1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
6 require 'helpers/container_test_helper'
8 class ContainerTest < ActiveSupport::TestCase
10 include ContainerTestHelper
13 command: ['echo', 'foo'],
14 container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167',
17 runtime_constraints: {"vcpus" => 1, "ram" => 1},
20 REUSABLE_COMMON_ATTRS = {
21 container_image: "9ae44d5792468c58bcf85ce7353c7027+124",
23 command: ["echo", "hello"],
25 runtime_constraints: {
30 "test" => {"kind" => "json"},
38 def minimal_new attrs={}
39 cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs)
40 cr.state = ContainerRequest::Committed
41 act_as_user users(:active) do
44 c = Container.find_by_uuid cr.container_uuid
49 def check_illegal_updates c, bad_updates
50 bad_updates.each do |u|
51 refute c.update_attributes(u), u.inspect
52 refute c.valid?, u.inspect
57 def check_illegal_modify c
58 check_illegal_updates c, [{command: ["echo", "bar"]},
59 {container_image: "arvados/apitestfixture:june10"},
61 {environment: {"FOO" => "BAR"}},
62 {mounts: {"FOO" => "BAR"}},
63 {output_path: "/tmp3"},
64 {locked_by_uuid: "zzzzz-gj3su-027z32aux8dg2s1"},
65 {auth_uuid: "zzzzz-gj3su-017z32aux8dg2s1"},
66 {runtime_constraints: {"FOO" => "BAR"}}]
69 def check_bogus_states c
70 check_illegal_updates c, [{state: nil},
74 def check_no_change_from_cancelled c
75 check_illegal_modify c
77 check_illegal_updates c, [{ priority: 3 },
78 { state: Container::Queued },
79 { state: Container::Locked },
80 { state: Container::Running },
81 { state: Container::Complete }]
84 test "Container create" do
86 c, _ = minimal_new(environment: {},
87 mounts: {"BAR" => "FOO"},
90 runtime_constraints: {"vcpus" => 1, "ram" => 1})
92 check_illegal_modify c
101 test "Container valid priority" do
102 act_as_system_user do
103 c, _ = minimal_new(environment: {},
104 mounts: {"BAR" => "FOO"},
107 runtime_constraints: {"vcpus" => 1, "ram" => 1})
109 assert_raises(ActiveRecord::RecordInvalid) do
129 assert_raises(ActiveRecord::RecordInvalid) do
137 test "Container serialized hash attributes sorted before save" do
138 env = {"C" => 3, "B" => 2, "A" => 1}
139 m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}}
140 rc = {"vcpus" => 1, "ram" => 1, "keep_cache_ram" => 1}
141 c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc)
142 assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json
143 assert_equal c.mounts.to_json, Container.deep_sort_hash(m).to_json
144 assert_equal c.runtime_constraints.to_json, Container.deep_sort_hash(rc).to_json
147 test 'deep_sort_hash on array of hashes' do
148 a = {'z' => [[{'a' => 'a', 'b' => 'b'}]]}
149 b = {'z' => [[{'b' => 'b', 'a' => 'a'}]]}
150 assert_equal Container.deep_sort_hash(a).to_json, Container.deep_sort_hash(b).to_json
153 test "find_reusable method should select higher priority queued container" do
154 set_user_from_auth :active
155 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}})
156 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1}))
157 c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2}))
158 assert_not_equal c_low_priority.uuid, c_high_priority.uuid
159 assert_equal Container::Queued, c_low_priority.state
160 assert_equal Container::Queued, c_high_priority.state
161 reused = Container.find_reusable(common_attrs)
162 assert_not_nil reused
163 assert_equal reused.uuid, c_high_priority.uuid
166 test "find_reusable method should select latest completed container" do
167 set_user_from_auth :active
168 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}})
170 state: Container::Complete,
172 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
173 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
176 c_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
177 c_recent, _ = minimal_new(common_attrs.merge({use_existing: false}))
178 assert_not_equal c_older.uuid, c_recent.uuid
180 set_user_from_auth :dispatch1
181 c_older.update_attributes!({state: Container::Locked})
182 c_older.update_attributes!({state: Container::Running})
183 c_older.update_attributes!(completed_attrs)
185 c_recent.update_attributes!({state: Container::Locked})
186 c_recent.update_attributes!({state: Container::Running})
187 c_recent.update_attributes!(completed_attrs)
