1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
6 require 'helpers/container_test_helper'
8 class ContainerTest < ActiveSupport::TestCase
10 include ContainerTestHelper
13 command: ['echo', 'foo'],
14 container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
17 runtime_constraints: {"vcpus" => 1, "ram" => 1},
20 REUSABLE_COMMON_ATTRS = {
21 container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
23 command: ["echo", "hello"],
25 runtime_constraints: {
30 "test" => {"kind" => "json"},
37 def minimal_new attrs={}
38 cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
39 cr.state = ContainerRequest::Committed
40 act_as_user users(:active) do
43 c = Container.find_by_uuid cr.container_uuid
48 def check_illegal_updates c, bad_updates
49 bad_updates.each do |u|
50 refute c.update_attributes(u), u.inspect
51 refute c.valid?, u.inspect
56 def check_illegal_modify c
57 check_illegal_updates c, [{command: ["echo", "bar"]},
58 {container_image: "arvados/apitestfixture:june10"},
60 {environment: {"FOO" => "BAR"}},
61 {mounts: {"FOO" => "BAR"}},
62 {output_path: "/tmp3"},
63 {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
64 {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
65 {runtime_constraints: {"FOO" => "BAR"}}]
68 def check_bogus_states c
69 check_illegal_updates c, [{state: nil},
73 def check_no_change_from_cancelled c
74 check_illegal_modify c
76 check_illegal_updates c, [{ priority: 3 },
77 { state: Container::Queued },
78 { state: Container::Locked },
79 { state: Container::Running },
80 { state: Container::Complete }]
83 test "Container create" do
85 c, _ = minimal_new(environment: {},
86 mounts: {"BAR" => "FOO"},
89 runtime_constraints: {"vcpus" => 1, "ram" => 1})
91 check_illegal_modify c
100 test "Container valid priority" do
101 act_as_system_user do
102 c, _ = minimal_new(environment: {},
103 mounts: {"BAR" => "FOO"},
106 runtime_constraints: {"vcpus" => 1, "ram" => 1})
108 assert_raises(ActiveRecord::RecordInvalid) do
128 assert_raises(ActiveRecord::RecordInvalid) do
136 test "Container serialized hash attributes sorted before save" do
137 env = {"C" => 3, "B" => 2, "A" => 1}
138 m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
139 rc = {"vcpus" => 1, "ram" => 1, "keep_cache_ram" => 1}
140 c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
141 assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
142 assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
143 assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
146 test 'deep_sort_hash on array of hashes' do
147 a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
148 b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
149 assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
152 test "find_reusable method should select higher priority queued container" do
153 set_user_from_auth :active
154 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
155 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
156 c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
157 assert_not_equal c_low_priority.uuid, c_high_priority.uuid
158 assert_equal Container::Queued, c_low_priority.state
159 assert_equal Container::Queued, c_high_priority.state
160 reused = Container.find_reusable(common_attrs)
161 assert_not_nil reused
162 assert_equal reused.uuid, c_high_priority.uuid
165 test "find_reusable method should select latest completed container" do
166 set_user_from_auth :active
167 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
169 state: Container::Complete,
171 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
172 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
175 c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
176 c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
177 assert_not_equal c_older.uuid, c_recent.uuid
179 set_user_from_auth :dispatch1
180 c_older.update_attributes!({state: Container::Locked})
181 c_older.update_attributes!({state: Container::Running})
182 c_older.update_attributes!(completed_attrs)
184 c_recent.update_attributes!({state: Container::Locked})
185 c_recent.update_attributes!({state: Container::Running})
186 c_recent.update_attributes!(completed_attrs)
