def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call, mock_isfile):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(
MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=None,
sandbox_mount_point=sandbox_mount_point)
mock_isfile.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
assert mock_check_call.mock_calls == [
mock.call([
'mount',
'-n',
'--rbind',
sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call,
mock_isfile):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=[
'/some/container/path',
'/some/other/container/path'
],
sandbox_mount_point=sandbox_mount_point)
mock_isfile.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
# we should have mounted both of the paths we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call([
'mount', '-n', '--rbind', '/some/container/path',
os.path.join(task_fs_path, 'some/container/path')
]),
mock.call([
'mount', '-n', '--rbind', '/some/other/container/path',
os.path.join(task_fs_path, 'some/other/container/path')
]),
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_verify_group_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(d,
user='******',
sandbox_mount_point='/some/path')
mock_check_output.return_value = 'test-group:x:2:'
# valid case
sandbox._verify_group_match_in_taskfs(2, 'test-group')
mock_check_output.assert_called_with(
['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group'])
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(3, 'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'invalid-group')
# exception case
exception = subprocess.CalledProcessError(returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call):
sandbox_mount_point = "/some/mount/point"
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, "sandbox")
sandbox = FileSystemImageSandbox(
sandbox_directory,
user="******",
no_create_user=True,
mounted_volume_paths=["/some/container/path", "/some/other/container/path"],
sandbox_mount_point=sandbox_mount_point,
)
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, "taskfs")
# we should have mounted both of the paths we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call(
["mount", "-n", "--rbind", "/some/container/path", os.path.join(task_fs_path, "some/container/path")]
),
mock.call(
[
"mount",
"-n",
"--rbind",
"/some/other/container/path",
os.path.join(task_fs_path, "some/other/container/path"),
]
),
mock.call(["mount", "-n", "--rbind", sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:])]),
]
def assert_create_user_and_group(mock_check_call, gid_exists, uid_exists):
mock_pwent = pwd.struct_passwd((
'someuser', # login name
'hunter2', # password
834, # uid
835, # gid
'Some User', # user name
'/home/someuser', # home directory
'/bin/sh')) # login shell
mock_grent = grp.struct_group((
'users', # group name
'*', # password
835, # gid
['someuser'])) # members
exception = subprocess.CalledProcessError(
returncode=FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS,
cmd='some command',
output=None)
mock_check_call.side_effect = [
None if gid_exists else exception, None if uid_exists else exception
]
with temporary_dir() as d:
with mock.patch.object(FileSystemImageSandbox,
'get_user_and_group',
return_value=(mock_pwent, mock_grent)):
sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'),
user='******')
sandbox._create_user_and_group_in_taskfs()
assert len(mock_check_call.mock_calls) == 2
def test_filesystem_sandbox_mounts_paths_source_is_file(
mock_safe_mkdir,
mock_check_call,
mock_isfile,
mock_exists,
mock_touch):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(
MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'],
sandbox_mount_point=sandbox_mount_point)
def is_file_side_effect(arg):
return arg.endswith('file')
mock_isfile.side_effect = is_file_side_effect
mock_exists.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
destination_path = os.path.join(task_fs_path, 'some/path/to/file')
