3 class ContainerTest < ActiveSupport::TestCase
7 command: ['echo', 'foo'],
8 container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
11 runtime_constraints: {"vcpus" => 1, "ram" => 1},
14 REUSABLE_COMMON_ATTRS = {
15 container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
17 command: ["echo", "hello"],
19 runtime_constraints: {
24 "test" => {"kind" => "json"},
31 def minimal_new attrs={}
32 cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
33 cr.state = ContainerRequest::Committed
34 act_as_user users(:active) do
37 c = Container.find_by_uuid cr.container_uuid
42 def check_illegal_updates c, bad_updates
43 bad_updates.each do |u|
44 refute c.update_attributes(u), u.inspect
45 refute c.valid?, u.inspect
50 def check_illegal_modify c
51 check_illegal_updates c, [{command: ["echo", "bar"]},
52 {container_image: "arvados/apitestfixture:june10"},
54 {environment: {"FOO" => "BAR"}},
55 {mounts: {"FOO" => "BAR"}},
56 {output_path: "/tmp3"},
57 {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
58 {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
59 {runtime_constraints: {"FOO" => "BAR"}}]
62 def check_bogus_states c
63 check_illegal_updates c, [{state: nil},
67 def check_no_change_from_cancelled c
68 check_illegal_modify c
70 check_illegal_updates c, [{ priority: 3 },
71 { state: Container::Queued },
72 { state: Container::Locked },
73 { state: Container::Running },
74 { state: Container::Complete }]
77 test "Container create" do
79 c, _ = minimal_new(environment: {},
80 mounts: {"BAR" => "FOO"},
83 runtime_constraints: {"vcpus" => 1, "ram" => 1})
85 check_illegal_modify c
94 test "Container serialized hash attributes sorted before save" do
95 env = {"C" => 3, "B" => 2, "A" => 1}
96 m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
97 rc = {"vcpus" => 1, "ram" => 1, "keep_cache_ram" => 1}
98 c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
99 assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
100 assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
101 assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
104 test 'deep_sort_hash on array of hashes' do
105 a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
106 b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
107 assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
110 test "find_reusable method should select higher priority queued container" do
111 set_user_from_auth :active
112 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
113 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
114 c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
115 assert_not_equal c_low_priority.uuid, c_high_priority.uuid
116 assert_equal Container::Queued, c_low_priority.state
117 assert_equal Container::Queued, c_high_priority.state
118 reused = Container.find_reusable(common_attrs)
119 assert_not_nil reused
120 assert_equal reused.uuid, c_high_priority.uuid
123 test "find_reusable method should select latest completed container" do
124 set_user_from_auth :active
125 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
127 state: Container::Complete,
129 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
130 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
133 c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
134 c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
135 assert_not_equal c_older.uuid, c_recent.uuid
137 set_user_from_auth :dispatch1
138 c_older.update_attributes!({state: Container::Locked})
139 c_older.update_attributes!({state: Container::Running})
140 c_older.update_attributes!(completed_attrs)
142 c_recent.update_attributes!({state: Container::Locked})
143 c_recent.update_attributes!({state: Container::Running})
144 c_recent.update_attributes!(completed_attrs)
146 reused = Container.find_reusable(common_attrs)
147 assert_not_nil reused
148 assert_equal reused.uuid, c_older.uuid
151 test "find_reusable method should select oldest completed container when inconsistent outputs exist" do
152 set_user_from_auth :active
153 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
155 state: Container::Complete,
157 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
160 set_user_from_auth :dispatch1
162 c_output1 = Container.create common_attrs
163 c_output2 = Container.create common_attrs
164 assert_not_equal c_output1.uuid, c_output2.uuid
166 cr = ContainerRequest.new common_attrs
167 cr.state = ContainerRequest::Committed
168 cr.container_uuid = c_output1.uuid
171 cr = ContainerRequest.new common_attrs
172 cr.state = ContainerRequest::Committed
173 cr.container_uuid = c_output2.uuid
176 out1 = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
177 log1 = collections(:real_log_collection).portable_data_hash
178 c_output1.update_attributes!({state: Container::Locked})
179 c_output1.update_attributes!({state: Container::Running})
180 c_output1.update_attributes!(completed_attrs.merge({log: log1, output: out1}))
182 out2 = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
183 c_output2.update_attributes!({state: Container::Locked})
184 c_output2.update_attributes!({state: Container::Running})
185 c_output2.update_attributes!(completed_attrs.merge({log: log1, output: out2}))
187 reused = Container.find_reusable(common_attrs)
188 assert_not_nil reused
189 assert_equal reused.uuid, c_output1.uuid
192 test "find_reusable method should select running container by start date" do
193 set_user_from_auth :active
194 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
195 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
196 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
197 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
198 # Confirm the 3 container UUIDs are different.