189 reused = Container.find_reusable(common_attrs)
190 assert_not_nil reused
191 assert_equal reused.uuid, c_older.uuid
194 test "find_reusable method should select oldest completed container when inconsistent outputs exist" do
195 set_user_from_auth :active
196 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1})
198 state: Container::Complete,
200 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
203 cr = ContainerRequest.new common_attrs
204 cr.use_existing = false
205 cr.state = ContainerRequest::Committed
207 c_output1 = Container.where(uuid: cr.container_uuid).first
209 cr = ContainerRequest.new common_attrs
210 cr.use_existing = false
211 cr.state = ContainerRequest::Committed
213 c_output2 = Container.where(uuid: cr.container_uuid).first
215 assert_not_equal c_output1.uuid, c_output2.uuid
217 set_user_from_auth :dispatch1
219 out1 = '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'
220 log1 = collections(:real_log_collection).portable_data_hash
221 c_output1.update_attributes!({state: Container::Locked})
222 c_output1.update_attributes!({state: Container::Running})
223 c_output1.update_attributes!(completed_attrs.merge({log: log1, output: out1}))
225 out2 = 'fa7aeb5140e2848d39b416daeef4ffc5+45'
226 c_output2.update_attributes!({state: Container::Locked})
227 c_output2.update_attributes!({state: Container::Running})
228 c_output2.update_attributes!(completed_attrs.merge({log: log1, output: out2}))
230 reused = Container.resolve(ContainerRequest.new(common_attrs))
231 assert_equal c_output1.uuid, reused.uuid
234 test "find_reusable method should select running container by start date" do
235 set_user_from_auth :active
236 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}})
237 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
238 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
239 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
240 # Confirm the 3 container UUIDs are different.
241 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
242 set_user_from_auth :dispatch1
243 c_slower.update_attributes!({state: Container::Locked})
244 c_slower.update_attributes!({state: Container::Running,
246 c_faster_started_first.update_attributes!({state: Container::Locked})
247 c_faster_started_first.update_attributes!({state: Container::Running,
249 c_faster_started_second.update_attributes!({state: Container::Locked})
250 c_faster_started_second.update_attributes!({state: Container::Running,
252 reused = Container.find_reusable(common_attrs)
253 assert_not_nil reused
254 # Selected container is the one that started first
255 assert_equal reused.uuid, c_faster_started_first.uuid
258 test "find_reusable method should select running container by progress" do
259 set_user_from_auth :active
260 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}})
261 c_slower, _ = minimal_new(common_attrs.merge({use_existing: false}))
262 c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false}))
263 c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false}))
264 # Confirm the 3 container UUIDs are different.
265 assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length
266 set_user_from_auth :dispatch1
267 c_slower.update_attributes!({state: Container::Locked})
268 c_slower.update_attributes!({state: Container::Running,
270 c_faster_started_first.update_attributes!({state: Container::Locked})
271 c_faster_started_first.update_attributes!({state: Container::Running,
273 c_faster_started_second.update_attributes!({state: Container::Locked})
274 c_faster_started_second.update_attributes!({state: Container::Running,
276 reused = Container.find_reusable(common_attrs)
277 assert_not_nil reused
278 # Selected container is the one with most progress done
279 assert_equal reused.uuid, c_faster_started_second.uuid
282 test "find_reusable method should select locked container most likely to start sooner" do
283 set_user_from_auth :active
284 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}})
285 c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false}))
286 c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false}))
287 c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false}))
288 # Confirm the 3 container UUIDs are different.
