test_php_isolation.py (1586:d5a1df78d9af) test_php_isolation.py (1596:b7e2d4d92624)
1import unittest
1import pytest
2
3from unit.applications.lang.php import TestApplicationPHP
4from unit.feature.isolation import TestFeatureIsolation
2
3from unit.applications.lang.php import TestApplicationPHP
4from unit.feature.isolation import TestFeatureIsolation
5from conftest import option
5
6
7class TestPHPIsolation(TestApplicationPHP):
8 prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']}
9
10 isolation = TestFeatureIsolation()
11
12 @classmethod
6
7
8class TestPHPIsolation(TestApplicationPHP):
9 prerequisites = {'modules': {'php': 'any'}, 'features': ['isolation']}
10
11 isolation = TestFeatureIsolation()
12
13 @classmethod
13 def setUpClass(cls, complete_check=True):
14 unit = super().setUpClass(complete_check=False)
14 def setup_class(cls, complete_check=True):
15 unit = super().setup_class(complete_check=False)
15
16
16 TestFeatureIsolation().check(cls.available, unit.testdir)
17 TestFeatureIsolation().check(cls.available, unit.temp_dir)
17
18 return unit if not complete_check else unit.complete()
19
18
19 return unit if not complete_check else unit.complete()
20
20 def test_php_isolation_rootfs(self):
21 def test_php_isolation_rootfs(self, is_su):
21 isolation_features = self.available['features']['isolation'].keys()
22
23 if 'mnt' not in isolation_features:
22 isolation_features = self.available['features']['isolation'].keys()
23
24 if 'mnt' not in isolation_features:
24 print('requires mnt ns')
25 raise unittest.SkipTest()
25 pytest.skip('requires mnt ns')
26
26
27 if not self.is_su:
27 if not is_su:
28 if 'user' not in isolation_features:
28 if 'user' not in isolation_features:
29 print('requires unprivileged userns or root')
30 raise unittest.SkipTest()
29 pytest.skip('requires unprivileged userns or root')
31
32 if not 'unprivileged_userns_clone' in isolation_features:
30
31 if not 'unprivileged_userns_clone' in isolation_features:
33 print('requires unprivileged userns or root')
34 raise unittest.SkipTest()
32 pytest.skip('requires unprivileged userns or root')
35
36 isolation = {
33
34 isolation = {
37 'namespaces': {'credential': not self.is_su, 'mount': True},
38 'rootfs': self.current_dir,
35 'namespaces': {'credential': not is_su, 'mount': True},
36 'rootfs': option.test_dir,
39 }
40
41 self.load('phpinfo', isolation=isolation)
42
37 }
38
39 self.load('phpinfo', isolation=isolation)
40
43 self.assertIn(
44 'success', self.conf('"/php/phpinfo"', 'applications/phpinfo/root')
41 assert 'success' in self.conf(
42 '"/php/phpinfo"', 'applications/phpinfo/root'
45 )
43 )
46 self.assertIn(
47 'success',
48 self.conf(
49 '"/php/phpinfo"', 'applications/phpinfo/working_directory'
50 ),
44 assert 'success' in self.conf(
45 '"/php/phpinfo"', 'applications/phpinfo/working_directory'
51 )
52
46 )
47
53 self.assertEqual(self.get()['status'], 200, 'empty rootfs')
48 assert self.get()['status'] == 200, 'empty rootfs'
54
49
55 def test_php_isolation_rootfs_extensions(self):
50 def test_php_isolation_rootfs_extensions(self, is_su):
56 isolation_features = self.available['features']['isolation'].keys()
57
51 isolation_features = self.available['features']['isolation'].keys()
52
58 if not self.is_su:
53 if not is_su:
59 if 'user' not in isolation_features:
54 if 'user' not in isolation_features:
60 print('requires unprivileged userns or root')
61 raise unittest.SkipTest()
55 pytest.skip('requires unprivileged userns or root')
62
63 if not 'unprivileged_userns_clone' in isolation_features:
56
57 if not 'unprivileged_userns_clone' in isolation_features:
64 print('requires unprivileged userns or root')
65 raise unittest.SkipTest()
58 pytest.skip('requires unprivileged userns or root')
66
67 if 'mnt' not in isolation_features:
59
60 if 'mnt' not in isolation_features:
68 print('requires mnt ns')
69 raise unittest.SkipTest()
61 pytest.skip('requires mnt ns')
70
71 isolation = {
62
63 isolation = {
72 'rootfs': self.current_dir,
73 'namespaces': {
74 'credential': not self.is_su,
75 'mount': not self.is_su,
76 },
64 'rootfs': option.test_dir,
65 'namespaces': {'credential': not is_su, 'mount': not is_su},
77 }
78
79 self.load('list-extensions', isolation=isolation)
80
66 }
67
68 self.load('list-extensions', isolation=isolation)
69
81 self.assertIn(
82 'success',
83 self.conf(