# we should `touch` the mount point, but only for the file mount, not the directory mount.
assert mock_touch.mock_calls == [
mock.call(destination_path)
]
# we should have mounted the file path we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call([
'mount',
'-n',
'--rbind',
'/some/path/to/file',
destination_path
]),
mock.call([
'mount',
'-n',
'--rbind',
'/some/path/to/directory',
os.path.join(task_fs_path, 'some/path/to/directory')
]),
mock.call([
'mount',
'-n',
'--rbind',
sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_verify_group_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(d, user='******', sandbox_mount_point='/some/path')
mock_check_output.return_value = 'test-group:x:2:'
# valid case
sandbox._verify_group_match_in_taskfs(2, 'test-group')
mock_check_output.assert_called_with(
['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group'])
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(3, 'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'invalid-group')
# exception case
exception = subprocess.CalledProcessError(
returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_image_sandbox_create_ioerror(makedirs):
makedirs.side_effect = IOError('Disk is borked')
with mock.patch.dict('os.environ', {
FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE: 'some-directory',
FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox'
}):
with temporary_dir() as d:
real_path = os.path.join(d, 'sandbox')
ds = FileSystemImageSandbox(real_path)
with pytest.raises(DirectorySandbox.CreationError):
ds.create()
def assert_create_user_and_group(mock_check_call,
mock_verify,
gid_exists,
uid_exists,
group_name_exists,
user_name_exists):
mock_pwent = pwd.struct_passwd((
'someuser', # login name
'hunter2', # password
834, # uid
835, # gid
'Some User', # user name
'/home/someuser', # home directory
'/bin/sh')) # login shell
mock_grent = grp.struct_group((
'users', # group name
'*', # password
835, # gid
['someuser'])) # members
returncode = 0
if gid_exists or uid_exists:
returncode = FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS
elif group_name_exists or user_name_exists:
returncode = FileSystemImageSandbox._USER_OR_GROUP_NAME_EXISTS
exception = subprocess.CalledProcessError(
returncode=returncode,
cmd='some command',
output=None)
mock_check_call.side_effect = [
exception if gid_exists or group_name_exists else None,
exception if uid_exists or user_name_exists else None]
with temporary_dir() as d:
with mock.patch.object(
FileSystemImageSandbox,
'get_user_and_group',
return_value=(mock_pwent, mock_grent)):
sandbox = FileSystemImageSandbox(
os.path.join(d, 'sandbox'),
user='******',
sandbox_mount_point='/some/path')
sandbox._create_user_and_group_in_taskfs()
assert len(mock_check_call.mock_calls) == 2
assert len(mock_verify.mock_calls) == 1
def test_filesystem_image_sandbox_create_ioerror(makedirs):
makedirs.side_effect = IOError('Disk is borked')
with mock.patch.dict(
'os.environ',
{
FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE:
'some-directory',
FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox'
}):
with temporary_dir() as d:
real_path = os.path.join(d, 'sandbox')
ds = FileSystemImageSandbox(real_path)
with pytest.raises(DirectorySandbox.CreationError):
ds.create()
def test_verify_network_files():
with temporary_dir() as d:
task_fs_path = os.path.join(d, 'taskfs')
os.makedirs(os.path.join(task_fs_path, 'etc'))
with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}):
sandbox = FileSystemImageSandbox(d, sandbox_mount_point='/some/sandbox/path')
sandbox._copy_files()
def verify_copy(path):
if os.path.exists(path):
assert os.path.exists(os.path.join(task_fs_path, path.lstrip('/')))
verify_copy('/etc/resolv.conf')
verify_copy('/etc/hostname')
verify_copy('/etc/hosts')
def test_verify_network_files():
with temporary_dir() as d:
task_fs_path = os.path.join(d, "taskfs")
os.makedirs(os.path.join(task_fs_path, "etc"))
with mock.patch.dict(os.environ, {"MESOS_DIRECTORY": d}):
sandbox = FileSystemImageSandbox(os.path.join(d, "sandbox"), sandbox_mount_point="/some/sandbox/path")
sandbox._copy_files()
def verify_copy(path):
if os.path.exists(path):
assert os.path.exists(os.path.join(task_fs_path, path.lstrip("/")))
verify_copy("/etc/resolv.conf")
verify_copy("/etc/hostname")
verify_copy("/etc/hosts")
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call):
sandbox_mount_point = "/some/mount/point"
sandbox_directory = (os.path.join(MOCK_MESOS_DIRECTORY, "sandbox"),)
sandbox = FileSystemImageSandbox(
sandbox_directory,
user="******",
no_create_user=True,
mounted_volume_paths=None,
sandbox_mount_point=sandbox_mount_point,
)
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, "taskfs")
assert mock_check_call.mock_calls == [
mock.call(["mount", "-n", "--rbind", sandbox_directory, os.path.join(task_fs_path, sandbox_mount_point[1:])])
]
def test_verify_network_files():
with temporary_dir() as d:
task_fs_path = os.path.join(d, 'taskfs')
os.makedirs(os.path.join(task_fs_path, 'etc'))
with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}):
sandbox = FileSystemImageSandbox(
d, sandbox_mount_point='/some/sandbox/path')
sandbox._copy_files()
def verify_copy(path):
if os.path.exists(path):
assert os.path.exists(
os.path.join(task_fs_path, path.lstrip('/')))
verify_copy('/etc/resolv.conf')
verify_copy('/etc/hostname')
verify_copy('/etc/hosts')
def test_filesystem_sandbox_mounts_paths_source_is_file(
mock_safe_mkdir, mock_check_call, mock_isfile, mock_exists,
mock_touch):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(
MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'],
sandbox_mount_point=sandbox_mount_point)
def is_file_side_effect(arg):
return arg.endswith('file')
mock_isfile.side_effect = is_file_side_effect
mock_exists.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
destination_path = os.path.join(task_fs_path, 'some/path/to/file')
