|
@@ -81,7 +81,8 @@ public class TestDockerContainerRuntime {
|
|
|
private HashMap<String, String> env;
|
|
private HashMap<String, String> env;
|
|
|
private String image;
|
|
private String image;
|
|
|
private String uidGidPair;
|
|
private String uidGidPair;
|
|
|
- private String runAsUser;
|
|
|
|
|
|
|
+ private String runAsUser = System.getProperty("user.name");
|
|
|
|
|
+ private String[] groups = {};
|
|
|
private String user;
|
|
private String user;
|
|
|
private String appId;
|
|
private String appId;
|
|
|
private String containerIdStr = containerId;
|
|
private String containerIdStr = containerId;
|
|
@@ -130,8 +131,37 @@ public class TestDockerContainerRuntime {
|
|
|
when(context.getEnvironment()).thenReturn(env);
|
|
when(context.getEnvironment()).thenReturn(env);
|
|
|
when(container.getUser()).thenReturn(submittingUser);
|
|
when(container.getUser()).thenReturn(submittingUser);
|
|
|
|
|
|
|
|
- uidGidPair = "";
|
|
|
|
|
- runAsUser = "run_as_user";
|
|
|
|
|
|
|
+ // Get the running user's uid and gid for remap
|
|
|
|
|
+ String uid = "";
|
|
|
|
|
+ String gid = "";
|
|
|
|
|
+ Shell.ShellCommandExecutor shexec1 = new Shell.ShellCommandExecutor(
|
|
|
|
|
+ new String[]{"id", "-u", runAsUser});
|
|
|
|
|
+ Shell.ShellCommandExecutor shexec2 = new Shell.ShellCommandExecutor(
|
|
|
|
|
+ new String[]{"id", "-g", runAsUser});
|
|
|
|
|
+ Shell.ShellCommandExecutor shexec3 = new Shell.ShellCommandExecutor(
|
|
|
|
|
+ new String[]{"id", "-G", runAsUser});
|
|
|
|
|
+ try {
|
|
|
|
|
+ shexec1.execute();
|
|
|
|
|
+ // get rid of newline at the end
|
|
|
|
|
+ uid = shexec1.getOutput().replaceAll("\n$", "");
|
|
|
|
|
+ } catch (Exception e) {
|
|
|
|
|
+ LOG.info("Could not run id -u command: " + e);
|
|
|
|
|
+ }
|
|
|
|
|
+ try {
|
|
|
|
|
+ shexec2.execute();
|
|
|
|
|
+ // get rid of newline at the end
|
|
|
|
|
+ gid = shexec2.getOutput().replaceAll("\n$", "");
|
|
|
|
|
+ } catch (Exception e) {
|
|
|
|
|
+ LOG.info("Could not run id -g command: " + e);
|
|
|
|
|
+ }
|
|
|
|
|
+ try {
|
|
|
|
|
+ shexec3.execute();
|
|
|
|
|
+ groups = shexec3.getOutput().replace("\n", " ").split(" ");
|
|
|
|
|
+ } catch (Exception e) {
|
|
|
|
|
+ LOG.info("Could not run id -G command: " + e);
|
|
|
|
|
+ }
|
|
|
|
|
+ uidGidPair = uid + ":" + gid;
|
|
|
|
|
+
|
|
|
user = "user";
|
|
user = "user";
|
|
|
appId = "app_id";
|
|
appId = "app_id";
|
|
|
containerIdStr = containerId;
|
|
containerIdStr = containerId;
|
|
@@ -301,7 +331,7 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- int expected = 13;
|
|
|
|
|
|
|
+ int expected = 14;
|
|
|
int counter = 0;
|
|
int counter = 0;
|
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
@@ -311,6 +341,8 @@ public class TestDockerContainerRuntime {
|
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
Assert
|
|
Assert
|
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
@@ -326,7 +358,7 @@ public class TestDockerContainerRuntime {
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(counter++));
|
|
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
}
|
|
}
|
|
@@ -337,13 +369,6 @@ public class TestDockerContainerRuntime {
|
|
|
IOException {
|
|
IOException {
|
|
|
conf.setBoolean(YarnConfiguration.NM_DOCKER_ENABLE_USER_REMAPPING,
|
|
conf.setBoolean(YarnConfiguration.NM_DOCKER_ENABLE_USER_REMAPPING,
|
|
|
true);
|
|
true);
|
|
|
- Shell.ShellCommandExecutor shexec = new Shell.ShellCommandExecutor(
|
|
|
|
|
- new String[]{"whoami"});
|
|
|
|
|
- shexec.execute();
|
|
|
|
|
- // get rid of newline at the end
|
|
|
|
|
- runAsUser = shexec.getOutput().replaceAll("\n$", "");
|
|
|
|
|
- builder.setExecutionAttribute(RUN_AS_USER, runAsUser);
|
|
|
|
|
-
|
|
|
|
|
DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(
|
|
DockerLinuxContainerRuntime runtime = new DockerLinuxContainerRuntime(
|
|
|
mockExecutor, mockCGroupsHandler);
|
|
mockExecutor, mockCGroupsHandler);
|
|
|
runtime.initialize(conf);
|
|
runtime.initialize(conf);
|
|
