services/api/test/unit/container_request_test.rb

   1 # Copyright (C) The Arvados Authors. All rights reserved.
   2 #
   3 # SPDX-License-Identifier: AGPL-3.0
   4
   5 require 'test_helper'
   6 require 'helpers/container_test_helper'
   7 require 'helpers/docker_migration_helper'
   8
   9 class ContainerRequestTest < ActiveSupport::TestCase
  10   include DockerMigrationHelper
  11   include DbCurrentTime
  12   include ContainerTestHelper
  13
  14   def with_container_auth(ctr)
  15     auth_was = Thread.current[:api_client_authorization]
  16     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(ctr.auth_uuid)
  17     begin
  18       yield
  19     ensure
  20       Thread.current[:api_client_authorization] = auth_was
  21     end
  22   end
  23
  24   def lock_and_run(ctr)
  25       act_as_system_user do
  26         ctr.update_attributes!(state: Container::Locked)
  27         ctr.update_attributes!(state: Container::Running)
  28       end
  29   end
  30
  31   def create_minimal_req! attrs={}
  32     defaults = {
  33       command: ["echo", "foo"],
  34       container_image: links(:docker_image_collection_tag).name,
  35       cwd: "/tmp",
  36       environment: {},
  37       mounts: {"/out" => {"kind" => "tmp", "capacity" => 1000000}},
  38       output_path: "/out",
  39       runtime_constraints: {"vcpus" => 1, "ram" => 2},
  40       name: "foo",
  41       description: "bar",
  42     }
  43     cr = ContainerRequest.create!(defaults.merge(attrs))
  44     cr.reload
  45     return cr
  46   end
  47
  48   def check_bogus_states cr
  49     [nil, "Flubber"].each do |state|
  50       assert_raises(ActiveRecord::RecordInvalid) do
  51         cr.state = state
  52         cr.save!
  53       end
  54       cr.reload
  55     end
  56   end
  57
  58   test "Container request create" do
  59     set_user_from_auth :active
  60     cr = create_minimal_req!
  61
  62     assert_nil cr.container_uuid
  63     assert_equal 0, cr.priority
  64
  65     check_bogus_states cr
  66
  67     # Ensure we can modify all attributes
  68     cr.command = ["echo", "foo3"]
  69     cr.container_image = "img3"
  70     cr.cwd = "/tmp3"
  71     cr.environment = {"BUP" => "BOP"}
  72     cr.mounts = {"BAR" => {"kind" => "BAZ"}}
  73     cr.output_path = "/tmp4"
  74     cr.priority = 2
  75     cr.runtime_constraints = {"vcpus" => 4}
  76     cr.name = "foo3"
  77     cr.description = "bar3"
  78     cr.save!
  79
  80     assert_nil cr.container_uuid
  81   end
  82
  83   [
  84     {"runtime_constraints" => {"vcpus" => 1}},
  85     {"runtime_constraints" => {"vcpus" => 1, "ram" => nil}},
  86     {"runtime_constraints" => {"vcpus" => 0, "ram" => 123}},
  87     {"runtime_constraints" => {"vcpus" => "1", "ram" => "123"}},
  88     {"mounts" => {"FOO" => "BAR"}},
  89     {"mounts" => {"FOO" => {}}},
  90     {"mounts" => {"FOO" => {"kind" => "tmp", "capacity" => 42.222}}},
  91     {"command" => ["echo", 55]},
  92     {"environment" => {"FOO" => 55}}
  93   ].each do |value|
  94     test "Create with invalid #{value}" do
  95       set_user_from_auth :active
  96       assert_raises(ActiveRecord::RecordInvalid) do
  97         cr = create_minimal_req!({state: "Committed",
  98                priority: 1}.merge(value))
  99         cr.save!
 100       end
 101     end
 102
 103     test "Update with invalid #{value}" do
 104       set_user_from_auth :active
 105       cr = create_minimal_req!(state: "Uncommitted", priority: 1)
 106       cr.save!
 107       assert_raises(ActiveRecord::RecordInvalid) do
 108         cr = ContainerRequest.find_by_uuid cr.uuid
 109         cr.update_attributes!({state: "Committed",
 110                                priority: 1}.merge(value))
 111       end
 112     end
 113   end
 114
 115   test "Update from fixture" do
 116     set_user_from_auth :active
 117     cr = ContainerRequest.find_by_uuid(container_requests(:running).uuid)
 118     cr.update_attributes!(description: "New description")
 119     assert_equal "New description", cr.description
 120   end
 121
 122   test "Update with valid runtime constraints" do
 123       set_user_from_auth :active
 124       cr = create_minimal_req!(state: "Uncommitted", priority: 1)
 125       cr.save!
 126       cr = ContainerRequest.find_by_uuid cr.uuid
 127       cr.update_attributes!(state: "Committed",
 128                             runtime_constraints: {"vcpus" => 1, "ram" => 23})
 129       assert_not_nil cr.container_uuid
 130   end
 131
 132   test "Container request priority must be non-nil" do
 133     set_user_from_auth :active
 134     cr = create_minimal_req!
 135     cr.priority = nil
 136     cr.state = "Committed"
 137     assert_raises(ActiveRecord::RecordInvalid) do
 138       cr.save!
 139     end
 140   end
 141
 142   test "Container request commit" do
 143     set_user_from_auth :active
 144     cr = create_minimal_req!(runtime_constraints: {"vcpus" => 2, "ram" => 30})
 145
 146     assert_nil cr.container_uuid
 147
 148     cr.reload
 149     cr.state = "Committed"
 150     cr.priority = 1
 151     cr.save!
 152
 153     cr.reload
 154
 155     assert_equal({"vcpus" => 2, "ram" => 30}, cr.runtime_constraints)
 156
 157     assert_not_nil cr.container_uuid
 158     c = Container.find_by_uuid cr.container_uuid
 159     assert_not_nil c
 160     assert_equal ["echo", "foo"], c.command
 161     assert_equal collections(:docker_image).portable_data_hash, c.container_image
 162     assert_equal "/tmp", c.cwd
 163     assert_equal({}, c.environment)
 164     assert_equal({"/out" => {"kind"=>"tmp", "capacity"=>1000000}}, c.mounts)
 165     assert_equal "/out", c.output_path
 166     assert_equal({"keep_cache_ram"=>268435456, "vcpus" => 2, "ram" => 30}, c.runtime_constraints)
 167     assert_operator 0, :<, c.priority
 168
 169     assert_raises(ActiveRecord::RecordInvalid) do
 170       cr.priority = nil
 171       cr.save!
