def test_verify_group_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(d,
user='******',
sandbox_mount_point='/some/path')
mock_check_output.return_value = 'test-group:x:2:'
# valid case
sandbox._verify_group_match_in_taskfs(2, 'test-group')
mock_check_output.assert_called_with(
['chroot', sandbox._task_fs_root, 'getent', 'group', 'test-group'])
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(3, 'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'invalid-group')
# exception case
exception = subprocess.CalledProcessError(returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_group_match_in_taskfs(2, 'test-group')
def test_filesystem_sandbox_mounts_paths(mock_safe_mkdir, mock_check_call,
mock_isfile):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=[
'/some/container/path',
'/some/other/container/path'
],
sandbox_mount_point=sandbox_mount_point)
mock_isfile.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
# we should have mounted both of the paths we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call([
'mount', '-n', '--rbind', '/some/container/path',
os.path.join(task_fs_path, 'some/container/path')
]),
mock.call([
'mount', '-n', '--rbind', '/some/other/container/path',
os.path.join(task_fs_path, 'some/other/container/path')
]),
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def assert_create_user_and_group(mock_check_call, gid_exists, uid_exists):
mock_pwent = pwd.struct_passwd((
'someuser', # login name
'hunter2', # password
834, # uid
835, # gid
'Some User', # user name
'/home/someuser', # home directory
'/bin/sh')) # login shell
mock_grent = grp.struct_group((
'users', # group name
'*', # password
835, # gid
['someuser'])) # members
exception = subprocess.CalledProcessError(
returncode=FileSystemImageSandbox._USER_OR_GROUP_ID_EXISTS,
cmd='some command',
output=None)
mock_check_call.side_effect = [
None if gid_exists else exception, None if uid_exists else exception
]
with temporary_dir() as d:
with mock.patch.object(FileSystemImageSandbox,
'get_user_and_group',
return_value=(mock_pwent, mock_grent)):
sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'),
user='******')
sandbox._create_user_and_group_in_taskfs()
assert len(mock_check_call.mock_calls) == 2
def test_filesystem_image_sandbox_create_ioerror(makedirs):
makedirs.side_effect = IOError('Disk is borked')
with mock.patch.dict(
'os.environ',
{
FileSystemImageSandbox.MESOS_DIRECTORY_ENV_VARIABLE:
'some-directory',
FileSystemImageSandbox.MESOS_SANDBOX_ENV_VARIABLE: 'some-sandbox'
}):
with temporary_dir() as d:
real_path = os.path.join(d, 'sandbox')
ds = FileSystemImageSandbox(real_path)
with pytest.raises(DirectorySandbox.CreationError):
ds.create()
def test_verify_network_files():
with temporary_dir() as d:
task_fs_path = os.path.join(d, 'taskfs')
os.makedirs(os.path.join(task_fs_path, 'etc'))
with mock.patch.dict(os.environ, {'MESOS_DIRECTORY': d}):
sandbox = FileSystemImageSandbox(
d, sandbox_mount_point='/some/sandbox/path')
sandbox._copy_files()
def verify_copy(path):
if os.path.exists(path):
assert os.path.exists(
os.path.join(task_fs_path, path.lstrip('/')))
verify_copy('/etc/resolv.conf')
verify_copy('/etc/hostname')
verify_copy('/etc/hosts')
def test_filesystem_sandbox_mounts_paths_source_is_file(
mock_safe_mkdir, mock_check_call, mock_isfile, mock_exists,
mock_touch):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox')
sandbox = FileSystemImageSandbox(
MOCK_MESOS_DIRECTORY,
user='******',
no_create_user=True,
mounted_volume_paths=['/some/path/to/file', '/some/path/to/directory'],
sandbox_mount_point=sandbox_mount_point)
def is_file_side_effect(arg):
return arg.endswith('file')
mock_isfile.side_effect = is_file_side_effect
mock_exists.return_value = False
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
destination_path = os.path.join(task_fs_path, 'some/path/to/file')
# we should `touch` the mount point, but only for the file mount, not the directory mount.
assert mock_touch.mock_calls == [mock.call(destination_path)]
# we should have mounted the file path we passed in as well as the sandbox directory itself.
assert mock_check_call.mock_calls == [
mock.call(
['mount', '-n', '--rbind', '/some/path/to/file',
destination_path]),
mock.call([
'mount', '-n', '--rbind', '/some/path/to/directory',
os.path.join(task_fs_path, 'some/path/to/directory')
]),
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_filesystem_sandbox_no_volumes(mock_safe_mkdir, mock_check_call):
sandbox_mount_point = '/some/mount/point'
sandbox_directory = os.path.join(MOCK_MESOS_DIRECTORY, 'sandbox'),
sandbox = FileSystemImageSandbox(sandbox_directory,
user='******',
no_create_user=True,
mounted_volume_paths=None,
sandbox_mount_point=sandbox_mount_point)
sandbox._mount_paths()
task_fs_path = os.path.join(MOCK_MESOS_DIRECTORY, 'taskfs')
assert mock_check_call.mock_calls == [
mock.call([
'mount', '-n', '--rbind', sandbox_directory,
os.path.join(task_fs_path, sandbox_mount_point[1:])
])
]
def test_verify_user_match(mock_check_output):
with temporary_dir() as d:
sandbox = FileSystemImageSandbox(os.path.join(d, 'sandbox'),
user='******',
sandbox_mount_point='/some/path')
mock_check_output.return_value = 'uid=1(test-user) gid=2(test-group) groups=2(test-group)'
# valid case
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2, 'test-group')
mock_check_output.assert_called_with(
['chroot', sandbox._task_fs_root, 'id', 'test-user'])
# invalid user id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(0, 'test-user', 2,
'test-group')
# invalid user name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'invalid-user', 2,
'test-group')
# invalid group id
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 0,
'test-group')
# invalid group name
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, 'test-user', 2,
'invalid-group')
# exception case
exception = subprocess.CalledProcessError(returncode=1,
cmd='some command',
output=None)
mock_check_output.side_effect = exception
with pytest.raises(FileSystemImageSandbox.CreationError):
sandbox._verify_user_match_in_taskfs(1, "test-user", 2,
"test-group")