@@ -353,37 +378,6 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> args = op.getArguments();
|
|
List<String> args = op.getArguments();
|
|
|
String dockerCommandFile = args.get(11);
|
|
String dockerCommandFile = args.get(11);
|
|
|
|
|
|
|
|
- String uid = "";
|
|
|
|
|
- String gid = "";
|
|
|
|
|
- String[] groups = {};
|
|
|
|
|
- Shell.ShellCommandExecutor shexec1 = new Shell.ShellCommandExecutor(
|
|
|
|
|
- new String[]{"id", "-u", runAsUser});
|
|
|
|
|
- Shell.ShellCommandExecutor shexec2 = new Shell.ShellCommandExecutor(
|
|
|
|
|
- new String[]{"id", "-g", runAsUser});
|
|
|
|
|
- Shell.ShellCommandExecutor shexec3 = new Shell.ShellCommandExecutor(
|
|
|
|
|
- new String[]{"id", "-G", runAsUser});
|
|
|
|
|
- try {
|
|
|
|
|
- shexec1.execute();
|
|
|
|
|
- // get rid of newline at the end
|
|
|
|
|
- uid = shexec1.getOutput().replaceAll("\n$", "");
|
|
|
|
|
- } catch (Exception e) {
|
|
|
|
|
- LOG.info("Could not run id -u command: " + e);
|
|
|
|
|
- }
|
|
|
|
|
- try {
|
|
|
|
|
- shexec2.execute();
|
|
|
|
|
- // get rid of newline at the end
|
|
|
|
|
- gid = shexec2.getOutput().replaceAll("\n$", "");
|
|
|
|
|
- } catch (Exception e) {
|
|
|
|
|
- LOG.info("Could not run id -g command: " + e);
|
|
|
|
|
- }
|
|
|
|
|
- try {
|
|
|
|
|
- shexec3.execute();
|
|
|
|
|
- groups = shexec3.getOutput().replace("\n", " ").split(" ");
|
|
|
|
|
- } catch (Exception e) {
|
|
|
|
|
- LOG.info("Could not run id -G command: " + e);
|
|
|
|
|
- }
|
|
|
|
|
- uidGidPair = uid + ":" + gid;
|
|
|
|
|
-
|
|
|
|
|
List<String> dockerCommands = Files.readAllLines(
|
|
List<String> dockerCommands = Files.readAllLines(
|
|
|
Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
@@ -505,7 +499,7 @@ public class TestDockerContainerRuntime {
|
|
|
//This is the expected docker invocation for this case
|
|
//This is the expected docker invocation for this case
|
|
|
List<String> dockerCommands = Files
|
|
List<String> dockerCommands = Files
|
|
|
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
- int expected = 13;
|
|
|
|
|
|
|
+ int expected = 14;
|
|
|
int counter = 0;
|
|
int counter = 0;
|
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
@@ -515,6 +509,8 @@ public class TestDockerContainerRuntime {
|
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" hostname=test.hostname",
|
|
Assert.assertEquals(" hostname=test.hostname",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
Assert
|
|
Assert
|
|
@@ -532,7 +528,7 @@ public class TestDockerContainerRuntime {
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(counter++));
|
|
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
}
|
|
}
|
|
@@ -571,7 +567,7 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files
|
|
List<String> dockerCommands = Files
|
|
|
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
.readAllLines(Paths.get(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- int expected = 13;
|
|
|
|
|
|
|
+ int expected = 14;
|
|
|
int counter = 0;
|
|
int counter = 0;
|
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
@@ -581,6 +577,8 @@ public class TestDockerContainerRuntime {
|
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
Assert
|
|
Assert
|
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
@@ -596,7 +594,7 @@ public class TestDockerContainerRuntime {
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(counter++));
|
|
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
|
|
|
|
@@ -624,6 +622,8 @@ public class TestDockerContainerRuntime {
|
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
Assert
|
|
Assert
|
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
@@ -640,7 +640,7 @@ public class TestDockerContainerRuntime {
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(counter++));
|
|
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
|
|
|
|
@@ -677,7 +677,7 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- int expected = 13;
|
|
|
|
|
|
|
+ int expected = 14;
|
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
|
|
|
|
|
|