289 assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length
290 set_user_from_auth :dispatch1
291 c_low_priority.update_attributes!({state: Container::Locked,
293 c_high_priority_older.update_attributes!({state: Container::Locked,
295 c_high_priority_newer.update_attributes!({state: Container::Locked,
297 reused = Container.find_reusable(common_attrs)
298 assert_not_nil reused
299 assert_equal reused.uuid, c_high_priority_older.uuid
302 test "find_reusable method should select running over failed container" do
303 set_user_from_auth :active
304 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}})
305 c_failed, _ = minimal_new(common_attrs.merge({use_existing: false}))
306 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
307 assert_not_equal c_failed.uuid, c_running.uuid
308 set_user_from_auth :dispatch1
309 c_failed.update_attributes!({state: Container::Locked})
310 c_failed.update_attributes!({state: Container::Running})
311 c_failed.update_attributes!({state: Container::Complete,
313 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
314 output: 'ea10d51bcf88862dbcc36eb292017dfd+45'})
315 c_running.update_attributes!({state: Container::Locked})
316 c_running.update_attributes!({state: Container::Running,
318 reused = Container.find_reusable(common_attrs)
319 assert_not_nil reused
320 assert_equal reused.uuid, c_running.uuid
323 test "find_reusable method should select complete over running container" do
324 set_user_from_auth :active
325 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}})
326 c_completed, _ = minimal_new(common_attrs.merge({use_existing: false}))
327 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
328 assert_not_equal c_completed.uuid, c_running.uuid
329 set_user_from_auth :dispatch1
330 c_completed.update_attributes!({state: Container::Locked})
331 c_completed.update_attributes!({state: Container::Running})
332 c_completed.update_attributes!({state: Container::Complete,
334 log: 'ea10d51bcf88862dbcc36eb292017dfd+45',
335 output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})
336 c_running.update_attributes!({state: Container::Locked})
337 c_running.update_attributes!({state: Container::Running,
339 reused = Container.find_reusable(common_attrs)
340 assert_not_nil reused
341 assert_equal c_completed.uuid, reused.uuid
344 test "find_reusable method should select running over locked container" do
345 set_user_from_auth :active
346 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
347 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
348 c_running, _ = minimal_new(common_attrs.merge({use_existing: false}))
349 assert_not_equal c_running.uuid, c_locked.uuid
350 set_user_from_auth :dispatch1
351 c_locked.update_attributes!({state: Container::Locked})
352 c_running.update_attributes!({state: Container::Locked})
353 c_running.update_attributes!({state: Container::Running,
355 reused = Container.find_reusable(common_attrs)
356 assert_not_nil reused
357 assert_equal reused.uuid, c_running.uuid
360 test "find_reusable method should select locked over queued container" do
361 set_user_from_auth :active
362 common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}})
363 c_locked, _ = minimal_new(common_attrs.merge({use_existing: false}))
364 c_queued, _ = minimal_new(common_attrs.merge({use_existing: false}))
365 assert_not_equal c_queued.uuid, c_locked.uuid
366 set_user_from_auth :dispatch1
367 c_locked.update_attributes!({state: Container::Locked})
368 reused = Container.find_reusable(common_attrs)
369 assert_not_nil reused
370 assert_equal reused.uuid, c_locked.uuid
373 test "find_reusable method should not select failed container" do
374 set_user_from_auth :active
375 attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed"}})
376 c, _ = minimal_new(attrs)
377 set_user_from_auth :dispatch1
378 c.update_attributes!({state: Container::Locked})
379 c.update_attributes!({state: Container::Running})
380 c.update_attributes!({state: Container::Complete,
382 reused = Container.find_reusable(attrs)
386 test "find_reusable with logging disabled" do
387 set_user_from_auth :active
388 Rails.logger.expects(:info).never
389 Container.find_reusable(REUSABLE_COMMON_ATTRS)
392 test "find_reusable with logging enabled" do
393 set_user_from_auth :active
394 Rails.configuration.log_reuse_decisions = true
395 Rails.logger.expects(:info).at_least(3)
396 Container.find_reusable(REUSABLE_COMMON_ATTRS)
399 test "Container running" do
400 c, _ = minimal_new priority: 1
402 set_user_from_auth :dispatch1
403 check_illegal_updates c, [{state: Container::Running},
404 {state: Container::Complete}]
407 c.update_attributes! state: Container::Running
409 check_illegal_modify c
412 check_illegal_updates c, [{state: Container::Queued}]
415 c.update_attributes! priority: 3
418 test "Lock and unlock" do
419 c, cr = minimal_new priority: 0
421 set_user_from_auth :dispatch1
422 assert_equal Container::Queued, c.state
424 assert_raise(ArvadosModel::LockFailedError) do
429 assert cr.update_attributes priority: 1
431 refute c.update_attributes(state: Container::Running), "not locked"
433 refute c.update_attributes(state: Container::Complete), "not locked"
436 assert c.lock, show_errors(c)
437 assert c.locked_by_uuid
440 assert_raise(ArvadosModel::LockFailedError) {c.lock}
443 assert c.unlock, show_errors(c)
444 refute c.locked_by_uuid
447 refute c.update_attributes(state: Container::Running), "not locked"
