1import unittest
| 1import pytest
|
2 3from unit.applications.lang.php import TestApplicationPHP 4from unit.feature.isolation import TestFeatureIsolation
| 2 3from unit.applications.lang.php import TestApplicationPHP 4from unit.feature.isolation import TestFeatureIsolation
|
| 5from conftest import option
|
5 6 7class TestPHPIsolation(TestApplicationPHP): 8 prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} 9 10 isolation = TestFeatureIsolation() 11 12 @classmethod
| 6 7 8class TestPHPIsolation(TestApplicationPHP): 9 prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']} 10 11 isolation = TestFeatureIsolation() 12 13 @classmethod
|
13 def setUpClass(cls, complete_check=True): 14 unit = super().setUpClass(complete_check=False)
| 14 def setup_class(cls, complete_check=True): 15 unit = super().setup_class(complete_check=False)
|
15
| 16
|
16 TestFeatureIsolation().check(cls.available, unit.testdir)
| 17 TestFeatureIsolation().check(cls.available, unit.temp_dir)
|
17 18 return unit if not complete_check else unit.complete() 19
| 18 19 return unit if not complete_check else unit.complete() 20
|
20 def test_php_isolation_rootfs(self):
| 21 def test_php_isolation_rootfs(self, is_su):
|
21 isolation_features = self.available['features']['isolation'].keys() 22 23 if 'mnt' not in isolation_features:
| 22 isolation_features = self.available['features']['isolation'].keys() 23 24 if 'mnt' not in isolation_features:
|
24 print('requires mnt ns') 25 raise unittest.SkipTest()
| 25 pytest.skip('requires mnt ns')
|
26
| 26
|
27 if not self.is_su:
| 27 if not is_su:
|
28 if 'user' not in isolation_features:
| 28 if 'user' not in isolation_features:
|
29 print('requires unprivileged userns or root') 30 raise unittest.SkipTest()
| 29 pytest.skip('requires unprivileged userns or root')
|
31 32 if not 'unprivileged_userns_clone' in isolation_features:
| 30 31 if not 'unprivileged_userns_clone' in isolation_features:
|
33 print('requires unprivileged userns or root') 34 raise unittest.SkipTest()
| 32 pytest.skip('requires unprivileged userns or root')
|
35 36 isolation = {
| 33 34 isolation = {
|
37 'namespaces': {'credential': not self.is_su, 'mount': True}, 38 'rootfs': self.current_dir,
| 35 'namespaces': {'credential': not is_su, 'mount': True}, 36 'rootfs': option.test_dir,
|
39 } 40 41 self.load('phpinfo', isolation=isolation) 42
| 37 } 38 39 self.load('phpinfo', isolation=isolation) 40
|
43 self.assertIn( 44 'success', self.conf('"/php/phpinfo"', 'applications/phpinfo/root')
| 41 assert 'success' in self.conf( 42 '"/php/phpinfo"', 'applications/phpinfo/root'
|
45 )
| 43 )
|
46 self.assertIn( 47 'success', 48 self.conf( 49 '"/php/phpinfo"', 'applications/phpinfo/working_directory' 50 ),
| 44 assert 'success' in self.conf( 45 '"/php/phpinfo"', 'applications/phpinfo/working_directory'
|
51 ) 52
| 46 ) 47
|
53 self.assertEqual(self.get()['status'], 200, 'empty rootfs')
| 48 assert self.get()['status'] == 200, 'empty rootfs'
|
54
| 49
|
55 def test_php_isolation_rootfs_extensions(self):
| 50 def test_php_isolation_rootfs_extensions(self, is_su):
|
56 isolation_features = self.available['features']['isolation'].keys() 57
| 51 isolation_features = self.available['features']['isolation'].keys() 52
|
58 if not self.is_su:
| 53 if not is_su:
|
59 if 'user' not in isolation_features:
| 54 if 'user' not in isolation_features:
|
60 print('requires unprivileged userns or root') 61 raise unittest.SkipTest()
| 55 pytest.skip('requires unprivileged userns or root')
|
62 63 if not 'unprivileged_userns_clone' in isolation_features:
| 56 57 if not 'unprivileged_userns_clone' in isolation_features:
|
64 print('requires unprivileged userns or root') 65 raise unittest.SkipTest()
| 58 pytest.skip('requires unprivileged userns or root')
|
66 67 if 'mnt' not in isolation_features:
| 59 60 if 'mnt' not in isolation_features:
|
68 print('requires mnt ns') 69 raise unittest.SkipTest()
| 61 pytest.skip('requires mnt ns')
|
70 71 isolation = {
| 62 63 isolation = {
|
72 'rootfs': self.current_dir, 73 'namespaces': { 74 'credential': not self.is_su, 75 'mount': not self.is_su, 76 },
| 64 'rootfs': option.test_dir, 65 'namespaces': {'credential': not is_su, 'mount': not is_su},
|
77 } 78 79 self.load('list-extensions', isolation=isolation) 80
| 66 } 67 68 self.load('list-extensions', isolation=isolation) 69
|
81 self.assertIn( 82 'success', 83 self.conf( 84 '"/php/list-extensions"', 'applications/list-extensions/root' 85 ),