String command = dockerCommands.get(0);
|
|
String command = dockerCommands.get(0);
|
|
@@ -786,7 +786,7 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- int expected = 14;
|
|
|
|
|
|
|
+ int expected = 15;
|
|
|
int counter = 0;
|
|
int counter = 0;
|
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
Assert.assertEquals(expected, dockerCommands.size());
|
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
Assert.assertEquals("[docker-command-execution]",
|
|
@@ -796,6 +796,8 @@ public class TestDockerContainerRuntime {
|
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
Assert
|
|
Assert
|
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
.assertEquals(" image=busybox:latest", dockerCommands.get(counter++));
|
|
@@ -812,7 +814,7 @@ public class TestDockerContainerRuntime {
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(counter++));
|
|
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
dockerCommands.get(counter++));
|
|
dockerCommands.get(counter++));
|
|
|
}
|
|
}
|
|
@@ -903,33 +905,39 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- Assert.assertEquals(14, dockerCommands.size());
|
|
|
|
|
- Assert.assertEquals("[docker-command-execution]", dockerCommands.get(0));
|
|
|
|
|
|
|
+ int expected = 15;
|
|
|
|
|
+ int counter = 0;
|
|
|
|
|
+ Assert.assertEquals(expected, dockerCommands.size());
|
|
|
|
|
+ Assert.assertEquals("[docker-command-execution]",
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" cap-add=SYS_CHROOT,NET_BIND_SERVICE",
|
|
Assert.assertEquals(" cap-add=SYS_CHROOT,NET_BIND_SERVICE",
|
|
|
- dockerCommands.get(1));
|
|
|
|
|
- Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(2));
|
|
|
|
|
- Assert.assertEquals(" detach=true", dockerCommands.get(3));
|
|
|
|
|
- Assert.assertEquals(" docker-command=run", dockerCommands.get(4));
|
|
|
|
|
- Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(5));
|
|
|
|
|
- Assert.assertEquals(" image=busybox:latest", dockerCommands.get(6));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" image=busybox:latest",
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" launch-command=bash,/test_container_work_dir/launch_container.sh",
|
|
" launch-command=bash,/test_container_work_dir/launch_container.sh",
|
|
|
- dockerCommands.get(7));
|
|
|
|
|
- Assert.assertEquals(" name=container_id", dockerCommands.get(8));
|
|
|
|
|
- Assert.assertEquals(" net=host", dockerCommands.get(9));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" name=container_id", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" net=host", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" ro-mounts=/test_local_dir/test_resource_file:test_mount",
|
|
" ro-mounts=/test_local_dir/test_resource_file:test_mount",
|
|
|
- dockerCommands.get(10));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" rw-mounts=/test_container_local_dir:/test_container_local_dir,"
|
|
" rw-mounts=/test_container_local_dir:/test_container_local_dir,"
|
|
|
+ "/test_filecache_dir:/test_filecache_dir,"
|
|
+ "/test_filecache_dir:/test_filecache_dir,"
|
|
|
+ "/test_container_work_dir:/test_container_work_dir,"
|
|
+ "/test_container_work_dir:/test_container_work_dir,"
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
- dockerCommands.get(11));
|
|
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(12));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
- dockerCommands.get(13));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
@Test
|
|
@Test
|
|
@@ -973,34 +981,40 @@ public class TestDockerContainerRuntime {
|
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
List<String> dockerCommands = Files.readAllLines(Paths.get
|
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
(dockerCommandFile), Charset.forName("UTF-8"));
|
|
|
|
|
|
|
|
- Assert.assertEquals(14, dockerCommands.size());
|
|
|
|
|
- Assert.assertEquals("[docker-command-execution]", dockerCommands.get(0));
|
|
|
|
|
|
|
+ int expected = 15;
|
|
|
|
|
+ int counter = 0;
|
|
|
|
|
