services/api/test/unit/container_test.rb

   1 require 'test_helper'
   2
   3 class ContainerTest < ActiveSupport::TestCase
   4   include DbCurrentTime
   5
   6   DEFAULT_ATTRS = {
   7     command: ['echo', 'foo'],
   8     container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
   9     output_path: '/tmp',
  10     priority: 1,
  11     runtime_constraints: {"vcpus" => 1, "ram" => 1},
  12   }
  13
  14   REUSABLE_COMMON_ATTRS = {
  15     container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
  16     cwd: "test",
  17     command: ["echo", "hello"],
  18     output_path: "test",
  19     runtime_constraints: {
  20       "ram" => 12000000000,
  21       "vcpus" => 4,
  22     },
  23     mounts: {
  24       "test" => {"kind" => "json"},
  25     },
  26     environment: {
  27       "var" => "val",
  28     },
  29   }
  30
  31   def minimal_new attrs={}
  32     cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
  33     cr.state = ContainerRequest::Committed
  34     act_as_user users(:active) do
  35       cr.save!
  36     end
  37     c = Container.find_by_uuid cr.container_uuid
  38     assert_not_nil c
  39     return c, cr
  40   end
  41
  42   def check_illegal_updates c, bad_updates
  43     bad_updates.each do |u|
  44       refute c.update_attributes(u), u.inspect
  45       refute c.valid?, u.inspect
  46       c.reload
  47     end
  48   end
  49
  50   def check_illegal_modify c
  51     check_illegal_updates c, [{command: ["echo", "bar"]},
  52                               {container_image: "arvados/apitestfixture:june10"},
  53                               {cwd: "/tmp2"},
  54                               {environment: {"FOO" => "BAR"}},
  55                               {mounts: {"FOO" => "BAR"}},
  56                               {output_path: "/tmp3"},
  57                               {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
  58                               {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
  59                               {runtime_constraints: {"FOO" => "BAR"}}]
  60   end
  61
  62   def check_bogus_states c
  63     check_illegal_updates c, [{state: nil},
  64                               {state: "Flubber"}]
  65   end
  66
  67   def check_no_change_from_cancelled c
  68     check_illegal_modify c
  69     check_bogus_states c
  70     check_illegal_updates c, [{ priority: 3 },
  71                               { state: Container::Queued },
  72                               { state: Container::Locked },
  73                               { state: Container::Running },
  74                               { state: Container::Complete }]
  75   end
  76
  77   test "Container create" do
  78     act_as_system_user do
  79       c, _ = minimal_new(environment: {},
  80                       mounts: {"BAR" => "FOO"},
  81                       output_path: "/tmp",
  82                       priority: 1,
  83                       runtime_constraints: {"vcpus" => 1, "ram" => 1})
  84
  85       check_illegal_modify c
  86       check_bogus_states c
  87
  88       c.reload
  89       c.priority = 2
  90       c.save!
  91     end
  92   end
  93
  94   test "Container serialized hash attributes sorted before save" do
  95     env = {"C" => 3, "B" => 2, "A" => 1}
  96     m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
  97     rc = {"vcpus" => 1, "ram" => 1, "keep_cache_ram" => 1}
  98     c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
  99     assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
 100     assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
 101     assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
 102   end
 103
 104   test 'deep_sort_hash on array of hashes' do
 105     a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
 106     b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
 107     assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
 108   end
 109
 110   test "find_reusable method should select higher priority queued container" do
 111     set_user_from_auth :active
 112     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
 113     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
 114     c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
 115     assert_not_equal c_low_priority.uuid, c_high_priority.uuid
 116     assert_equal Container::Queued, c_low_priority.state
 117     assert_equal Container::Queued, c_high_priority.state
 118     reused = Container.find_reusable(common_attrs)
 119     assert_not_nil reused
 120     assert_equal reused.uuid, c_high_priority.uuid
 121   end
 122
 123   test "find_reusable method should select latest completed container" do
 124     set_user_from_auth :active
 125     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
 126     completed_attrs = {
 127       state: Container::Complete,
 128       exit_code: 0,
 129       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 130       output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
 131     }
 132
 133     c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
 134     c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
 135     assert_not_equal c_older.uuid, c_recent.uuid
 136
 137     set_user_from_auth :dispatch1
 138     c_older.update_attributes!({state: Container::Locked})
 139     c_older.update_attributes!({state: Container::Running})
 140     c_older.update_attributes!(completed_attrs)
 141
 142     c_recent.update_attributes!({state: Container::Locked})
 143     c_recent.update_attributes!({state: Container::Running})
 144     c_recent.update_attributes!(completed_attrs)
 145
 146     reused = Container.find_reusable(common_attrs)
 147     assert_not_nil reused
 148     assert_equal reused.uuid, c_older.uuid
 149   end
 150
 151   test "find_reusable method should select oldest completed container when inconsistent outputs exist" do
 152     set_user_from_auth :active
 153     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
 154     completed_attrs = {
 155       state: Container::Complete,
 156       exit_code: 0,
 157       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 158     }
 159
 160     cr = ContainerRequest.new common_attrs
 161     cr.use_existing = false
 162     cr.state = ContainerRequest::Committed
 163     cr.save!
