def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call, mock_isfile): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox( MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=None, sandbox_mount_point=sandbox_mount_point) mock_isfile.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call, mock_isfile): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox(MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=[ '/some/container/path', '/some/other/container/path' ], sandbox_mount_point=sandbox_mount_point) mock_isfile.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') # we should have mounted both of the paths we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', '/some/container/path', os.path.join(task_fs_path, 'some/container/path') ]), mock.call([ 'mount', '-n', '--rbind', '/some/other/container/path', os.path.join(task_fs_path, 'some/other/container/path') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_verify_group_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(d, user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'test-group:x:2:' # valid case sandbox._verify_group_match_in_taskfs(2, 'test-group') mock_check_output.assert_called_with( ['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group']) # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(3, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'invalid-group') # exception case exception = subprocess.CalledProcessError(returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call): sandbox_mount_point = "/some/mount/point" sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, "sandbox") sandbox = FileSystemImageSandbox( sandbox_directory, user="******", no_create_user=True, mounted_volume_paths=["/some/container/path", "/some/other/container/path"], sandbox_mount_point=sandbox_mount_point, ) sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, "taskfs") # we should have mounted both of the paths we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call( ["mount", "-n", "--rbind", "/some/container/path", os.path.join(task_fs_path, "some/container/path")] ), mock.call( [ "mount", "-n", "--rbind", "/some/other/container/path", os.path.join(task_fs_path, "some/other/container/path"), ] ), mock.call(["mount", "-n", "--rbind", sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:])]), ]
def assert_create_user_and_group(mock_check_call, gid_exists, uid_exists): mock_pwent = pwd.struct_passwd(( 'someuser', # login name 'hunter2', # password 834, # uid 835, # gid 'Some User', # user name '/home/someuser', # home directory '/bin/sh')) # login shell mock_grent = grp.struct_group(( 'users', # group name '*', # password 835, # gid ['someuser'])) # members exception = subprocess.CalledProcessError( returncode=FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS, cmd='some command', output=None) mock_check_call.side_effect = [ None if gid_exists else exception, None if uid_exists else exception ] with temporary_dir() as d: with mock.patch.object(FileSystemImageSandbox, 'get_user_and_group', return_value=(mock_pwent, mock_grent)): sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'), user='******') sandbox._create_user_and_group_in_taskfs() assert len(mock_check_call.mock_calls) == 2
def test_filesystem_sandbox_mounts_paths_source_is_file( mock_safe_mkdir, mock_check_call, mock_isfile, mock_exists, mock_touch): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox( MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'], sandbox_mount_point=sandbox_mount_point) def is_file_side_effect(arg): return arg.endswith('file') mock_isfile.side_effect = is_file_side_effect mock_exists.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') destination_path = os.path.join(task_fs_path, 'some/path/to/file') # we should `touch` the mount point, but only for the file mount, not the directory mount. assert mock_touch.mock_calls == [ mock.call(destination_path) ] # we should have mounted the file path we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', '/some/path/to/file', destination_path ]), mock.call([ 'mount', '-n', '--rbind', '/some/path/to/directory', os.path.join(task_fs_path, 'some/path/to/directory') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_verify_group_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(d, user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'test-group:x:2:' # valid case sandbox._verify_group_match_in_taskfs(2, 'test-group') mock_check_output.assert_called_with( ['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group']) # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(3, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'invalid-group') # exception case exception = subprocess.CalledProcessError( returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_image_sandbox_create_ioerror(makedirs): makedirs.side_effect = IOError('Disk is borked') with mock.patch.dict('os.environ', { FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE: 'some-directory', FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox' }): with temporary_dir() as d: real_path = os.path.join(d, 'sandbox') ds = FileSystemImageSandbox(real_path) with pytest.raises(DirectorySandbox.CreationError): ds.create()
