Merge branch '10846-nodemanager-errors' closes #10846
[arvados.git] / services / api / test / unit / container_test.rb
1 require 'test_helper'
2
3 class ContainerTest < ActiveSupport::TestCase
4   include DbCurrentTime
5
6   DEFAULT_ATTRS = {
7     command: ['echo', 'foo'],
8     container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
9     output_path: '/tmp',
10     priority: 1,
11     runtime_constraints: {"vcpus" => 1, "ram" => 1},
12   }
13
14   REUSABLE_COMMON_ATTRS = {container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
15                            cwd: "test",
16                            command: ["echo", "hello"],
17                            output_path: "test",
18                            runtime_constraints: {"vcpus" => 4,
19                                                  "ram" => 12000000000},
20                            mounts: {"test" => {"kind" => "json"}},
21                            environment: {"var" => 'val'}}
22
23   def minimal_new attrs={}
24     cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
25     cr.state = ContainerRequest::Committed
26     act_as_user users(:active) do
27       cr.save!
28     end
29     c = Container.find_by_uuid cr.container_uuid
30     assert_not_nil c
31     return c, cr
32   end
33
34   def check_illegal_updates c, bad_updates
35     bad_updates.each do |u|
36       refute c.update_attributes(u), u.inspect
37       refute c.valid?, u.inspect
38       c.reload
39     end
40   end
41
42   def check_illegal_modify c
43     check_illegal_updates c, [{command: ["echo", "bar"]},
44                               {container_image: "arvados/apitestfixture:june10"},
45                               {cwd: "/tmp2"},
46                               {environment: {"FOO" => "BAR"}},
47                               {mounts: {"FOO" => "BAR"}},
48                               {output_path: "/tmp3"},
49                               {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
50                               {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
51                               {runtime_constraints: {"FOO" => "BAR"}}]
52   end
53
54   def check_bogus_states c
55     check_illegal_updates c, [{state: nil},
56                               {state: "Flubber"}]
57   end
58
59   def check_no_change_from_cancelled c
60     check_illegal_modify c
61     check_bogus_states c
62     check_illegal_updates c, [{ priority: 3 },
63                               { state: Container::Queued },
64                               { state: Container::Locked },
65                               { state: Container::Running },
66                               { state: Container::Complete }]
67   end
68
69   test "Container create" do
70     act_as_system_user do
71       c, _ = minimal_new(environment: {},
72                       mounts: {"BAR" => "FOO"},
73                       output_path: "/tmp",
74                       priority: 1,
75                       runtime_constraints: {"vcpus" => 1, "ram" => 1})
76
77       check_illegal_modify c
78       check_bogus_states c
79
80       c.reload
81       c.priority = 2
82       c.save!
83     end
84   end
85
86   test "Container serialized hash attributes sorted before save" do
87     env = {"C" => 3, "B" => 2, "A" => 1}
88     m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
89     rc = {"vcpus" => 1, "ram" => 1}
90     c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
91     assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
92     assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
93     assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
94   end
95
96   test 'deep_sort_hash on array of hashes' do
97     a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
98     b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
99     assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
100   end
101
102   test "find_reusable method should select higher priority queued container" do
103     set_user_from_auth :active
104     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
105     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
106     c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
107     assert_not_equal c_low_priority.uuid, c_high_priority.uuid
108     assert_equal Container::Queued, c_low_priority.state
109     assert_equal Container::Queued, c_high_priority.state
110     reused = Container.find_reusable(common_attrs)
111     assert_not_nil reused
112     assert_equal reused.uuid, c_high_priority.uuid
113   end
114
115   test "find_reusable method should select latest completed container" do
116     set_user_from_auth :active
117     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
118     completed_attrs = {
119       state: Container::Complete,
120       exit_code: 0,
121       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
122       output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
123     }
124
125     c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
126     c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
127     assert_not_equal c_older.uuid, c_recent.uuid
128
129     set_user_from_auth :dispatch1
130     c_older.update_attributes!({state: Container::Locked})
131     c_older.update_attributes!({state: Container::Running})
132     c_older.update_attributes!(completed_attrs)
133
134     c_recent.update_attributes!({state: Container::Locked})
135     c_recent.update_attributes!({state: Container::Running})
136     c_recent.update_attributes!(completed_attrs)
137
138     reused = Container.find_reusable(common_attrs)
139     assert_not_nil reused
140     assert_equal reused.uuid, c_older.uuid
141   end
142
143   test "find_reusable method should not select completed container when inconsistent outputs exist" do
144     set_user_from_auth :active
145     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
146     completed_attrs = {
147       state: Container::Complete,
148       exit_code: 0,
149       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
150     }
151
152     set_user_from_auth :dispatch1
153
154     c_output1 = Container.create common_attrs
155     c_output2 = Container.create common_attrs
156     assert_not_equal c_output1.uuid, c_output2.uuid
157
158     cr = ContainerRequest.new common_attrs
159     cr.state = ContainerRequest::Committed
160     cr.container_uuid = c_output1.uuid
161     cr.save!