| 70 assert 'success' in self.conf( 71 '"/php/list-extensions"', 'applications/list-extensions/root'
|
86 ) 87
| 72 ) 73
|
88 self.assertIn( 89 'success', 90 self.conf( 91 {'file': '/php/list-extensions/php.ini'}, 92 'applications/list-extensions/options', 93 ),
| 74 assert 'success' in self.conf( 75 {'file': '/php/list-extensions/php.ini'}, 76 'applications/list-extensions/options',
|
94 ) 95
| 77 ) 78
|
96 self.assertIn( 97 'success', 98 self.conf( 99 '"/php/list-extensions"', 100 'applications/list-extensions/working_directory', 101 ),
| 79 assert 'success' in self.conf( 80 '"/php/list-extensions"', 81 'applications/list-extensions/working_directory',
|
102 ) 103 104 extensions = self.getjson()['body'] 105
| 82 ) 83 84 extensions = self.getjson()['body'] 85
|
106 self.assertIn('json', extensions, 'json in extensions list') 107 self.assertIn('unit', extensions, 'unit in extensions list')
| 86 assert 'json' in extensions, 'json in extensions list' 87 assert 'unit' in extensions, 'unit in extensions list'
|
108
| 88
|
109 110 def test_php_isolation_rootfs_no_language_libs(self):
| 89 def test_php_isolation_rootfs_no_language_libs(self, is_su):
|
111 isolation_features = self.available['features']['isolation'].keys() 112
| 90 isolation_features = self.available['features']['isolation'].keys() 91
|
113 if not self.is_su:
| 92 if not is_su:
|
114 if 'user' not in isolation_features:
| 93 if 'user' not in isolation_features:
|
115 print('requires unprivileged userns or root') 116 raise unittest.SkipTest()
| 94 pytest.skip('requires unprivileged userns or root')
|
117 118 if not 'unprivileged_userns_clone' in isolation_features:
| 95 96 if not 'unprivileged_userns_clone' in isolation_features:
|
119 print('requires unprivileged userns or root') 120 raise unittest.SkipTest()
| 97 pytest.skip('requires unprivileged userns or root')
|
121 122 if 'mnt' not in isolation_features:
| 98 99 if 'mnt' not in isolation_features:
|
123 print('requires mnt ns') 124 raise unittest.SkipTest()
| 100 pytest.skip('requires mnt ns')
|
125 126 isolation = {
| 101 102 isolation = {
|
127 'rootfs': self.current_dir,
| 103 'rootfs': option.test_dir,
|
128 'automount': {'language_deps': False},
| 104 'automount': {'language_deps': False},
|
129 'namespaces': { 130 'credential': not self.is_su, 131 'mount': not self.is_su, 132 },
| 105 'namespaces': {'credential': not is_su, 'mount': not is_su},
|
133 } 134 135 self.load('list-extensions', isolation=isolation) 136
| 106 } 107 108 self.load('list-extensions', isolation=isolation) 109
|
137 self.assertIn( 138 'success', 139 self.conf( 140 '"/php/list-extensions"', 'applications/list-extensions/root' 141 ),
| 110 assert 'success' in self.conf( 111 '"/php/list-extensions"', 'applications/list-extensions/root'
|
142 ) 143
| 112 ) 113
|
144 self.assertIn( 145 'success', 146 self.conf( 147 {'file': '/php/list-extensions/php.ini'}, 148 'applications/list-extensions/options', 149 ),
| 114 assert 'success' in self.conf( 115 {'file': '/php/list-extensions/php.ini'}, 116 'applications/list-extensions/options',
|
150 ) 151
| 117 ) 118
|
152 self.assertIn( 153 'success', 154 self.conf( 155 '"/php/list-extensions"', 156 'applications/list-extensions/working_directory', 157 ),
| 119 assert 'success' in self.conf( 120 '"/php/list-extensions"', 121 'applications/list-extensions/working_directory',
|
158 ) 159 160 extensions = self.getjson()['body'] 161
| 122 ) 123 124 extensions = self.getjson()['body'] 125
|
162 self.assertIn('unit', extensions, 'unit in extensions list') 163 self.assertNotIn('json', extensions, 'json not in extensions list')
| 126 assert 'unit' in extensions, 'unit in extensions list' 127 assert 'json' not in extensions, 'json not in extensions list'
|
164
| 128
|
165 self.assertIn( 166 'success', 167 self.conf( 168 {'language_deps': True}, 169 'applications/list-extensions/isolation/automount', 170 ),
| 129 assert 'success' in self.conf( 130 {'language_deps': True}, 131 'applications/list-extensions/isolation/automount',
|
171 ) 172 173 extensions = self.getjson()['body'] 174
| 132 ) 133 134 extensions = self.getjson()['body'] 135
|
175 self.assertIn('unit', extensions, 'unit in extensions list 2') 176 self.assertIn('json', extensions, 'json in extensions list 2')
| 136 assert 'unit' in extensions, 'unit in extensions list 2' 137 assert 'json' in extensions, 'json in extensions list 2'
|
177
| 138
|
178 179if __name__ == '__main__': 180 TestPHPIsolation.main()
| |
| |