188 reused = Container.find_reusable(common_attrs)
189 assert_not_nil reused
190 assert_equal reused.uuid, c_older.uuid
193 test "find_reusable method should select oldest completed container when inconsistent outputs exist" do
194 set_user_from_auth :active
195 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
197 state: Container::Complete,
199 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
202 cr = ContainerRequest.new common_attrs
203 cr.use_existing = false
204 cr.state = ContainerRequest::Committed
206 c_output1 = Container.where(uuid: cr.container_uuid).first
208 cr = ContainerRequest.new common_attrs
209 cr.use_existing = false
210 cr.state = ContainerRequest::Committed
212 c_output2 = Container.where(uuid: cr.container_uuid).first
214 assert_not_equal c_output1.uuid, c_output2.uuid
216 set_user_from_auth :dispatch1
218 out1 = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
219 log1 = collections(:real_log_collection).portable_data_hash
220 c_output1.update_attributes!({state: Container::Locked})
221 c_output1.update_attributes!({state: Container::Running})
222 c_output1.update_attributes!(completed_attrs.merge({log: log1, output: out1}))
224 out2 = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
225 c_output2.update_attributes!({state: Container::Locked})
226 c_output2.update_attributes!({state: Container::Running})
227 c_output2.update_attributes!(completed_attrs.merge({log: log1, output: out2}))
229 reused = Container.resolve(ContainerRequest.new(common_attrs))
230 assert_equal c_output1.uuid, reused.uuid
233 test "find_reusable method should select running container by start date" do
234 set_user_from_auth :active
235 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
236 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
237 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
238 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
239 # Confirm the 3 container UUIDs are different.
240 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
241 set_user_from_auth :dispatch1
242 c_slower.update_attributes!({state: Container::Locked})
243 c_slower.update_attributes!({state: Container::Running,
245 c_faster_started_first.update_attributes!({state: Container::Locked})
246 c_faster_started_first.update_attributes!({state: Container::Running,
248 c_faster_started_second.update_attributes!({state: Container::Locked})
249 c_faster_started_second.update_attributes!({state: Container::Running,
251 reused = Container.find_reusable(common_attrs)
252 assert_not_nil reused
253 # Selected container is the one that started first
254 assert_equal reused.uuid, c_faster_started_first.uuid
257 test "find_reusable method should select running container by progress" do
258 set_user_from_auth :active
259 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
260 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
261 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
262 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
263 # Confirm the 3 container UUIDs are different.
264 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
265 set_user_from_auth :dispatch1
266 c_slower.update_attributes!({state: Container::Locked})
267 c_slower.update_attributes!({state: Container::Running,
269 c_faster_started_first.update_attributes!({state: Container::Locked})
270 c_faster_started_first.update_attributes!({state: Container::Running,
272 c_faster_started_second.update_attributes!({state: Container::Locked})
273 c_faster_started_second.update_attributes!({state: Container::Running,
275 reused = Container.find_reusable(common_attrs)
276 assert_not_nil reused
277 # Selected container is the one with most progress done
278 assert_equal reused.uuid, c_faster_started_second.uuid
281 test "find_reusable method should select locked container most likely to start sooner" do
282 set_user_from_auth :active
283 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
284 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
285 c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
286 c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
287 # Confirm the 3 container UUIDs are different.
