Repository: hadoop Updated Branches: refs/heads/branch-3.1 0873cfcb5 -> 39236da2f
http://git-wip-us.apache.org/repos/asf/hadoop/blob/39236da2/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc index 35b7873..1096935 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/test/utils/test_docker_util.cc @@ -94,45 +94,68 @@ namespace ContainerExecutor { write_file(docker_command_file, contents); } + char* flatten(args *args) { + size_t string_len = 0; + size_t current_len = 0; + char *buffer = (char *) malloc(8192 * sizeof(char)); + for (int i = 0; i < args->length; i++) { + string_len = strlen(args->data[i]); + if (string_len != 0) { + strncpy(buffer + current_len, args->data[i], string_len); + current_len = current_len + string_len; + if (args->length - 1 != i) { + strncpy(buffer + current_len, " ", 1); + current_len++; + } + } + } + buffer[current_len] = '\0'; + return buffer; + } + void run_docker_command_test(const std::vector<std::pair<std::string, std::string> > &file_cmd_vec, const std::vector<std::pair<std::string, int> > &bad_file_cmd_vec, - int (*docker_func)(const char *, const struct configuration *, char *, const size_t)) { - char tmp[8192]; + int (*docker_func)(const char *, const struct configuration *, args *)) { + struct args tmp = ARGS_INITIAL_VALUE; std::vector<std::pair<std::string, std::string> >::const_iterator itr; for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(tmp, 0, 8192); + reset_args(&tmp); write_command_file(itr->first); - int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, tmp, 8192); + int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp); ASSERT_EQ(0, ret) << "error message: " << get_docker_error_message(ret) << " for input " << itr->first; - ASSERT_STREQ(itr->second.c_str(), tmp); + char *actual = flatten(&tmp); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } std::vector<std::pair<std::string, int> >::const_iterator itr2; for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { - memset(tmp, 0, 8192); + reset_args(&tmp); write_command_file(itr2->first); - int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, tmp, 8192); + int ret = (*docker_func)(docker_command_file.c_str(), &container_executor_cfg, &tmp); ASSERT_EQ(itr2->second, ret) << " for " << itr2->first << std::endl; - ASSERT_EQ(0, strlen(tmp)); } - int ret = (*docker_func)("unknown-file", &container_executor_cfg, tmp, 8192); + reset_args(&tmp); + int ret = (*docker_func)("unknown-file", &container_executor_cfg, &tmp); ASSERT_EQ(static_cast<int>(INVALID_COMMAND_FILE), ret); + reset_args(&tmp); } void run_docker_run_helper_function(const std::vector<std::pair<std::string, std::string> > &file_cmd_vec, - int (*helper_func)(const struct configuration *, char *, const size_t)) { + int (*helper_func)(const struct configuration *, args *)) { std::vector<std::pair<std::string, std::string> >::const_iterator itr; for(itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { struct configuration cfg; - const int buff_len = 1024; - char buff[buff_len]; - memset(buff, 0, buff_len); + struct args buff = ARGS_INITIAL_VALUE; + reset_args(&buff); write_command_file(itr->first); int ret = read_config(docker_command_file.c_str(), &cfg); if(ret == 0) { - ret = (*helper_func)(&cfg, buff, buff_len); + ret = (*helper_func)(&cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } } } @@ -142,12 +165,12 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=inspect\n format={{.State.Status}}\n name=container_e1_12312_11111_02_000001", - "inspect --format={{.State.Status}} container_e1_12312_11111_02_000001")); + "/usr/bin/docker inspect --format={{.State.Status}} container_e1_12312_11111_02_000001")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=inspect\n" " format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}}\n" " name=container_e1_12312_11111_02_000001", - "inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001")); + "/usr/bin/docker inspect --format={{range(.NetworkSettings.Networks)}}{{.IPAddress}},{{end}}{{.Config.Hostname}} container_e1_12312_11111_02_000001")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -179,7 +202,7 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=load\n image=image-id", - "load --i='image-id' ")); + "/usr/bin/docker load --i=image-id")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -249,7 +272,7 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=pull\n image=image-id", - "pull 'image-id' ")); + "/usr/bin/docker pull image-id")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -269,7 +292,7 @@ namespace ContainerExecutor { file_cmd_vec.push_back( std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=rm\n name=container_e1_12312_11111_02_000001", - "rm