162
163     cr = ContainerRequest.new common_attrs
164     cr.state = ContainerRequest::Committed
165     cr.container_uuid = c_output2.uuid
166     cr.save!
167
168     c_output1.update_attributes!({state: Container::Locked})
169     c_output1.update_attributes!({state: Container::Running})
170     c_output1.update_attributes!(completed_attrs.merge({output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'}))
171
172     c_output2.update_attributes!({state: Container::Locked})
173     c_output2.update_attributes!({state: Container::Running})
174     c_output2.update_attributes!(completed_attrs.merge({output: 'fa7aeb5140e2848d39b416daeef4ffc5+45'}))
175
176     reused = Container.find_reusable(common_attrs)
177     assert_nil reused
178   end
179
180   test "find_reusable method should select running container by start date" do
181     set_user_from_auth :active
182     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
183     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
184     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
185     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
186     # Confirm the 3 container UUIDs are different.
187     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
188     set_user_from_auth :dispatch1
189     c_slower.update_attributes!({state: Container::Locked})
190     c_slower.update_attributes!({state: Container::Running,
191                                  progress: 0.1})
192     c_faster_started_first.update_attributes!({state: Container::Locked})
193     c_faster_started_first.update_attributes!({state: Container::Running,
194                                                progress: 0.15})
195     c_faster_started_second.update_attributes!({state: Container::Locked})
196     c_faster_started_second.update_attributes!({state: Container::Running,
197                                                 progress: 0.15})
198     reused = Container.find_reusable(common_attrs)
199     assert_not_nil reused
200     # Selected container is the one that started first
201     assert_equal reused.uuid, c_faster_started_first.uuid
202   end
203
204   test "find_reusable method should select running container by progress" do
205     set_user_from_auth :active
206     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
207     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
208     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
209     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
210     # Confirm the 3 container UUIDs are different.
211     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
212     set_user_from_auth :dispatch1
213     c_slower.update_attributes!({state: Container::Locked})
214     c_slower.update_attributes!({state: Container::Running,
215                                  progress: 0.1})
216     c_faster_started_first.update_attributes!({state: Container::Locked})
217     c_faster_started_first.update_attributes!({state: Container::Running,
218                                                progress: 0.15})
219     c_faster_started_second.update_attributes!({state: Container::Locked})
220     c_faster_started_second.update_attributes!({state: Container::Running,
221                                                 progress: 0.2})
222     reused = Container.find_reusable(common_attrs)
223     assert_not_nil reused
224     # Selected container is the one with most progress done
225     assert_equal reused.uuid, c_faster_started_second.uuid
226   end
227
228   test "find_reusable method should select locked container most likely to start sooner" do
229     set_user_from_auth :active
230     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
231     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
232     c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
233     c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
234     # Confirm the 3 container UUIDs are different.
