> On March 31, 2016, 6:11 p.m., Zameer Manji wrote: > > The change and the tests LGTM. > > > > I currently have great ideas on how to ensure end to end validation. The > > best idea that I can provide is make use of the shell checker in the e2e > > tests. The program executed by the shell checker should just return 1 if it > > is executed as root and return 0 if it isn't. The e2e test can check for > > task failure and infer that the command was run as root if the task fails. > > Joshua Cohen wrote: > If we want something that would give us more certainty that the e2e test > behaved as expected, we could touch a file in /tmp as root (from the test > runner) and configure a shell health checker that tries to remove it. Then we > can assert that the health check failed and that the file still exists (thus > giving us confidence that the reason for the failure was permission-based and > not due to some other factor). > > Bill Farner wrote: > I was thinking something along the lines of access as well. How about a > check that tries to do something pseudo-malicious like delete `/etc/passwd`? > > Zameer Manji wrote: > +1 deleting /etc/passwd or similar it a good test.
Yea, e2e has a test which makes sure a failed health check rolls back the update: https://github.com/apache/aurora/blob/master/src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh#L206 Should be super easy to modify it to roll back on a file you aren't supposed to delete. - Dmitriy ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/45506/#review126378 ----------------------------------------------------------- On March 31, 2016, 6:38 p.m., Bill Farner wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/45506/ > ----------------------------------------------------------- > > (Updated March 31, 2016, 6:38 p.m.) > > > Review request for Aurora, Dmitriy Shirchenko and Zameer Manji. > > > Bugs: AURORA-1641 > https://issues.apache.org/jira/browse/AURORA-1641 > > > Repository: aurora > > > Description > ------- > > Here's a stab at this using `os` and `pwd` modules directly to demote health > checks to the target user. > > > Diffs > ----- > > src/main/python/apache/aurora/common/health_check/shell.py > 6cb7dfc164f4e16143fc974d50c19a5887d32015 > src/main/python/apache/aurora/executor/common/health_checker.py > 28fd3ec3ef7d0b66621c0295804af0eb72c64b4a > src/test/python/apache/aurora/common/health_check/test_shell.py > 7026af8c4671a40f4b517ecf12149eac34a552c8 > src/test/python/apache/aurora/executor/common/test_health_checker.py > 19c4f76347e34374c29974c182d1f4c118bcb18d > > Diff: https://reviews.apache.org/r/45506/diff/ > > > Testing > ------- > > I haven't spent any time thinking of a test strategy for this, but i don't > think we should proceed without end-to-end validation. I'm open to ideas > here. > > > Thanks, > > Bill Farner > >