# we should `touch` the mount point, but only for the file mount, not the directory mount.
assert mock_touch.mock_calls == [mock.call(destination_path)]
# we should have mounted the file path we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call(
['mount', '-n', '--rbind', '/some/path/to/file',
destination_path]),
mock.call([
'mount', '-n', '--rbind', '/some/path/to/directory',
os.path.join(task_fs_path, 'some/path/to/directory')
]),
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox'),
sandbox = FileSystemImageSandbox(sandbox_directory,
user='******',
no_create_user=True,
mounted_volume_paths=None,
sandbox_mount_point=sandbox_mount_point)
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
assert mock_check_call.mock_calls == [
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def assert_create_user_and_group(
mock_check_call, mock_verify, gid_exists, uid_exists, group_name_exists, user_name_exists
):
mock_pwent = pwd.struct_passwd(
(
"someuser", # login name
"hunter2", # password
834, # uid
835, # gid
"Some User", # user name
"/home/someuser", # home directory
"/bin/sh",
)
) # login shell
mock_grent = grp.struct_group(("users", "*", 835, ["someuser"])) # group name # password # gid # members
returncode = 0
if gid_exists or uid_exists:
returncode = FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS
elif group_name_exists or user_name_exists:
returncode = FileSystemImageSandbox._USER_OR_GROUP_NAME_EXISTS
exception = subprocess.CalledProcessError(returncode=returncode, cmd="some command", output=None)
mock_check_call.side_effect = [
exception if gid_exists or group_name_exists else None,
exception if uid_exists or user_name_exists else None,
]
with temporary_dir() as d:
with mock.patch.object(FileSystemImageSandbox, "get_user_and_group", return_value=(mock_pwent, mock_grent)):
sandbox = FileSystemImageSandbox(
os.path.join(d, "sandbox"), user="******", sandbox_mount_point="/some/path"
)
sandbox._create_user_and_group_in_taskfs()
assert len(mock_check_call.mock_calls) == 2
assert len(mock_verify.mock_calls) == 1
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call, mock_isfile):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(
MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=['/some/container/path', '/some/other/container/path'],
sandbox_mount_point=sandbox_mount_point)
mock_isfile.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
# we should have mounted both of the paths we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call([
'mount',
'-n',
'--rbind',
'/some/container/path',
os.path.join(task_fs_path, 'some/container/path')
]),
mock.call([
'mount',
'-n',
'--rbind',
'/some/other/container/path',
os.path.join(task_fs_path, 'some/other/container/path')
]),
mock.call([
'mount',
'-n',
'--rbind',
sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_verify_group_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(os.path.join(d, "sandbox"), user="******", sandbox_mount_point="/some/path")
mock_check_output.return_value = "test-group:x:2:"
# valid case
sandbox._verify_group_match_in_taskfs(2, "test-group")
mock_check_output.assert_called_with(["chroot", sandbox._task_fs_root, "getent", "group", "test-group"])
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(3, "test-group")
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, "invalid-group")
# exception case
exception = subprocess.CalledProcessError(returncode=1, cmd="some command", output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, "test-group")
def test_verify_user_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'),
user='******',
sandbox_mount_point='/some/path')
mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)'
# valid case
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group')
mock_check_output.assert_called_with(
['chroot', sandbox._task_fs_root, 'id', 'test-user'])
# invalid user id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(0, 'test-user', 2,
'test-group')
# invalid user name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2,
'test-group')
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 0,
'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2,
'invalid-group')
# exception case
exception = subprocess.CalledProcessError(returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, "test-user", 2,
"test-group")
def test_verify_user_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(
os.path.join(d, 'sandbox'),
user='******',
sandbox_mount_point='/some/path')
mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)'
# valid case
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group')
mock_check_output.assert_called_with(['chroot', sandbox._task_fs_root, 'id', 'test-user'])
# invalid user id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(0, 'test-user', 2, 'test-group')
# invalid user name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2, 'test-group')
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 0, 'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'invalid-group')
# exception case
exception = subprocess.CalledProcessError(
returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, "test-user", 2, "test-group")
