> On March 31, 2016, 11:11 a.m., Zameer Manji wrote:
> > The change and the tests LGTM.
> > 
> > I currently have great ideas on how to ensure end to end validation. The 
> > best idea that I can provide is make use of the shell checker in the e2e 
> > tests. The program executed by the shell checker should just return 1 if it 
> > is executed as root and return 0 if it isn't. The e2e test can check for 
> > task failure and infer that the command was run as root if the task fails.
> 
> Joshua Cohen wrote:
>     If we want something that would give us more certainty that the e2e test 
> behaved as expected, we could touch a file in /tmp as root (from the test 
> runner) and configure a shell health checker that tries to remove it. Then we 
> can assert that the health check failed and that the file still exists (thus 
> giving us confidence that the reason for the failure was permission-based and 
> not due to some other factor).

I was thinking something along the lines of access as well.  How about a check 
that tries to do something pseudo-malicious like delete `/etc/passwd`?


- Bill


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45506/#review126378
-----------------------------------------------------------


On March 31, 2016, 11:01 a.m., Bill Farner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45506/
> -----------------------------------------------------------
> 
> (Updated March 31, 2016, 11:01 a.m.)
> 
> 
> Review request for Aurora, Dmitriy Shirchenko and Zameer Manji.
> 
> 
> Bugs: AURORA-1641
>     https://issues.apache.org/jira/browse/AURORA-1641
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Here's a stab at this using `os` and `pwd` modules directly to demote health 
> checks to the target user.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/aurora/common/health_check/shell.py 
> 6cb7dfc164f4e16143fc974d50c19a5887d32015 
>   src/main/python/apache/aurora/executor/common/health_checker.py 
> 28fd3ec3ef7d0b66621c0295804af0eb72c64b4a 
>   src/test/python/apache/aurora/common/health_check/test_shell.py 
> 7026af8c4671a40f4b517ecf12149eac34a552c8 
>   src/test/python/apache/aurora/executor/common/test_health_checker.py 
> 19c4f76347e34374c29974c182d1f4c118bcb18d 
> 
> Diff: https://reviews.apache.org/r/45506/diff/
> 
> 
> Testing
> -------
> 
> I haven't spent any time thinking of a test strategy for this, but i don't 
> think we should proceed without end-to-end validation.  I'm open to ideas 
> here.
> 
> 
> Thanks,
> 
> Bill Farner
> 
>

Reply via email to