container_e1_12312_11111_02_000001")); + "/usr/bin/docker rm container_e1_12312_11111_02_000001")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -289,10 +312,10 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001", - "stop container_e1_12312_11111_02_000001")); + "/usr/bin/docker stop container_e1_12312_11111_02_000001")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=stop\n name=container_e1_12312_11111_02_000001\ntime=25", - "stop --time=25 container_e1_12312_11111_02_000001")); + "/usr/bin/docker stop --time=25 container_e1_12312_11111_02_000001")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -316,10 +339,10 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001", - "kill container_e1_12312_11111_02_000001")); + "/usr/bin/docker kill container_e1_12312_11111_02_000001")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=kill\n name=container_e1_12312_11111_02_000001\nsignal=SIGQUIT", - "kill --signal=SIGQUIT container_e1_12312_11111_02_000001")); + "/usr/bin/docker kill --signal=SIGQUIT container_e1_12312_11111_02_000001")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -361,7 +384,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_detach_container) { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n detach=true", "-d ")); + "[docker-command-execution]\n docker-command=run\n detach=true", "-d")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -371,7 +394,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_rm_container) { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n rm=true", "--rm ")); + "[docker-command-execution]\n docker-command=run\n rm=true", "--rm")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -381,7 +404,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_set_container_workdir) { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n workdir=/tmp/test", "--workdir='/tmp/test' ")); + "[docker-command-execution]\n docker-command=run\n workdir=/tmp/test", "--workdir=/tmp/test")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -392,7 +415,7 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n cgroup-parent=/sys/fs/cgroup/yarn", - "--cgroup-parent='/sys/fs/cgroup/yarn' ")); + "--cgroup-parent=/sys/fs/cgroup/yarn")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -402,7 +425,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_set_hostname) { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n hostname=ctr-id", "--hostname='ctr-id' ")); + "[docker-command-execution]\n docker-command=run\n hostname=ctr-id", "--hostname=ctr-id")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -412,7 +435,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_set_group_add) { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n group-add=1000,1001", "--group-add '1000' --group-add '1001' ")); + "[docker-command-execution]\n docker-command=run\n group-add=1000,1001", "--group-add 1000 --group-add 1001")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); @@ -421,15 +444,15 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_set_network) { struct configuration container_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; + reset_args(&buff); int ret = 0; std::string container_executor_cfg_contents = "[docker]\n docker.allowed.networks=sdn1,bridge"; std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n net=bridge", "--net='bridge' ")); + "[docker-command-execution]\n docker-command=run\n net=bridge", "--net=bridge")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n net=sdn1", "--net='sdn1' ")); + "[docker-command-execution]\n docker-command=run\n net=sdn1", "--net=sdn1")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); write_container_executor_cfg(container_executor_cfg_contents); @@ -441,15 +464,17 @@ namespace ContainerExecutor { } for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { struct configuration cmd_cfg; - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_network(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_network(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } struct configuration cmd_cfg_1; write_command_file("[docker-command-execution]\n docker-command=run\n net=sdn2"); @@ -457,10 +482,10 @@ namespace ContainerExecutor { if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_network(&cmd_cfg_1, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_network(&cmd_cfg_1, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_NETWORK, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); container_executor_cfg_contents = "[docker]\n"; write_container_executor_cfg(container_executor_cfg_contents); @@ -468,16 +493,15 @@ namespace ContainerExecutor { if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_network(&cmd_cfg_1, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_network(&cmd_cfg_1, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_NETWORK, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } TEST_F(TestDockerUtil, test_set_pid_namespace) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; int ret = 0; std::string container_executor_cfg_contents[] = {"[docker]\n docker.host-pid-namespace.enabled=1", "[docker]\n docker.host-pid-namespace.enabled=true", @@ -490,7 +514,7 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> >::const_iterator itr; std::vector<std::pair<std::string, int> >::const_iterator itr2; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n pid=host", "--pid='host' ")); + "[docker-command-execution]\n docker-command=run\n pid=host", "--pid='host'")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -505,26 +529,28 @@ namespace ContainerExecutor { FAIL(); } for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr2->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(itr2->second, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } } @@ -539,15 +565,16 @@ namespace ContainerExecutor { file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run", "")); for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } bad_file_cmd_vec.clear(); bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -557,15 +584,15 @@ namespace ContainerExecutor { "[docker-command-execution]\n docker-command=run\n pid=host", static_cast<int>(PID_HOST_DISABLED))); for (itr2 = bad_file_cmd_vec.begin(); itr2 != bad_file_cmd_vec.end(); ++itr2) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr2->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_pid_namespace(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_pid_namespace(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(itr2->second, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } } } @@ -610,8 +637,7 @@ namespace ContainerExecutor { TEST_F(TestDockerUtil, test_set_privileged) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; int ret = 0; std::string container_executor_cfg_contents[] = {"[docker]\n docker.privileged-containers.enabled=1\n docker.privileged-containers.registries=hadoop", "[docker]\n docker.privileged-containers.enabled=true\n docker.privileged-containers.registries=hadoop", @@ -639,24 +665,25 @@ namespace ContainerExecutor { FAIL(); } for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(6, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } write_command_file("[docker-command-execution]\n docker-command=run\n user=nobody\n privileged=true\n image=nothadoop/image"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } @@ -671,31 +698,32 @@ namespace ContainerExecutor { file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n user=root\n privileged=false", "")); for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_privileged(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } write_command_file("[docker-command-execution]\n docker-command=run\n user=root\n privileged=true"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_privileged(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_privileged(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(PRIVILEGED_CONTAINERS_DISABLED, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } } TEST_F(TestDockerUtil, test_set_capabilities) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; int ret = 0; std::string container_executor_cfg_contents = "[docker]\n" " docker.allowed.capabilities=CHROOT,MKNOD\n" @@ -703,19 +731,19 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=CHROOT,MKNOD", - "--cap-drop='ALL' --cap-add='CHROOT' --cap-add='MKNOD' ")); + "--cap-drop=ALL --cap-add=CHROOT --cap-add=MKNOD")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/docker-image\n cap-add=CHROOT,MKNOD", - "--cap-drop='ALL' ")); + "--cap-drop=ALL")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=CHROOT", - "--cap-drop='ALL' --cap-add='CHROOT' ")); + "--cap-drop=ALL --cap-add=CHROOT")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n", - "--cap-drop='ALL' ")); + "--cap-drop=ALL")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/docker-image\n", - "--cap-drop='ALL' ")); + "--cap-drop=ALL")); write_container_executor_cfg(container_executor_cfg_contents); ret = read_config(container_executor_cfg_file.c_str(), &container_cfg); @@ -724,25 +752,26 @@ namespace ContainerExecutor { FAIL(); } for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_capabilities(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/docker-image\n cap-add=SETGID"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_capabilities(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret); - ASSERT_EQ(0, strlen(buff)); container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n"; write_container_executor_cfg(container_executor_cfg_contents); @@ -750,16 +779,15 @@ namespace ContainerExecutor { if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_capabilities(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_capabilities(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_CAPABILITY, ret); - ASSERT_EQ(0, strlen(buff)); } TEST_F(TestDockerUtil, test_set_devices) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; + reset_args(&buff); int ret = 0; std::string container_executor_cfg_contents = "[docker]\n" " docker.privileged-containers.registries=hadoop\n" @@ -767,22 +795,22 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/test-device:/dev/test-device", - "--device='/dev/test-device:/dev/test-device' ")); + "--device=/dev/test-device:/dev/test-device")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device2:/dev/device2", - "--device='/dev/device2:/dev/device2' ")); + "--device=/dev/device2:/dev/device2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n" " devices=/dev/test-device:/dev/test-device,/dev/device2:/dev/device2", - "--device='/dev/test-device:/dev/test-device' --device='/dev/device2:/dev/device2' ")); + "--device=/dev/test-device:/dev/test-device --device=/dev/device2:/dev/device2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n" "devices=/dev/nvidiactl:/dev/nvidiactl", - "--device='/dev/nvidiactl:/dev/nvidiactl' ")); + "--device=/dev/nvidiactl:/dev/nvidiactl")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n" "devices=/dev/nvidia1:/dev/nvidia1,/dev/gpu-uvm-tools:/dev/gpu-uvm-tools", - "--device='/dev/nvidia1:/dev/nvidia1' --device='/dev/gpu-uvm-tools:/dev/gpu-uvm-tools' ")); + "--device=/dev/nvidia1:/dev/nvidia1 --device=/dev/gpu-uvm-tools:/dev/gpu-uvm-tools")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image", "")); write_container_executor_cfg(container_executor_cfg_contents); @@ -793,75 +821,77 @@ namespace ContainerExecutor { FAIL(); } for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } write_command_file("[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n devices=/dev/test-device:/dev/test-device"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device3:/dev/device3"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/testnvidia:/dev/testnvidia"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/gpu-nvidia-uvm:/dev/gpu-nvidia-uvm"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n devices=/dev/device1"); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); container_executor_cfg_contents = "[docker]\n"; write_container_executor_cfg(container_executor_cfg_contents); @@ -869,37 +899,36 @@ namespace ContainerExecutor { if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = set_devices(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = set_devices(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_DEVICE, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } TEST_F(TestDockerUtil, test_add_rw_mounts) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; int ret = 0; std::string container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n " - "docker.allowed.rw-mounts=/opt,/var,/usr/bin/cut,..\n " + "docker.allowed.rw-mounts=/opt,/var,/usr/bin/cut\n " "docker.allowed.ro-mounts=/etc/passwd"; std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var:/var", "-v '/var:/var' ")); + "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var:/var", "-v /var:/var")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/var:/var", "")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var/:/var/", "-v '/var/:/var/' ")); + "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/var/:/var/", "-v /var/:/var/")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/usr/bin/cut:/usr/bin/cut", - "-v '/usr/bin/cut:/usr/bin/cut' ")); + "-v /usr/bin/cut:/usr/bin/cut")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/lib:/lib", "")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts=/opt:/mydisk1,/var/log/:/mydisk2", - "-v '/opt:/mydisk1' -v '/var/log/:/mydisk2' ")); + "-v /opt:/mydisk1 -v /var/log/:/mydisk2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n rw-mounts=/opt:/mydisk1,/var/log/:/mydisk2", "")); @@ -922,15 +951,17 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> >::const_iterator itr; for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } std::vector<std::pair<std::string, int> > bad_file_cmds_vec; @@ -947,16 +978,18 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, int> >::const_iterator itr2; for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr2->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(itr2->second, ret); - ASSERT_STREQ("", buff); + ASSERT_STREQ("", actual); + free(actual); } // verify that you