def test_nbconvert(container: TrackedContainer, test_file: str) -> None:
"""Check if Spark notebooks can be executed"""
host_data_dir = THIS_DIR / "data"
cont_data_dir = "/home/jovyan/data"
output_dir = "/tmp"
conversion_timeout_ms = 600
LOGGER.info(f"Test that {test_file} notebook can be executed ...")
command = (
"jupyter nbconvert --to markdown "
+ f"--ExecutePreprocessor.timeout={conversion_timeout_ms} "
+ f"--output-dir {output_dir} "
+ f"--execute {cont_data_dir}/{test_file}.ipynb"
)
logs = container.run_and_wait(
timeout=60,
no_warnings=False,
volumes={str(host_data_dir): {"bind": cont_data_dir, "mode": "ro"}},
tty=True,
command=["start.sh", "bash", "-c", command],
)
warnings = TrackedContainer.get_warnings(logs)
# Some Spark warnings
assert len(warnings) == 5
expected_file = f"{output_dir}/{test_file}.md"
assert expected_file in logs, f"Expected file {expected_file} not generated"
def test_container_not_delete_bind_mount(
container: TrackedContainer, tmp_path: pathlib.Path
) -> None:
"""Container should not delete host system files when using the (docker)
-v bind mount flag and mapping to /home/jovyan.
"""
d = tmp_path / "data"
d.mkdir()
p = d / "foo.txt"
p.write_text("some-content")
container.run_and_wait(
timeout=5,
tty=True,
user="******",
working_dir="/home/",
environment=[
"NB_USER=user",
"CHOWN_HOME=yes",
],
volumes={d: {"bind": "/home/jovyan/data", "mode": "rw"}},
command=["start.sh", "ls"],
)
assert p.read_text() == "some-content"
assert len(list(tmp_path.iterdir())) == 1
def test_secured_server(container: TrackedContainer,
http_client: requests.Session) -> None:
"""Notebook server should eventually request user login."""
host_port = find_free_port()
container.run_detached(ports={"8888/tcp": host_port})
resp = http_client.get(f"http://localhost:{host_port}")
resp.raise_for_status()
assert "login_submit" in resp.text, "User login not requested"
def test_package_manager(container: TrackedContainer, package_manager: str,
version_arg: tuple[str, ...]) -> None:
"""Test the notebook start-notebook script"""
LOGGER.info(
f"Test that the package manager {package_manager} is working properly ..."
)
container.run_and_wait(
timeout=5,
tty=True,
command=["start.sh", "bash", "-c", f"{package_manager} {version_arg}"],
)
def test_set_uid_and_nb_user(container: TrackedContainer) -> None:
"""Container should run with the specified uid and NB_USER."""
logs = container.run_and_wait(
timeout=5,
no_warnings=False,
user="******",
environment=["NB_USER=kitten"],
group_add=["users"], # Ensures write access to /home/jovyan
command=["start.sh", "id"],
)
assert "uid=1010(kitten) gid=0(root)" in logs
warnings = TrackedContainer.get_warnings(logs)
assert len(warnings) == 1
assert "user is kitten but home is /home/jovyan" in warnings[0]
def test_check_extension(container: TrackedContainer, extension: str) -> None:
"""Basic check of each extension
The list of extensions can be obtained through this command
$ jupyter labextension list
"""
LOGGER.info(f"Checking the extension: {extension} ...")