288 assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
289 set_user_from_auth :dispatch1
290 c_low_priority.update_attributes!({state: Container::Locked,
292 c_high_priority_older.update_attributes!({state: Container::Locked,
294 c_high_priority_newer.update_attributes!({state: Container::Locked,
296 reused = Container.find_reusable(common_attrs)
297 assert_not_nil reused
298 assert_equal reused.uuid, c_high_priority_older.uuid
301 test "find_reusable method should select running over failed container" do
302 set_user_from_auth :active
303 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
304 c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
305 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
306 assert_not_equal c_failed.uuid, c_running.uuid
307 set_user_from_auth :dispatch1
308 c_failed.update_attributes!({state: Container::Locked})
309 c_failed.update_attributes!({state: Container::Running})
310 c_failed.update_attributes!({state: Container::Complete,
312 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
313 output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
314 c_running.update_attributes!({state: Container::Locked})
315 c_running.update_attributes!({state: Container::Running,
317 reused = Container.find_reusable(common_attrs)
318 assert_not_nil reused
319 assert_equal reused.uuid, c_running.uuid
322 test "find_reusable method should select complete over running container" do
323 set_user_from_auth :active
324 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
325 c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
326 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
327 assert_not_equal c_completed.uuid, c_running.uuid
328 set_user_from_auth :dispatch1
329 c_completed.update_attributes!({state: Container::Locked})
330 c_completed.update_attributes!({state: Container::Running})
331 c_completed.update_attributes!({state: Container::Complete,
333 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
334 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
335 c_running.update_attributes!({state: Container::Locked})
336 c_running.update_attributes!({state: Container::Running,
338 reused = Container.find_reusable(common_attrs)
339 assert_not_nil reused
340 assert_equal c_completed.uuid, reused.uuid
343 test "find_reusable method should select running over locked container" do
344 set_user_from_auth :active
345 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
346 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
347 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
348 assert_not_equal c_running.uuid, c_locked.uuid
349 set_user_from_auth :dispatch1
350 c_locked.update_attributes!({state: Container::Locked})
351 c_running.update_attributes!({state: Container::Locked})
352 c_running.update_attributes!({state: Container::Running,
354 reused = Container.find_reusable(common_attrs)
355 assert_not_nil reused
356 assert_equal reused.uuid, c_running.uuid
359 test "find_reusable method should select locked over queued container" do
360 set_user_from_auth :active
361 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
362 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
363 c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
364 assert_not_equal c_queued.uuid, c_locked.uuid
365 set_user_from_auth :dispatch1
366 c_locked.update_attributes!({state: Container::Locked})
367 reused = Container.find_reusable(common_attrs)
368 assert_not_nil reused
369 assert_equal reused.uuid, c_locked.uuid
372 test "find_reusable method should not select failed container" do
373 set_user_from_auth :active
374 attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
375 c, _ = minimal_new(attrs)
376 set_user_from_auth :dispatch1
377 c.update_attributes!({state: Container::Locked})
378 c.update_attributes!({state: Container::Running})
379 c.update_attributes!({state: Container::Complete,
381 reused = Container.find_reusable(attrs)
385 test "find_reusable with logging disabled" do
386 set_user_from_auth :active
387 Rails.logger.expects(:info).never
388 Container.find_reusable(REUSABLE_COMMON_ATTRS)
391 test "find_reusable with logging enabled" do
392 set_user_from_auth :active
393 Rails.configuration.log_reuse_decisions = true
394 Rails.logger.expects(:info).at_least(3)
395 Container.find_reusable(REUSABLE_COMMON_ATTRS)
398 test "Container running" do
399 c, _ = minimal_new priority: 1
401 set_user_from_auth :dispatch1
402 check_illegal_updates c, [{state: Container::Running},
403 {state: Container::Complete}]
406 c.update_attributes! state: Container::Running
408 check_illegal_modify c
411 check_illegal_updates c, [{state: Container::Queued}]
414 c.update_attributes! priority: 3
417 test "Lock and unlock" do
418 c, cr = minimal_new priority: 0
420 set_user_from_auth :dispatch1
421 assert_equal Container::Queued, c.state
423 assert_raise(ArvadosModel::LockFailedError) do
428 assert cr.update_attributes priority: 1
430 refute c.update_attributes(state: Container::Running), "not locked"
432 refute c.update_attributes(state: Container::Complete), "not locked"