84 '"/php/list-extensions"', 'applications/list-extensions/root'
85 ),
70 assert 'success' in self.conf(
71 '"/php/list-extensions"', 'applications/list-extensions/root'
86 )
87
72 )
73
88 self.assertIn(
89 'success',
90 self.conf(
91 {'file': '/php/list-extensions/php.ini'},
92 'applications/list-extensions/options',
93 ),
74 assert 'success' in self.conf(
75 {'file': '/php/list-extensions/php.ini'},
76 'applications/list-extensions/options',
94 )
95
77 )
78
96 self.assertIn(
97 'success',
98 self.conf(
99 '"/php/list-extensions"',
100 'applications/list-extensions/working_directory',
101 ),
79 assert 'success' in self.conf(
80 '"/php/list-extensions"',
81 'applications/list-extensions/working_directory',
102 )
103
104 extensions = self.getjson()['body']
105
82 )
83
84 extensions = self.getjson()['body']
85
106 self.assertIn('json', extensions, 'json in extensions list')
107 self.assertIn('unit', extensions, 'unit in extensions list')
86 assert 'json' in extensions, 'json in extensions list'
87 assert 'unit' in extensions, 'unit in extensions list'
108
88
109
110 def test_php_isolation_rootfs_no_language_libs(self):
89 def test_php_isolation_rootfs_no_language_libs(self, is_su):
111 isolation_features = self.available['features']['isolation'].keys()
112
90 isolation_features = self.available['features']['isolation'].keys()
91
113 if not self.is_su:
92 if not is_su:
114 if 'user' not in isolation_features:
93 if 'user' not in isolation_features:
115 print('requires unprivileged userns or root')
116 raise unittest.SkipTest()
94 pytest.skip('requires unprivileged userns or root')
117
118 if not 'unprivileged_userns_clone' in isolation_features:
95
96 if not 'unprivileged_userns_clone' in isolation_features:
119 print('requires unprivileged userns or root')
120 raise unittest.SkipTest()
97 pytest.skip('requires unprivileged userns or root')
121
122 if 'mnt' not in isolation_features:
98
99 if 'mnt' not in isolation_features:
123 print('requires mnt ns')
124 raise unittest.SkipTest()
100 pytest.skip('requires mnt ns')
125
126 isolation = {
101
102 isolation = {
127 'rootfs': self.current_dir,
103 'rootfs': option.test_dir,
128 'automount': {'language_deps': False},
104 'automount': {'language_deps': False},
129 'namespaces': {
130 'credential': not self.is_su,
131 'mount': not self.is_su,
132 },
105 'namespaces': {'credential': not is_su, 'mount': not is_su},
133 }
134
135 self.load('list-extensions', isolation=isolation)
136
106 }
107
108 self.load('list-extensions', isolation=isolation)
109
137 self.assertIn(
138 'success',
139 self.conf(
140 '"/php/list-extensions"', 'applications/list-extensions/root'
141 ),
110 assert 'success' in self.conf(
111 '"/php/list-extensions"', 'applications/list-extensions/root'
142 )
143
112 )
113
144 self.assertIn(
145 'success',
146 self.conf(
147 {'file': '/php/list-extensions/php.ini'},
148 'applications/list-extensions/options',
149 ),
114 assert 'success' in self.conf(
115 {'file': '/php/list-extensions/php.ini'},
116 'applications/list-extensions/options',
150 )
151
117 )
118
152 self.assertIn(
153 'success',
154 self.conf(
155 '"/php/list-extensions"',
156 'applications/list-extensions/working_directory',
157 ),
119 assert 'success' in self.conf(
120 '"/php/list-extensions"',
121 'applications/list-extensions/working_directory',
158 )
159
160 extensions = self.getjson()['body']
161
122 )
123
124 extensions = self.getjson()['body']
125
162 self.assertIn('unit', extensions, 'unit in extensions list')
163 self.assertNotIn('json', extensions, 'json not in extensions list')
126 assert 'unit' in extensions, 'unit in extensions list'
127 assert 'json' not in extensions, 'json not in extensions list'
164
128
165 self.assertIn(
166 'success',
167 self.conf(
168 {'language_deps': True},
169 'applications/list-extensions/isolation/automount',
170 ),
129 assert 'success' in self.conf(
130 {'language_deps': True},
131 'applications/list-extensions/isolation/automount',
171 )
172
173 extensions = self.getjson()['body']
174
132 )
133
134 extensions = self.getjson()['body']
135
175 self.assertIn('unit', extensions, 'unit in extensions list 2')
176 self.assertIn('json', extensions, 'json in extensions list 2')
136 assert 'unit' in extensions, 'unit in extensions list 2'
137 assert 'json' in extensions, 'json in extensions list 2'
177
138
178
179if __name__ == '__main__':
180 TestPHPIsolation.main()