services/api/test/unit/container_test.rb

   1 require 'test_helper'
   2
   3 class ContainerTest < ActiveSupport::TestCase
   4   include DbCurrentTime
   5
   6   DEFAULT_ATTRS = {
   7     command: ['echo', 'foo'],
   8     container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
   9     output_path: '/tmp',
  10     priority: 1,
  11     runtime_constraints: {"vcpus" => 1, "ram" => 1},
  12   }
  13
  14   REUSABLE_COMMON_ATTRS = {
  15     container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
  16     cwd: "test",
  17     command: ["echo", "hello"],
  18     output_path: "test",
  19     runtime_constraints: {
  20       "ram" => 12000000000,
  21       "vcpus" => 4,
  22     },
  23     mounts: {
  24       "test" => {"kind" => "json"},
  25     },
  26     environment: {
  27       "var" => "val",
  28     },
  29   }
  30
  31   def minimal_new attrs={}
  32     cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
  33     cr.state = ContainerRequest::Committed
  34     act_as_user users(:active) do
  35       cr.save!
  36     end
  37     c = Container.find_by_uuid cr.container_uuid
  38     assert_not_nil c
  39     return c, cr
  40   end
  41
  42   def check_illegal_updates c, bad_updates
  43     bad_updates.each do |u|
  44       refute c.update_attributes(u), u.inspect
  45       refute c.valid?, u.inspect
  46       c.reload
  47     end
  48   end
  49
  50   def check_illegal_modify c
  51     check_illegal_updates c, [{command: ["echo", "bar"]},
  52                               {container_image: "arvados/apitestfixture:june10"},
  53                               {cwd: "/tmp2"},
  54                               {environment: {"FOO" => "BAR"}},
  55                               {mounts: {"FOO" => "BAR"}},
  56                               {output_path: "/tmp3"},
  57                               {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
  58                               {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
  59                               {runtime_constraints: {"FOO" => "BAR"}}]
  60   end
  61
  62   def check_bogus_states c
  63     check_illegal_updates c, [{state: nil},
  64                               {state: "Flubber"}]
  65   end
  66
  67   def check_no_change_from_cancelled c
  68     check_illegal_modify c
  69     check_bogus_states c
  70     check_illegal_updates c, [{ priority: 3 },
  71                               { state: Container::Queued },
  72                               { state: Container::Locked },
  73                               { state: Container::Running },
  74                               { state: Container::Complete }]
  75   end
  76
  77   test "Container create" do
  78     act_as_system_user do
  79       c, _ = minimal_new(environment: {},
  80                       mounts: {"BAR" => "FOO"},
  81                       output_path: "/tmp",
  82                       priority: 1,
  83                       runtime_constraints: {"vcpus" => 1, "ram" => 1})
  84
  85       check_illegal_modify c
  86       check_bogus_states c
  87
  88       c.reload
  89       c.priority = 2
  90       c.save!
  91     end
  92   end
  93
  94   test "Container serialized hash attributes sorted before save" do
  95     env = {"C" => 3, "B" => 2, "A" => 1}
  96     m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
  97     rc = {"vcpus" => 1, "ram" => 1, "keep_cache_ram" => 1}
  98     c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
  99     assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
 100     assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
 101     assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
 102   end
 103
 104   test 'deep_sort_hash on array of hashes' do
 105     a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
 106     b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
 107     assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
 108   end
 109
 110   test "find_reusable method should select higher priority queued container" do
 111     set_user_from_auth :active
 112     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
 113     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
 114     c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
 115     assert_not_equal c_low_priority.uuid, c_high_priority.uuid
 116     assert_equal Container::Queued, c_low_priority.state
 117     assert_equal Container::Queued, c_high_priority.state
 118     reused = Container.find_reusable(common_attrs)
 119     assert_not_nil reused
 120     assert_equal reused.uuid, c_high_priority.uuid
 121   end
 122
 123   test "find_reusable method should select latest completed container" do
 124     set_user_from_auth :active
 125     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
 126     completed_attrs = {
 127       state: Container::Complete,
 128       exit_code: 0,
 129       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 130       output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
 131     }
 132
 133     c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
 134     c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
 135     assert_not_equal c_older.uuid, c_recent.uuid
 136
 137     set_user_from_auth :dispatch1
 138     c_older.update_attributes!({state: Container::Locked})
 139     c_older.update_attributes!({state: Container::Running})
 140     c_older.update_attributes!(completed_attrs)
 141
 142     c_recent.update_attributes!({state: Container::Locked})
 143     c_recent.update_attributes!({state: Container::Running})
 144     c_recent.update_attributes!(completed_attrs)
 145
 146     reused = Container.find_reusable(common_attrs)
 147     assert_not_nil reused
 148     assert_equal reused.uuid, c_older.uuid
 149   end
 150
 151   test "find_reusable method should select oldest completed container when inconsistent outputs exist" do
 152     set_user_from_auth :active
 153     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
 154     completed_attrs = {
 155       state: Container::Complete,
 156       exit_code: 0,
 157       log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 158     }
 159
 160     set_user_from_auth :dispatch1
 161
 162     c_output1 = Container.create common_attrs
 163     c_output2 = Container.create common_attrs
 164     assert_not_equal c_output1.uuid, c_output2.uuid
 165
 166     cr = ContainerRequest.new common_attrs
 167     cr.state = ContainerRequest::Committed
 168     cr.container_uuid = c_output1.uuid
 169     cr.save!