container.run_and_wait(
timeout=10,
tty=True,
command=["start.sh", "jupyter", "labextension", "check", extension],
)
def test_matplotlib(container: TrackedContainer, test_file: str,
expected_file: str, description: str) -> None:
"""Various tests performed on matplotlib
- Test that matplotlib is able to plot a graph and write it as an image
- Test matplotlib latex fonts, which depend on the cm-super package
"""
host_data_dir = THIS_DIR / "data/matplotlib"
cont_data_dir = "/home/jovyan/data"
output_dir = "/tmp"
LOGGER.info(description)
command = "sleep infinity"
running_container = container.run_detached(
volumes={str(host_data_dir): {
"bind": cont_data_dir,
"mode": "ro"
}},
tty=True,
command=["start.sh", "bash", "-c", command],
)
command = f"python {cont_data_dir}/{test_file}"
cmd = running_container.exec_run(command)
LOGGER.debug(cmd.output.decode("utf-8"))
assert cmd.exit_code == 0, f"Command {command} failed"
# Checking if the file is generated
# https://stackoverflow.com/a/15895594/4413446
command = f"test -s {output_dir}/{expected_file}"
cmd = running_container.exec_run(command)
LOGGER.debug(cmd.output.decode("utf-8"))
assert cmd.exit_code == 0, f"Command {command} failed"
def test_group_add(container: TrackedContainer) -> None:
"""Container should run with the specified uid, gid, and secondary
group. It won't be possible to modify /etc/passwd since gid is nonzero, so
additionally verify that setting gid=0 is suggested in a warning.
"""
logs = container.run_and_wait(
timeout=5,
no_warnings=False,
user="******",
group_add=["users"], # Ensures write access to /home/jovyan
command=["start.sh", "id"],
)
warnings = TrackedContainer.get_warnings(logs)
assert len(warnings) == 1
assert "Try setting gid=0" in warnings[0]
assert "uid=1010 gid=1010 groups=1010,100(users)" in logs
def test_cli_args(container: TrackedContainer, http_client: requests.Session) -> None:
"""Container should respect notebook server command line args
(e.g., disabling token security)"""
host_port = find_free_port()
running_container = container.run_detached(
command=["start-notebook.sh", "--NotebookApp.token=''"],
ports={"8888/tcp": host_port},
)
resp = http_client.get(f"http://localhost:{host_port}")
resp.raise_for_status()
logs = running_container.logs().decode("utf-8")
LOGGER.debug(logs)
assert "ERROR" not in logs
warnings = TrackedContainer.get_warnings(logs)
assert not warnings
assert "login_submit" not in resp.text
def test_set_uid(container: TrackedContainer) -> None:
"""Container should run with the specified uid and NB_USER.
The /home/jovyan directory will not be writable since it's owned by 1000:users.
Additionally verify that "--group-add=users" is suggested in a warning to restore
write access.
"""
logs = container.run_and_wait(
timeout=5,
no_warnings=False,
user="******",
command=["start.sh", "id"],
)
assert "uid=1010(jovyan) gid=0(root)" in logs
warnings = TrackedContainer.get_warnings(logs)
assert len(warnings) == 1
assert "--group-add=users" in warnings[0]
def start_container(container: TrackedContainer) -> Container:
"""Start the TrackedContainer and return an instance of a running container"""
LOGGER.info(f"Starting container {container.image_name} ...")
return container.run_detached(
tty=True,
command=["start.sh", "bash", "-c", "sleep infinity"],
)
def test_pandoc(container: TrackedContainer) -> None:
"""Pandoc shall be able to convert MD to HTML."""
logs = container.run_and_wait(
timeout=10,
tty=True,
command=["start.sh", "bash", "-c", 'echo "**BOLD**" | pandoc'],
)
assert "<p><strong>BOLD</strong></p>" in logs
def test_inkscape(container: TrackedContainer) -> None:
"""Inkscape shall be installed to be able to convert SVG files."""
LOGGER.info("Test that inkscape is working by printing its version ...")
logs = container.run_and_wait(
timeout=10,
tty=True,
command=["start.sh", "bash", "-c", "inkscape --version"],
)
assert "Inkscape" in logs, "Inkscape not installed or not working"
def test_sudo_path_without_grant(container: TrackedContainer) -> None:
"""Container should include /opt/conda/bin in the sudo secure_path."""
logs = container.run_and_wait(
timeout=10,
tty=True,
user="******",
command=["start.sh", "which", "jupyter"],
)
assert logs.rstrip().endswith("/opt/conda/bin/jupyter")
def test_sudo(container: TrackedContainer) -> None:
"""Container should grant passwordless sudo to the default user."""
logs = container.run_and_wait(
timeout=10,
tty=True,
user="******",
environment=["GRANT_SUDO=yes"],
command=["start.sh", "sudo", "id"],
)
assert "uid=0(root)" in logs
def test_uid_change(container: TrackedContainer) -> None:
"""Container should change the UID of the default user."""
