def test_empty_jailer_id(test_microvm_with_api):
"""
Test that the jailer ID cannot be empty.
@type: security
"""
test_microvm = test_microvm_with_api
fc_binary, _ = build_tools.get_firecracker_binaries()
# Set the jailer ID to None.
test_microvm.jailer = JailerContext(
jailer_id="",
exec_file=fc_binary,
)
# pylint: disable=W0703
try:
test_microvm.spawn()
# If the exception is not thrown, it means that Firecracker was
# started successfully, hence there's a bug in the code due to which
# we can set an empty ID.
assert False
except Exception as err:
expected_err = "Jailer error: Invalid instance ID: invalid len (0);" \
" the length must be between 1 and 64"
assert expected_err in str(err)
def init_microvm(root_path,
bin_cloner_path,
fc_binary=None,
jailer_binary=None):
"""Auxiliary function for instantiating a microvm and setting it up."""
# pylint: disable=redefined-outer-name
# The fixture pattern causes a pylint false positive for that rule.
microvm_id = str(uuid.uuid4())
# Update permissions for custom binaries.
if fc_binary is not None:
os.chmod(fc_binary, 0o555)
if jailer_binary is not None:
os.chmod(jailer_binary, 0o555)
if fc_binary is None or jailer_binary is None:
fc_binary, jailer_binary = build_tools.get_firecracker_binaries()
# Make sure we always have both binaries.
assert fc_binary
assert jailer_binary
vm = Microvm(resource_path=root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
microvm_id=microvm_id,
bin_cloner_path=bin_cloner_path)
vm.setup()
return vm
def test_binary_sizes():
"""Test if the sizes of the release binaries are within expected ranges."""
fc_binary, jailer_binary = host.get_firecracker_binaries()
check_binary_size("firecracker", fc_binary, FC_BINARY_SIZE_TARGET,
BINARY_SIZE_TOLERANCE, FC_BINARY_SIZE_LIMIT)
check_binary_size("jailer", jailer_binary, JAILER_BINARY_SIZE_TARGET,
BINARY_SIZE_TOLERANCE, JAILER_BINARY_SIZE_LIMIT)
def init_microvm(root_path, cloner_path):
"""Auxiliary function for instantiating a microvm and setting it up."""
microvm_id = str(uuid.uuid4())
fc_binary, jailer_binary = build_tools.get_firecracker_binaries(root_path)
vm = Microvm(resource_path=root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
microvm_id=microvm_id,
newpid_cloner_path=cloner_path)
vm.setup()
return vm
def test_firecracker_binary_size():
"""
Test if the size of the firecracker binary is within expected ranges.
@type: build
"""
fc_binary, _ = host.get_firecracker_binaries()
result = check_binary_size("firecracker", fc_binary, FC_BINARY_SIZE_TARGET,
BINARY_SIZE_TOLERANCE, FC_BINARY_SIZE_LIMIT)
return f"{result} B", \
f"{FC_BINARY_SIZE_TARGET} +/- {BINARY_SIZE_TOLERANCE * 100}% B"
def init_microvm(root_path, aux_binary_paths, features=''):
"""Auxiliary function for instantiating a microvm and setting it up."""
microvm_id = str(uuid.uuid4())
fc_binary, jailer_binary = build_tools.get_firecracker_binaries(
root_path, features)
vm = Microvm(resource_path=root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
build_feature=features,
microvm_id=microvm_id,
aux_bin_paths=aux_binary_paths)
vm.setup()
return vm
def test_jailer_binary_size():
"""
Test if the size of the jailer binary is within expected ranges.
@type: build
"""
_, jailer_binary = host.get_firecracker_binaries()
result = check_binary_size("jailer", jailer_binary,
JAILER_BINARY_SIZE_TARGET,
BINARY_SIZE_TOLERANCE, JAILER_BINARY_SIZE_LIMIT)
return f"{result} B", \
f"{JAILER_BINARY_SIZE_TARGET} +/- {BINARY_SIZE_TOLERANCE * 100}% B"
def init_microvm(root_path, bin_cloner_path):
"""Auxiliary function for instantiating a microvm and setting it up."""