 170
 171     cr = ContainerRequest.new common_attrs
 172     cr.state = ContainerRequest::Committed
 173     cr.container_uuid = c_output2.uuid
 174     cr.save!
 175
 176     out1 = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
 177     log1 = collections(:real_log_collection).portable_data_hash
 178     c_output1.update_attributes!({state: Container::Locked})
 179     c_output1.update_attributes!({state: Container::Running})
 180     c_output1.update_attributes!(completed_attrs.merge({log: log1, output: out1}))
 181
 182     out2 = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
 183     c_output2.update_attributes!({state: Container::Locked})
 184     c_output2.update_attributes!({state: Container::Running})
 185     c_output2.update_attributes!(completed_attrs.merge({log: log1, output: out2}))
 186
 187     reused = Container.find_reusable(common_attrs)
 188     assert_not_nil reused
 189     assert_equal reused.uuid, c_output1.uuid
 190   end
 191
 192   test "find_reusable method should select running container by start date" do
 193     set_user_from_auth :active
 194     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
 195     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
 196     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
 197     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
 198     # Confirm the 3 container UUIDs are different.
 199     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
 200     set_user_from_auth :dispatch1
 201     c_slower.update_attributes!({state: Container::Locked})
 202     c_slower.update_attributes!({state: Container::Running,
 203                                  progress: 0.1})
 204     c_faster_started_first.update_attributes!({state: Container::Locked})
 205     c_faster_started_first.update_attributes!({state: Container::Running,
 206                                                progress: 0.15})
 207     c_faster_started_second.update_attributes!({state: Container::Locked})
 208     c_faster_started_second.update_attributes!({state: Container::Running,
 209                                                 progress: 0.15})
 210     reused = Container.find_reusable(common_attrs)
 211     assert_not_nil reused
 212     # Selected container is the one that started first
 213     assert_equal reused.uuid, c_faster_started_first.uuid
 214   end
 215
 216   test "find_reusable method should select running container by progress" do
 217     set_user_from_auth :active
 218     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
 219     c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
 220     c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
 221     c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
 222     # Confirm the 3 container UUIDs are different.
 223     assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
 224     set_user_from_auth :dispatch1
 225     c_slower.update_attributes!({state: Container::Locked})
 226     c_slower.update_attributes!({state: Container::Running,
 227                                  progress: 0.1})
 228     c_faster_started_first.update_attributes!({state: Container::Locked})
 229     c_faster_started_first.update_attributes!({state: Container::Running,
 230                                                progress: 0.15})
 231     c_faster_started_second.update_attributes!({state: Container::Locked})
 232     c_faster_started_second.update_attributes!({state: Container::Running,
 233                                                 progress: 0.2})
 234     reused = Container.find_reusable(common_attrs)
 235     assert_not_nil reused
 236     # Selected container is the one with most progress done
 237     assert_equal reused.uuid, c_faster_started_second.uuid
 238   end
 239
 240   test "find_reusable method should select locked container most likely to start sooner" do
 241     set_user_from_auth :active
 242     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
 243     c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
 244     c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
 245     c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
 246     # Confirm the 3 container UUIDs are different.
