From 27011b439b5cb3e5fd0d3e8af7505e847bf9be0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Fri, 30 Aug 2024 12:19:12 +0200 Subject: [PATCH] Only add SELinux flags to ContainerVolumeBase.flags if the flags are None --- CHANGELOG.rst | 2 ++ pytest_container/container.py | 17 +++++++++-------- tests/test_volumes.py | 16 ++++++++++++++++ 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 41c4bca..56fa1ab 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,8 @@ Next Release Breaking changes: +- Change addition of SELinux flags to volumes: SELinux flags are only added if + :py:attr:`~pytest_container.container.ContainerVolumeBase.flags` is ``None``. Improvements and new features: diff --git a/pytest_container/container.py b/pytest_container/container.py index a0e87fe..e05f706 100644 --- a/pytest_container/container.py +++ b/pytest_container/container.py @@ -175,9 +175,13 @@ class ContainerVolumeBase: #: #: Note that some flags are mutually exclusive and potentially not supported #: by all container runtimes. + #: #: The :py:attr:`VolumeFlag.SELINUX_PRIVATE` flag will be added by default - #: to the flags unless :py:attr:`ContainerVolumeBase.shared` is ``True``. - flags: List[VolumeFlag] = field(default_factory=list) + #: if flags is ``None``, unless :py:attr:`ContainerVolumeBase.shared` is + #: ``True``, then :py:attr:`VolumeFlag.SELINUX_SHARED` is added. + #: + #: If flags is a list (even an empty one), then no flags are added. + flags: Optional[List[VolumeFlag]] = None #: Define whether this volume should can be shared between #: containers. Defaults to ``False``. @@ -191,15 +195,12 @@ class ContainerVolumeBase: _vol_name: str = "" def __post_init__(self) -> None: - if ( - VolumeFlag.SELINUX_PRIVATE not in self.flags - and VolumeFlag.SELINUX_SHARED not in self.flags - ): - self.flags.append( + if self.flags is None: + self.flags = [ VolumeFlag.SELINUX_SHARED if self.shared else VolumeFlag.SELINUX_PRIVATE - ) + ] for mutually_exclusive_flags in ( (VolumeFlag.READ_ONLY, VolumeFlag.READ_WRITE), diff --git a/tests/test_volumes.py b/tests/test_volumes.py index aa38e32..0b213b7 100644 --- a/tests/test_volumes.py +++ b/tests/test_volumes.py @@ -31,6 +31,22 @@ def test_adds_selinux(volume: ContainerVolumeBase, expected_flag: VolumeFlag): assert volume.flags[0] == expected_flag +@pytest.mark.parametrize( + "volume,flags", + [ + (ContainerVolume("/foo", flags=[]), []), + ( + ContainerVolume("/bar/", flags=[VolumeFlag.READ_ONLY]), + [VolumeFlag.READ_ONLY], + ), + ], +) +def test_does_not_add_selinux_if_flags_is_list( + volume: ContainerVolumeBase, flags: List[VolumeFlag] +) -> None: + assert volume.flags == flags + + @pytest.mark.parametrize( "flags", [