235     assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
236     set_user_from_auth :dispatch1
237     c_low_priority.update_attributes!({state: Container::Locked,
238                                        priority: 1})
239     c_high_priority_older.update_attributes!({state: Container::Locked,
240                                               priority: 2})
241     c_high_priority_newer.update_attributes!({state: Container::Locked,
242                                               priority: 2})
243     reused = Container.find_reusable(common_attrs)
244     assert_not_nil reused
245     assert_equal reused.uuid, c_high_priority_older.uuid
246   end
247
248   test "find_reusable method should select running over failed container" do
249     set_user_from_auth :active
250     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
251     c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
252     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
253     assert_not_equal c_failed.uuid, c_running.uuid
254     set_user_from_auth :dispatch1
255     c_failed.update_attributes!({state: Container::Locked})
256     c_failed.update_attributes!({state: Container::Running})
257     c_failed.update_attributes!({state: Container::Complete,
258                                  exit_code: 42,
259                                  log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
260                                  output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
261     c_running.update_attributes!({state: Container::Locked})
262     c_running.update_attributes!({state: Container::Running,
263                                   progress: 0.15})
264     reused = Container.find_reusable(common_attrs)
265     assert_not_nil reused
266     assert_equal reused.uuid, c_running.uuid
267   end
268
269   test "find_reusable method should select complete over running container" do
270     set_user_from_auth :active
271     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
272     c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
273     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
274     assert_not_equal c_completed.uuid, c_running.uuid
275     set_user_from_auth :dispatch1
276     c_completed.update_attributes!({state: Container::Locked})
277     c_completed.update_attributes!({state: Container::Running})
278     c_completed.update_attributes!({state: Container::Complete,
279                                     exit_code: 0,
280                                     log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
281                                     output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
282     c_running.update_attributes!({state: Container::Locked})
283     c_running.update_attributes!({state: Container::Running,
284                                   progress: 0.15})
285     reused = Container.find_reusable(common_attrs)
286     assert_not_nil reused
287     assert_equal c_completed.uuid, reused.uuid
288   end
289
290   test "find_reusable method should select running over locked container" do
291     set_user_from_auth :active
292     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
293     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
294     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
295     assert_not_equal c_running.uuid, c_locked.uuid
296     set_user_from_auth :dispatch1
297     c_locked.update_attributes!({state: Container::Locked})
298     c_running.update_attributes!({state: Container::Locked})
299     c_running.update_attributes!({state: Container::Running,
300                                   progress: 0.15})
301     reused = Container.find_reusable(common_attrs)
302     assert_not_nil reused
303     assert_equal reused.uuid, c_running.uuid
304   end
305
306   test "find_reusable method should select locked over queued container" do
307     set_user_from_auth :active
308     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
309     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
310     c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
311     assert_not_equal c_queued.uuid, c_locked.uuid
312     set_user_from_auth :dispatch1
313     c_locked.update_attributes!({state: Container::Locked})
314     reused = Container.find_reusable(common_attrs)
315     assert_not_nil reused
316     assert_equal reused.uuid, c_locked.uuid
317   end
318
319   test "find_reusable method should not select failed container" do
320     set_user_from_auth :active
321     attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
322     c, _ = minimal_new(attrs)
323     set_user_from_auth :dispatch1
324     c.update_attributes!({state: Container::Locked})
325     c.update_attributes!({state: Container::Running})
326     c.update_attributes!({state: Container::Complete,
327                           exit_code: 33})
328     reused = Container.find_reusable(attrs)
329     assert_nil reused
330   end
331
332   test "Container running" do
333     c, _ = minimal_new priority: 1
334
335     set_user_from_auth :dispatch1
336     check_illegal_updates c, [{state: Container::Running},
337                               {state: Container::Complete}]
338
339     c.lock
340     c.update_attributes! state: Container::Running
341
342     check_illegal_modify c
343     check_bogus_states c
344