 172     end
 173
 174     cr.priority = 0
 175     cr.save!
 176
 177     cr.reload
 178     c.reload
 179     assert_equal 0, cr.priority
 180     assert_equal 0, c.priority
 181   end
 182
 183   test "Independent container requests" do
 184     set_user_from_auth :active
 185     cr1 = create_minimal_req!(command: ["foo", "1"], priority: 5, state: "Committed")
 186     cr2 = create_minimal_req!(command: ["foo", "2"], priority: 10, state: "Committed")
 187
 188     c1 = Container.find_by_uuid cr1.container_uuid
 189     assert_operator 0, :<, c1.priority
 190
 191     c2 = Container.find_by_uuid cr2.container_uuid
 192     assert_operator c1.priority, :<, c2.priority
 193     c2priority_was = c2.priority
 194
 195     cr1.update_attributes!(priority: 0)
 196
 197     c1.reload
 198     assert_equal 0, c1.priority
 199
 200     c2.reload
 201     assert_equal c2priority_was, c2.priority
 202   end
 203
 204   test "Request is finalized when its container is cancelled" do
 205     set_user_from_auth :active
 206     cr = create_minimal_req!(priority: 1, state: "Committed", container_count_max: 1)
 207     assert_equal users(:active).uuid, cr.modified_by_user_uuid
 208
 209     act_as_system_user do
 210       Container.find_by_uuid(cr.container_uuid).
 211         update_attributes!(state: Container::Cancelled)
 212     end
 213
 214     cr.reload
 215     assert_equal "Final", cr.state
 216     assert_equal users(:active).uuid, cr.modified_by_user_uuid
 217   end
 218
 219   test "Request is finalized when its container is completed" do
 220     set_user_from_auth :active
 221     project = groups(:private)
 222     cr = create_minimal_req!(owner_uuid: project.uuid,
 223                              priority: 1,
 224                              state: "Committed")
 225     assert_equal users(:active).uuid, cr.modified_by_user_uuid
 226
 227     c = act_as_system_user do
 228       c = Container.find_by_uuid(cr.container_uuid)
 229       c.update_attributes!(state: Container::Locked)
 230       c.update_attributes!(state: Container::Running)
 231       c
 232     end
 233
 234     cr.reload
 235     assert_equal "Committed", cr.state
 236
 237     output_pdh = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
 238     log_pdh = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
 239     act_as_system_user do
 240       c.update_attributes!(state: Container::Complete,
 241                            output: output_pdh,
 242                            log: log_pdh)
 243     end
 244
 245     cr.reload
 246     assert_equal "Final", cr.state
 247     assert_equal users(:active).uuid, cr.modified_by_user_uuid
 248     ['output', 'log'].each do |out_type|
 249       pdh = Container.find_by_uuid(cr.container_uuid).send(out_type)
 250       assert_equal(1, Collection.where(portable_data_hash: pdh,
 251                                        owner_uuid: project.uuid).count,
 252                    "Container #{out_type} should be copied to #{project.uuid}")
 253     end
 254     assert_not_nil cr.output_uuid
 255     assert_not_nil cr.log_uuid
 256     output = Collection.find_by_uuid cr.output_uuid
 257     assert_equal output_pdh, output.portable_data_hash
 258     log = Collection.find_by_uuid cr.log_uuid
 259     assert_equal log_pdh, log.portable_data_hash
 260   end
 261
 262   test "Container makes container request, then is cancelled" do
 263     set_user_from_auth :active
 264     cr = create_minimal_req!(priority: 5, state: "Committed", container_count_max: 1)
 265
 266     c = Container.find_by_uuid cr.container_uuid
 267     assert_operator 0, :<, c.priority
 268     lock_and_run(c)
 269
 270     cr2 = with_container_auth(c) do
 271       create_minimal_req!(priority: 10, state: "Committed", container_count_max: 1, command: ["echo", "foo2"])
 272     end
 273     assert_not_nil cr2.requesting_container_uuid
 274     assert_equal users(:active).uuid, cr2.modified_by_user_uuid
 275
 276     c2 = Container.find_by_uuid cr2.container_uuid
 277     assert_operator 0, :<, c2.priority
 278
 279     act_as_system_user do
 280       c.state = "Cancelled"
 281       c.save!
 282     end
 283
 284     cr.reload
 285     assert_equal "Final", cr.state
 286
 287     cr2.reload
 288     assert_equal 0, cr2.priority
 289     assert_equal users(:active).uuid, cr2.modified_by_user_uuid
 290
 291     c2.reload
 292     assert_equal 0, c2.priority
 293   end
 294
 295   test "child container priority follows same ordering as corresponding top-level ancestors" do
 296     findctr = lambda { |cr| Container.find_by_uuid(cr.container_uuid) }
 297
 298     set_user_from_auth :active
 299
 300     toplevel_crs = [
 301       create_minimal_req!(priority: 5, state: "Committed", environment: {"workflow" => "0"}),
 302       create_minimal_req!(priority: 5, state: "Committed", environment: {"workflow" => "1"}),
 303       create_minimal_req!(priority: 5, state: "Committed", environment: {"workflow" => "2"}),
 304     ]
 305     parents = toplevel_crs.map(&findctr)
 306
 307     children = parents.map do |parent|
 308       lock_and_run(parent)
 309       with_container_auth(parent) do
 310         create_minimal_req!(state: "Committed",
 311                             priority: 1,
 312                             environment: {"child" => parent.environment["workflow"]})
 313       end
 314     end.map(&findctr)
 315
 316     grandchildren = children.reverse.map do |child|
 317       lock_and_run(child)
 318       with_container_auth(child) do
 319         create_minimal_req!(state: "Committed",
 320                             priority: 1,
 321                             environment: {"grandchild" => child.environment["child"]})
 322       end
 323     end.reverse.map(&findctr)
 324
 325     shared_grandchildren = children.map do |child|
 326       with_container_auth(child) do
 327         create_minimal_req!(state: "Committed",
 328                             priority: 1,
 329                             environment: {"grandchild" => "shared"})
 330       end
 331     end.map(&findctr)
 332
 333     assert_equal shared_grandchildren[0].uuid, shared_grandchildren[1].uuid
 334     assert_equal shared_grandchildren[0].uuid, shared_grandchildren[2].uuid
 335     shared_grandchild = shared_grandchildren[0]
 336
 337     set_user_from_auth :active
 338
 339     # parents should be prioritized by submit time.
