def test_verify_group_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(d, user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'test-group:x:2:' # valid case sandbox._verify_group_match_in_taskfs(2, 'test-group') mock_check_output.assert_called_with( ['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group']) # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(3, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'invalid-group') # exception case exception = subprocess.CalledProcessError(returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call, mock_isfile): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox(MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=[ '/some/container/path', '/some/other/container/path' ], sandbox_mount_point=sandbox_mount_point) mock_isfile.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') # we should have mounted both of the paths we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', '/some/container/path', os.path.join(task_fs_path, 'some/container/path') ]), mock.call([ 'mount', '-n', '--rbind', '/some/other/container/path', os.path.join(task_fs_path, 'some/other/container/path') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def assert_create_user_and_group(mock_check_call, gid_exists, uid_exists): mock_pwent = pwd.struct_passwd(( 'someuser', # login name 'hunter2', # password 834, # uid 835, # gid 'Some User', # user name '/home/someuser', # home directory '/bin/sh')) # login shell mock_grent = grp.struct_group(( 'users', # group name '*', # password 835, # gid ['someuser'])) # members exception = subprocess.CalledProcessError( returncode=FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS, cmd='some command', output=None) mock_check_call.side_effect = [ None if gid_exists else exception, None if uid_exists else exception ] with temporary_dir() as d: with mock.patch.object(FileSystemImageSandbox, 'get_user_and_group', return_value=(mock_pwent, mock_grent)): sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'), user='******') sandbox._create_user_and_group_in_taskfs() assert len(mock_check_call.mock_calls) == 2
def test_filesystem_image_sandbox_create_ioerror(makedirs): makedirs.side_effect = IOError('Disk is borked') with mock.patch.dict( 'os.environ', { FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE: 'some-directory', FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox' }): with temporary_dir() as d: real_path = os.path.join(d, 'sandbox') ds = FileSystemImageSandbox(real_path) with pytest.raises(DirectorySandbox.CreationError): ds.create()
def test_verify_network_files(): with temporary_dir() as d: task_fs_path = os.path.join(d, 'taskfs') os.makedirs(os.path.join(task_fs_path, 'etc')) with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}): sandbox = FileSystemImageSandbox( d, sandbox_mount_point='/some/sandbox/path') sandbox._copy_files() def verify_copy(path): if os.path.exists(path): assert os.path.exists( os.path.join(task_fs_path, path.lstrip('/'))) verify_copy('/etc/resolv.conf') verify_copy('/etc/hostname') verify_copy('/etc/hosts')
def test_filesystem_sandbox_mounts_paths_source_is_file( mock_safe_mkdir, mock_check_call, mock_isfile, mock_exists, mock_touch): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox( MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'], sandbox_mount_point=sandbox_mount_point) def is_file_side_effect(arg): return arg.endswith('file') mock_isfile.side_effect = is_file_side_effect mock_exists.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') destination_path = os.path.join(task_fs_path, 'some/path/to/file') # we should `touch` the mount point, but only for the file mount, not the directory mount. assert mock_touch.mock_calls == [mock.call(destination_path)] # we should have mounted the file path we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call( ['mount', '-n', '--rbind', '/some/path/to/file', destination_path]), mock.call([ 'mount', '-n', '--rbind', '/some/path/to/directory', os.path.join(task_fs_path, 'some/path/to/directory') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox'), sandbox = FileSystemImageSandbox(sandbox_directory, user='******', no_create_user=True, mounted_volume_paths=None, sandbox_mount_point=sandbox_mount_point) sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_verify_user_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'), user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)' # valid case sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group') mock_check_output.assert_called_with( ['chroot', sandbox._task_fs_root, 'id', 'test-user']) # invalid user id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(0, 'test-user', 2, 'test-group') # invalid user name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2, 'test-group') # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 0, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'invalid-group') # exception case exception = subprocess.CalledProcessError(returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, "test-user", 2, "test-group")