
|
|
dstPath = containerCpPath(containerID, "/vol2/brokenSymlinkToDirX")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, symlinkTargetEquals(c, cpPath(testVol, "brokenSymlinkToDirX"), "dirX"), "The symlink should not have been modified")
|
|
assert.NilError(c, fileContentEquals(c, cpPath(testVol, "dirX/file2-1"), "file2-1\n"), `The "dirX" directory should now be a copy of "dir2"`)
|
|
}
|
|
|
|
// Possibilities are reduced to the remaining 10 cases:
|
|
//
|
|
// case | srcIsDir | onlyDirContents | dstExists | dstIsDir | dstTrSep | action
|
|
// ===================================================================================================
|
|
// A | no | - | no | - | no | create file
|
|
// B | no | - | no | - | yes | error
|
|
// C | no | - | yes | no | - | overwrite file
|
|
// D | no | - | yes | yes | - | create file in dst dir
|
|
// E | yes | no | no | - | - | create dir, copy contents
|
|
// F | yes | no | yes | no | - | error
|
|
// G | yes | no | yes | yes | - | copy dir and contents
|
|
// H | yes | yes | no | - | - | create dir, copy contents
|
|
// I | yes | yes | yes | no | - | error
|
|
// J | yes | yes | yes | yes | - | copy dir contents
|
|
//
|
|
|
|
// A. SRC specifies a file and DST (no trailing path separator) doesn't exist.
|
|
//
|
|
// This should create a file with the name DST and copy the contents of the
|
|
// source file into it.
|
|
func (s *DockerCLICpSuite) TestCpToCaseA(c *testing.T) {
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
workDir: "/root", command: makeCatFileCommand("itWorks.txt"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-a")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstPath := containerCpPath(containerID, "/root/itWorks.txt")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"))
|
|
}
|
|
|
|
// B. SRC specifies a file and DST (with trailing path separator) doesn't exist.
|
|
//
|
|
// This should cause an error because the copy operation cannot create a
|
|
// directory when copying a single file.
|
|
func (s *DockerCLICpSuite) TestCpToCaseB(c *testing.T) {
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("testDir/file1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-b")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstDir := containerCpPathTrailingSep(containerID, "testDir")
|
|
|
|
err := runDockerCp(c, srcPath, dstDir)
|
|
assert.ErrorContains(c, err, "")
|
|
assert.Assert(c, isCpDirNotExist(err), "expected DirNotExists error, but got %T: %s", err, err)
|
|
}
|
|
|
|
// C. SRC specifies a file and DST exists as a file.
|
|
//
|
|
// This should overwrite the file at DST with the contents of the source file.
|
|
func (s *DockerCLICpSuite) TestCpToCaseC(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true, workDir: "/root",
|
|
command: makeCatFileCommand("file2"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-c")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstPath := containerCpPath(containerID, "/root/file2")
|
|
|
|
// Ensure the container's file starts with the original content.
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file2\n"))
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstPath))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
|
|
}
|
|
|
|
// D. SRC specifies a file and DST exists as a directory.
|
|
//
|
|
// This should place a copy of the source file inside it using the basename from
|
|
// SRC. Ensure this works whether DST has a trailing path separator or not.
|
|
func (s *DockerCLICpSuite) TestCpToCaseD(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true,
|
|
command: makeCatFileCommand("/dir1/file1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-d")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstDir := containerCpPath(containerID, "dir1")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
|
|
|
|
// Now try again but using a trailing path separator for dstDir.
|
|
|
|
// Make new destination container.
|
|
containerID = makeTestContainer(c, testContainerOptions{
|
|
addContent: true,
|
|
command: makeCatFileCommand("/dir1/file1"),
|
|
})
|
|
|
|
dstDir = containerCpPathTrailingSep(containerID, "dir1")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcPath, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1\n"), "Should now contain file1's contents")
|
|
}
|
|
|
|
// E. SRC specifies a directory and DST does not exist.
|
|
//
|
|
// This should create a directory at DST and copy the contents of the SRC
|
|
// directory into the DST directory. Ensure this works whether DST has a
|
|
// trailing path separator or not.
|
|
func (s *DockerCLICpSuite) TestCpToCaseE(c *testing.T) {
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("/testDir/file1-1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-e")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPath(tmpDir, "dir1")
|
|
dstDir := containerCpPath(containerID, "testDir")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
|
|
// Now try again but using a trailing path separator for dstDir.
|
|
|
|
// Make new destination container.
|
|
containerID = makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("/testDir/file1-1"),
|
|
})
|
|
|
|
dstDir = containerCpPathTrailingSep(containerID, "testDir")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
}
|
|
|
|
// F. SRC specifies a directory and DST exists as a file.
|
|
//
|
|
// This should cause an error as it is not possible to overwrite a file with a
|
|
// directory.
|
|
func (s *DockerCLICpSuite) TestCpToCaseF(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true, workDir: "/root",
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-f")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPath(tmpDir, "dir1")
|
|
dstFile := containerCpPath(containerID, "/root/file1")
|
|
|
|
err := runDockerCp(c, srcDir, dstFile)
|
|
assert.ErrorContains(c, err, "")
|
|
assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
|
|
}
|
|
|
|
// G. SRC specifies a directory and DST exists as a directory.
|
|
//
|
|
// This should copy the SRC directory and all its contents to the DST directory.
|
|
// Ensure this works whether DST has a trailing path separator or not.
|
|
func (s *DockerCLICpSuite) TestCpToCaseG(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true, workDir: "/root",
|
|
command: makeCatFileCommand("dir2/dir1/file1-1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-g")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPath(tmpDir, "dir1")
|
|
dstDir := containerCpPath(containerID, "/root/dir2")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
|
|
// Now try again but using a trailing path separator for dstDir.