 340     assert_operator parents[0].priority, :>, parents[1].priority
 341     assert_operator parents[1].priority, :>, parents[2].priority
 342
 343     # children should be prioritized in same order as their respective
 344     # parents.
 345     assert_operator children[0].priority, :>, children[1].priority
 346     assert_operator children[1].priority, :>, children[2].priority
 347
 348     # grandchildren should also be prioritized in the same order,
 349     # despite having been submitted in the opposite order.
 350     assert_operator grandchildren[0].priority, :>, grandchildren[1].priority
 351     assert_operator grandchildren[1].priority, :>, grandchildren[2].priority
 352
 353     # shared grandchild container should be prioritized above
 354     # everything that isn't needed by parents[0], but not above
 355     # earlier-submitted descendants of parents[0]
 356     assert_operator shared_grandchild.priority, :>, grandchildren[1].priority
 357     assert_operator shared_grandchild.priority, :>, children[1].priority
 358     assert_operator shared_grandchild.priority, :>, parents[1].priority
 359     assert_operator shared_grandchild.priority, :<=, grandchildren[0].priority
 360     assert_operator shared_grandchild.priority, :<=, children[0].priority
 361     assert_operator shared_grandchild.priority, :<=, parents[0].priority
 362
 363     # increasing priority of the most recent toplevel container should
 364     # reprioritize all of its descendants (including the shared
 365     # grandchild) above everything else.
 366     toplevel_crs[2].update_attributes!(priority: 72)
 367     (parents + children + grandchildren + [shared_grandchild]).map(&:reload)
 368     assert_operator shared_grandchild.priority, :>, grandchildren[0].priority
 369     assert_operator shared_grandchild.priority, :>, children[0].priority
 370     assert_operator shared_grandchild.priority, :>, parents[0].priority
 371     assert_operator shared_grandchild.priority, :>, grandchildren[1].priority
 372     assert_operator shared_grandchild.priority, :>, children[1].priority
 373     assert_operator shared_grandchild.priority, :>, parents[1].priority
 374     # ...but the shared container should not have higher priority than
 375     # the earlier-submitted descendants of the high-priority workflow.
 376     assert_operator shared_grandchild.priority, :<=, grandchildren[2].priority
 377     assert_operator shared_grandchild.priority, :<=, children[2].priority
 378     assert_operator shared_grandchild.priority, :<=, parents[2].priority
 379   end
 380
 381   [
 382     ['running_container_auth', 'zzzzz-dz642-runningcontainr', 501],
 383     ['active_no_prefs', nil, 0]
 384   ].each do |token, expected, expected_priority|
 385     test "create as #{token} and expect requesting_container_uuid to be #{expected}" do
 386       set_user_from_auth token
 387       cr = ContainerRequest.create(container_image: "img", output_path: "/tmp", command: ["echo", "foo"])
 388       assert_not_nil cr.uuid, 'uuid should be set for newly created container_request'
 389       assert_equal expected, cr.requesting_container_uuid
 390       assert_equal expected_priority, cr.priority
 391     end
 392   end
 393
 394   test "create as container_runtime_token and expect requesting_container_uuid to be zzzzz-dz642-20isqbkl8xwnsao" do
 395     set_user_from_auth :container_runtime_token
 396     Thread.current[:token] = "#{Thread.current[:token]}/zzzzz-dz642-20isqbkl8xwnsao"
 397     cr = ContainerRequest.create(container_image: "img", output_path: "/tmp", command: ["echo", "foo"])
 398     assert_not_nil cr.uuid, 'uuid should be set for newly created container_request'
 399     assert_equal 'zzzzz-dz642-20isqbkl8xwnsao', cr.requesting_container_uuid
 400     assert_equal 1, cr.priority
 401   end
 402
 403   [[{"vcpus" => [2, nil]},
 404     lambda { |resolved| resolved["vcpus"] == 2 }],
 405    [{"vcpus" => [3, 7]},
 406     lambda { |resolved| resolved["vcpus"] == 3 }],
 407    [{"vcpus" => 4},
 408     lambda { |resolved| resolved["vcpus"] == 4 }],
 409    [{"ram" => [1000000000, 2000000000]},
 410     lambda { |resolved| resolved["ram"] == 1000000000 }],
 411    [{"ram" => [1234234234]},
 412     lambda { |resolved| resolved["ram"] == 1234234234 }],
 413   ].each do |rc, okfunc|
 414     test "resolve runtime constraint range #{rc} to values" do
 415       resolved = Container.resolve_runtime_constraints(rc)
 416       assert(okfunc.call(resolved),
 417              "container runtime_constraints was #{resolved.inspect}")
 418     end
 419   end
 420
 421   [[{"/out" => {
 422         "kind" => "collection",
 423         "uuid" => "zzzzz-4zz18-znfnqtbbv4spc3w",
 424         "path" => "/foo"}},
 425     lambda do |resolved|
 426       resolved["/out"] == {
 427         "portable_data_hash" => "1f4b0bc7583c2a7f9102c395f4ffc5e3+45",
 428         "kind" => "collection",
 429         "path" => "/foo",
 430       }
 431     end],
 432    [{"/out" => {
 433         "kind" => "collection",
 434         "uuid" => "zzzzz-4zz18-znfnqtbbv4spc3w",
 435         "portable_data_hash" => "1f4b0bc7583c2a7f9102c395f4ffc5e3+45",