+ Assert.assertEquals(expected, dockerCommands.size());
|
|
|
|
|
+ Assert.assertEquals("[docker-command-execution]",
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" cap-add=SYS_CHROOT,NET_BIND_SERVICE",
|
|
Assert.assertEquals(" cap-add=SYS_CHROOT,NET_BIND_SERVICE",
|
|
|
- dockerCommands.get(1));
|
|
|
|
|
- Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(2));
|
|
|
|
|
- Assert.assertEquals(" detach=true", dockerCommands.get(3));
|
|
|
|
|
- Assert.assertEquals(" docker-command=run", dockerCommands.get(4));
|
|
|
|
|
- Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(5));
|
|
|
|
|
- Assert.assertEquals(" image=busybox:latest", dockerCommands.get(6));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" cap-drop=ALL", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" detach=true", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" docker-command=run", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" group-add=" + String.join(",", groups),
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" hostname=ctr-id", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" image=busybox:latest",
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" launch-command=bash,/test_container_work_dir/launch_container.sh",
|
|
" launch-command=bash,/test_container_work_dir/launch_container.sh",
|
|
|
- dockerCommands.get(7));
|
|
|
|
|
- Assert.assertEquals(" name=container_id", dockerCommands.get(8));
|
|
|
|
|
- Assert.assertEquals(" net=host", dockerCommands.get(9));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" name=container_id", dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" net=host", dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" ro-mounts=/test_local_dir/test_resource_file:test_mount1,"
|
|
" ro-mounts=/test_local_dir/test_resource_file:test_mount1,"
|
|
|
+ "/test_local_dir/test_resource_file:test_mount2",
|
|
+ "/test_local_dir/test_resource_file:test_mount2",
|
|
|
- dockerCommands.get(10));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(
|
|
Assert.assertEquals(
|
|
|
" rw-mounts=/test_container_local_dir:/test_container_local_dir,"
|
|
" rw-mounts=/test_container_local_dir:/test_container_local_dir,"
|
|
|
+ "/test_filecache_dir:/test_filecache_dir,"
|
|
+ "/test_filecache_dir:/test_filecache_dir,"
|
|
|
+ "/test_container_work_dir:/test_container_work_dir,"
|
|
+ "/test_container_work_dir:/test_container_work_dir,"
|
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
+ "/test_container_log_dir:/test_container_log_dir,"
|
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
+ "/test_user_local_dir:/test_user_local_dir",
|
|
|
- dockerCommands.get(11));
|
|
|
|
|
- Assert.assertEquals(" user=run_as_user", dockerCommands.get(12));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
+ Assert.assertEquals(" user=" + uidGidPair, dockerCommands.get(counter++));
|
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
Assert.assertEquals(" workdir=/test_container_work_dir",
|
|
|
- dockerCommands.get(13));
|
|
|
|
|
|
|
+ dockerCommands.get(counter++));
|
|
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -1020,7 +1034,7 @@ public class TestDockerContainerRuntime {
|
|
|
PrivilegedOperation op = capturePrivilegedOperation();
|
|
PrivilegedOperation op = capturePrivilegedOperation();
|
|
|
Assert.assertEquals(op.getOperationType(),
|
|
Assert.assertEquals(op.getOperationType(),
|
|
|
PrivilegedOperation.OperationType.SIGNAL_CONTAINER);
|
|
PrivilegedOperation.OperationType.SIGNAL_CONTAINER);
|
|
|
- Assert.assertEquals("run_as_user", op.getArguments().get(0));
|
|
|
|
|
|
|
+ Assert.assertEquals(runAsUser, op.getArguments().get(0));
|
|
|
Assert.assertEquals("user", op.getArguments().get(1));
|
|
Assert.assertEquals("user", op.getArguments().get(1));
|
|
|
Assert.assertEquals("2", op.getArguments().get(2));
|
|
Assert.assertEquals("2", op.getArguments().get(2));
|
|
|
Assert.assertEquals("1234", op.getArguments().get(3));
|
|
Assert.assertEquals("1234", op.getArguments().get(3));
|
Eric Yang