|
|
|
|
// Make new destination container.
|
|
containerID = makeTestContainer(c, testContainerOptions{
|
|
addContent: true,
|
|
command: makeCatFileCommand("/dir2/dir1/file1-1"),
|
|
})
|
|
|
|
dstDir = containerCpPathTrailingSep(containerID, "/dir2")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
}
|
|
|
|
// H. SRC specifies a directory's contents only and DST does not exist.
|
|
//
|
|
// This should create a directory at DST and copy the contents of the SRC
|
|
// directory (but not the directory itself) into the DST directory. Ensure
|
|
// this works whether DST has a trailing path separator or not.
|
|
func (s *DockerCLICpSuite) TestCpToCaseH(c *testing.T) {
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("/testDir/file1-1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-h")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
|
|
dstDir := containerCpPath(containerID, "testDir")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
|
|
// Now try again but using a trailing path separator for dstDir.
|
|
|
|
// Make new destination container.
|
|
containerID = makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("/testDir/file1-1"),
|
|
})
|
|
|
|
dstDir = containerCpPathTrailingSep(containerID, "testDir")
|
|
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should now contain file1-1's contents")
|
|
}
|
|
|
|
// I. SRC specifies a directory's contents only and DST exists as a file.
|
|
//
|
|
// This should cause an error as it is not possible to overwrite a file with a
|
|
// directory.
|
|
func (s *DockerCLICpSuite) TestCpToCaseI(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true, workDir: "/root",
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-i")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
|
|
dstFile := containerCpPath(containerID, "/root/file1")
|
|
|
|
err := runDockerCp(c, srcDir, dstFile)
|
|
assert.ErrorContains(c, err, "")
|
|
assert.Assert(c, isCpCannotCopyDir(err), "expected ErrCannotCopyDir error, but got %T: %s", err, err)
|
|
}
|
|
|
|
// J. SRC specifies a directory's contents only and DST exists as a directory.
|
|
//
|
|
// This should copy the contents of the SRC directory (but not the directory
|
|
// itself) into the DST directory. Ensure this works whether DST has a
|
|
// trailing path separator or not.
|
|
func (s *DockerCLICpSuite) TestCpToCaseJ(c *testing.T) {
|
|
testRequires(c, DaemonIsLinux)
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
addContent: true, workDir: "/root",
|
|
command: makeCatFileCommand("/dir2/file1-1"),
|
|
})
|
|
|
|
tmpDir := getTestDir(c, "test-cp-to-case-j")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
srcDir := cpPathTrailingSep(tmpDir, "dir1") + "."
|
|
dstDir := containerCpPath(containerID, "/dir2")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should've contained file1-1's contents")
|
|
|
|
// Now try again but using a trailing path separator for dstDir.
|
|
|
|
// Make new destination container.
|
|
containerID = makeTestContainer(c, testContainerOptions{
|
|
command: makeCatFileCommand("/dir2/file1-1"),
|
|
})
|
|
|
|
dstDir = containerCpPathTrailingSep(containerID, "/dir2")
|
|
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
assert.NilError(c, runDockerCp(c, srcDir, dstDir))
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, "file1-1\n"), "Should've contained file1-1's contents")
|
|
}
|
|
|
|
// The `docker cp` command should also ensure that you cannot
|
|
// write to a container rootfs that is marked as read-only.
|
|
func (s *DockerCLICpSuite) TestCpToErrReadOnlyRootfs(c *testing.T) {
|
|
// --read-only + userns has remount issues
|
|
testRequires(c, DaemonIsLinux, NotUserNamespace)
|
|
tmpDir := getTestDir(c, "test-cp-to-err-read-only-rootfs")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
readOnly: true, workDir: "/root",
|
|
command: makeCatFileCommand("shouldNotExist"),
|
|
})
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstPath := containerCpPath(containerID, "/root/shouldNotExist")
|
|
|
|
err := runDockerCp(c, srcPath, dstPath)
|
|
assert.ErrorContains(c, err, "")
|
|
|
|
assert.Assert(c, isCpCannotCopyReadOnly(err), "expected ErrContainerRootfsReadonly error, but got %T: %s", err, err)
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
}
|
|
|
|
// The `docker cp` command should also ensure that you
|
|
// cannot write to a volume that is mounted as read-only.
|
|
func (s *DockerCLICpSuite) TestCpToErrReadOnlyVolume(c *testing.T) {
|
|
// --read-only + userns has remount issues
|
|
testRequires(c, DaemonIsLinux, NotUserNamespace)
|
|
tmpDir := getTestDir(c, "test-cp-to-err-read-only-volume")
|
|
defer os.RemoveAll(tmpDir)
|
|
|
|
makeTestContentInDir(c, tmpDir)
|
|
|
|
containerID := makeTestContainer(c, testContainerOptions{
|
|
volumes: defaultVolumes(tmpDir), workDir: "/root",
|
|
command: makeCatFileCommand("/vol_ro/shouldNotExist"),
|
|
})
|
|
|
|
srcPath := cpPath(tmpDir, "file1")
|
|
dstPath := containerCpPath(containerID, "/vol_ro/shouldNotExist")
|
|
|
|
err := runDockerCp(c, srcPath, dstPath)
|
|
assert.ErrorContains(c, err, "")
|
|
|
|
assert.Assert(c, isCpCannotCopyReadOnly(err), "expected ErrVolumeReadonly error, but got %T: %s", err, err)
|
|
assert.NilError(c, containerStartOutputEquals(c, containerID, ""), "dstPath should not have existed")
|
|
}
|