X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a02b4f41cb495ecfea49ac0da1f6da0aec385f7d..55727c5da7f9c5a549e42750d9966b53a486ca68:/services/api/test/unit/container_test.rb diff --git a/services/api/test/unit/container_test.rb b/services/api/test/unit/container_test.rb index 6501f21b77..a175533285 100644 --- a/services/api/test/unit/container_test.rb +++ b/services/api/test/unit/container_test.rb @@ -5,13 +5,13 @@ class ContainerTest < ActiveSupport::TestCase DEFAULT_ATTRS = { command: ['echo', 'foo'], - container_image: 'img', + container_image: 'fa3c1a9cb6783f85f2ecda037e07b8c3+167', output_path: '/tmp', priority: 1, runtime_constraints: {"vcpus" => 1, "ram" => 1}, } - REUSABLE_COMMON_ATTRS = {container_image: "test", + REUSABLE_COMMON_ATTRS = {container_image: "9ae44d5792468c58bcf85ce7353c7027+124", cwd: "test", command: ["echo", "hello"], output_path: "test", @@ -22,16 +22,12 @@ class ContainerTest < ActiveSupport::TestCase def minimal_new attrs={} cr = ContainerRequest.new DEFAULT_ATTRS.merge(attrs) + cr.state = ContainerRequest::Committed act_as_user users(:active) do cr.save! end - c = Container.new DEFAULT_ATTRS.merge(attrs) - act_as_system_user do - c.save! - assert cr.update_attributes(container_uuid: c.uuid, - state: ContainerRequest::Committed, - ), show_errors(cr) - end + c = Container.find_by_uuid cr.container_uuid + assert_not_nil c return c, cr end @@ -45,7 +41,7 @@ class ContainerTest < ActiveSupport::TestCase def check_illegal_modify c check_illegal_updates c, [{command: ["echo", "bar"]}, - {container_image: "img2"}, + {container_image: "arvados/apitestfixture:june10"}, {cwd: "/tmp2"}, {environment: {"FOO" => "BAR"}}, {mounts: {"FOO" => "BAR"}}, @@ -89,7 +85,7 @@ class ContainerTest < ActiveSupport::TestCase test "Container serialized hash attributes sorted before save" do env = {"C" => 3, "B" => 2, "A" => 1} - m = {"F" => 3, "E" => 2, "D" => 1} + m = {"F" => {"kind" => 3}, "E" => {"kind" => 2}, "D" => {"kind" => 1}} rc = {"vcpus" => 1, "ram" => 1} c, _ = minimal_new(environment: env, mounts: m, runtime_constraints: rc) assert_equal c.environment.to_json, Container.deep_sort_hash(env).to_json @@ -106,8 +102,9 @@ class ContainerTest < ActiveSupport::TestCase test "find_reusable method should select higher priority queued container" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment:{"var" => "queued"}}) - c_low_priority, _ = minimal_new(common_attrs.merge({priority:1})) - c_high_priority, _ = minimal_new(common_attrs.merge({priority:2})) + c_low_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:1})) + c_high_priority, _ = minimal_new(common_attrs.merge({use_existing:false, priority:2})) + assert_not_equal c_low_priority.uuid, c_high_priority.uuid assert_equal Container::Queued, c_low_priority.state assert_equal Container::Queued, c_high_priority.state reused = Container.find_reusable(common_attrs) @@ -122,11 +119,12 @@ class ContainerTest < ActiveSupport::TestCase state: Container::Complete, exit_code: 0, log: 'ea10d51bcf88862dbcc36eb292017dfd+45', - output: 'zzzzz-4zz18-znfnqtbbv4spc3w' + output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45' } - c_older, _ = minimal_new(common_attrs) - c_recent, _ = minimal_new(common_attrs) + c_older, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_recent, _ = minimal_new(common_attrs.merge({use_existing: false})) + assert_not_equal c_older.uuid, c_recent.uuid set_user_from_auth :dispatch1 c_older.update_attributes!({state: Container::Locked}) @@ -139,29 +137,41 @@ class ContainerTest < ActiveSupport::TestCase reused = Container.find_reusable(common_attrs) assert_not_nil reused - assert_equal reused.uuid, c_recent.uuid + assert_equal reused.uuid, c_older.uuid end test "find_reusable method should not select completed container when inconsistent outputs exist" do set_user_from_auth :active - common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}}) + common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "complete"}, priority: 1}) completed_attrs = { state: Container::Complete, exit_code: 0, - log: 'test', + log: 'ea10d51bcf88862dbcc36eb292017dfd+45', } - c_older, _ = minimal_new(common_attrs) - c_recent, _ = minimal_new(common_attrs) - set_user_from_auth :dispatch1 - c_older.update_attributes!({state: Container::Locked}) - c_older.update_attributes!({state: Container::Running}) - c_older.update_attributes!(completed_attrs.merge({output: 'output 1'})) - c_recent.update_attributes!({state: Container::Locked}) - c_recent.update_attributes!({state: Container::Running}) - c_recent.update_attributes!