def assert_create_user_and_group(mock_check_call, mock_verify, gid_exists, uid_exists, group_name_exists, user_name_exists): mock_pwent = pwd.struct_passwd(( 'someuser', # login name 'hunter2', # password 834, # uid 835, # gid 'Some User', # user name '/home/someuser', # home directory '/bin/sh')) # login shell mock_grent = grp.struct_group(( 'users', # group name '*', # password 835, # gid ['someuser'])) # members returncode = 0 if gid_exists or uid_exists: returncode = FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS elif group_name_exists or user_name_exists: returncode = FileSystemImageSandbox._USER_OR_GROUP_NAME_EXISTS exception = subprocess.CalledProcessError( returncode=returncode, cmd='some command', output=None) mock_check_call.side_effect = [ exception if gid_exists or group_name_exists else None, exception if uid_exists or user_name_exists else None] with temporary_dir() as d: with mock.patch.object( FileSystemImageSandbox, 'get_user_and_group', return_value=(mock_pwent, mock_grent)): sandbox = FileSystemImageSandbox( os.path.join(d, 'sandbox'), user='******', sandbox_mount_point='/some/path') sandbox._create_user_and_group_in_taskfs() assert len(mock_check_call.mock_calls) == 2 assert len(mock_verify.mock_calls) == 1
def test_filesystem_image_sandbox_create_ioerror(makedirs): makedirs.side_effect = IOError('Disk is borked') with mock.patch.dict( 'os.environ', { FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE: 'some-directory', FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox' }): with temporary_dir() as d: real_path = os.path.join(d, 'sandbox') ds = FileSystemImageSandbox(real_path) with pytest.raises(DirectorySandbox.CreationError): ds.create()
def test_verify_network_files(): with temporary_dir() as d: task_fs_path = os.path.join(d, 'taskfs') os.makedirs(os.path.join(task_fs_path, 'etc')) with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}): sandbox = FileSystemImageSandbox(d, sandbox_mount_point='/some/sandbox/path') sandbox._copy_files() def verify_copy(path): if os.path.exists(path): assert os.path.exists(os.path.join(task_fs_path, path.lstrip('/'))) verify_copy('/etc/resolv.conf') verify_copy('/etc/hostname') verify_copy('/etc/hosts')
def test_verify_network_files(): with temporary_dir() as d: task_fs_path = os.path.join(d, "taskfs") os.makedirs(os.path.join(task_fs_path, "etc")) with mock.patch.dict(os.environ, {"MESOS_DIRECTORY": d}): sandbox = FileSystemImageSandbox(os.path.join(d, "sandbox"), sandbox_mount_point="/some/sandbox/path") sandbox._copy_files() def verify_copy(path): if os.path.exists(path): assert os.path.exists(os.path.join(task_fs_path, path.lstrip("/"))) verify_copy("/etc/resolv.conf") verify_copy("/etc/hostname") verify_copy("/etc/hosts")
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call): sandbox_mount_point = "/some/mount/point" sandbox_directory = (os.path.join(MOCK_MESOS_DIRECTORY, "sandbox"),) sandbox = FileSystemImageSandbox( sandbox_directory, user="******", no_create_user=True, mounted_volume_paths=None, sandbox_mount_point=sandbox_mount_point, ) sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, "taskfs") assert mock_check_call.mock_calls == [ mock.call(["mount", "-n", "--rbind", sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:])]) ]
def test_verify_network_files(): with temporary_dir() as d: task_fs_path = os.path.join(d, 'taskfs') os.makedirs(os.path.join(task_fs_path, 'etc')) with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}): sandbox = FileSystemImageSandbox( d, sandbox_mount_point='/some/sandbox/path') sandbox._copy_files() def verify_copy(path): if os.path.exists(path): assert os.path.exists( os.path.join(task_fs_path, path.lstrip('/'))) verify_copy('/etc/resolv.conf') verify_copy('/etc/hostname') verify_copy('/etc/hosts')
def test_filesystem_sandbox_mounts_paths_source_is_file( mock_safe_mkdir, mock_check_call, mock_isfile, mock_exists, mock_touch): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox( MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'], sandbox_mount_point=sandbox_mount_point) def is_file_side_effect(arg): return arg.endswith('file') mock_isfile.side_effect = is_file_side_effect mock_exists.