X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/298fa8a8436596348086b42c8d31eba22609145a..c71619f7d3ec01de2c5a9a517701ecf88381830e:/sdk/cwl/tests/test_container.py diff --git a/sdk/cwl/tests/test_container.py b/sdk/cwl/tests/test_container.py index cd555a72ca..0209d2eba9 100644 --- a/sdk/cwl/tests/test_container.py +++ b/sdk/cwl/tests/test_container.py @@ -4,12 +4,14 @@ import arvados_cwl from arvados_cwl.arvdocker import arv_docker_clear_cache +import arvados.config import logging import mock import unittest import os import functools import cwltool.process +import cwltool.secrets from schema_salad.ref_resolver import Loader from schema_salad.sourceline import cmap @@ -20,6 +22,32 @@ if not os.getenv('ARVADOS_DEBUG'): logging.getLogger('arvados.arv-run').setLevel(logging.WARN) +class CollectionMock(object): + def __init__(self, vwdmock, *args, **kwargs): + self.vwdmock = vwdmock + self.count = 0 + + def open(self, *args, **kwargs): + self.count += 1 + return self.vwdmock.open(*args, **kwargs) + + def copy(self, *args, **kwargs): + self.count += 1 + self.vwdmock.copy(*args, **kwargs) + + def save_new(self, *args, **kwargs): + pass + + def __len__(self): + return self.count + + def portable_data_hash(self): + if self.count == 0: + return arvados.config.EMPTY_BLOCK_LOCATOR + else: + return "99999999999999999999999999999996+99" + + class TestContainer(unittest.TestCase): # The test passes no builder.resources @@ -33,6 +61,7 @@ class TestContainer(unittest.TestCase): runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] runner.api.collections().get().execute.return_value = { @@ -51,7 +80,8 @@ class TestContainer(unittest.TestCase): make_fs_access=functools.partial(arvados_cwl.CollectionFsAccess, collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, - basedir="", make_fs_access=make_fs_access, loader=Loader({})) + basedir="", make_fs_access=make_fs_access, loader=Loader({}), + metadata={"cwlVersion": "v1.0"}) arvtool.formatgraph = None for j in arvtool.job({}, mock.MagicMock(), basedir="", name="test_run_"+str(enable_reuse), make_fs_access=make_fs_access, tmpdir="/tmp"): @@ -85,6 +115,7 @@ class TestContainer(unittest.TestCase): 'cwd': '/var/spool/cwl', 'scheduling_parameters': {}, 'properties': {}, + 'secret_mounts': {} })) # The test passes some fields in builder.resources @@ -96,6 +127,8 @@ class TestContainer(unittest.TestCase): runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 3600 + runner.secret_store = cwltool.secrets.SecretStore() + document_loader, avsc_names, schema_metadata, metaschema_loader = cwltool.process.get_schema("v1.0") keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] @@ -134,7 +167,7 @@ class TestContainer(unittest.TestCase): collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, make_fs_access=make_fs_access, - loader=Loader({})) + loader=Loader({}), metadata={"cwlVersion": "v1.0"}) arvtool.formatgraph = None for j in arvtool.job({}, mock.MagicMock(), basedir="", name="test_resource_requirements", make_fs_access=make_fs_access, tmpdir="/tmp"): @@ -172,7 +205,8 @@ class TestContainer(unittest.TestCase): 'scheduling_parameters': { 'partitions': ['blurb'] }, - 'properties': {} + 'properties': {}, + 'secret_mounts': {} } call_body = call_kwargs.get('body', None) @@ -191,6 +225,8 @@ class TestContainer(unittest.TestCase): runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() + document_loader, avsc_names, schema_metadata, metaschema_loader = cwltool.process.get_schema("v1.0") keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] @@ -206,8 +242,7 @@ class TestContainer(unittest.TestCase): runner.fs_access.get_collection.side_effect = get_collection_mock vwdmock = mock.MagicMock() - collection_mock.return_value = vwdmock - vwdmock.portable_data_hash.return_value = "99999999999999999999999999999996+99" + collection_mock.side_effect = lambda *args, **kwargs: CollectionMock(vwdmock, *args, **kwargs) tool = cmap({ "inputs": [], @@ -243,7 +278,7 @@ class TestContainer(unittest.TestCase): collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, make_fs_access=make_fs_access, - loader=Loader({})) + loader=Loader({}), metadata={"cwlVersion": "v1.0"}) arvtool.formatgraph = None for j in arvtool.job({}, mock.MagicMock(), basedir="", name="test_initial_work_dir", make_fs_access=make_fs_access, tmpdir="/tmp"): @@ -303,7 +338,8 @@ class TestContainer(unittest.TestCase): 'cwd': '/var/spool/cwl', 'scheduling_parameters': { }, - 'properties': {} + 'properties': {}, + 'secret_mounts': {} } call_body = call_kwargs.get('body', None) @@ -321,6 +357,7 @@ class