 247     assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
 248     set_user_from_auth :dispatch1
 249     c_low_priority.update_attributes!({state: Container::Locked,
 250                                        priority: 1})
 251     c_high_priority_older.update_attributes!({state: Container::Locked,
 252                                               priority: 2})
 253     c_high_priority_newer.update_attributes!({state: Container::Locked,
 254                                               priority: 2})
 255     reused = Container.find_reusable(common_attrs)
 256     assert_not_nil reused
 257     assert_equal reused.uuid, c_high_priority_older.uuid
 258   end
 259
 260   test "find_reusable method should select running over failed container" do
 261     set_user_from_auth :active
 262     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
 263     c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
 264     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 265     assert_not_equal c_failed.uuid, c_running.uuid
 266     set_user_from_auth :dispatch1
 267     c_failed.update_attributes!({state: Container::Locked})
 268     c_failed.update_attributes!({state: Container::Running})
 269     c_failed.update_attributes!({state: Container::Complete,
 270                                  exit_code: 42,
 271                                  log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 272                                  output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
 273     c_running.update_attributes!({state: Container::Locked})
 274     c_running.update_attributes!({state: Container::Running,
 275                                   progress: 0.15})
 276     reused = Container.find_reusable(common_attrs)
 277     assert_not_nil reused
 278     assert_equal reused.uuid, c_running.uuid
 279   end
 280
 281   test "find_reusable method should select complete over running container" do
 282     set_user_from_auth :active
 283     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
 284     c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
 285     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 286     assert_not_equal c_completed.uuid, c_running.uuid
 287     set_user_from_auth :dispatch1
 288     c_completed.update_attributes!({state: Container::Locked})
 289     c_completed.update_attributes!({state: Container::Running})
 290     c_completed.update_attributes!({state: Container::Complete,
 291                                     exit_code: 0,
 292                                     log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
 293                                     output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
 294     c_running.update_attributes!({state: Container::Locked})
 295     c_running.update_attributes!({state: Container::Running,
 296                                   progress: 0.15})
 297     reused = Container.find_reusable(common_attrs)
 298     assert_not_nil reused
 299     assert_equal c_completed.uuid, reused.uuid
 300   end
 301
 302   test "find_reusable method should select running over locked container" do
 303     set_user_from_auth :active
 304     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
 305     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
 306     c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
 307     assert_not_equal c_running.uuid, c_locked.uuid
 308     set_user_from_auth :dispatch1
 309     c_locked.update_attributes!({state: Container::Locked})
 310     c_running.update_attributes!({state: Container::Locked})
 311     c_running.update_attributes!({state: Container::Running,
 312                                   progress: 0.15})
 313     reused = Container.find_reusable(common_attrs)
 314     assert_not_nil reused
 315     assert_equal reused.uuid, c_running.uuid
 316   end
 317
 318   test "find_reusable method should select locked over queued container" do
 319     set_user_from_auth :active
 320     common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
 321     c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
 322     c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
 323     assert_not_equal c_queued.uuid, c_locked.uuid
 324     set_user_from_auth :dispatch1
 325     c_locked.update_attributes!({state: Container::Locked})
 326     reused = Container.find_reusable(common_attrs)
 327     assert_not_nil reused
 328     assert_equal reused.uuid, c_locked.uuid
 329   end
 330
 331   test "find_reusable method should not select failed container" do
 332     set_user_from_auth :active
 333     attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
 334     c, _ = minimal_new(attrs)
 335     set_user_from_auth :dispatch1
 336     c.update_attributes!({state: Container::Locked})
 337     c.update_attributes!({state: Container::Running})
 338     c.update_attributes!({state: Container::Complete,
 339                           exit_code: 33})
 340     reused = Container.find_reusable(attrs)
 341     assert_nil reused
 342   end
 343
 344   test "Container running" do
 345     c, _ = minimal_new priority: 1
 346
 347     set_user_from_auth :dispatch1
 348     check_illegal_updates c, [{state: Container::Running},
 349                               {state: Container::Complete}]
 350
 351     c.lock
 352     c.update_attributes! state: Container::Running
 353
 354     check_illegal_modify c
 355     check_bogus_states c
 356
 357     check_illegal_updates c, [{state: Container::Queued}]
 358     c.reload
 359
 360     c.update_attributes! priority: 3
 361   end
 362
 363   test "Lock and unlock" do
 364     c, cr = minimal_new priority: 0
 365
 366     set_user_from_auth :dispatch1
 367     assert_equal Container::Queued, c.state
 368
 369     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # "no priority"
 370     c.reload
 371     assert cr.update_attributes priority: 1
 372
 373     refute c.update_attributes(state: Container::Running), "not locked"
 374     c.reload