449 refute c.locked_by_uuid
452 assert c.lock, show_errors(c)
453 assert c.update_attributes(state: Container::Running), show_errors(c)
454 assert c.locked_by_uuid
457 auth_uuid_was = c.auth_uuid
459 assert_raise(ArvadosModel::LockFailedError) do
460 # Running to Locked is not allowed
464 assert_raise(ArvadosModel::InvalidStateTransitionError) do
465 # Running to Queued is not allowed
470 assert c.update_attributes(state: Container::Complete), show_errors(c)
471 refute c.locked_by_uuid
474 auth_exp = ApiClientAuthorization.find_by_uuid(auth_uuid_was).expires_at
475 assert_operator auth_exp, :<, db_current_time
478 test "Container queued cancel" do
479 c, cr = minimal_new({container_count_max: 1})
480 set_user_from_auth :dispatch1
481 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
482 check_no_change_from_cancelled c
484 assert_equal ContainerRequest::Final, cr.state
487 test "Container queued count" do
488 assert_equal 1, Container.readable_by(users(:active)).where(state: "Queued").count
491 test "Container locked cancel" do
493 set_user_from_auth :dispatch1
494 assert c.lock, show_errors(c)
495 assert c.update_attributes(state: Container::Cancelled), show_errors(c)
496 check_no_change_from_cancelled c
499 test "Container locked cancel with log" do
501 set_user_from_auth :dispatch1
502 assert c.lock, show_errors(c)
503 assert c.update_attributes(
504 state: Container::Cancelled,
505 log: collections(:real_log_collection).portable_data_hash,
507 check_no_change_from_cancelled c
510 test "Container running cancel" do
512 set_user_from_auth :dispatch1
514 c.update_attributes! state: Container::Running
515 c.update_attributes! state: Container::Cancelled
516 check_no_change_from_cancelled c
519 test "Container create forbidden for non-admin" do
520 set_user_from_auth :active_trustedclient
521 c = Container.new DEFAULT_ATTRS
523 c.mounts = {"BAR" => "FOO"}
524 c.output_path = "/tmp"
526 c.runtime_constraints = {}
527 assert_raises(ArvadosModel::PermissionDeniedError) do
532 test "Container only set exit code on complete" do
534 set_user_from_auth :dispatch1
536 c.update_attributes! state: Container::Running
538 check_illegal_updates c, [{exit_code: 1},
539 {exit_code: 1, state: Container::Cancelled}]
541 assert c.update_attributes(exit_code: 1, state: Container::Complete)
544 test "locked_by_uuid can set output on running container" do
546 set_user_from_auth :dispatch1
548 c.update_attributes! state: Container::Running
550 assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid
552 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
553 assert c.update_attributes! state: Container::Complete
556 test "auth_uuid can set output on running container, but not change container state" do
558 set_user_from_auth :dispatch1
560 c.update_attributes! state: Container::Running
562 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
563 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
564 assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash
566 assert_raises ArvadosModel::PermissionDeniedError do
567 # auth_uuid cannot set container state
568 c.update_attributes state: Container::Complete
572 test "not allowed to set output that is not readable by current user" do
574 set_user_from_auth :dispatch1
576 c.update_attributes! state: Container::Running
578 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
579 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
581 assert_raises ActiveRecord::RecordInvalid do
582 c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash
586 test "other token cannot set output on running container" do
588 set_user_from_auth :dispatch1
590 c.update_attributes! state: Container::Running
592 set_user_from_auth :running_to_be_deleted_container_auth
593 assert_raises ArvadosModel::PermissionDeniedError do
594 c.update_attributes! output: collections(:foo_file).portable_data_hash
598 test "can set trashed output on running container" do
600 set_user_from_auth :dispatch1
602 c.update_attributes! state: Container::Running
604 output = Collection.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jk')
606 assert output.is_trashed
607 assert c.update_attributes output: output.portable_data_hash
608 assert c.update_attributes! state: Container::Complete
611 test "not allowed to set trashed output that is not readable by current user" do
613 set_user_from_auth :dispatch1
615 c.update_attributes! state: Container::Running
617 output = Collection.find_by_uuid('zzzzz-4zz18-mto52zx1s7sn3jr')
619 Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid)
620 Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id)
622 assert_raises ActiveRecord::RecordInvalid do
623 c.update_attributes! output: output.portable_data_hash
628 {state: Container::Complete, exit_code: 0, output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'},
629 {state: Container::Cancelled},
630 ].each do |final_attrs|
631 test "secret_mounts is null after container is #{final_attrs[:state]}" do
632 c, cr = minimal_new(secret_mounts: {'/secret' => {'kind' => 'text', 'content' => 'foo'}},
633 container_count_max: 1)
634 set_user_from_auth :dispatch1
636 c.update_attributes!(state: Container::Running)
638 assert c.secret_mounts.has_key?('/secret')
640 c.update_attributes!(final_attrs)
642 assert_equal({}, c.secret_mounts)
644 assert_equal({}, cr.secret_mounts)
645 assert_no_secrets_logged