 436         "path" => "/foo"}},
 437     lambda do |resolved|
 438       resolved["/out"] == {
 439         "portable_data_hash" => "1f4b0bc7583c2a7f9102c395f4ffc5e3+45",
 440         "kind" => "collection",
 441         "path" => "/foo",
 442       }
 443     end],
 444   ].each do |mounts, okfunc|
 445     test "resolve mounts #{mounts.inspect} to values" do
 446       set_user_from_auth :active
 447       resolved = Container.resolve_mounts(mounts)
 448       assert(okfunc.call(resolved),
 449              "Container.resolve_mounts returned #{resolved.inspect}")
 450     end
 451   end
 452
 453   test 'mount unreadable collection' do
 454     set_user_from_auth :spectator
 455     m = {
 456       "/foo" => {
 457         "kind" => "collection",
 458         "uuid" => "zzzzz-4zz18-znfnqtbbv4spc3w",
 459         "path" => "/foo",
 460       },
 461     }
 462     assert_raises(ArvadosModel::UnresolvableContainerError) do
 463       Container.resolve_mounts(m)
 464     end
 465   end
 466
 467   test 'mount collection with mismatched UUID and PDH' do
 468     set_user_from_auth :active
 469     m = {
 470       "/foo" => {
 471         "kind" => "collection",
 472         "uuid" => "zzzzz-4zz18-znfnqtbbv4spc3w",
 473         "portable_data_hash" => "fa7aeb5140e2848d39b416daeef4ffc5+45",
 474         "path" => "/foo",
 475       },
 476     }
 477     assert_raises(ArgumentError) do
 478       Container.resolve_mounts(m)
 479     end
 480   end
 481
 482   ['arvados/apitestfixture:latest',
 483    'arvados/apitestfixture',
 484    'd8309758b8fe2c81034ffc8a10c36460b77db7bc5e7b448c4e5b684f9d95a678',
 485   ].each do |tag|
 486     test "Container.resolve_container_image(#{tag.inspect})" do
 487       set_user_from_auth :active
 488       resolved = Container.resolve_container_image(tag)
 489       assert_equal resolved, collections(:docker_image).portable_data_hash
 490     end
 491   end
 492
 493   test "Container.resolve_container_image(pdh)" do
 494     set_user_from_auth :active
 495     [[:docker_image, 'v1'], [:docker_image_1_12, 'v2']].each do |coll, ver|
 496       Rails.configuration.docker_image_formats = [ver]
 497       pdh = collections(coll).portable_data_hash
 498       resolved = Container.resolve_container_image(pdh)
 499       assert_equal resolved, pdh
 500     end
 501   end
 502
 503   ['acbd18db4cc2f85cedef654fccc4a4d8+3',
 504    'ENOEXIST',
 505    'arvados/apitestfixture:ENOEXIST',
 506   ].each do |img|
 507     test "container_image_for_container(#{img.inspect}) => 422" do
 508       set_user_from_auth :active
 509       Rails.configuration.remote_hosts = {}
 510       assert_raises(ArvadosModel::UnresolvableContainerError) do
 511         Container.resolve_container_image(img)
 512       end
 513     end
 514   end
 515
 516   test "allow unrecognized container when there are remote_hosts" do
 517     set_user_from_auth :active
 518     begin
 519       Rails.configuration.remote_hosts = {"foooo" => "bar.com"}
 520       Container.resolve_container_image('acbd18db4cc2f85cedef654fccc4a4d8+3')
 521     ensure
 522       Rails.configuration.remote_hosts = {}
 523     end
 524   end
 525
 526   test "migrated docker image" do
 527     Rails.configuration.docker_image_formats = ['v2']
 528     add_docker19_migration_link
 529
 530     # Test that it returns only v2 images even though request is for v1 image.
 531
 532     set_user_from_auth :active
 533     cr = create_minimal_req!(command: ["true", "1"],
 534                              container_image: collections(:docker_image).portable_data_hash)
 535     assert_equal(Container.resolve_container_image(cr.container_image),
 536                  collections(:docker_image_1_12).portable_data_hash)
 537
 538     cr = create_minimal_req!(command: ["true", "2"],
 539                              container_image: links(:docker_image_collection_tag).name)
 540     assert_equal(Container.resolve_container_image(cr.container_image),
 541                  collections(:docker_image_1_12).portable_data_hash)
 542   end
 543
 544   test "use unmigrated docker image" do
 545     Rails.configuration.docker_image_formats = ['v1']
 546     add_docker19_migration_link
 547
 548     # Test that it returns only supported v1 images even though there is a
 549     # migration link.
 550
 551     set_user_from_auth :active
 552     cr = create_minimal_req!(command: ["true", "1"],
 553                              container_image: collections(:docker_image).portable_data_hash)
 554     assert_equal(Container.resolve_container_image(cr.container_image),
 555                  collections(:docker_image).portable_data_hash)
 556
 557     cr = create_minimal_req!(command: ["true", "2"],
 558                              container_image: links(:docker_image_collection_tag).name)
 559     assert_equal(Container.resolve_container_image(cr.container_image),
 560                  collections(:docker_image).portable_data_hash)
 561   end
 562
 563   test "incompatible docker image v1" do
 564     Rails.configuration.docker_image_formats = ['v1']
 565     add_docker19_migration_link
 566
 567     # Don't return unsupported v2 image even if we ask for it directly.