TestContainer(unittest.TestCase): runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] runner.api.collections().get().execute.return_value = { @@ -342,7 +379,8 @@ class TestContainer(unittest.TestCase): make_fs_access=functools.partial(arvados_cwl.CollectionFsAccess, collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, - basedir="", make_fs_access=make_fs_access, loader=Loader({})) + basedir="", make_fs_access=make_fs_access, loader=Loader({}), + metadata={"cwlVersion": "v1.0"}) arvtool.formatgraph = None for j in arvtool.job({}, mock.MagicMock(), basedir="", name="test_run_redirect", make_fs_access=make_fs_access, tmpdir="/tmp"): @@ -388,6 +426,7 @@ class TestContainer(unittest.TestCase): 'cwd': '/var/spool/cwl', 'scheduling_parameters': {}, 'properties': {}, + 'secret_mounts': {} })) @mock.patch("arvados.collection.Collection") @@ -400,6 +439,7 @@ class TestContainer(unittest.TestCase): runner.num_retries = 0 runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() runner.api.containers().get().execute.return_value = {"state":"Complete", "output": "abc+123", @@ -443,6 +483,7 @@ class TestContainer(unittest.TestCase): runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" runner.ignore_docker_for_reuse = False runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] runner.api.collections().get().execute.return_value = { @@ -464,7 +505,8 @@ class TestContainer(unittest.TestCase): make_fs_access=functools.partial(arvados_cwl.CollectionFsAccess, collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, - basedir="", make_fs_access=make_fs_access, loader=Loader({})) + basedir="", make_fs_access=make_fs_access, loader=Loader({}), + metadata={"cwlVersion": "v1.0"}) arvtool.formatgraph = None job_order = { "p1": { @@ -517,4 +559,103 @@ class TestContainer(unittest.TestCase): 'cwd': '/var/spool/cwl', 'scheduling_parameters': {}, 'properties': {}, + 'secret_mounts': {} + })) + + # The test passes no builder.resources + # Hence the default resources will apply: {'cores': 1, 'ram': 1024, 'outdirSize': 1024, 'tmpdirSize': 1024} + @mock.patch("arvados.commands.keepdocker.list_images_in_arv") + def test_secrets(self, keepdocker): + arv_docker_clear_cache() + + runner = mock.MagicMock() + runner.project_uuid = "zzzzz-8i9sb-zzzzzzzzzzzzzzz" + runner.ignore_docker_for_reuse = False + runner.intermediate_output_ttl = 0 + runner.secret_store = cwltool.secrets.SecretStore() + + keepdocker.return_value = [("zzzzz-4zz18-zzzzzzzzzzzzzz3", "")] + runner.api.collections().get().execute.return_value = { + "portable_data_hash": "99999999999999999999999999999993+99"} + + document_loader, avsc_names, schema_metadata, metaschema_loader = cwltool.process.get_schema("v1.0") + + tool = cmap({"arguments": ["md5sum", "example.conf"], + "class": "CommandLineTool", + "hints": [ + { + "class": "http://commonwl.org/cwltool#Secrets", + "secrets": [ + "#secret_job.cwl/pw" + ] + } + ], + "id": "#secret_job.cwl", + "inputs": [ + { + "id": "#secret_job.cwl/pw", + "type": "string" + } + ], + "outputs": [ + ], + "requirements": [ + { + "class": "InitialWorkDirRequirement", + "listing": [ + { + "entry": "username: user\npassword: $(inputs.pw)\n", + "entryname": "example.conf" + } + ] + } + ]}) + make_fs_access=functools.partial(arvados_cwl.CollectionFsAccess, + collection_cache=arvados_cwl.CollectionCache(runner.api, None, 0)) + arvtool = arvados_cwl.ArvadosCommandTool(runner, tool, work_api="containers", avsc_names=avsc_names, + basedir="", make_fs_access=make_fs_access, loader=Loader({}), + metadata={"cwlVersion": "v1.0"}) + arvtool.formatgraph = None + + job_order = {"pw": "blorp"} + runner.secret_store.store(["pw"], job_order) + + for j in arvtool.job(job_order, mock.MagicMock(), basedir="", name="test_secrets", + make_fs_access=make_fs_access, tmpdir="/tmp"): + j.run(enable_reuse=True, priority=500) + runner.api.container_requests().create.assert_called_with( + body=JsonDiffMatcher({ + 'environment': { + 'HOME': '/var/spool/cwl', + 'TMPDIR': '/tmp' + }, + 'name': 'test_secrets', + 'runtime_constraints': { + 'vcpus': 1, + 'ram': 1073741824 + }, + 'use_existing': True, + 'priority': 500, + 'mounts': { + '/tmp': {'kind': 'tmp', + "capacity": 1073741824 + }, + '/var/spool/cwl': {'kind': 'tmp', + "capacity": 1073741824 } + }, + 'state': 'Committed', + 'owner_uuid': 'zzzzz-8i9sb-zzzzzzzzzzzzzzz', + 'output_path': '/var/spool/cwl', + 'output_ttl': 0, + 'container_image': 'arvados/jobs', + 'command': ['md5sum', 'example.conf'], + 'cwd': '/var/spool/cwl', + 'scheduling_parameters': {}, + 'properties': {}, + "secret_mounts": { + "/var/spool/cwl/example.conf": { + "content": "username: user\npassword: blorp\n", + "kind": "text" + } + } }))