go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gvisor/runsc/boot/fs_test.go

252 lines
7.1 KiB
Go
Raw Normal View History

Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
// Copyright 2019 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package boot
import (
"reflect"
"strings"
"testing"
specs "github.com/opencontainers/runtime-spec/specs-go"
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
"gvisor.dev/gvisor/runsc/config"
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
)
func TestPodMountHintsHappy(t *testing.T) {
spec := &specs.Spec{
Annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount2.source": "bar",
MountPrefix + "mount2.type": "bind",
MountPrefix + "mount2.share": "container",
MountPrefix + "mount2.options": "rw,private",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
}
podHints, err := newPodMountHints(spec)
if err != nil {
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
t.Fatalf("newPodMountHints failed: %v", err)
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
}
// Check that fields were set correctly.
mount1 := podHints.mounts["mount1"]
if want := "mount1"; want != mount1.name {
t.Errorf("mount1 name, want: %q, got: %q", want, mount1.name)
}
if want := "foo"; want != mount1.mount.Source {
t.Errorf("mount1 source, want: %q, got: %q", want, mount1.mount.Source)
}
if want := "tmpfs"; want != mount1.mount.Type {
t.Errorf("mount1 type, want: %q, got: %q", want, mount1.mount.Type)
}
if want := pod; want != mount1.share {
t.Errorf("mount1 type, want: %q, got: %q", want, mount1.share)
}
if want := []string(nil); !reflect.DeepEqual(want, mount1.mount.Options) {
t.Errorf("mount1 type, want: %q, got: %q", want, mount1.mount.Options)
}
mount2 := podHints.mounts["mount2"]
if want := "mount2"; want != mount2.name {
t.Errorf("mount2 name, want: %q, got: %q", want, mount2.name)
}
if want := "bar"; want != mount2.mount.Source {
t.Errorf("mount2 source, want: %q, got: %q", want, mount2.mount.Source)
}
if want := "bind"; want != mount2.mount.Type {
t.Errorf("mount2 type, want: %q, got: %q", want, mount2.mount.Type)
}
if want := container; want != mount2.share {
t.Errorf("mount2 type, want: %q, got: %q", want, mount2.share)
}
if want := []string{"private", "rw"}; !reflect.DeepEqual(want, mount2.mount.Options) {
t.Errorf("mount2 type, want: %q, got: %q", want, mount2.mount.Options)
}
}
func TestPodMountHintsErrors(t *testing.T) {
for _, tst := range []struct {
name string
annotations map[string]string
error string
}{
{
name: "too short",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1": "foo",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "invalid mount annotation",
},
{
name: "no name",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + ".source": "foo",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "invalid mount name",
},
{
name: "missing source",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "source field",
},
{
name: "missing type",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "type field",
},
{
name: "missing share",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "tmpfs",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "share field",
},
{
name: "invalid field name",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.invalid": "foo",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "invalid mount annotation",
},
{
name: "invalid source",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "",
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "source cannot be empty",
},
{
name: "invalid type",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "invalid-type",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "invalid type",
},
{
name: "invalid share",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "invalid-share",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "invalid share",
},
{
name: "invalid options",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "pod",
MountPrefix + "mount1.options": "invalid-option",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "unknown mount option",
},
{
name: "duplicate source",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": "foo",
MountPrefix + "mount1.type": "tmpfs",
MountPrefix + "mount1.share": "pod",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount2.source": "foo",
MountPrefix + "mount2.type": "bind",
MountPrefix + "mount2.share": "container",
Add support to mount pod shared tmpfs mounts Parse annotations containing 'gvisor.dev/spec/mount' that gives hints about how mounts are shared between containers inside a pod. This information can be used to better inform how to mount these volumes inside gVisor. For example, a volume that is shared between containers inside a pod can be bind mounted inside the sandbox, instead of being two independent mounts. For now, this information is used to allow the same tmpfs mounts to be shared between containers which wasn't possible before. PiperOrigin-RevId: 252704037
2019-06-11 21:52:06 +00:00
},
error: "have the same mount source",
},
} {
t.Run(tst.name, func(t *testing.T) {
spec := &specs.Spec{Annotations: tst.annotations}
podHints, err := newPodMountHints(spec)
if err == nil || !strings.Contains(err.Error(), tst.error) {
t.Errorf("newPodMountHints invalid error, want: .*%s.*, got: %v", tst.error, err)
}
if podHints != nil {
t.Errorf("newPodMountHints must return nil on failure: %+v", podHints)
}
})
}
}
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
func TestGetMountAccessType(t *testing.T) {
const source = "foo"
for _, tst := range []struct {
name string
annotations map[string]string
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
want config.FileAccessType
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
}{
{
name: "container=exclusive",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": source,
MountPrefix + "mount1.type": "bind",
MountPrefix + "mount1.share": "container",
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
want: config.FileAccessExclusive,
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
{
name: "pod=shared",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": source,
MountPrefix + "mount1.type": "bind",
MountPrefix + "mount1.share": "pod",
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
want: config.FileAccessShared,
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
{
name: "shared=shared",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": source,
MountPrefix + "mount1.type": "bind",
MountPrefix + "mount1.share": "shared",
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
want: config.FileAccessShared,
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
{
name: "default=shared",
annotations: map[string]string{
Make annotations OCI compliant Changed annotation to follow the standard defined here: https://github.com/opencontainers/image-spec/blob/master/annotations.md PiperOrigin-RevId: 284254847
2019-12-06 21:50:12 +00:00
MountPrefix + "mount1.source": source + "mismatch",
MountPrefix + "mount1.type": "bind",
MountPrefix + "mount1.share": "container",
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
Move boot.Config to its own package Updates #3494 PiperOrigin-RevId: 327548511
2020-08-20 01:35:35 +00:00
want: config.FileAccessShared,
Use mount hints to determine FileAccessType PiperOrigin-RevId: 282401165
2019-11-25 19:41:39 +00:00
},
} {
t.Run(tst.name, func(t *testing.T) {
spec := &specs.Spec{Annotations: tst.annotations}
podHints, err := newPodMountHints(spec)
if err != nil {
t.Fatalf("newPodMountHints failed: %v", err)
}
mounter := containerMounter{hints: podHints}
if got := mounter.getMountAccessType(specs.Mount{Source: source}); got != tst.want {
t.Errorf("getMountAccessType(), want: %v, got: %v", tst.want, got)
}
})
}
}