 568     set_user_from_auth :active
 569     cr = create_minimal_req!(command: ["true", "1"],
 570                              container_image: collections(:docker_image_1_12).portable_data_hash)
 571     assert_raises(ArvadosModel::UnresolvableContainerError) do
 572       Container.resolve_container_image(cr.container_image)
 573     end
 574   end
 575
 576   test "incompatible docker image v2" do
 577     Rails.configuration.docker_image_formats = ['v2']
 578     # No migration link, don't return unsupported v1 image,
 579
 580     set_user_from_auth :active
 581     cr = create_minimal_req!(command: ["true", "1"],
 582                              container_image: collections(:docker_image).portable_data_hash)
 583     assert_raises(ArvadosModel::UnresolvableContainerError) do
 584       Container.resolve_container_image(cr.container_image)
 585     end
 586     cr = create_minimal_req!(command: ["true", "2"],
 587                              container_image: links(:docker_image_collection_tag).name)
 588     assert_raises(ArvadosModel::UnresolvableContainerError) do
 589       Container.resolve_container_image(cr.container_image)
 590     end
 591   end
 592
 593   test "requestor can retrieve container owned by dispatch" do
 594     assert_not_empty Container.readable_by(users(:admin)).where(uuid: containers(:running).uuid)
 595     assert_not_empty Container.readable_by(users(:active)).where(uuid: containers(:running).uuid)
 596     assert_empty Container.readable_by(users(:spectator)).where(uuid: containers(:running).uuid)
 597   end
 598
 599   [
 600     [{"var" => "value1"}, {"var" => "value1"}, nil],
 601     [{"var" => "value1"}, {"var" => "value1"}, true],
 602     [{"var" => "value1"}, {"var" => "value1"}, false],
 603     [{"var" => "value1"}, {"var" => "value2"}, nil],
 604   ].each do |env1, env2, use_existing|
 605     test "Container request #{((env1 == env2) and (use_existing.nil? or use_existing == true)) ? 'does' : 'does not'} reuse container when committed#{use_existing.nil? ? '' : use_existing ? ' and use_existing == true' : ' and use_existing == false'}" do
 606       common_attrs = {cwd: "test",
 607                       priority: 1,
 608                       command: ["echo", "hello"],
 609                       output_path: "test",
 610                       runtime_constraints: {"vcpus" => 4,
 611                                             "ram" => 12000000000},
 612                       mounts: {"test" => {"kind" => "json"}}}
 613       set_user_from_auth :active
 614       cr1 = create_minimal_req!(common_attrs.merge({state: ContainerRequest::Committed,
 615                                                     environment: env1}))
 616       if use_existing.nil?
 617         # Testing with use_existing default value
 618         cr2 = create_minimal_req!(common_attrs.merge({state: ContainerRequest::Uncommitted,
 619                                                       environment: env2}))
 620       else
 621
 622         cr2 = create_minimal_req!(common_attrs.merge({state: ContainerRequest::Uncommitted,
 623                                                       environment: env2,
 624                                                       use_existing: use_existing}))
 625       end
 626       assert_not_nil cr1.container_uuid
 627       assert_nil cr2.container_uuid
 628
 629       # Update cr2 to commited state and check for container equality on different cases:
 630       # * When env1 and env2 are equal and use_existing is true, the same container
 631       #   should be assigned.
 632       # * When use_existing is false, a different container should be assigned.
 633       # * When env1 and env2 are different, a different container should be assigned.
 634       cr2.update_attributes!({state: ContainerRequest::Committed})
 635       assert_equal (cr2.use_existing == true and (env1 == env2)),
 636                    (cr1.container_uuid == cr2.container_uuid)
 637     end
 638   end
 639
 640   test "requesting_container_uuid at create is not allowed" do
 641     set_user_from_auth :active
 642     assert_raises(ActiveRecord::RecordInvalid) do
 643       create_minimal_req!(state: "Uncommitted", priority: 1, requesting_container_uuid: 'youcantdothat')
 644     end
 645   end
 646
 647   test "Retry on container cancelled" do
 648     set_user_from_auth :active
 649     cr = create_minimal_req!(priority: 1, state: "Committed", container_count_max: 2)
 650     cr2 = create_minimal_req!(priority: 1, state: "Committed", container_count_max: 2, command: ["echo", "baz"])
 651     prev_container_uuid = cr.container_uuid
 652
 653     c = act_as_system_user do
 654       c = Container.find_by_uuid(cr.container_uuid)
 655       c.update_attributes!(state: Container::Locked)
 656       c.update_attributes!(state: Container::Running)
 657       c
 658     end
 659
 660     cr.reload
 661     cr2.reload
 662     assert_equal "Committed", cr.state
 663     assert_equal prev_container_uuid, cr.container_uuid
 664     assert_not_equal cr2.container_uuid, cr.container_uuid
 665     prev_container_uuid = cr.container_uuid
 666
 667     act_as_system_user do
 668       c.update_attributes!(state: Container::Cancelled)
 669     end
 670
 671     cr.reload
 672     cr2.reload
 673     assert_equal "Committed", cr.state
 674     assert_not_equal prev_container_uuid, cr.container_uuid
 675     assert_not_equal cr2.container_uuid, cr.container_uuid
 676     prev_container_uuid = cr.container_uuid
 677
 678     c = act_as_system_user do
 679       c = Container.find_by_uuid(cr.container_uuid)
 680       c.update_attributes!(state: Container::Cancelled)
 681       c
 682     end
 683
 684     cr.reload
 685     cr2.reload
 686     assert_equal "Final", cr.state
 687     assert_equal prev_container_uuid, cr.container_uuid
 688     assert_not_equal cr2.container_uuid, cr.container_uuid
 689   end
 690
 691   test "Retry on container cancelled with runtime_token" do
 692     set_user_from_auth :spectator
 693     spec = api_client_authorizations(:active)
 694     cr = create_minimal_req!(priority: 1, state: "Committed",
 695                              runtime_token: spec.token,
 696                              container_count_max: 2)
 697     prev_container_uuid = cr.container_uuid
 698
 699     c = act_as_system_user do
 700       c = Container.find_by_uuid(cr.container_uuid)
 701       assert_equal spec.token, c.runtime_token
 702       c.update_attributes!(state: Container::Locked)
 703       c.update_attributes!(state: Container::Running)
 704       c
 705     end
 706
 707     cr.reload
 708     assert_equal "Committed", cr.state
 709     assert_equal prev_container_uuid, cr.container_uuid
 710     prev_container_uuid = cr.container_uuid
 711