199 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
200 set_user_from_auth :dispatch1
201 c_slower.update_attributes!({state: Container::Locked})
202 c_slower.update_attributes!({state: Container::Running,
204 c_faster_started_first.update_attributes!({state: Container::Locked})
205 c_faster_started_first.update_attributes!({state: Container::Running,
207 c_faster_started_second.update_attributes!({state: Container::Locked})
208 c_faster_started_second.update_attributes!({state: Container::Running,
210 reused = Container.find_reusable(common_attrs)
211 assert_not_nil reused
212 # Selected container is the one that started first
213 assert_equal reused.uuid, c_faster_started_first.uuid
216 test "find_reusable method should select running container by progress" do
217 set_user_from_auth :active
218 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
219 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
220 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
221 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
222 # Confirm the 3 container UUIDs are different.
223 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
224 set_user_from_auth :dispatch1
225 c_slower.update_attributes!({state: Container::Locked})
226 c_slower.update_attributes!({state: Container::Running,
228 c_faster_started_first.update_attributes!({state: Container::Locked})
229 c_faster_started_first.update_attributes!({state: Container::Running,
231 c_faster_started_second.update_attributes!({state: Container::Locked})
232 c_faster_started_second.update_attributes!({state: Container::Running,
234 reused = Container.find_reusable(common_attrs)
235 assert_not_nil reused
236 # Selected container is the one with most progress done
237 assert_equal reused.uuid, c_faster_started_second.uuid
240 test "find_reusable method should select locked container most likely to start sooner" do
241 set_user_from_auth :active
242 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
243 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
244 c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
245 c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
246 # Confirm the 3 container UUIDs are different.
247 assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
248 set_user_from_auth :dispatch1
249 c_low_priority.update_attributes!({state: Container::Locked,
251 c_high_priority_older.update_attributes!({state: Container::Locked,
253 c_high_priority_newer.update_attributes!({state: Container::Locked,
255 reused = Container.find_reusable(common_attrs)
256 assert_not_nil reused
257 assert_equal reused.uuid, c_high_priority_older.uuid
260 test "find_reusable method should select running over failed container" do
261 set_user_from_auth :active
262 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
263 c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
264 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
265 assert_not_equal c_failed.uuid, c_running.uuid
266 set_user_from_auth :dispatch1
267 c_failed.update_attributes!({state: Container::Locked})
268 c_failed.update_attributes!({state: Container::Running})
269 c_failed.update_attributes!({state: Container::Complete,
271 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
272 output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
273 c_running.update_attributes!({state: Container::Locked})
274 c_running.update_attributes!({state: Container::Running,
276 reused = Container.find_reusable(common_attrs)
277 assert_not_nil reused
278 assert_equal reused.uuid, c_running.uuid
281 test "find_reusable method should select complete over running container" do
282 set_user_from_auth :active
283 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
284 c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
285 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
286 assert_not_equal c_completed.uuid, c_running.uuid
287 set_user_from_auth :dispatch1
288 c_completed.update_attributes!({state: Container::Locked})
289 c_completed.update_attributes!({state: Container::Running})
290 c_completed.update_attributes!({state: Container::Complete,
292 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
293 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
294 c_running.update_attributes!({state: Container::Locked})
295 c_running.update_attributes!({state: Container::Running,
297 reused = Container.find_reusable(common_attrs)
298 assert_not_nil reused
299 assert_equal c_completed.uuid, reused.uuid
302 test "find_reusable method should select running over locked container" do
303 set_user_from_auth :active
304 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
305 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
306 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
307 assert_not_equal c_running.uuid, c_locked.uuid
308 set_user_from_auth :dispatch1
309 c_locked.update_attributes!({state: Container::Locked})
310 c_running.update_attributes!({state: Container::Locked})
311 c_running.update_attributes!({state: Container::Running,
313 reused = Container.find_reusable(common_attrs)
314 assert_not_nil reused
315 assert_equal reused.uuid, c_running.uuid
318 test "find_reusable method should select locked over queued container" do
319 set_user_from_auth :active
320 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
321 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
322 c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
323 assert_not_equal c_queued.uuid, c_locked.uuid
324 set_user_from_auth :dispatch1
325 c_locked.update_attributes!({state: Container::Locked})
326 reused = Container.find_reusable(common_attrs)
