From 17ec5a5aa8218c0ff529b26076a59db96ea91c55 Mon Sep 17 00:00:00 2001
From: Seth Hoenig <shoenig@hashicorp.com>
Date: Sat, 15 May 2021 17:45:39 -0600
Subject: [PATCH] drivers: fixup linux version dependent test cases

The error output being checked depends on the linux caps supported
by the particular operating system. Fix these test cases to just
check that an error did occur.
---
 drivers/docker/config.go                     | 30 --------------------
 drivers/docker/driver_default.go             | 21 --------------
 drivers/shared/capabilities/defaults_test.go | 28 +++++++++++++-----
 3 files changed, 21 insertions(+), 58 deletions(-)

diff --git a/drivers/docker/config.go b/drivers/docker/config.go
index 898d9172c..aff5c5d69 100644
--- a/drivers/docker/config.go
+++ b/drivers/docker/config.go
@@ -42,36 +42,6 @@ const (
 	dockerAuthHelperPrefix = "docker-credential-"
 )
 
-// nomadDefaultCaps is the subset of dockerDefaultCaps that Nomad enables by
-// default and is used to compute the set of capabilities to add/drop given
-// docker driver configuration.
-func nomadDefaultCaps() []string {
-	return []string{
-		"AUDIT_WRITE",
-		"CHOWN",
-		"DAC_OVERRIDE",
-		"FOWNER",
-		"FSETID",
-		"KILL",
-		"MKNOD",
-		"NET_BIND_SERVICE",
-		"SETFCAP",
-		"SETGID",
-		"SETPCAP",
-		"SETUID",
-		"SYS_CHROOT",
-	}
-}
-
-// dockerDefaultCaps is a list of Linux capabilities enabled by docker by default
-// and is used to compute the set of capabilities to add/drop given docker driver
-// configuration, as well as Nomad built-in limitations.
-//
-// https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
-func dockerDefaultCaps() []string {
-	return append(nomadDefaultCaps(), "NET_RAW")
-}
-
 func PluginLoader(opts map[string]string) (map[string]interface{}, error) {
 	conf := map[string]interface{}{}
 	if v, ok := opts["docker.endpoint"]; ok {
diff --git a/drivers/docker/driver_default.go b/drivers/docker/driver_default.go
index 45086f7bf..b180ae8f9 100644
--- a/drivers/docker/driver_default.go
+++ b/drivers/docker/driver_default.go
@@ -3,30 +3,9 @@
 package docker
 
 import (
-	"github.com/docker/docker/oci/caps"
 	docker "github.com/fsouza/go-dockerclient"
 )
 
 func getPortBinding(ip string, port string) docker.PortBinding {
 	return docker.PortBinding{HostIP: ip, HostPort: port}
 }
-
-func tweakCapabilities(basics, adds, drops []string) ([]string, error) {
-	// Moby mixes 2 different capabilities formats: prefixed with "CAP_"
-	// and not. We do the conversion here to have a consistent,
-	// non-prefixed format on the Nomad side.
-	for i, cap := range basics {
-		basics[i] = "CAP_" + cap
-	}
-
-	effectiveCaps, err := caps.TweakCapabilities(basics, adds, drops, nil, false)
-	if err != nil {
-		return effectiveCaps, err
-	}
-
-	for i, cap := range effectiveCaps {
-		effectiveCaps[i] = cap[len("CAP_"):]
-	}
-
-	return effectiveCaps, nil
-}
diff --git a/drivers/shared/capabilities/defaults_test.go b/drivers/shared/capabilities/defaults_test.go
index 408f954ea..7fd03513e 100644
--- a/drivers/shared/capabilities/defaults_test.go
+++ b/drivers/shared/capabilities/defaults_test.go
@@ -33,8 +33,9 @@ func TestCaps_Calculate(t *testing.T) {
 		capDrop   []string // task config
 
 		// output
-		exp []string
-		err error
+		exp  []string
+		err  error
+		skip bool // error message is linux version dependent
 	}{
 		{
 			name:      "the default setting",
@@ -77,6 +78,7 @@ func TestCaps_Calculate(t *testing.T) {
 			err:       nil,
 		},
 		{
+			skip:      true,
 			name:      "allow defaults and add all",
 			allowCaps: NomadDefaults().Slice(false),
 			capAdd:    []string{"all"},
@@ -135,8 +137,13 @@ func TestCaps_Calculate(t *testing.T) {
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			caps, err := Calculate(NomadDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop)
-			require.Equal(t, tc.err, err)
-			require.Equal(t, tc.exp, caps)
+			if !tc.skip {
+				require.Equal(t, tc.err, err)
+				require.Equal(t, tc.exp, caps)
+			} else {
+				require.Error(t, err)
+				require.Equal(t, tc.exp, caps)
+			}
 		})
 	}
 }
@@ -154,6 +161,7 @@ func TestCaps_Delta(t *testing.T) {
 		expAdd  []string
 		expDrop []string
 		err     error
+		skip    bool // error message is linux version dependent
 	}{
 		{
 			name:      "the default setting",
@@ -249,6 +257,7 @@ func TestCaps_Delta(t *testing.T) {
 			err:       nil,
 		},
 		{
+			skip:      true,
 			name:      "add all atop defaults",
 			allowCaps: NomadDefaults().Slice(false),
 			capAdd:    []string{"all"},
@@ -260,9 +269,14 @@ func TestCaps_Delta(t *testing.T) {
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			add, drop, err := Delta(DockerDefaults(), tc.allowCaps, tc.capAdd, tc.capDrop)
-			require.Equal(t, tc.err, err)
-			require.Equal(t, tc.expAdd, add)
-			require.Equal(t, tc.expDrop, drop)
+			if !tc.skip {
+				require.Equal(t, tc.err, err)
+				require.Equal(t, tc.expAdd, add)
+				require.Equal(t, tc.expDrop, drop)
+			} else {
+				require.Error(t, err)
+				require.Equal(t, tc.expDrop, drop)
+			}
 		})
 	}
 }