can't mount any directory in the container-executor.cfg path @@ -964,16 +997,18 @@ namespace ContainerExecutor { while (strlen(ce_path) != 0) { std::string cmd_file_contents = "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n rw-mounts="; cmd_file_contents.append(ce_path).append(":").append("/etc/hadoop"); - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(cmd_file_contents); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_RW_MOUNT, ret) << " for input " << cmd_file_contents; - ASSERT_STREQ("", buff); + char *actual = flatten(&buff); + ASSERT_STREQ("", actual); + free(actual); char *tmp = strrchr(ce_path, '/'); if (tmp != NULL) { *tmp = '\0'; @@ -989,46 +1024,45 @@ namespace ContainerExecutor { if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = add_rw_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = add_rw_mounts(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_EQ(11, strlen(buff)); + ASSERT_STREQ("", actual); + free(actual); } TEST_F(TestDockerUtil, test_add_ro_mounts) { struct configuration container_cfg, cmd_cfg; - const int buff_len = 1024; - char buff[buff_len]; + struct args buff = ARGS_INITIAL_VALUE; int ret = 0; std::string container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n " - "docker.allowed.rw-mounts=/home/,/var,/usr/bin/cut,..\n " + "docker.allowed.rw-mounts=/home/,/var,/usr/bin/cut\n " "docker.allowed.ro-mounts=/etc/passwd,/etc/group"; std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var:/var", "-v '/var:/var:ro' ")); - file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n ro-mounts=/var:/var", "")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=nothadoop/image\n ro-mounts=/etc:/etc", "")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/:/var/", "-v '/var/:/var/:ro' ")); + "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/:/var/", "-v /var/:/var/:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home", "-v '/home:/home:ro' ")); + "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home", "-v /home:/home:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( - "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home/:/home", "-v '/home/:/home:ro' ")); + "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home/:/home", "-v /home/:/home:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/usr/bin/cut:/usr/bin/cut", - "-v '/usr/bin/cut:/usr/bin/cut:ro' ")); + "-v /usr/bin/cut:/usr/bin/cut:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/etc/group:/etc/group", - "-v '/etc/group:/etc/group:ro' ")); + "-v /etc/group:/etc/group:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/etc/passwd:/etc/passwd", - "-v '/etc/passwd:/etc/passwd:ro' ")); + "-v /etc/passwd:/etc/passwd:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/var/log:/mydisk1,/etc/passwd:/etc/passwd", - "-v '/var/log:/mydisk1:ro' -v '/etc/passwd:/etc/passwd:ro' ")); + "-v /var/log:/mydisk1:ro -v /etc/passwd:/etc/passwd:ro")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n image=hadoop/image\n", "")); write_container_executor_cfg(container_executor_cfg_contents); @@ -1046,15 +1080,17 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> >::const_iterator itr; for (itr = file_cmd_vec.begin(); itr != file_cmd_vec.end(); ++itr) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(0, ret); - ASSERT_STREQ(itr->second.c_str(), buff); + ASSERT_STREQ(itr->second.c_str(), actual); + free(actual); } std::vector<std::pair<std::string, int> > bad_file_cmds_vec; @@ -1068,16 +1104,18 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, int> >::const_iterator itr2; for (itr2 = bad_file_cmds_vec.begin(); itr2 != bad_file_cmds_vec.end(); ++itr2) { - memset(buff, 0, buff_len); + reset_args(&buff); write_command_file(itr2->first); ret = read_config(docker_command_file.c_str(), &cmd_cfg); if (ret != 0) { FAIL(); } - strcpy(buff, "test string"); - ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff); + char *actual = flatten(&buff); ASSERT_EQ(itr2->second, ret); - ASSERT_STREQ("", buff); + ASSERT_STREQ("", actual); + free(actual); } container_executor_cfg_contents = "[docker]\n docker.privileged-containers.registries=hadoop\n"; @@ -1087,10 +1125,10 @@ namespace ContainerExecutor { FAIL(); } write_command_file("[docker-command-execution]\n docker-command=run\n image=hadoop/image\n ro-mounts=/home:/home"); - strcpy(buff, "test string"); - ret = add_ro_mounts(&cmd_cfg, &container_cfg, buff, buff_len); + reset_args(&buff); + ret = add_ro_mounts(&cmd_cfg, &container_cfg, &buff); ASSERT_EQ(INVALID_DOCKER_RO_MOUNT, ret); - ASSERT_EQ(0, strlen(buff)); + ASSERT_EQ(0, buff.length); } TEST_F(TestDockerUtil, test_docker_run_privileged) { @@ -1113,14 +1151,14 