logs = container.run_and_wait(
timeout=120, # usermod is slow so give it some time
tty=True,
user="******",
environment=["NB_UID=1010"],
command=["start.sh", "bash", "-c", "id && touch /opt/conda/test-file"],
)
assert "uid=1010(jovyan)" in logs
def test_gid_change(container: TrackedContainer) -> None:
"""Container should change the GID of the default user."""
logs = container.run_and_wait(
timeout=10,
tty=True,
user="******",
environment=["NB_GID=110"],
command=["start.sh", "id"],
)
assert "gid=110(jovyan)" in logs
assert "groups=110(jovyan),100(users)" in logs
def test_julia(container: TrackedContainer) -> None:
"""Basic julia test"""
LOGGER.info("Test that julia is correctly installed ...")
running_container = container.run_detached(
tty=True,
command=["start.sh", "bash", "-c", "sleep infinity"],
)
command = "julia --version"
cmd = running_container.exec_run(command)
output = cmd.output.decode("utf-8")
LOGGER.debug(output)
assert cmd.exit_code == 0, f"Command {command} failed {output}"
def test_unsigned_ssl(container: TrackedContainer,
http_client: requests.Session) -> None:
"""Container should generate a self-signed SSL certificate
and notebook server should use it to enable HTTPS.
"""
host_port = find_free_port()
running_container = container.run_detached(
environment=["GEN_CERT=yes"],
ports={"8888/tcp": host_port},
)
# NOTE: The requests.Session backing the http_client fixture does not retry
# properly while the server is booting up. An SSL handshake error seems to
# abort the retry logic. Forcing a long sleep for the moment until I have
# time to dig more.
time.sleep(5)
resp = http_client.get(f"https://localhost:{host_port}", verify=False)
resp.raise_for_status()
assert "login_submit" in resp.text
logs = running_container.logs().decode("utf-8")
assert "ERROR" not in logs
warnings = TrackedContainer.get_warnings(logs)
assert not warnings
def test_nb_user_change(container: TrackedContainer) -> None:
"""Container should change the user name (`NB_USER`) of the default user."""
nb_user = "******"
running_container = container.run_detached(
tty=True,
user="******",
environment=[f"NB_USER={nb_user}", "CHOWN_HOME=yes"],
command=["start.sh", "bash", "-c", "sleep infinity"],
)
# Give the chown time to complete. Use sleep, not wait, because the
# container sleeps forever.
time.sleep(10)
LOGGER.info(
f"Checking if the user is changed to {nb_user} by the start script ..."
)
output = running_container.logs().decode("utf-8")
assert "ERROR" not in output
assert "WARNING" not in output
assert (f"username: jovyan -> {nb_user}"
in output), f"User is not changed to {nb_user}"
LOGGER.info(f"Checking {nb_user} id ...")
command = "id"
expected_output = f"uid=1000({nb_user}) gid=100(users) groups=100(users)"
cmd = running_container.exec_run(command,
user=nb_user,
workdir=f"/home/{nb_user}")
output = cmd.output.decode("utf-8").strip("\n")
assert output == expected_output, f"Bad user {output}, expected {expected_output}"
LOGGER.info(f"Checking if {nb_user} owns his home folder ...")
command = f'stat -c "%U %G" /home/{nb_user}/'
expected_output = f"{nb_user} users"
cmd = running_container.exec_run(command, workdir=f"/home/{nb_user}")
output = cmd.output.decode("utf-8").strip("\n")
assert (
output == expected_output
), f"Bad owner for the {nb_user} home folder {output}, expected {expected_output}"
LOGGER.info(
f"Checking if home folder of {nb_user} contains the hidden '.jupyter' folder with appropriate permissions ..."