 712     act_as_system_user do
 713       c.update_attributes!(state: Container::Cancelled)
 714     end
 715
 716     cr.reload
 717     assert_equal "Committed", cr.state
 718     assert_not_equal prev_container_uuid, cr.container_uuid
 719     prev_container_uuid = cr.container_uuid
 720
 721     c = act_as_system_user do
 722       c = Container.find_by_uuid(cr.container_uuid)
 723       assert_equal spec.token, c.runtime_token
 724       c.update_attributes!(state: Container::Cancelled)
 725       c
 726     end
 727
 728     cr.reload
 729     assert_equal "Final", cr.state
 730     assert_equal prev_container_uuid, cr.container_uuid
 731
 732   end
 733
 734   test "Output collection name setting using output_name with name collision resolution" do
 735     set_user_from_auth :active
 736     output_name = 'unimaginative name'
 737     Collection.create!(name: output_name)
 738
 739     cr = create_minimal_req!(priority: 1,
 740                              state: ContainerRequest::Committed,
 741                              output_name: output_name)
 742     run_container(cr)
 743     cr.reload
 744     assert_equal ContainerRequest::Final, cr.state
 745     output_coll = Collection.find_by_uuid(cr.output_uuid)
 746     # Make sure the resulting output collection name include the original name
 747     # plus the date
 748     assert_not_equal output_name, output_coll.name,
 749                      "more than one collection with the same owner and name"
 750     assert output_coll.name.include?(output_name),
 751            "New name should include original name"
 752     assert_match /\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+Z/, output_coll.name,
 753                  "New name should include ISO8601 date"
 754   end
 755
 756   [[0, :check_output_ttl_0],
 757    [1, :check_output_ttl_1s],
 758    [365*86400, :check_output_ttl_1y],
 759   ].each do |ttl, checker|
 760     test "output_ttl=#{ttl}" do
 761       act_as_user users(:active) do
 762         cr = create_minimal_req!(priority: 1,
 763                                  state: ContainerRequest::Committed,
 764                                  output_name: 'foo',
 765                                  output_ttl: ttl)
 766         run_container(cr)
 767         cr.reload
 768         output = Collection.find_by_uuid(cr.output_uuid)
 769         send(checker, db_current_time, output.trash_at, output.delete_at)
 770       end
 771     end
 772   end
 773
 774   def check_output_ttl_0(now, trash, delete)
 775     assert_nil(trash)
 776     assert_nil(delete)
 777   end
 778
 779   def check_output_ttl_1s(now, trash, delete)
 780     assert_not_nil(trash)
 781     assert_not_nil(delete)
 782     assert_in_delta(trash, now + 1.second, 10)
 783     assert_in_delta(delete, now + Rails.configuration.blob_signature_ttl.second, 10)
 784   end
 785
 786   def check_output_ttl_1y(now, trash, delete)
 787     year = (86400*365).second
 788     assert_not_nil(trash)
 789     assert_not_nil(delete)
 790     assert_in_delta(trash, now + year, 10)
 791     assert_in_delta(delete, now + year, 10)
 792   end
 793
 794   def run_container(cr)
 795     act_as_system_user do
 796       c = Container.find_by_uuid(cr.container_uuid)
 797       c.update_attributes!(state: Container::Locked)
 798       c.update_attributes!(state: Container::Running)
 799       c.update_attributes!(state: Container::Complete,
 800                            exit_code: 0,
 801                            output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45',
 802                            log: 'fa7aeb5140e2848d39b416daeef4ffc5+45')
 803       c
 804     end
 805   end
 806
 807   test "Finalize committed request when reusing a finished container" do
 808     set_user_from_auth :active
 809     cr = create_minimal_req!(priority: 1, state: ContainerRequest::Committed)
 810     cr.reload
 811     assert_equal ContainerRequest::Committed, cr.state
 812     run_container(cr)
 813     cr.reload
 814     assert_equal ContainerRequest::Final, cr.state
 815
 816     cr2 = create_minimal_req!(priority: 1, state: ContainerRequest::Committed)
 817     assert_equal cr.container_uuid, cr2.container_uuid
 818     assert_equal ContainerRequest::Final, cr2.state
 819
 820     cr3 = create_minimal_req!(priority: 1, state: ContainerRequest::Uncommitted)
 821     assert_equal ContainerRequest::Uncommitted, cr3.state
 822     cr3.update_attributes!(state: ContainerRequest::Committed)
 823     assert_equal cr.container_uuid, cr3.container_uuid
 824     assert_equal ContainerRequest::Final, cr3.state
 825   end
 826
 827   [
 828     [false, ActiveRecord::RecordInvalid],
 829     [true, nil],
 830   ].each do |preemptible_conf, expected|
 831     test "having Rails.configuration.preemptible_instances=#{preemptible_conf}, create preemptible container request and verify #{expected}" do
 832       sp = {"preemptible" => true}
 833       common_attrs = {cwd: "test",
 834                       priority: 1,
 835                       command: ["echo", "hello"],
 836                       output_path: "test",
 837                       scheduling_parameters: sp,
 838                       mounts: {"test" => {"kind" => "json"}}}
 839       Rails.configuration.preemptible_instances = preemptible_conf
 840       set_user_from_auth :active
 841
 842       cr = create_minimal_req!(common_attrs)
 843       cr.state = ContainerRequest::Committed
 844
 845       if !expected.nil?
 846         assert_raises(expected) do
 847           cr.save!
 848         end
 849       else
 850         cr.save!
 851         assert_equal sp, cr.scheduling_parameters
 852       end
 853     end
 854   end
 855
 856   [
 857     'zzzzz-dz642-runningcontainr',
 858     nil,
 859   ].each do |requesting_c|
 860     test "having preemptible instances active on the API server, a committed #{requesting_c.nil? ? 'non-':''}child CR should not ask for preemptible instance if parameter already set to false" do
 861       common_attrs = {cwd: "test",
 862                       priority: 1,
 863                       command: ["echo", "hello"],
 864                       output_path: "test",
 865                       scheduling_parameters: {"preemptible" => false},
 866                       mounts: {"test" => {"kind" => "json"}}}
 867
 868       Rails.configuration.preemptible_instances = true
 869       set_user_from_auth :active
 870
 871       if requesting_c
 872         cr = with_container_auth(Container.find_by_uuid requesting_c) do
 873           create_minimal_req!(common_attrs)
 874         end
 875         assert_not_nil cr.requesting_container_uuid
 876       else
 877         cr = create_minimal_req!(common_attrs)
 878       end
 879
 880       cr.state = ContainerRequest::Committed
 881       cr.save!