 164     c_output1 = Container.where(uuid: cr.container_uuid).first
 165
 166     cr = ContainerRequest.new common_attrs
 167     cr.use_existing = false
 168     cr.state = ContainerRequest::Committed
 169     cr.save!
 170     c_output2 = Container.where(uuid: cr.container_uuid).first
 171
 172     assert_not_equal c_output1.uuid, c_output2.uuid
 173
 174     set_user_from_auth :dispatch1
 175
 176     out1 = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
 177     log1 = collections(:real_log_collection).portable_data_hash
 178     c_output1.update_attributes!({state: Container::Locked})
 179     c_output1.update_attributes!({state: Container::Running})
 180     c_output1.update_attributes!(completed_attrs.merge({log: log1, output: out1}))
 181
 182     out2 = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
 183     c_output2.update_attributes!({state: Container::Locked})
 184     c_output2.update_attributes!({state: Container::Running})
 185     c_output2.update_attributes!(completed_attrs.merge({log: log1, output: out2}))
 186
 187     reused = Container.resolve(ContainerRequest.new(common_attrs))
 188     assert_equal c_output1.uuid, reused.uuid
 189   end
 190
 191   test "find_reusable method should select running container by start date" do
 192     set_user_from_auth :active
 193     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
 194     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
 195     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
 196     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
 197     # Confirm the 3 container UUIDs are different.
 198     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
 199     set_user_from_auth :dispatch1
 200     c_slower.update_attributes!({state: Container::Locked})
 201     c_slower.update_attributes!({state: Container::Running,
 202                                  progress: 0.1})
 203     c_faster_started_first.update_attributes!({state: Container::Locked})
 204     c_faster_started_first.update_attributes!({state: Container::Running,
 205                                                progress: 0.15})
 206     c_faster_started_second.update_attributes!({state: Container::Locked})
 207     c_faster_started_second.update_attributes!({state: Container::Running,
 208                                                 progress: 0.15})
 209     reused = Container.find_reusable(common_attrs)
 210     assert_not_nil reused
 211     # Selected container is the one that started first
 212     assert_equal reused.uuid, c_faster_started_first.uuid
 213   end
 214
 215   test "find_reusable method should select running container by progress" do
 216     set_user_from_auth :active
 217     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
 218     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
 219     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
 220     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
 221     # Confirm the 3 container UUIDs are different.
 222     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
 223     set_user_from_auth :dispatch1
 224     c_slower.update_attributes!({state: Container::Locked})
 225     c_slower.update_attributes!({state: Container::Running,
 226                                  progress: 0.1})
 227     c_faster_started_first.update_attributes!({state: Container::Locked})
 228     c_faster_started_first.update_attributes!({state: Container::Running,
 229                                                progress: 0.15})
 230     c_faster_started_second.update_attributes!({state: Container::Locked})
 231     c_faster_started_second.update_attributes!({state: Container::Running,
 232                                                 progress: 0.2})
 233     reused = Container.find_reusable(common_attrs)
 234     assert_not_nil reused
 235     # Selected container is the one with most progress done
 236     assert_equal reused.uuid, c_faster_started_second.uuid
 237   end
 238
 239   test "find_reusable method should select locked container most likely to start sooner" do
 240     set_user_from_auth :active
 241     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
 242     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
 243     c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
 244     c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
 245     # Confirm the 3 container UUIDs are different.
