Merged with the default branch.1.21.0-1

author: Andrei Belov <defan@nginx.com> 2020-11-19 21:19:57 +0300
committer: Andrei Belov <defan@nginx.com> 2020-11-19 21:19:57 +0300
commit: 7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c (patch)
tree: c79dc48a3260156f3f824ecd299e5a4934d749c5 /test/test_python_isolation.py
parent: 646d047e5d12515ceac02279b373601ce0752982 (diff)
parent: 806a9b2515c60b12a68cd97af04f7fa5cb4dffed (diff)
download: unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.gz
unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.bz2
1 files changed, 51 insertions, 30 deletions
diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py
index ac678103..1a157528 100644
--- a/test/test_python_isolation.py
+++ b/test/test_python_isolation.py
@@ -1,5 +1,10 @@
+import shutil
+
 import pytest
 
+from conftest import option
+from conftest import unit_run
+from conftest import unit_stop
 from unit.applications.lang.python import TestApplicationPython
 from unit.feature.isolation import TestFeatureIsolation
 
@@ -7,48 +12,55 @@ from unit.feature.isolation import TestFeatureIsolation
 class TestPythonIsolation(TestApplicationPython):
     prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']}
 
-    isolation = TestFeatureIsolation()
-
     @classmethod
     def setup_class(cls, complete_check=True):
-        unit = super().setup_class(complete_check=False)
+        check = super().setup_class(complete_check=False)
 
-        TestFeatureIsolation().check(cls.available, unit.temp_dir)
+        unit = unit_run()
+        option.temp_dir = unit['temp_dir']
 
-        return unit if not complete_check else unit.complete()
+        TestFeatureIsolation().check(option.available, unit['temp_dir'])
 
-    def test_python_isolation_rootfs(self, is_su):
-        isolation_features = self.available['features']['isolation'].keys()
+        assert unit_stop() is None
+        shutil.rmtree(unit['temp_dir'])
 
-        if 'mnt' not in isolation_features:
-            pytest.skip('requires mnt ns')
+        return check if not complete_check else check()
 
-        if not is_su:
-            if 'user' not in isolation_features:
-                pytest.skip('requires unprivileged userns or root')
+    def test_python_isolation_rootfs(self, is_su, temp_dir):
+        isolation_features = option.available['features']['isolation'].keys()
 
+        if not is_su:
             if not 'unprivileged_userns_clone' in isolation_features:
                 pytest.skip('requires unprivileged userns or root')
 
-        isolation = {
-            'namespaces': {'credential': not is_su, 'mount': True},
-            'rootfs': self.temp_dir,
-        }
+            if 'user' not in isolation_features:
+                pytest.skip('user namespace is not supported')
 
-        self.load('empty', isolation=isolation)
+            if 'mnt' not in isolation_features:
+                pytest.skip('mnt namespace is not supported')
+
+            if 'pid' not in isolation_features:
+                pytest.skip('pid namespace is not supported')
+
+        isolation = {'rootfs': temp_dir}
 
-        assert self.get()['status'] == 200, 'python rootfs'
+        if not is_su:
+            isolation['namespaces'] = {
+                'mount': True,
+                'credential': True,
+                'pid': True
+            }
 
         self.load('ns_inspect', isolation=isolation)
 
         assert (
-            self.getjson(url='/?path=' + self.temp_dir)['body']['FileExists']
+            self.getjson(url='/?path=' + temp_dir)['body']['FileExists']
             == False
         ), 'temp_dir does not exists in rootfs'
 
         assert (
             self.getjson(url='/?path=/proc/self')['body']['FileExists']
-            == False
+            == True
         ), 'no /proc/self'
 
         assert (
@@ -66,25 +78,34 @@ class TestPythonIsolation(TestApplicationPython):
             ret['body']['FileExists'] == True
         ), 'application exists in rootfs'
 
-    def test_python_isolation_rootfs_no_language_deps(self, is_su):
-        isolation_features = self.available['features']['isolation'].keys()
-
-        if 'mnt' not in isolation_features:
-            pytest.skip('requires mnt ns')
+    def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir):
+        isolation_features = option.available['features']['isolation'].keys()
 
         if not is_su:
-            if 'user' not in isolation_features:
-                pytest.skip('requires unprivileged userns or root')
-
             if not 'unprivileged_userns_clone' in isolation_features:
                 pytest.skip('requires unprivileged userns or root')
 
+            if 'user' not in isolation_features:
+                pytest.skip('user namespace is not supported')
+
+            if 'mnt' not in isolation_features:
+                pytest.skip('mnt namespace is not supported')
+
+            if 'pid' not in isolation_features:
+                pytest.skip('pid namespace is not supported')
+
         isolation = {
-            'namespaces': {'credential': not is_su, 'mount': True},
-            'rootfs': self.temp_dir,
+            'rootfs': temp_dir,
             'automount': {'language_deps': False}
         }
 
+        if not is_su:
+            isolation['namespaces'] = {
+                'mount': True,
+                'credential': True,
+                'pid': True
+            }
+
         self.load('empty', isolation=isolation)
 
         assert (self.get()['status'] != 200), 'disabled language_deps'
author	Andrei Belov <defan@nginx.com>	2020-11-19 21:19:57 +0300
committer	Andrei Belov <defan@nginx.com>	2020-11-19 21:19:57 +0300
commit	7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c (patch)
tree	c79dc48a3260156f3f824ecd299e5a4934d749c5 /test/test_python_isolation.py
parent	646d047e5d12515ceac02279b373601ce0752982 (diff)
parent	806a9b2515c60b12a68cd97af04f7fa5cb4dffed (diff)
download	unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.gz unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.bz2