 882
 883       assert_equal false, cr.scheduling_parameters['preemptible']
 884     end
 885   end
 886
 887   [
 888     [true, 'zzzzz-dz642-runningcontainr', true],
 889     [true, nil, nil],
 890     [false, 'zzzzz-dz642-runningcontainr', nil],
 891     [false, nil, nil],
 892   ].each do |preemptible_conf, requesting_c, schedule_preemptible|
 893     test "having Rails.configuration.preemptible_instances=#{preemptible_conf}, #{requesting_c.nil? ? 'non-':''}child CR should #{schedule_preemptible ? '':'not'} ask for preemptible instance by default" do
 894       common_attrs = {cwd: "test",
 895                       priority: 1,
 896                       command: ["echo", "hello"],
 897                       output_path: "test",
 898                       mounts: {"test" => {"kind" => "json"}}}
 899
 900       Rails.configuration.preemptible_instances = preemptible_conf
 901       set_user_from_auth :active
 902
 903       if requesting_c
 904         cr = with_container_auth(Container.find_by_uuid requesting_c) do
 905           create_minimal_req!(common_attrs)
 906         end
 907         assert_not_nil cr.requesting_container_uuid
 908       else
 909         cr = create_minimal_req!(common_attrs)
 910       end
 911
 912       cr.state = ContainerRequest::Committed
 913       cr.save!
 914
 915       assert_equal schedule_preemptible, cr.scheduling_parameters['preemptible']
 916     end
 917   end
 918
 919   [
 920     [{"partitions" => ["fastcpu","vfastcpu", 100]}, ContainerRequest::Committed, ActiveRecord::RecordInvalid],
 921     [{"partitions" => ["fastcpu","vfastcpu", 100]}, ContainerRequest::Uncommitted],
 922     [{"partitions" => "fastcpu"}, ContainerRequest::Committed, ActiveRecord::RecordInvalid],
 923     [{"partitions" => "fastcpu"}, ContainerRequest::Uncommitted],
 924     [{"partitions" => ["fastcpu","vfastcpu"]}, ContainerRequest::Committed],
 925     [{"max_run_time" => "one day"}, ContainerRequest::Committed, ActiveRecord::RecordInvalid],
 926     [{"max_run_time" => "one day"}, ContainerRequest::Uncommitted],
 927     [{"max_run_time" => -1}, ContainerRequest::Committed, ActiveRecord::RecordInvalid],
 928     [{"max_run_time" => -1}, ContainerRequest::Uncommitted],
 929     [{"max_run_time" => 86400}, ContainerRequest::Committed],
 930   ].each do |sp, state, expected|
 931     test "create container request with scheduling_parameters #{sp} in state #{state} and verify #{expected}" do
 932       common_attrs = {cwd: "test",
 933                       priority: 1,
 934                       command: ["echo", "hello"],
 935                       output_path: "test",
 936                       scheduling_parameters: sp,
 937                       mounts: {"test" => {"kind" => "json"}}}
 938       set_user_from_auth :active
 939
 940       if expected == ActiveRecord::RecordInvalid
 941         assert_raises(ActiveRecord::RecordInvalid) do
 942           create_minimal_req!(common_attrs.merge({state: state}))
 943         end
 944       else
 945         cr = create_minimal_req!(common_attrs.merge({state: state}))
 946         assert_equal sp, cr.scheduling_parameters
 947
 948         if state == ContainerRequest::Committed
 949           c = Container.find_by_uuid(cr.container_uuid)
 950           assert_equal sp, c.scheduling_parameters
 951         end
 952       end
 953     end
 954   end
 955
 956   test "Having preemptible_instances=true create a committed child container request and verify the scheduling parameter of its container" do
 957     common_attrs = {cwd: "test",
 958                     priority: 1,
 959                     command: ["echo", "hello"],
 960                     output_path: "test",
 961                     state: ContainerRequest::Committed,
 962                     mounts: {"test" => {"kind" => "json"}}}
 963     set_user_from_auth :active
 964     Rails.configuration.preemptible_instances = true
 965
 966     cr = with_container_auth(Container.find_by_uuid 'zzzzz-dz642-runningcontainr') do
 967       create_minimal_req!(common_attrs)
 968     end
 969     assert_equal 'zzzzz-dz642-runningcontainr', cr.requesting_container_uuid
 970     assert_equal true, cr.scheduling_parameters["preemptible"]
 971
 972     c = Container.find_by_uuid(cr.container_uuid)
 973     assert_equal true, c.scheduling_parameters["preemptible"]
 974   end
 975
 976   [['Committed', true, {name: "foobar", priority: 123}],
 977    ['Committed', false, {container_count: 2}],
 978    ['Committed', false, {container_count: 0}],
 979    ['Committed', false, {container_count: nil}],
 980    ['Final', false, {state: ContainerRequest::Committed, name: "foobar"}],
 981    ['Final', false, {name: "foobar", priority: 123}],
 982    ['Final', false, {name: "foobar", output_uuid: "zzzzz-4zz18-znfnqtbbv4spc3w"}],
 983    ['Final', false, {name: "foobar", log_uuid: "zzzzz-4zz18-znfnqtbbv4spc3w"}],
 984    ['Final', false, {log_uuid: "zzzzz-4zz18-znfnqtbbv4spc3w"}],
 985    ['Final', false, {priority: 123}],
 986    ['Final', false, {mounts: {}}],
 987    ['Final', false, {container_count: 2}],
 988    ['Final', true, {name: "foobar"}],
 989    ['Final', true, {name: "foobar", description: "baz"}],
 990   ].each do |state, permitted, updates|
 991     test "state=#{state} can#{'not' if !permitted} update #{updates.inspect}" do
 992       act_as_user users(:active) do
 993         cr = create_minimal_req!(priority: 1,
 994                                  state: "Committed",
 995                                  container_count_max: 1)
 996         case state
 997         when 'Committed'
 998           # already done
 999         when 'Final'