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') destination_path = os.path.join(task_fs_path, 'some/path/to/file') # we should `touch` the mount point, but only for the file mount, not the directory mount. assert mock_touch.mock_calls == [mock.call(destination_path)] # we should have mounted the file path we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call( ['mount', '-n', '--rbind', '/some/path/to/file', destination_path]), mock.call([ 'mount', '-n', '--rbind', '/some/path/to/directory', os.path.join(task_fs_path, 'some/path/to/directory') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox'), sandbox = FileSystemImageSandbox(sandbox_directory, user='******', no_create_user=True, mounted_volume_paths=None, sandbox_mount_point=sandbox_mount_point) sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def assert_create_user_and_group( mock_check_call, mock_verify, gid_exists, uid_exists, group_name_exists, user_name_exists ): mock_pwent = pwd.struct_passwd( ( "someuser", # login name "hunter2", # password 834, # uid 835, # gid "Some User", # user name "/home/someuser", # home directory "/bin/sh", ) ) # login shell mock_grent = grp.struct_group(("users", "*", 835, ["someuser"])) # group name # password # gid # members returncode = 0 if gid_exists or uid_exists: returncode = FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS elif group_name_exists or user_name_exists: returncode = FileSystemImageSandbox._USER_OR_GROUP_NAME_EXISTS exception = subprocess.CalledProcessError(returncode=returncode, cmd="some command", output=None) mock_check_call.side_effect = [ exception if gid_exists or group_name_exists else None, exception if uid_exists or user_name_exists else None, ] with temporary_dir() as d: with mock.patch.object(FileSystemImageSandbox, "get_user_and_group", return_value=(mock_pwent, mock_grent)): sandbox = FileSystemImageSandbox( os.path.join(d, "sandbox"), user="******", sandbox_mount_point="/some/path" ) sandbox._create_user_and_group_in_taskfs() assert len(mock_check_call.mock_calls) == 2 assert len(mock_verify.mock_calls) == 1
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call, mock_isfile): sandbox_mount_point = '/some/mount/point' sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox') sandbox = FileSystemImageSandbox( MOCK_MESOS_DIRECTORY, user='******', no_create_user=True, mounted_volume_paths=['/some/container/path', '/some/other/container/path'], sandbox_mount_point=sandbox_mount_point) mock_isfile.return_value = False sandbox._mount_paths() task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs') # we should have mounted both of the paths we passed in as well as the sandbox directory itself. assert mock_check_call.mock_calls == [ mock.call([ 'mount', '-n', '--rbind', '/some/container/path', os.path.join(task_fs_path, 'some/container/path') ]), mock.call([ 'mount', '-n', '--rbind', '/some/other/container/path', os.path.join(task_fs_path, 'some/other/container/path') ]), mock.call([ 'mount', '-n', '--rbind', sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:]) ]) ]
def test_verify_group_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(os.path.join(d, "sandbox"), user="******", sandbox_mount_point="/some/path") mock_check_output.return_value = "test-group:x:2:" # valid case sandbox._verify_group_match_in_taskfs(2, "test-group") mock_check_output.assert_called_with(["chroot", sandbox._task_fs_root, "getent", "group", "test-group"]) # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(3, "test-group") # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, "invalid-group") # exception case exception = subprocess.CalledProcessError(returncode=1, cmd="some command", output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_group_match_in_taskfs(2, "test-group")
def test_verify_user_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'), user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)' # valid case sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group') mock_check_output.assert_called_with( ['chroot', sandbox._task_fs_root, 'id', 'test-user']) # invalid user id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(0, 'test-user', 2, 'test-group') # invalid user name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2, 'test-group') # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 0, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'invalid-group') # exception case exception = subprocess.CalledProcessError(returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, "test-user", 2, "test-group")
def test_verify_user_match(mock_check_output): with temporary_dir() as d: sandbox = FileSystemImageSandbox( os.path.join(d, 'sandbox'), user='******', sandbox_mount_point='/some/path') mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)' # valid case sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group') mock_check_output.assert_called_with(['chroot', sandbox._task_fs_root, 'id', 'test-user']) # invalid user id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(0, 'test-user', 2, 'test-group') # invalid user name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2, 'test-group') # invalid group id with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 0, 'test-group') # invalid group name with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'invalid-group') # exception case exception = subprocess.CalledProcessError( returncode=1, cmd='some command', output=None) mock_check_output.side_effect = exception with pytest.raises(FileSystemImageSandbox.CreationError): sandbox._verify_user_match_in_taskfs(1, "test-user", 2, "test-group")