 246     assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
 247     set_user_from_auth :dispatch1
 248     c_low_priority.update_attributes!({state: Container::Locked,
 249                                        priority: 1})
 250     c_high_priority_older.update_attributes!({state: Container::Locked,
 251                                               priority: 2})
 252     c_high_priority_newer.update_attributes!({state: Container::Locked,
 253                                               priority: 2})
 254     reused = Container.find_reusable(common_attrs)
 255     assert_not_nil reused
 256     assert_equal reused.uuid, c_high_priority_older.uuid
 257   end
 258
 259   test "find_reusable method should select running over failed container" do
 260     set_user_from_auth :active
 261     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
 262     c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
 263     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 264     assert_not_equal c_failed.uuid, c_running.uuid
 265     set_user_from_auth :dispatch1
 266     c_failed.update_attributes!({state: Container::Locked})
 267     c_failed.update_attributes!({state: Container::Running})
 268     c_failed.update_attributes!({state: Container::Complete,
 269                                  exit_code: 42,
 270                                  log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 271                                  output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
 272     c_running.update_attributes!({state: Container::Locked})
 273     c_running.update_attributes!({state: Container::Running,
 274                                   progress: 0.15})
 275     reused = Container.find_reusable(common_attrs)
 276     assert_not_nil reused
 277     assert_equal reused.uuid, c_running.uuid
 278   end
 279
 280   test "find_reusable method should select complete over running container" do
 281     set_user_from_auth :active
 282     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
 283     c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
 284     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 285     assert_not_equal c_completed.uuid, c_running.uuid
 286     set_user_from_auth :dispatch1
 287     c_completed.update_attributes!({state: Container::Locked})
 288     c_completed.update_attributes!({state: Container::Running})
 289     c_completed.update_attributes!({state: Container::Complete,
 290                                     exit_code: 0,
 291                                     log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 292                                     output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
 293     c_running.update_attributes!({state: Container::Locked})
 294     c_running.update_attributes!({state: Container::Running,
 295                                   progress: 0.15})
 296     reused = Container.find_reusable(common_attrs)
 297     assert_not_nil reused
 298     assert_equal c_completed.uuid, reused.uuid
 299   end
 300
 301   test "find_reusable method should select running over locked container" do
 302     set_user_from_auth :active
 303     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
 304     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
 305     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 306     assert_not_equal c_running.uuid, c_locked.uuid
 307     set_user_from_auth :dispatch1
 308     c_locked.update_attributes!({state: Container::Locked})
 309     c_running.update_attributes!({state: Container::Locked})
 310     c_running.update_attributes!({state: Container::Running,
 311                                   progress: 0.15})
 312     reused = Container.find_reusable(common_attrs)
 313     assert_not_nil reused
 314     assert_equal reused.uuid, c_running.uuid
 315   end
 316
 317   test "find_reusable method should select locked over queued container" do
 318     set_user_from_auth :active
 319     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
 320     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
 321     c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
 322     assert_not_equal c_queued.uuid, c_locked.uuid
 323     set_user_from_auth :dispatch1
 324     c_locked.update_attributes!({state: Container::Locked})
 325     reused = Container.find_reusable(common_attrs)
 326     assert_not_nil reused
 327     assert_equal reused.uuid, c_locked.uuid
 328   end
 329
 330   test "find_reusable method should not select failed container" do
 331     set_user_from_auth :active
 332     attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
 333     c, _ = minimal_new(attrs)
 334     set_user_from_auth :dispatch1
 335     c.update_attributes!({state: Container::Locked})
 336     c.update_attributes!({state: Container::Running})
 337     c.update_attributes!({state: Container::Complete,
 338                           exit_code: 33})
 339     reused = Container.find_reusable(attrs)
 340     assert_nil reused
 341   end
 342
 343   test "Container running" do
 344     c, _ = minimal_new priority: 1
 345
 346     set_user_from_auth :dispatch1
 347     check_illegal_updates c, [{state: Container::Running},
 348                               {state: Container::Complete}]
 349
 350     c.lock
 351     c.update_attributes! state: Container::Running
 352
 353     check_illegal_modify c
 354     check_bogus_states c
 355
 356     check_illegal_updates c, [{state: Container::Queued}]
 357     c.reload
 358
 359     c.update_attributes! priority: 3
 360   end
 361
 362   test "Lock and unlock" do
 363     c, cr = minimal_new priority: 0
 364
 365     set_user_from_auth :dispatch1
 366     assert_equal Container::Queued, c.state
 367
 368     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # "no priority"
 369     c.reload
 370     assert cr.update_attributes priority: 1
 371
 372     refute c.update_attributes(state: Container::Running), "not locked"
 373     c.reload