435 assert c.lock, show_errors(c)
436 assert c.locked_by_uuid
439 assert_raise(ArvadosModel::LockFailedError) {c.lock}
442 assert c.unlock, show_errors(c)
443 refute c.locked_by_uuid
446 refute c.update_attributes(state: Container::Running), "not locked"
448 refute c.locked_by_uuid
451 assert c.lock, show_errors(c)
452 assert c.update_attributes(state: Container::Running), show_errors(c)
453 assert c.locked_by_uuid
456 auth_uuid_was = c.auth_uuid
458 assert_raise(ArvadosModel::LockFailedError) do
459 # Running to Locked is not allowed
463 assert_raise(ArvadosModel::InvalidStateTransitionError) do
464 # Running to Queued is not allowed
469 assert c.update_attributes(state: Container::Complete), show_errors(c)
470 refute c.locked_by_uuid
473 auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
474 assert_operator auth_exp, :<, db_current_time
477 test "Container queued cancel" do
478 c, cr = minimal_new({container_count_max: 1})
479 set_user_from_auth :dispatch1
480 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
481 check_no_change_from_cancelled c
483 assert_equal ContainerRequest::Final, cr.state
486 test "Container queued count" do
487 assert_equal 1, Container.readable_by(users(:active)).where(state: "Queued").count
490 test "Container locked cancel" do
492 set_user_from_auth :dispatch1
493 assert c.lock, show_errors(c)
494 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
495 check_no_change_from_cancelled c
498 test "Container locked cancel with log" do
500 set_user_from_auth :dispatch1
501 assert c.lock, show_errors(c)
502 assert c.update_attributes(
503 state: Container::Cancelled,
504 log: collections(:real_log_collection).portable_data_hash,
506 check_no_change_from_cancelled c
509 test "Container running cancel" do
511 set_user_from_auth :dispatch1
513 c.update_attributes! state: Container::Running
514 c.update_attributes! state: Container::Cancelled
515 check_no_change_from_cancelled c
518 test "Container create forbidden for non-admin" do
519 set_user_from_auth :active_trustedclient
520 c = Container.new DEFAULT_ATTRS
522 c.mounts = {"BAR" => "FOO"}
523 c.output_path = "/tmp"
525 c.runtime_constraints = {}
526 assert_raises(ArvadosModel::PermissionDeniedError) do
531 test "Container only set exit code on complete" do
533 set_user_from_auth :dispatch1
535 c.update_attributes! state: Container::Running
537 check_illegal_updates c, [{exit_code: 1},
538 {exit_code: 1, state: Container::Cancelled}]
540 assert c.update_attributes(exit_code: 1, state: Container::Complete)
543 test "locked_by_uuid can set output on running container" do
545 set_user_from_auth :dispatch1
547 c.update_attributes! state: Container::Running
549 assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
551 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
552 assert c.update_attributes! state: Container::Complete
555 test "auth_uuid can set output on running container, but not change container state" do
557 set_user_from_auth :dispatch1
559 c.update_attributes! state: Container::Running
561 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
562 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
563 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
565 assert_raises ArvadosModel::PermissionDeniedError do
566 # auth_uuid cannot set container state
567 c.update_attributes state: Container::Complete
571 test "not allowed to set output that is not readable by current user" do
573 set_user_from_auth :dispatch1
575 c.update_attributes! state: Container::Running
577 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
578 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
580 assert_raises ActiveRecord::RecordInvalid do
581 c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
585 test "other token cannot set output on running container" do
587 set_user_from_auth :dispatch1
589 c.update_attributes! state: Container::Running
591 set_user_from_auth :running_to_be_deleted_container_auth
592 assert_raises ArvadosModel::PermissionDeniedError do
593 c.update_attributes! output: collections(:foo_file).portable_data_hash
597 test "can set trashed output on running container" do
599 set_user_from_auth :dispatch1
601 c.update_attributes! state: Container::Running
603 output = Collection.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jk')
605 assert output.is_trashed
606 assert c.update_attributes output: output.portable_data_hash
607 assert c.update_attributes! state: Container::Complete
610 test "not allowed to set trashed output that is not readable by current user" do
612 set_user_from_auth :dispatch1
614 c.update_attributes! state: Container::Running
616 output = Collection.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jr')
618 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
619 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
621 assert_raises ActiveRecord::RecordInvalid do
622 c.update_attributes! output: output.portable_data_hash
628 Container::Cancelled,
629 ].each do |final_state|
630 test "secret_mounts is null after container is #{final_state}" do
631 assert_no_secrets_logged