# pylint: disable=redefined-outer-name
# The fixture pattern causes a pylint false positive for that rule.
microvm_id = str(uuid.uuid4())
fc_binary, jailer_binary = build_tools.get_firecracker_binaries()
vm = Microvm(resource_path=root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
microvm_id=microvm_id,
bin_cloner_path=bin_cloner_path)
vm.setup()
return vm
def init_microvm(root_path, aux_binary_paths, features=''):
"""Auxiliary function for instantiating a microvm and setting it up."""
microvm_id = str(uuid.uuid4())
fc_binary, jailer_binary = build_tools.get_firecracker_binaries(
root_path,
features
)
vm = Microvm(
resource_path=root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
build_feature=features,
microvm_id=microvm_id,
aux_bin_paths=aux_binary_paths
)
vm.setup()
return vm
def microvm(test_session_root_path, newpid_cloner_path):
"""Instantiate a microvm."""
# pylint: disable=redefined-outer-name
# The fixture pattern causes a pylint false positive for that rule.
# Make sure the necessary binaries are there before instantiating the
# microvm.
fc_binary, jailer_binary = build_tools.get_firecracker_binaries(
test_session_root_path)
microvm_id = str(uuid.uuid4())
vm = Microvm(resource_path=test_session_root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
microvm_id=microvm_id,
newpid_cloner_path=newpid_cloner_path)
vm.setup()
yield vm
vm.kill()
def microvm(test_session_root_path, newpid_cloner_path):
"""Instantiate a microvm."""
# pylint: disable=redefined-outer-name
# The fixture pattern causes a pylint false positive for that rule.
# Make sure the necessary binaries are there before instantiating the
# microvm.
fc_binary, jailer_binary = build_tools.get_firecracker_binaries(
test_session_root_path
)
microvm_id = str(uuid.uuid4())
vm = Microvm(
resource_path=test_session_root_path,
fc_binary_path=fc_binary,
jailer_binary_path=jailer_binary,
microvm_id=microvm_id,
newpid_cloner_path=newpid_cloner_path
)
vm.setup()
yield vm
vm.kill()
def test_describe_snapshot_all_versions(bin_cloner_path):
"""
Test `--describe-snapshot` correctness for all snapshot versions.
@type: functional
"""
logger = logging.getLogger("describe_snapshot")
builder = MicrovmBuilder(bin_cloner_path)
artifacts = ArtifactCollection(_test_images_s3_bucket())
# Fetch all firecracker binaries.
# For each binary create a snapshot and verify the data version
# of the snapshot state file.
firecracker_artifacts = artifacts.firecrackers(
max_version=get_firecracker_version_from_toml())
for firecracker in firecracker_artifacts:
firecracker.download()
jailer = firecracker.jailer()
jailer.download()
target_version = firecracker.base_name()[1:]
# Skip for aarch64, since the snapshotting feature
# was introduced in v0.24.0.
if platform.machine() == "aarch64" and "v0.23" in target_version:
continue
logger.info("Creating snapshot with Firecracker: %s",
firecracker.local_path())
logger.info("Using Jailer: %s", jailer.local_path())
logger.info("Using target version: %s", target_version)
# v0.23 does not support creating diff snapshots.
diff_snapshots = "0.23" not in target_version
vm_instance = builder.build_vm_nano(fc_binary=firecracker.local_path(),
jailer_binary=jailer.local_path(),
diff_snapshots=diff_snapshots)
vm = vm_instance.vm
vm.start()
# Create a snapshot builder from a microvm.
snapshot_builder = SnapshotBuilder(vm)
disks = [vm_instance.disks[0].local_path()]
# Version 0.24 and greater have Diff support.
snap_type = SnapshotType.DIFF if diff_snapshots else SnapshotType.FULL
snapshot = snapshot_builder.create(disks,
vm_instance.ssh_key,
target_version=target_version,
snapshot_type=snap_type)
logger.debug("========== Firecracker create snapshot log ==========")
logger.debug(vm.log_data)
vm.kill()
# Fetch Firecracker binary for the latest version
fc_binary, _ = get_firecracker_binaries()
# Verify the output of `--describe-snapshot` command line parameter
cmd = [fc_binary] + ["--describe-snapshot", snapshot.vmstate]
code, stdout, stderr = run_cmd(cmd)
assert code == 0
assert stderr == ''
assert target_version in stdout