(completed_attrs.merge({output: 'output 2'})) + c_output1 = Container.create common_attrs + c_output2 = Container.create common_attrs + assert_not_equal c_output1.uuid, c_output2.uuid + + cr = ContainerRequest.new common_attrs + cr.state = ContainerRequest::Committed + cr.container_uuid = c_output1.uuid + cr.save! + + cr = ContainerRequest.new common_attrs + cr.state = ContainerRequest::Committed + cr.container_uuid = c_output2.uuid + cr.save! + + c_output1.update_attributes!({state: Container::Locked}) + c_output1.update_attributes!({state: Container::Running}) + c_output1.update_attributes!(completed_attrs.merge({output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'})) + + c_output2.update_attributes!({state: Container::Locked}) + c_output2.update_attributes!({state: Container::Running}) + c_output2.update_attributes!(completed_attrs.merge({output: 'fa7aeb5140e2848d39b416daeef4ffc5+45'})) reused = Container.find_reusable(common_attrs) assert_nil reused @@ -170,9 +180,11 @@ class ContainerTest < ActiveSupport::TestCase test "find_reusable method should select running container by start date" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running"}}) - c_slower, _ = minimal_new(common_attrs) - c_faster_started_first, _ = minimal_new(common_attrs) - c_faster_started_second, _ = minimal_new(common_attrs) + c_slower, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false})) + # Confirm the 3 container UUIDs are different. + assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length set_user_from_auth :dispatch1 c_slower.update_attributes!({state: Container::Locked}) c_slower.update_attributes!({state: Container::Running, @@ -185,16 +197,18 @@ class ContainerTest < ActiveSupport::TestCase progress: 0.15}) reused = Container.find_reusable(common_attrs) assert_not_nil reused - # Winner is the one that started first + # Selected container is the one that started first assert_equal reused.uuid, c_faster_started_first.uuid end test "find_reusable method should select running container by progress" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running2"}}) - c_slower, _ = minimal_new(common_attrs) - c_faster_started_first, _ = minimal_new(common_attrs) - c_faster_started_second, _ = minimal_new(common_attrs) + c_slower, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_faster_started_first, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_faster_started_second, _ = minimal_new(common_attrs.merge({use_existing: false})) + # Confirm the 3 container UUIDs are different. + assert_equal 3, [c_slower.uuid, c_faster_started_first.uuid, c_faster_started_second.uuid].uniq.length set_user_from_auth :dispatch1 c_slower.update_attributes!({state: Container::Locked}) c_slower.update_attributes!({state: Container::Running, @@ -207,16 +221,18 @@ class ContainerTest < ActiveSupport::TestCase progress: 0.2}) reused = Container.find_reusable(common_attrs) assert_not_nil reused - # Winner is the one with most progress done + # Selected container is the one with most progress done assert_equal reused.uuid, c_faster_started_second.uuid end test "find_reusable method should select locked container most likely to start sooner" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "locked"}}) - c_low_priority, _ = minimal_new(common_attrs) - c_high_priority_older, _ = minimal_new(common_attrs) - c_high_priority_newer, _ = minimal_new(common_attrs) + c_low_priority, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_high_priority_older, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_high_priority_newer, _ = minimal_new(common_attrs.merge({use_existing: false})) + # Confirm the 3 container UUIDs are different. + assert_equal 3, [c_low_priority.uuid, c_high_priority_older.uuid, c_high_priority_newer.uuid].uniq.length set_user_from_auth :dispatch1 c_low_priority.update_attributes!({state: Container::Locked, priority: 1}) @@ -232,15 +248,16 @@ class ContainerTest < ActiveSupport::TestCase test "find_reusable method should select running over failed container" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "failed_vs_running"}}) - c_failed, _ = minimal_new(common_attrs) - c_running, _ = minimal_new(common_attrs) + c_failed, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_running, _ = minimal_new(common_attrs.merge({use_existing: false})) + assert_not_equal c_failed.uuid, c_running.uuid set_user_from_auth :dispatch1 c_failed.update_attributes!({state: Container::Locked}) c_failed.update_attributes!({state: Container::Running}) c_failed.update_attributes!({state: Container::Complete, exit_code: 42, - log: "test", - output: "test"}) + log: 'ea10d51bcf88862dbcc36eb292017dfd+45', + output: 'ea10d51bcf88862dbcc36eb292017dfd+45'}) c_running.update_attributes!