You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ji...@apache.org on 2017/03/09 22:28:18 UTC

[3/3] mesos git commit: Added unit test for verifying user in command task with image specified.

Added unit test for verifying user in command task with image specified.

Review: https://reviews.apache.org/r/57403/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/9f035e1d
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/9f035e1d
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/9f035e1d

Branch: refs/heads/1.2.x
Commit: 9f035e1d1371a513c224735b4f91f84aa6d3e9bf
Parents: 0f3a68d
Author: Gilbert Song <so...@gmail.com>
Authored: Thu Mar 9 12:42:48 2017 -0800
Committer: Jie Yu <yu...@gmail.com>
Committed: Thu Mar 9 13:52:11 2017 -0800

----------------------------------------------------------------------
 .../containerizer/provisioner_docker_tests.cpp  | 84 ++++++++++++++++++++
 1 file changed, 84 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/9f035e1d/src/tests/containerizer/provisioner_docker_tests.cpp
----------------------------------------------------------------------
diff --git a/src/tests/containerizer/provisioner_docker_tests.cpp b/src/tests/containerizer/provisioner_docker_tests.cpp
index ce57c06..82fcfca 100644
--- a/src/tests/containerizer/provisioner_docker_tests.cpp
+++ b/src/tests/containerizer/provisioner_docker_tests.cpp
@@ -865,6 +865,90 @@ TEST_F(ProvisionerDockerPullerTest, ROOT_INTERNET_CURL_ImageDigest)
   driver.join();
 }
 
+
+// This test verifies that if a container image is specified, the
+// command runs as the specified user 'nobody' and the sandbox of
+// the command task is writtable by the specified user. It also
+// verifies that stdout/stderr are owned by the specified user.
+TEST_F(ProvisionerDockerPullerTest, ROOT_INTERNET_CURL_CommandTaskUser)
+{
+  Try<Owned<cluster::Master>> master = StartMaster();
+  ASSERT_SOME(master);
+
+  slave::Flags flags = CreateSlaveFlags();
+  flags.isolation = "docker/runtime,filesystem/linux";
+  flags.image_providers = "docker";
+
+  Owned<MasterDetector> detector = master.get()->createDetector();
+  Try<Owned<cluster::Slave>> slave = StartSlave(detector.get(), flags);
+  ASSERT_SOME(slave);
+
+  MockScheduler sched;
+  MesosSchedulerDriver driver(
+      &sched, DEFAULT_FRAMEWORK_INFO, master.get()->pid, DEFAULT_CREDENTIAL);
+
+  EXPECT_CALL(sched, registered(&driver, _, _));
+
+  Future<vector<Offer>> offers;
+  EXPECT_CALL(sched, resourceOffers(&driver, _))
+    .WillOnce(FutureArg<1>(&offers))
+    .WillRepeatedly(Return()); // Ignore subsequent offers.
+
+  driver.start();
+
+  AWAIT_READY(offers);
+  ASSERT_EQ(1u, offers->size());
+
+  const Offer& offer = offers.get()[0];
+
+  Result<uid_t> uid = os::getuid("nobody");
+  ASSERT_SOME(uid);
+
+  CommandInfo command;
+  command.set_user("nobody");
+  command.set_value(strings::format(
+      "#!/bin/sh\n"
+      "touch $MESOS_SANDBOX/file\n"
+      "FILE_UID=`stat -c %%u $MESOS_SANDBOX/file`\n"
+      "test $FILE_UID = %d\n"
+      "STDOUT_UID=`stat -c %%u $MESOS_SANDBOX/stdout`\n"
+      "test $STDOUT_UID = %d\n"
+      "STDERR_UID=`stat -c %%u $MESOS_SANDBOX/stderr`\n"
+      "test $STDERR_UID = %d\n",
+      uid.get(), uid.get(), uid.get()).get());
+
+  TaskInfo task = createTask(
+      offer.slave_id(),
+      Resources::parse("cpus:1;mem:128").get(),
+      command);
+
+  Image image;
+  image.set_type(Image::DOCKER);
+  image.mutable_docker()->set_name("alpine");
+
+  ContainerInfo* container = task.mutable_container();
+  container->set_type(ContainerInfo::MESOS);
+  container->mutable_mesos()->mutable_image()->CopyFrom(image);
+
+  Future<TaskStatus> statusRunning;
+  Future<TaskStatus> statusFinished;
+  EXPECT_CALL(sched, statusUpdate(&driver, _))
+    .WillOnce(FutureArg<1>(&statusRunning))
+    .WillOnce(FutureArg<1>(&statusFinished));
+
+  driver.launchTasks(offer.id(), {task});
+
+  AWAIT_READY_FOR(statusRunning, Seconds(60));
+  EXPECT_EQ(task.task_id(), statusRunning->task_id());
+  EXPECT_EQ(TASK_RUNNING, statusRunning->state());
+
+  AWAIT_READY(statusFinished);
+  EXPECT_EQ(task.task_id(), statusFinished->task_id());
+  EXPECT_EQ(TASK_FINISHED, statusFinished->state());
+
+  driver.stop();
+  driver.join();
+}
 #endif
 
 } // namespace tests {