327 assert_not_nil reused
328 assert_equal reused.uuid, c_locked.uuid
331 test "find_reusable method should not select failed container" do
332 set_user_from_auth :active
333 attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
334 c, _ = minimal_new(attrs)
335 set_user_from_auth :dispatch1
336 c.update_attributes!({state: Container::Locked})
337 c.update_attributes!({state: Container::Running})
338 c.update_attributes!({state: Container::Complete,
340 reused = Container.find_reusable(attrs)
344 test "Container running" do
345 c, _ = minimal_new priority: 1
347 set_user_from_auth :dispatch1
348 check_illegal_updates c, [{state: Container::Running},
349 {state: Container::Complete}]
352 c.update_attributes! state: Container::Running
354 check_illegal_modify c
357 check_illegal_updates c, [{state: Container::Queued}]
360 c.update_attributes! priority: 3
363 test "Lock and unlock" do
364 c, cr = minimal_new priority: 0
366 set_user_from_auth :dispatch1
367 assert_equal Container::Queued, c.state
369 assert_raise(ActiveRecord::RecordInvalid) {c.lock} # "no priority"
371 assert cr.update_attributes priority: 1
373 refute c.update_attributes(state: Container::Running), "not locked"
375 refute c.update_attributes(state: Container::Complete), "not locked"
378 assert c.lock, show_errors(c)
379 assert c.locked_by_uuid
382 assert_raise(ArvadosModel::AlreadyLockedError) {c.lock}
385 assert c.unlock, show_errors(c)
386 refute c.locked_by_uuid
389 refute c.update_attributes(state: Container::Running), "not locked"
391 refute c.locked_by_uuid
394 assert c.lock, show_errors(c)
395 assert c.update_attributes(state: Container::Running), show_errors(c)
396 assert c.locked_by_uuid
399 auth_uuid_was = c.auth_uuid
401 assert_raise(ActiveRecord::RecordInvalid) {c.lock} # Running to Locked is not allowed
403 assert_raise(ActiveRecord::RecordInvalid) {c.unlock} # Running to Queued is not allowed
406 assert c.update_attributes(state: Container::Complete), show_errors(c)
407 refute c.locked_by_uuid
410 auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
411 assert_operator auth_exp, :<, db_current_time
414 test "Container queued cancel" do
416 set_user_from_auth :dispatch1
417 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
418 check_no_change_from_cancelled c
421 test "Container locked cancel" do
423 set_user_from_auth :dispatch1
424 assert c.lock, show_errors(c)
425 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
426 check_no_change_from_cancelled c
429 test "Container running cancel" do
431 set_user_from_auth :dispatch1
433 c.update_attributes! state: Container::Running
434 c.update_attributes! state: Container::Cancelled
435 check_no_change_from_cancelled c
438 test "Container create forbidden for non-admin" do
439 set_user_from_auth :active_trustedclient
440 c = Container.new DEFAULT_ATTRS
442 c.mounts = {"BAR" => "FOO"}
443 c.output_path = "/tmp"
445 c.runtime_constraints = {}
446 assert_raises(ArvadosModel::PermissionDeniedError) do
451 test "Container only set exit code on complete" do
453 set_user_from_auth :dispatch1
455 c.update_attributes! state: Container::Running
457 check_illegal_updates c, [{exit_code: 1},
458 {exit_code: 1, state: Container::Cancelled}]
460 assert c.update_attributes(exit_code: 1, state: Container::Complete)
463 test "locked_by_uuid can set output on running container" do
465 set_user_from_auth :dispatch1
467 c.update_attributes! state: Container::Running
469 assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
471 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
472 assert c.update_attributes! state: Container::Complete
475 test "auth_uuid can set output on running container, but not change container state" do
477 set_user_from_auth :dispatch1
479 c.update_attributes! state: Container::Running
481 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
482 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
483 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
485 assert_raises ArvadosModel::PermissionDeniedError do
486 # auth_uuid cannot set container state
487 c.update_attributes state: Container::Complete
491 test "not allowed to set output that is not readable by current user" do
493 set_user_from_auth :dispatch1
495 c.update_attributes! state: Container::Running
497 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
498 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
500 assert_raises ActiveRecord::RecordInvalid do
501 c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
505 test "other token cannot set output on running container" do
507 set_user_from_auth :dispatch1
509 c.update_attributes! state: Container::Running
511 set_user_from_auth :not_running_container_auth
512 assert_raises ArvadosModel::PermissionDeniedError do
513 c.update_attributes! output: collections(:foo_file).portable_data_hash
517 test "can set trashed output on running container" do
519 set_user_from_auth :dispatch1
521 c.update_attributes! state: Container::Running
523 output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jk')
525 assert output.is_trashed
526 assert c.update_attributes output: output.portable_data_hash
527 assert c.update_attributes! state: Container::Complete
530 test "not allowed to set trashed output that is not readable by current user" do
532 set_user_from_auth :dispatch1
534 c.update_attributes! state: Container::Running
536 output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jr')
538 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
539 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
541 assert_raises ActiveRecord::RecordInvalid do
542 c.update_attributes! output: output.portable_data_hash