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'hadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'nothadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL nothadoop/docker-image")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=hadoop/docker-image\n user=nobody\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'hadoop/docker-image' 'bash' 'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL hadoop/docker-image bash test_script.sh arg1 arg2")); // Test non-privileged conatiner with launch command file_cmd_vec.push_back(std::make_pair<std::string, std::string>( @@ -1130,10 +1168,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN'" - " --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' " - "'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN" + " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash " + "test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" " docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n" @@ -1141,8 +1179,8 @@ namespace ContainerExecutor { " network=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm" - " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm" + " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); // Test non-privileged container and drop all privileges file_cmd_vec.push_back(std::make_pair<std::string, std::string>( @@ -1152,10 +1190,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN' " - "--cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash'" - " 'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN " + "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash" + " test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" " docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n" @@ -1163,8 +1201,8 @@ namespace ContainerExecutor { " network=bridge\n net=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge'" - " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge" + " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); // Test privileged container file_cmd_vec.push_back(std::make_pair<std::string, std::string>( @@ -1174,10 +1212,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --privileged --cap-drop='ALL' " - "--cap-add='CHOWN' --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' " - "'bash' 'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL " + "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image " + "bash test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" @@ -1186,10 +1224,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n privileged=true\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n group-add=1000,1001\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --privileged --cap-drop='ALL' " - "--cap-add='CHOWN' --cap-add='SETUID' --hostname='host-id' " - "--device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' 'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --privileged --cap-drop=ALL " + "--cap-add=CHOWN --cap-add=SETUID --hostname=host-id " + "--device=/dev/test:/dev/test hadoop/docker-image bash test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" @@ -1197,9 +1235,9 @@ namespace ContainerExecutor { " network=bridge\n net=bridge\n" " detach=true\n rm=true\n group-add=1000,1001\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' --cap-drop='ALL' " - "--hostname='host-id' --group-add '1000' --group-add '1001' " - "'docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge --cap-drop=ALL " + "--hostname=host-id --group-add 1000 --group-add 1001 " + "docker-image")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; @@ -1302,11 +1340,11 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n user=nobody", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n name=container_e1_12312_11111_02_000001\n image=docker-image\n" " user=nobody\n launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" @@ -1315,10 +1353,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN'" - " --cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash' " - "'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN" + " --cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash " + "test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" " docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n" @@ -1326,8 +1364,8 @@ namespace ContainerExecutor { " network=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm" - " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm" + " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" @@ -1336,10 +1374,10 @@ namespace ContainerExecutor { " network=bridge\n devices=/dev/test:/dev/test\n net=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge' -v '/var/log:/var/log:ro' -v '/var/lib:/lib:ro'" - " -v '/usr/bin/cut:/usr/bin/cut:ro' -v '/tmp:/tmp' --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --cap-add='CHOWN' " - "--cap-add='SETUID' --hostname='host-id' --device='/dev/test:/dev/test' 'hadoop/docker-image' 'bash'" - " 'test_script.sh' 'arg1' 'arg2' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge -v /var/log:/var/log:ro -v /var/lib:/lib:ro" + " -v /usr/bin/cut:/usr/bin/cut:ro -v /tmp:/tmp --cgroup-parent=ctr-cgroup --cap-drop=ALL --cap-add=CHOWN " + "--cap-add=SETUID --hostname=host-id --device=/dev/test:/dev/test hadoop/docker-image bash" + " test_script.sh arg1 arg2")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n" " docker-command=run\n name=container_e1_12312_11111_02_000001\n image=nothadoop/docker-image\n user=nobody\n hostname=host-id\n" @@ -1347,8 +1385,8 @@ namespace ContainerExecutor { " network=bridge\n net=bridge\n" " cap-add=CHOWN,SETUID\n cgroup-parent=ctr-cgroup\n detach=true\n rm=true\n" " launch-command=bash,test_script.sh,arg1,arg2", - "run --name='container_e1_12312_11111_02_000001' --user='nobody' -d --rm --net='bridge'" - " --cgroup-parent='ctr-cgroup' --cap-drop='ALL' --hostname='host-id' 'nothadoop/docker-image' ")); + "/usr/bin/docker run --name=container_e1_12312_11111_02_000001 --user=nobody -d --rm --net=bridge" + " --cgroup-parent=ctr-cgroup --cap-drop=ALL --hostname=host-id nothadoop/docker-image")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; bad_file_cmd_vec.push_back(std::make_pair<std::string, int>( @@ -1369,34 +1407,35 @@ namespace ContainerExecutor { input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=inspect\n docker-config=/my-config\n" " format={{.State.Status}}\n name=container_e1_12312_11111_02_000001", - "--config='/my-config' inspect --format={{.State.Status}} container_e1_12312_11111_02_000001")); + "/usr/bin/docker --config=/my-config inspect --format={{.State.Status}} container_e1_12312_11111_02_000001")); input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=load\n docker-config=/my-config\n image=image-id", - "--config='/my-config' load --i='image-id' ")); + "/usr/bin/docker --config=/my-config load --i=image-id")); input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=pull\n docker-config=/my-config\n image=image-id", - "--config='/my-config' pull 'image-id' ")); + "/usr/bin/docker --config=/my-config pull image-id")); input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=rm\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001", - "--config='/my-config' rm container_e1_12312_11111_02_000001")); + "/usr/bin/docker --config=/my-config rm container_e1_12312_11111_02_000001")); input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=stop\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001", - "--config='/my-config' stop container_e1_12312_11111_02_000001")); + "/usr/bin/docker --config=/my-config stop container_e1_12312_11111_02_000001")); input_output_map.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=run\n docker-config=/my-config\n name=container_e1_12312_11111_02_000001\n" " image=docker-image\n user=nobody", - "--config='/my-config' run --name='container_e1_12312_11111_02_000001' --user='nobody' --cap-drop='ALL' 'docker-image' ")); + "/usr/bin/docker --config=/my-config run --name=container_e1_12312_11111_02_000001 --user=nobody --cap-drop=ALL docker-image")); std::vector<std::pair<std::string, std::string> >::const_iterator itr; - char buffer[4096]; + struct args buffer = ARGS_INITIAL_VALUE; struct configuration cfg = {0, NULL}; for (itr = input_output_map.begin(); itr != input_output_map.end(); ++itr) { - memset(buffer, 0, 4096); + reset_args(&buffer); write_command_file(itr->first); - int ret = get_docker_command(docker_command_file.c_str(), &cfg, buffer, 4096); + int ret = get_docker_command(docker_command_file.c_str(), &cfg, &buffer); ASSERT_EQ(0, ret) << "for input " << itr->first; - ASSERT_STREQ(itr->second.c_str(), buffer); + ASSERT_STREQ(itr->second.c_str(), flatten(&buffer)); } + reset_args(&buffer); } TEST_F(TestDockerUtil, test_docker_module_enabled) { @@ -1430,10 +1469,10 @@ namespace ContainerExecutor { std::vector<std::pair<std::string, std::string> > file_cmd_vec; file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=volume\n sub-command=create\n volume=volume1 \n driver=driver1", - "volume create --name=volume1 --driver=driver1")); + "/usr/bin/docker volume create --name=volume1 --driver=driver1")); file_cmd_vec.push_back(std::make_pair<std::string, std::string>( "[docker-command-execution]\n docker-command=volume\n format={{.Name}},{{.Driver}}\n sub-command=ls", - "volume ls --format={{.Name}},{{.Driver}}")); + "/usr/bin/docker volume ls --format={{.Name}},{{.Driver}}")); std::vector<std::pair<std::string, int> > bad_file_cmd_vec; --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org