1000           act_as_system_user do
1001             Container.find_by_uuid(cr.container_uuid).
1002               update_attributes!(state: Container::Cancelled)
1003           end
1004           cr.reload
1005         else
1006           raise 'broken test case'
1007         end
1008         assert_equal state, cr.state
1009         if permitted
1010           assert cr.update_attributes!(updates)
1011         else
1012           assert_raises(ActiveRecord::RecordInvalid) do
1013             cr.update_attributes!(updates)
1014           end
1015         end
1016       end
1017     end
1018   end
1019
1020   test "delete container_request and check its container's priority" do
1021     act_as_user users(:active) do
1022       cr = ContainerRequest.find_by_uuid container_requests(:running_to_be_deleted).uuid
1023
1024       # initially the cr's container has priority > 0
1025       c = Container.find_by_uuid(cr.container_uuid)
1026       assert_equal 1, c.priority
1027
1028       cr.destroy
1029
1030       # the cr's container now has priority of 0
1031       c = Container.find_by_uuid(cr.container_uuid)
1032       assert_equal 0, c.priority
1033     end
1034   end
1035
1036   test "delete container_request in final state and expect no error due to before_destroy callback" do
1037     act_as_user users(:active) do
1038       cr = ContainerRequest.find_by_uuid container_requests(:completed).uuid
1039       assert_nothing_raised {cr.destroy}
1040     end
1041   end
1042
1043   test "Container request valid priority" do
1044     set_user_from_auth :active
1045     cr = create_minimal_req!
1046
1047     assert_raises(ActiveRecord::RecordInvalid) do
1048       cr.priority = -1
1049       cr.save!
1050     end
1051
1052     cr.priority = 0
1053     cr.save!
1054
1055     cr.priority = 1
1056     cr.save!
1057
1058     cr.priority = 500
1059     cr.save!
1060
1061     cr.priority = 999
1062     cr.save!
1063
1064     cr.priority = 1000
1065     cr.save!
1066
1067     assert_raises(ActiveRecord::RecordInvalid) do
1068       cr.priority = 1001
1069       cr.save!
1070     end
1071   end
1072
1073   # Note: some of these tests might look redundant because they test
1074   # that out-of-order spellings of hashes are still considered equal
1075   # regardless of whether the existing (container) or new (container
1076   # request) hash needs to be re-ordered.
1077   secrets = {"/foo" => {"kind" => "text", "content" => "xyzzy"}}
1078   same_secrets = {"/foo" => {"content" => "xyzzy", "kind" => "text"}}
1079   different_secrets = {"/foo" => {"kind" => "text", "content" => "something completely different"}}
1080   [
1081     [true, nil, nil],
1082     [true, nil, {}],
1083     [true, {}, nil],
1084     [true, {}, {}],
1085     [true, secrets, same_secrets],
1086     [true, same_secrets, secrets],
1087     [false, nil, secrets],
1088     [false, {}, secrets],
1089     [false, secrets, {}],
1090     [false, secrets, nil],
1091     [false, secrets, different_secrets],
1092   ].each do |expect_reuse, sm1, sm2|
1093     test "container reuse secret_mounts #{sm1.inspect}, #{sm2.inspect}" do
1094       set_user_from_auth :active
1095       cr1 = create_minimal_req!(state: "Committed", priority: 1, secret_mounts: sm1)
1096       cr2 = create_minimal_req!(state: "Committed", priority: 1, secret_mounts: sm2)
1097       assert_not_nil cr1.container_uuid
1098       assert_not_nil cr2.container_uuid
1099       if expect_reuse
1100         assert_equal cr1.container_uuid, cr2.container_uuid
1101       else
1102         assert_not_equal cr1.container_uuid, cr2.container_uuid
1103       end
1104     end
1105   end
1106
1107   test "scrub secret_mounts but reuse container for request with identical secret_mounts" do
1108     set_user_from_auth :active
1109     sm = {'/secret/foo' => {'kind' => 'text', 'content' => secret_string}}
1110     cr1 = create_minimal_req!(state: "Committed", priority: 1, secret_mounts: sm.dup)
1111     run_container(cr1)
1112     cr1.reload
1113
1114     # secret_mounts scrubbed from db
1115     c = Container.where(uuid: cr1.container_uuid).first
1116     assert_equal({}, c.secret_mounts)
1117     assert_equal({}, cr1.secret_mounts)
1118
1119     # can reuse container if secret_mounts match
1120     cr2 = create_minimal_req!(state: "Committed", priority: 1, secret_mounts: sm.dup)
1121     assert_equal cr1.container_uuid, cr2.container_uuid
1122
1123     # don't reuse container if secret_mounts don't match
1124     cr3 = create_minimal_req!(state: "Committed", priority: 1, secret_mounts: {})
1125     assert_not_equal cr1.container_uuid, cr3.container_uuid
1126
1127     assert_no_secrets_logged
1128   end
1129
1130   test "conflicting key in mounts and secret_mounts" do
1131     sm = {'/secret/foo' => {'kind' => 'text', 'content' => secret_string}}
1132     set_user_from_auth :active
1133     cr = create_minimal_req!
1134     assert_equal false, cr.update_attributes(state: "Committed",
1135                                              priority: 1,
1136                                              mounts: cr.mounts.merge(sm),
1137                                              secret_mounts: sm)
1138     assert_equal [:secret_mounts], cr.errors.messages.keys
1139   end
1140
1141   test "using runtime_token" do
1142     set_user_from_auth :spectator
1143     spec = api_client_authorizations(:active)
1144     cr = create_minimal_req!(state: "Committed", runtime_token: spec.token, priority: 1)
1145     cr.save!
1146     c = Container.find_by_uuid cr.container_uuid
1147     lock_and_run c
1148     assert_nil c.auth_uuid
1149     assert_equal c.runtime_token, spec.token
1150
1151     assert_not_nil ApiClientAuthorization.find_by_uuid(spec.uuid)
1152
1153     act_as_system_user do
1154       c.update_attributes!(state: Container::Complete,
1155                            exit_code: 0,
1156                            output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45',
1157                            log: 'fa7aeb5140e2848d39b416daeef4ffc5+45')
1158     end
1159
1160     cr.reload
1161     c.reload
1162     assert_nil cr.runtime_token
1163     assert_nil c.runtime_token
1164   end
1165
1166   test "invalid runtime_token" do
1167     set_user_from_auth :active
1168     spec = api_client_authorizations(:spectator)
1169     assert_raises(ArgumentError) do
1170       cr = create_minimal_req!(state: "Committed", runtime_token: "#{spec.token}xx")
1171       cr.save!
1172     end
1173   end
1174 end