 374     refute c.update_attributes(state: Container::Complete), "not locked"
 375     c.reload
 376
 377     assert c.lock, show_errors(c)
 378     assert c.locked_by_uuid
 379     assert c.auth_uuid
 380
 381     assert_raise(ArvadosModel::AlreadyLockedError) {c.lock}
 382     c.reload
 383
 384     assert c.unlock, show_errors(c)
 385     refute c.locked_by_uuid
 386     refute c.auth_uuid
 387
 388     refute c.update_attributes(state: Container::Running), "not locked"
 389     c.reload
 390     refute c.locked_by_uuid
 391     refute c.auth_uuid
 392
 393     assert c.lock, show_errors(c)
 394     assert c.update_attributes(state: Container::Running), show_errors(c)
 395     assert c.locked_by_uuid
 396     assert c.auth_uuid
 397
 398     auth_uuid_was = c.auth_uuid
 399
 400     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # Running to Locked is not allowed
 401     c.reload
 402     assert_raise(ActiveRecord::RecordInvalid) {c.unlock} # Running to Queued is not allowed
 403     c.reload
 404
 405     assert c.update_attributes(state: Container::Complete), show_errors(c)
 406     refute c.locked_by_uuid
 407     refute c.auth_uuid
 408
 409     auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
 410     assert_operator auth_exp, :<, db_current_time
 411   end
 412
 413   test "Container queued cancel" do
 414     c, _ = minimal_new
 415     set_user_from_auth :dispatch1
 416     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
 417     check_no_change_from_cancelled c
 418   end
 419
 420   test "Container locked cancel" do
 421     c, _ = minimal_new
 422     set_user_from_auth :dispatch1
 423     assert c.lock, show_errors(c)
 424     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
 425     check_no_change_from_cancelled c
 426   end
 427
 428   test "Container running cancel" do
 429     c, _ = minimal_new
 430     set_user_from_auth :dispatch1
 431     c.lock
 432     c.update_attributes! state: Container::Running
 433     c.update_attributes! state: Container::Cancelled
 434     check_no_change_from_cancelled c
 435   end
 436
 437   test "Container create forbidden for non-admin" do
 438     set_user_from_auth :active_trustedclient
 439     c = Container.new DEFAULT_ATTRS
 440     c.environment = {}
 441     c.mounts = {"BAR" => "FOO"}
 442     c.output_path = "/tmp"
 443     c.priority = 1
 444     c.runtime_constraints = {}
 445     assert_raises(ArvadosModel::PermissionDeniedError) do
 446       c.save!
 447     end
 448   end
 449
 450   test "Container only set exit code on complete" do
 451     c, _ = minimal_new
 452     set_user_from_auth :dispatch1
 453     c.lock
 454     c.update_attributes! state: Container::Running
 455
 456     check_illegal_updates c, [{exit_code: 1},
 457                               {exit_code: 1, state: Container::Cancelled}]
 458
 459     assert c.update_attributes(exit_code: 1, state: Container::Complete)
 460   end
 461
 462   test "locked_by_uuid can set output on running container" do
 463     c, _ = minimal_new
 464     set_user_from_auth :dispatch1
 465     c.lock
 466     c.update_attributes! state: Container::Running
 467
 468     assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
 469
 470     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
 471     assert c.update_attributes! state: Container::Complete
 472   end
 473
 474   test "auth_uuid can set output on running container, but not change container state" do
 475     c, _ = minimal_new
 476     set_user_from_auth :dispatch1
 477     c.lock
 478     c.update_attributes! state: Container::Running
 479
 480     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 481     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 482     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
 483
 484     assert_raises ArvadosModel::PermissionDeniedError do
 485       # auth_uuid cannot set container state
 486       c.update_attributes state: Container::Complete
 487     end
 488   end
 489
 490   test "not allowed to set output that is not readable by current user" do
 491     c, _ = minimal_new
 492     set_user_from_auth :dispatch1
 493     c.lock
 494     c.update_attributes! state: Container::Running
 495
 496     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 497     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 498
 499     assert_raises ActiveRecord::RecordInvalid do
 500       c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
 501     end
 502   end
 503
 504   test "other token cannot set output on running container" do
 505     c, _ = minimal_new
 506     set_user_from_auth :dispatch1
 507     c.lock
 508     c.update_attributes! state: Container::Running
 509
 510     set_user_from_auth :not_running_container_auth
 511     assert_raises ArvadosModel::PermissionDeniedError do
 512       c.update_attributes! output: collections(:foo_file).portable_data_hash
 513     end
 514   end
 515
 516   test "can set trashed output on running container" do
 517     c, _ = minimal_new
 518     set_user_from_auth :dispatch1
 519     c.lock
 520     c.update_attributes! state: Container::Running
 521
 522     output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jk')
 523
 524     assert output.is_trashed
 525     assert c.update_attributes output: output.portable_data_hash
 526     assert c.update_attributes! state: Container::Complete
 527   end
 528
 529   test "not allowed to set trashed output that is not readable by current user" do
 530     c, _ = minimal_new
 531     set_user_from_auth :dispatch1
 532     c.lock
 533     c.update_attributes! state: Container::Running
 534
 535     output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jr')
 536
 537     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 538     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 539
 540     assert_raises ActiveRecord::RecordInvalid do
 541       c.update_attributes! output: output.portable_data_hash
 542     end
 543   end
 544
 545 end