({state: Container::Locked}) c_running.update_attributes!({state: Container::Running, progress: 0.15}) @@ -252,28 +269,30 @@ class ContainerTest < ActiveSupport::TestCase test "find_reusable method should select complete over running container" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "completed_vs_running"}}) - c_completed, _ = minimal_new(common_attrs) - c_running, _ = minimal_new(common_attrs) + c_completed, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_running, _ = minimal_new(common_attrs.merge({use_existing: false})) + assert_not_equal c_completed.uuid, c_running.uuid set_user_from_auth :dispatch1 c_completed.update_attributes!({state: Container::Locked}) c_completed.update_attributes!({state: Container::Running}) c_completed.update_attributes!({state: Container::Complete, exit_code: 0, - log: "ea10d51bcf88862dbcc36eb292017dfd+45", - output: "zzzzz-4zz18-znfnqtbbv4spc3w"}) + log: 'ea10d51bcf88862dbcc36eb292017dfd+45', + output: '1f4b0bc7583c2a7f9102c395f4ffc5e3+45'}) c_running.update_attributes!({state: Container::Locked}) c_running.update_attributes!({state: Container::Running, progress: 0.15}) reused = Container.find_reusable(common_attrs) assert_not_nil reused - assert_equal reused.uuid, c_completed.uuid + assert_equal c_completed.uuid, reused.uuid end test "find_reusable method should select running over locked container" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}}) - c_locked, _ = minimal_new(common_attrs) - c_running, _ = minimal_new(common_attrs) + c_locked, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_running, _ = minimal_new(common_attrs.merge({use_existing: false})) + assert_not_equal c_running.uuid, c_locked.uuid set_user_from_auth :dispatch1 c_locked.update_attributes!({state: Container::Locked}) c_running.update_attributes!({state: Container::Locked}) @@ -287,8 +306,9 @@ class ContainerTest < ActiveSupport::TestCase test "find_reusable method should select locked over queued container" do set_user_from_auth :active common_attrs = REUSABLE_COMMON_ATTRS.merge({environment: {"var" => "running_vs_locked"}}) - c_locked, _ = minimal_new(common_attrs) - c_queued, _ = minimal_new(common_attrs) + c_locked, _ = minimal_new(common_attrs.merge({use_existing: false})) + c_queued, _ = minimal_new(common_attrs.merge({use_existing: false})) + assert_not_equal c_queued.uuid, c_locked.uuid set_user_from_auth :dispatch1 c_locked.update_attributes!({state: Container::Locked}) reused = Container.find_reusable(common_attrs) @@ -427,4 +447,59 @@ class ContainerTest < ActiveSupport::TestCase assert c.update_attributes(exit_code: 1, state: Container::Complete) end + + test "locked_by_uuid can set output on running container" do + c, _ = minimal_new + set_user_from_auth :dispatch1 + c.lock + c.update_attributes! state: Container::Running + + assert_equal c.locked_by_uuid, Thread.current[:api_client_authorization].uuid + + assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash + assert c.update_attributes! state: Container::Complete + end + + test "auth_uuid can set output on running container, but not change container state" do + c, _ = minimal_new + set_user_from_auth :dispatch1 + c.lock + c.update_attributes! state: Container::Running + + Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid) + Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id) + assert c.update_attributes output: collections(:collection_owned_by_active).portable_data_hash + + assert_raises ArvadosModel::PermissionDeniedError do + # auth_uuid cannot set container state + c.update_attributes state: Container::Complete + end + end + + test "not allowed to set output that is not readable by current user" do + c, _ = minimal_new + set_user_from_auth :dispatch1 + c.lock + c.update_attributes! state: Container::Running + + Thread.current[:api_client_authorization] = ApiClientAuthorization.find_by_uuid(c.auth_uuid) + Thread.current[:user] = User.find_by_id(Thread.current[:api_client_authorization].user_id) + + assert_raises ActiveRecord::RecordInvalid do + c.update_attributes! output: collections(:collection_not_readable_by_active).portable_data_hash + end + end + + test "other token cannot set output on running container" do + c, _ = minimal_new + set_user_from_auth :dispatch1 + c.lock + c.update_attributes! state: Container::Running + + set_user_from_auth :not_running_container_auth + assert_raises ArvadosModel::PermissionDeniedError do + c.update_attributes! output: collections(:foo_file).portable_data_hash + end + end + end