def test_prepare_with_ssh_key():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.wrap_args_with_ssh_agent = Mock()
rc.open_fifo_write = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.playbook = 'main.yaml'
rc.ssh_key_data = '01234567890'
rc.command = 'ansible-playbook'
os.environ['AWX_LIB_DIRECTORY'] = '/'
rc.prepare()
assert rc.ssh_key_path == '/ssh_key_data'
assert rc.ssh_auth_sock == '/ssh_auth.sock'
assert rc.wrap_args_with_ssh_agent.called
assert rc.open_fifo_write.called
def test_bwrap_process_isolation_defaults():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.process_isolation_executable = 'bwrap'
with patch('os.path.exists') as path_exists:
path_exists.return_value = True
rc.prepare()
assert rc.command == [
'bwrap',
'--die-with-parent',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
'/project',
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_prepare():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.playbook = 'main.yaml'
os.environ['AWX_LIB_DIRECTORY'] = '/'
rc.prepare()
assert rc.prepare_inventory.called
assert rc.prepare_env.called
assert rc.prepare_command.called
assert not hasattr(rc, 'ssh_key_path')
assert not hasattr(rc, 'ssh_auth_sock')
assert not hasattr(rc, 'command')
assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
assert rc.env['AWX_ISOLATED_DATA_DIR'] == '/'
assert rc.env['PYTHONPATH'] == '/:'
os.environ['PYTHONPATH'] = "/foo/bar"
rc.prepare()
assert rc.env['PYTHONPATH'] == "/foo/bar:/:"
def test_prepare():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.execution_mode = ExecutionMode.ANSIBLE_PLAYBOOK
rc.playbook = 'main.yaml'
rc.prepare()
assert rc.prepare_inventory.called
assert rc.prepare_env.called
assert rc.prepare_command.called
assert not hasattr(rc, 'ssh_key_path')
assert not hasattr(rc, 'command')
assert rc.env['ANSIBLE_STDOUT_CALLBACK'] == 'awx_display'
assert rc.env['ANSIBLE_RETRY_FILES_ENABLED'] == 'False'
assert rc.env['ANSIBLE_HOST_KEY_CHECKING'] == 'False'
assert rc.env['AWX_ISOLATED_DATA_DIR'] == '/'
assert rc.env['PYTHONPATH'] == '/python_path_via_environ:/awx_lib_directory_via_environ', \
"PYTHONPATH is the union of the env PYTHONPATH and AWX_LIB_DIRECTORY"
del rc.env['PYTHONPATH']
os.environ['PYTHONPATH'] = "/foo/bar/python_path_via_environ"
rc.prepare()
assert rc.env['PYTHONPATH'] == "/foo/bar/python_path_via_environ:/awx_lib_directory_via_environ", \
"PYTHONPATH is the union of the explicit env['PYTHONPATH'] override and AWX_LIB_DIRECTORY"
def test_process_isolation_and_directory_isolation(mock_makedirs,
mock_copytree, mock_mkdtemp,
mock_chmod):
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.directory_isolation_path = '/tmp/dirisolation'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.prepare()
assert rc.command == [
'bwrap',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
'/tmp/dirisolation/foo',
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_process_isolation_defaults():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.prepare()
assert rc.command == [
'bwrap',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
'/project',
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_process_isolation_and_directory_isolation(mock_makedirs,
mock_copytree, mock_mkdtemp,
mock_chmod, mock_rmtree):
def new_exists(path):
if path == "/project":
return False
return True
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.directory_isolation_path = '/tmp/dirisolation'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
with patch('os.path.exists', new=new_exists):
rc.prepare()
assert rc.command == [
'bwrap',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
'--bind',
'/',
'/',
'--chdir',
os.path.realpath(rc.directory_isolation_path),
'ansible-playbook',
'-i',
'/inventory',
'main.yaml',
]
def test_process_isolation_settings():
rc = RunnerConfig('/')
rc.artifact_dir = '/tmp/artifacts'
rc.playbook = 'main.yaml'
rc.command = 'ansible-playbook'
rc.process_isolation = True
rc.process_isolation_executable = 'not_bwrap'
rc.process_isolation_hide_paths = ['/home', '/var']
rc.process_isolation_show_paths = ['/usr']
rc.process_isolation_ro_paths = ['/venv']
rc.process_isolation_path = '/tmp'
with patch('os.path.exists') as path_exists:
path_exists.return_value = True
rc.prepare()
assert rc.command[0:8] == [
'not_bwrap',
'--die-with-parent',
'--unshare-pid',
'--dev-bind',
'/',
'/',
'--proc',
'/proc',
]
# hide /home
assert rc.command[8] == '--bind'
assert 'ansible_runner_pi' in rc.command[9]
assert rc.command[10] == os.path.realpath('/home') # needed for Mac
# hide /var
assert rc.command[11] == '--bind'
assert 'ansible_runner_pi' in rc.command[12]
assert rc.command[13] == '/var' or rc.command[13] == '/private/var'
# read-only bind
assert rc.command[14:17] == ['--ro-bind', '/venv', '/venv']
# root bind
assert rc.command[17:20] == ['--bind', '/', '/']
# show /usr
assert rc.command[20:23] == ['--bind', '/usr', '/usr']
# chdir and ansible-playbook command
assert rc.command[23:] == [
'--chdir', '/project', 'ansible-playbook', '-i', '/inventory',
'main.yaml'
]
def test_prepare_with_defaults():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
with raises(ConfigurationError) as exc:
rc.prepare()
assert str(exc) == 'Runner playbook is not defined'
def test_prepare_with_defaults():
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
with pytest.raises(ConfigurationError) as exc:
rc.prepare()
assert str(exc.value) == 'No executable for runner to run'
def test_prepare_with_ssh_key(open_fifo_write_mock):
rc = RunnerConfig('/')
rc.prepare_inventory = Mock()
rc.prepare_env = Mock()
rc.prepare_command = Mock()
rc.wrap_args_with_ssh_agent = Mock()
rc.ssh_key_data = None
rc.artifact_dir = '/'
rc.env = {}
rc.execution_mode = ExecutionMode.ANSIBLE_PLAYBOOK
rc.playbook = 'main.yaml'
rc.ssh_key_data = '01234567890'
rc.command = 'ansible-playbook'
with patch.dict('os.environ', {'AWX_LIB_DIRECTORY': '/'}):
rc.prepare()
assert rc.ssh_key_path == '/ssh_key_data'
assert rc.wrap_args_with_ssh_agent.called
assert open_fifo_write_mock.called