)
command = f'stat -c "%F %U %G" /home/{nb_user}/.jupyter'
expected_output = f"directory {nb_user} users"
cmd = running_container.exec_run(command, workdir=f"/home/{nb_user}")
output = cmd.output.decode("utf-8").strip("\n")
assert (
output == expected_output
), f"Hidden folder .jupyter was not copied properly to {nb_user} home folder. stat: {output}, expected {expected_output}"
def test_python_version(container: TrackedContainer,
python_next_version: str = "3.10") -> None:
"""Check that python version is lower than the next version"""
LOGGER.info(
f"Checking that python version is lower than {python_next_version}")
logs = container.run_and_wait(
timeout=5,
tty=True,
command=["start.sh", "python", "--version"],
)
actual_python_version = version.parse(logs.split()[1])
assert actual_python_version < version.parse(
python_next_version
), f"Python version shall be lower than {python_next_version}"
def test_start_notebook(
container: TrackedContainer,
http_client: requests.Session,
env: Optional[list[str]],
expected_command: str,
expected_start: bool,
expected_warnings: list[str],
) -> None:
"""Test the notebook start-notebook script"""
LOGGER.info(
f"Test that the start-notebook launches the {expected_command} server from the env {env} ..."
)
host_port = find_free_port()
running_container = container.run_detached(
tty=True,
environment=env,
command=["start-notebook.sh"],
ports={"8888/tcp": host_port},
)
# sleeping some time to let the server start
time.sleep(3)
logs = running_container.logs().decode("utf-8")
LOGGER.debug(logs)
# checking that the expected command is launched
assert (
f"Executing the command: {expected_command}"
in logs), f"Not the expected command ({expected_command}) was launched"
# checking errors and warnings in logs
assert "ERROR" not in logs, "ERROR(s) found in logs"
for exp_warning in expected_warnings:
assert exp_warning in logs, f"Expected warning {exp_warning} not found in logs"
warnings = TrackedContainer.get_warnings(logs)
assert len(expected_warnings) == len(warnings)
# checking if the server is listening
if expected_start:
resp = http_client.get(f"http://localhost:{host_port}")
assert resp.status_code == 200, "Server is not listening"
def test_units(container: TrackedContainer) -> None:
"""Various units tests
Add a py file in the `tests/{somestack}-notebook/units` dir, and it will be automatically tested
"""
short_image_name = container.image_name[container.image_name.rfind("/") +
1:]
LOGGER.info(f"Running unit tests for: {short_image_name}")
test_dirs = get_test_dirs(short_image_name)
for test_dir in test_dirs:
host_data_dir = test_dir / "units"
LOGGER.info(f"Searching for units tests in {host_data_dir}")
cont_data_dir = "/home/jovyan/data"
if not host_data_dir.exists():
LOGGER.info(
f"Not found unit tests for image: {container.image_name}")
continue
for test_file in host_data_dir.iterdir():
test_file_name = test_file.name
LOGGER.info(f"Running unit test: {test_file_name}")
container.run_and_wait(
timeout=30,
volumes={
str(host_data_dir): {
"bind": cont_data_dir,
"mode": "ro"
}
},
tty=True,
command=[
"start.sh", "python", f"{cont_data_dir}/{test_file_name}"
],
)
def test_chown_home(container: TrackedContainer) -> None:
"""Container should change the NB_USER home directory owner and
group to the current value of NB_UID and NB_GID."""
logs = container.run_and_wait(
timeout=120, # chown is slow so give it some time
tty=True,
user="******",
environment=[
"CHOWN_HOME=yes",
"CHOWN_HOME_OPTS=-R",
"NB_USER=kitten",
"NB_UID=1010",
"NB_GID=101",
],
command=["start.sh", "bash", "-c", "stat -c '%n:%u:%g' /home/kitten/.bashrc"],
)
assert "/home/kitten/.bashrc:1010:101" in logs
def test_nbconvert(
container: TrackedContainer, test_file: str, output_format: str
) -> None:
"""Check if nbconvert is able to convert a notebook file"""
host_data_dir = THIS_DIR / "data"
cont_data_dir = "/home/jovyan/data"
output_dir = "/tmp"
LOGGER.info(
f"Test that the example notebook {test_file} can be converted to {output_format} ..."