345     check_illegal_updates c, [{state: Container::Queued}]
346     c.reload
347
348     c.update_attributes! priority: 3
349   end
350
351   test "Lock and unlock" do
352     c, cr = minimal_new priority: 0
353
354     set_user_from_auth :dispatch1
355     assert_equal Container::Queued, c.state
356
357     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # "no priority"
358     c.reload
359     assert cr.update_attributes priority: 1
360
361     refute c.update_attributes(state: Container::Running), "not locked"
362     c.reload
363     refute c.update_attributes(state: Container::Complete), "not locked"
364     c.reload
365
366     assert c.lock, show_errors(c)
367     assert c.locked_by_uuid
368     assert c.auth_uuid
369
370     assert_raise(ArvadosModel::AlreadyLockedError) {c.lock}
371     c.reload
372
373     assert c.unlock, show_errors(c)
374     refute c.locked_by_uuid
375     refute c.auth_uuid
376
377     refute c.update_attributes(state: Container::Running), "not locked"
378     c.reload
379     refute c.locked_by_uuid
380     refute c.auth_uuid
381
382     assert c.lock, show_errors(c)
383     assert c.update_attributes(state: Container::Running), show_errors(c)
384     assert c.locked_by_uuid
385     assert c.auth_uuid
386
387     auth_uuid_was = c.auth_uuid
388
389     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # Running to Locked is not allowed
390     c.reload
391     assert_raise(ActiveRecord::RecordInvalid) {c.unlock} # Running to Queued is not allowed
392     c.reload
393
394     assert c.update_attributes(state: Container::Complete), show_errors(c)
395     refute c.locked_by_uuid
396     refute c.auth_uuid
397
398     auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
399     assert_operator auth_exp, :<, db_current_time
400   end
401
402   test "Container queued cancel" do
403     c, _ = minimal_new
404     set_user_from_auth :dispatch1
405     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
406     check_no_change_from_cancelled c
407   end
408
409   test "Container locked cancel" do
410     c, _ = minimal_new
411     set_user_from_auth :dispatch1
412     assert c.lock, show_errors(c)
413     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
414     check_no_change_from_cancelled c
415   end
416
417   test "Container running cancel" do
418     c, _ = minimal_new
419     set_user_from_auth :dispatch1
420     c.lock
421     c.update_attributes! state: Container::Running
422     c.update_attributes! state: Container::Cancelled
423     check_no_change_from_cancelled c
424   end
425
426   test "Container create forbidden for non-admin" do
427     set_user_from_auth :active_trustedclient
428     c = Container.new DEFAULT_ATTRS
429     c.environment = {}
430     c.mounts = {"BAR" => "FOO"}
431     c.output_path = "/tmp"
432     c.priority = 1
433     c.runtime_constraints = {}
434     assert_raises(ArvadosModel::PermissionDeniedError) do
435       c.save!
436     end
437   end
438
439   test "Container only set exit code on complete" do
440     c, _ = minimal_new
441     set_user_from_auth :dispatch1
442     c.lock
443     c.update_attributes! state: Container::Running
444
445     check_illegal_updates c, [{exit_code: 1},
446                               {exit_code: 1, state: Container::Cancelled}]
447
448     assert c.update_attributes(exit_code: 1, state: Container::Complete)
449   end
450
451   test "locked_by_uuid can set output on running container" do
452     c, _ = minimal_new
453     set_user_from_auth :dispatch1
454     c.lock
455     c.update_attributes! state: Container::Running
456
457     assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
458
459     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
460     assert c.update_attributes! state: Container::Complete
461   end
462
463   test "auth_uuid can set output on running container, but not change container state" do
464     c, _ = minimal_new
465     set_user_from_auth :dispatch1
466     c.lock
467     c.update_attributes! state: Container::Running
468
469     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
470     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
471     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
472
473     assert_raises ArvadosModel::PermissionDeniedError do
474       # auth_uuid cannot set container state
475       c.update_attributes state: Container::Complete
476     end
477   end
478
479   test "not allowed to set output that is not readable by current user" do
480     c, _ = minimal_new
481     set_user_from_auth :dispatch1
482     c.lock
483     c.update_attributes! state: Container::Running
484
485     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
486     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
487
488     assert_raises ActiveRecord::RecordInvalid do
489       c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
490     end
491   end
492
493   test "other token cannot set output on running container" do
494     c, _ = minimal_new
495     set_user_from_auth :dispatch1
496     c.lock
497     c.update_attributes! state: Container::Running
498
499     set_user_from_auth :not_running_container_auth
500     assert_raises ArvadosModel::PermissionDeniedError do
501       c.update_attributes! output: collections(:foo_file).portable_data_hash
502     end
503   end
504
505 end