diff options
| author | Andrei Zeliankou <zelenkov@nginx.com> | 2023-06-12 14:16:59 +0100 |
|---|---|---|
| committer | Andrei Zeliankou <zelenkov@nginx.com> | 2023-06-12 14:16:59 +0100 |
| commit | ce2405ec3dd97e8bdf8f63312e3c6ce59ef562d4 (patch) | |
| tree | 818e60eb10d7f2be90f25003b3a2b347314e966f /test/test_python_isolation.py | |
| parent | a3b9b49cfb091410ca8f3c8d9df24d1fe184f8e0 (diff) | |
| download | unit-ce2405ec3dd97e8bdf8f63312e3c6ce59ef562d4.tar.gz unit-ce2405ec3dd97e8bdf8f63312e3c6ce59ef562d4.tar.bz2 | |
Tests: prerequisites checking reworked.
Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
Diffstat (limited to 'test/test_python_isolation.py')
| -rw-r--r-- | test/test_python_isolation.py | 74 |
1 files changed, 32 insertions, 42 deletions
diff --git a/test/test_python_isolation.py b/test/test_python_isolation.py index 506d20b7..a9ed2900 100644 --- a/test/test_python_isolation.py +++ b/test/test_python_isolation.py @@ -10,10 +10,10 @@ from unit.utils import findmnt from unit.utils import waitformount from unit.utils import waitforunmount +prerequisites = {'modules': {'python': 'any'}, 'features': {'isolation': True}} -class TestPythonIsolation(TestApplicationPython): - prerequisites = {'modules': {'python': 'any'}, 'features': ['isolation']} +class TestPythonIsolation(TestApplicationPython): def get_cgroup(self, app_name): output = subprocess.check_output( ['ps', 'ax', '-o', 'pid', '-o', 'cmd'] @@ -31,25 +31,23 @@ class TestPythonIsolation(TestApplicationPython): with open(cgroup, 'r') as f: return f.read().rstrip() - def test_python_isolation_rootfs(self, is_su, temp_dir): - isolation_features = option.available['features']['isolation'].keys() - - if not is_su: - if not 'unprivileged_userns_clone' in isolation_features: - pytest.skip('requires unprivileged userns or root') - - if 'user' not in isolation_features: - pytest.skip('user namespace is not supported') - - if 'mnt' not in isolation_features: - pytest.skip('mnt namespace is not supported') - - if 'pid' not in isolation_features: - pytest.skip('pid namespace is not supported') - + def test_python_isolation_rootfs(self, is_su, require, temp_dir): isolation = {'rootfs': temp_dir} if not is_su: + require( + { + 'features': { + 'isolation': [ + 'unprivileged_userns_clone', + 'user', + 'mnt', + 'pid', + ] + } + } + ) + isolation['namespaces'] = { 'mount': True, 'credential': True, @@ -78,9 +76,8 @@ class TestPythonIsolation(TestApplicationPython): assert ret['body']['FileExists'], 'application exists in rootfs' - def test_python_isolation_rootfs_no_language_deps(self, is_su, temp_dir): - if not is_su: - pytest.skip('requires root') + def test_python_isolation_rootfs_no_language_deps(self, require, temp_dir): + require({'privileged_user': True}) isolation = {'rootfs': temp_dir, 'automount': {'language_deps': False}} self.load('empty', isolation=isolation) @@ -103,9 +100,8 @@ class TestPythonIsolation(TestApplicationPython): assert waitforunmount(python_path), 'language_deps unmount' - def test_python_isolation_procfs(self, is_su, temp_dir): - if not is_su: - pytest.skip('requires root') + def test_python_isolation_procfs(self, require, temp_dir): + require({'privileged_user': True}) isolation = {'rootfs': temp_dir, 'automount': {'procfs': False}} @@ -123,12 +119,10 @@ class TestPythonIsolation(TestApplicationPython): 'FileExists' ], '/proc/self' - def test_python_isolation_cgroup(self, is_su): - if not is_su: - pytest.skip('requires root') - - if not 'cgroup' in option.available['features']['isolation']: - pytest.skip('cgroup is not supported') + def test_python_isolation_cgroup(self, require): + require( + {'privileged_user': True, 'features': {'isolation': ['cgroup']}} + ) def set_cgroup_path(path): isolation = {'cgroup': {'path': path}} @@ -146,12 +140,10 @@ class TestPythonIsolation(TestApplicationPython): assert len(cgroup_rel.parts) >= len(cgroup_abs.parts) - def test_python_isolation_cgroup_two(self, is_su): - if not is_su: - pytest.skip('requires root') - - if not 'cgroup' in option.available['features']['isolation']: - pytest.skip('cgroup is not supported') + def test_python_isolation_cgroup_two(self, require): + require( + {'privileged_user': True, 'features': {'isolation': ['cgroup']}} + ) def set_two_cgroup_path(path, path2): script_path = f'{option.test_dir}/python/empty' @@ -193,12 +185,10 @@ class TestPythonIsolation(TestApplicationPython): set_two_cgroup_path('/scope/python', '/scope2/python') assert self.get_cgroup('one') != self.get_cgroup('two') - def test_python_isolation_cgroup_invalid(self, is_su): - if not is_su: - pytest.skip('requires root') - - if not 'cgroup' in option.available['features']['isolation']: - pytest.skip('cgroup is not supported') + def test_python_isolation_cgroup_invalid(self, require): + require( + {'privileged_user': True, 'features': {'isolation': ['cgroup']}} + ) def check_invalid(path): script_path = f'{option.test_dir}/python/empty' |