)
command = f"jupyter nbconvert {cont_data_dir}/{test_file}.ipynb --output-dir {output_dir} --to {output_format}"
logs = container.run_and_wait(
timeout=30,
volumes={str(host_data_dir): {"bind": cont_data_dir, "mode": "ro"}},
tty=True,
command=["start.sh", "bash", "-c", command],
)
expected_file = f"{output_dir}/{test_file}.{output_format}"
assert expected_file in logs, f"Expected file {expected_file} not generated"
def test_secure_path(container: TrackedContainer, tmp_path: pathlib.Path) -> None:
"""Make sure that the sudo command has conda's python (not system's) on path.
See <https://github.com/jupyter/docker-stacks/issues/1053>.
"""
d = tmp_path / "data"
d.mkdir()
p = d / "wrong_python.sh"
p.write_text('#!/bin/bash\necho "Wrong python executable invoked!"')
p.chmod(0o755)
logs = container.run_and_wait(
timeout=5,
tty=True,
user="******",
volumes={p: {"bind": "/usr/bin/python", "mode": "ro"}},
command=["start.sh", "python", "--version"],
)
assert "Wrong python" not in logs
assert "Python" in logs
def test_tini_entrypoint(container: TrackedContainer,
pid: int = 1,
command: str = "tini") -> None:
"""Check that tini is launched as PID 1
Credits to the following answer for the ps options used in the test:
https://superuser.com/questions/632979/if-i-know-the-pid-number-of-a-process-how-can-i-get-its-name
"""
LOGGER.info(f"Test that {command} is launched as PID {pid} ...")
running_container = container.run_detached(
tty=True,
command=["start.sh"],
)
# Select the PID 1 and get the corresponding command
cmd = running_container.exec_run(f"ps -p {pid} -o comm=")
output = cmd.output.decode("utf-8").strip("\n")
assert "ERROR" not in output
assert "WARNING" not in output
assert output == command, f"{command} shall be launched as pid {pid}, got {output}"
def test_cython(container: TrackedContainer) -> None:
host_data_dir = THIS_DIR / "data/cython"
cont_data_dir = "/home/jovyan/data"
logs = container.run_and_wait(
timeout=10,
volumes={str(host_data_dir): {
"bind": cont_data_dir,
"mode": "ro"
}},
tty=True,
command=[
"start.sh",
"bash",
"-c",
# We copy our data to temporary folder to be able to modify the directory
f"cp -r {cont_data_dir}/ /tmp/test/ && cd /tmp/test && python3 setup.py build_ext",
],
)
assert "building 'helloworld' extension" in logs
def test_chown_extra(container: TrackedContainer) -> None:
"""Container should change the UID/GID of a comma separated
CHOWN_EXTRA list of folders."""
logs = container.run_and_wait(
timeout=120, # chown is slow so give it some time
tty=True,
user="******",
environment=[
"NB_UID=1010",
"NB_GID=101",
"CHOWN_EXTRA=/home/jovyan,/opt/conda/bin",
"CHOWN_EXTRA_OPTS=-R",
],
command=[
"start.sh",
"bash",
"-c",
"stat -c '%n:%u:%g' /home/jovyan/.bashrc /opt/conda/bin/jupyter",
],
)
assert "/home/jovyan/.bashrc:1010:101" in logs
assert "/opt/conda/bin/jupyter:1010:101" in logs
def test_jupyter_env_vars_to_unset_as_root(container: TrackedContainer,
enable_root: bool) -> None:
"""Environment variables names listed in JUPYTER_ENV_VARS_TO_UNSET
should be unset in the final environment."""
root_args = {"user": "******"} if enable_root else {}
logs = container.run_and_wait(
timeout=10,
tty=True,
environment=[
"JUPYTER_ENV_VARS_TO_UNSET=SECRET_ANIMAL,UNUSED_ENV,SECRET_FRUIT",
"FRUIT=bananas",
"SECRET_ANIMAL=cats",
"SECRET_FRUIT=mango",
],
command=[
"start.sh",
"bash",
"-c",
"echo I like $FRUIT and ${SECRET_FRUIT:-stuff}, and love ${SECRET_ANIMAL:-to keep secrets}!",
],
**root_args, # type: ignore
)
assert "I like bananas and stuff, and love to keep secrets!" in logs