 375     refute c.update_attributes(state: Container::Complete), "not locked"
 376     c.reload
 377
 378     assert c.lock, show_errors(c)
 379     assert c.locked_by_uuid
 380     assert c.auth_uuid
 381
 382     assert_raise(ArvadosModel::AlreadyLockedError) {c.lock}
 383     c.reload
 384
 385     assert c.unlock, show_errors(c)
 386     refute c.locked_by_uuid
 387     refute c.auth_uuid
 388
 389     refute c.update_attributes(state: Container::Running), "not locked"
 390     c.reload
 391     refute c.locked_by_uuid
 392     refute c.auth_uuid
 393
 394     assert c.lock, show_errors(c)
 395     assert c.update_attributes(state: Container::Running), show_errors(c)
 396     assert c.locked_by_uuid
 397     assert c.auth_uuid
 398
 399     auth_uuid_was = c.auth_uuid
 400
 401     assert_raise(ActiveRecord::RecordInvalid) {c.lock} # Running to Locked is not allowed
 402     c.reload
 403     assert_raise(ActiveRecord::RecordInvalid) {c.unlock} # Running to Queued is not allowed
 404     c.reload
 405
 406     assert c.update_attributes(state: Container::Complete), show_errors(c)
 407     refute c.locked_by_uuid
 408     refute c.auth_uuid
 409
 410     auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
 411     assert_operator auth_exp, :<, db_current_time
 412   end
 413
 414   test "Container queued cancel" do
 415     c, _ = minimal_new
 416     set_user_from_auth :dispatch1
 417     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
 418     check_no_change_from_cancelled c
 419   end
 420
 421   test "Container locked cancel" do
 422     c, _ = minimal_new
 423     set_user_from_auth :dispatch1
 424     assert c.lock, show_errors(c)
 425     assert c.update_attributes(state: Container::Cancelled), show_errors(c)
 426     check_no_change_from_cancelled c
 427   end
 428
 429   test "Container running cancel" do
 430     c, _ = minimal_new
 431     set_user_from_auth :dispatch1
 432     c.lock
 433     c.update_attributes! state: Container::Running
 434     c.update_attributes! state: Container::Cancelled
 435     check_no_change_from_cancelled c
 436   end
 437
 438   test "Container create forbidden for non-admin" do
 439     set_user_from_auth :active_trustedclient
 440     c = Container.new DEFAULT_ATTRS
 441     c.environment = {}
 442     c.mounts = {"BAR" => "FOO"}
 443     c.output_path = "/tmp"
 444     c.priority = 1
 445     c.runtime_constraints = {}
 446     assert_raises(ArvadosModel::PermissionDeniedError) do
 447       c.save!
 448     end
 449   end
 450
 451   test "Container only set exit code on complete" do
 452     c, _ = minimal_new
 453     set_user_from_auth :dispatch1
 454     c.lock
 455     c.update_attributes! state: Container::Running
 456
 457     check_illegal_updates c, [{exit_code: 1},
 458                               {exit_code: 1, state: Container::Cancelled}]
 459
 460     assert c.update_attributes(exit_code: 1, state: Container::Complete)
 461   end
 462
 463   test "locked_by_uuid can set output on running container" do
 464     c, _ = minimal_new
 465     set_user_from_auth :dispatch1
 466     c.lock
 467     c.update_attributes! state: Container::Running
 468
 469     assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
 470
 471     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
 472     assert c.update_attributes! state: Container::Complete
 473   end
 474
 475   test "auth_uuid can set output on running container, but not change container state" do
 476     c, _ = minimal_new
 477     set_user_from_auth :dispatch1
 478     c.lock
 479     c.update_attributes! state: Container::Running
 480
 481     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 482     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 483     assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
 484
 485     assert_raises ArvadosModel::PermissionDeniedError do
 486       # auth_uuid cannot set container state
 487       c.update_attributes state: Container::Complete
 488     end
 489   end
 490
 491   test "not allowed to set output that is not readable by current user" do
 492     c, _ = minimal_new
 493     set_user_from_auth :dispatch1
 494     c.lock
 495     c.update_attributes! state: Container::Running
 496
 497     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 498     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 499
 500     assert_raises ActiveRecord::RecordInvalid do
 501       c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
 502     end
 503   end
 504
 505   test "other token cannot set output on running container" do
 506     c, _ = minimal_new
 507     set_user_from_auth :dispatch1
 508     c.lock
 509     c.update_attributes! state: Container::Running
 510
 511     set_user_from_auth :not_running_container_auth
 512     assert_raises ArvadosModel::PermissionDeniedError do
 513       c.update_attributes! output: collections(:foo_file).portable_data_hash
 514     end
 515   end
 516
 517   test "can set trashed output on running container" do
 518     c, _ = minimal_new
 519     set_user_from_auth :dispatch1
 520     c.lock
 521     c.update_attributes! state: Container::Running
 522
 523     output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jk')
 524
 525     assert output.is_trashed
 526     assert c.update_attributes output: output.portable_data_hash
 527     assert c.update_attributes! state: Container::Complete
 528   end
 529
 530   test "not allowed to set trashed output that is not readable by current user" do
 531     c, _ = minimal_new
 532     set_user_from_auth :dispatch1
 533     c.lock
 534     c.update_attributes! state: Container::Running
 535
 536     output = Collection.unscoped.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jr')
 537
 538     Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
 539     Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
 540
 541     assert_raises ActiveRecord::RecordInvalid do
 542       c.update_attributes! output: output.portable_data_hash
 543     end
 544   end
 545
 546 end