technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
1a485fed6a8353ecc09e6c0f050e44c0a2d30419
nginx-unit/test/unit/check/isolation.py
Andrei Zeliankou 7934dcabbc Tests: switched to using f-strings. 
Previously, it was necessary to support older versions of Python for
compatibility.  F-strings were released in Python 3.6.  Python 3.5 was
marked as unsupported by the end of 2020, so now it's possible to start
using f-strings safely for better readability and performance.
2023-02-21 17:21:29 +00:00

161 lines
5.2 KiB
Python
Raw Blame History

import json
import os
from unit.applications.lang.go import TestApplicationGo
from unit.applications.lang.java import TestApplicationJava
from unit.applications.lang.node import TestApplicationNode
from unit.applications.lang.ruby import TestApplicationRuby
from unit.http import TestHTTP
from unit.option import option
from unit.utils import getns
allns = ['pid', 'mnt', 'ipc', 'uts', 'cgroup', 'net']
http = TestHTTP()
def check_isolation():
test_conf = {"namespaces": {"credential": True}}
available = option.available
conf = ''
if 'go' in available['modules']:
TestApplicationGo().prepare_env('empty', 'app')
conf = {
"listeners": {"*:7080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "external",
"processes": {"spare": 0},
"working_directory": f"{option.test_dir}/go/empty",
"executable": f"{option.test_dir}/go/app",
"isolation": {"namespaces": {"credential": True}},
},
},
}
elif 'python' in available['modules']:
conf = {
"listeners": {"*:7080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "python",
"processes": {"spare": 0},
"path": f"{option.test_dir}/python/empty",
"working_directory": f"{option.test_dir}/python/empty",
"module": "wsgi",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'php' in available['modules']:
conf = {
"listeners": {"*:7080": {"pass": "applications/phpinfo"}},
"applications": {
"phpinfo": {
"type": "php",
"processes": {"spare": 0},
"root": f"{option.test_dir}/php/phpinfo",
"working_directory": f"{option.test_dir}/php/phpinfo",
"index": "index.php",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'ruby' in available['modules']:
TestApplicationRuby().prepare_env('empty')
conf = {
"listeners": {"*:7080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"type": "ruby",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/ruby/empty",
"script": f"{option.temp_dir}/ruby/empty/config.ru",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'java' in available['modules']:
TestApplicationJava().prepare_env('empty')
conf = {
"listeners": {"*:7080": {"pass": "applications/empty"}},
"applications": {
"empty": {
"unit_jars": f"{option.current_dir}/build",
"type": "java",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/java/empty/",
"webapp": f"{option.temp_dir}/java",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'node' in available['modules']:
TestApplicationNode().prepare_env('basic')
conf = {
"listeners": {"*:7080": {"pass": "applications/basic"}},
"applications": {
"basic": {
"type": "external",
"processes": {"spare": 0},
"working_directory": f"{option.temp_dir}/node",
"executable": "app.js",
"isolation": {"namespaces": {"credential": True}},
}
},
}
elif 'perl' in available['modules']:
conf = {
"listeners": {"*:7080": {"pass": "applications/body_empty"}},
"applications": {
"body_empty": {
"type": "perl",
"processes": {"spare": 0},
"working_directory": f"{option.test_dir}/perl/body_empty",
"script": f"{option.test_dir}/perl/body_empty/psgi.pl",
"isolation": {"namespaces": {"credential": True}},
}
},
}
else:
return
resp = http.put(
url='/config',
sock_type='unix',
addr=f'{option.temp_dir}/control.unit.sock',
body=json.dumps(conf),
)
if 'success' not in resp['body']:
return
userns = getns('user')
if not userns:
return
available['features']['isolation'] = {'user': userns}
unp_clone_path = '/proc/sys/kernel/unprivileged_userns_clone'
if os.path.exists(unp_clone_path):
with open(unp_clone_path, 'r') as f:
if str(f.read()).rstrip() == '1':
available['features']['isolation'][
'unprivileged_userns_clone'
] = True
for ns in allns:
ns_value = getns(ns)
if ns_value:
available['features']['isolation'][ns] = ns_value
Reference in New Issue View Git Blame Copy Permalink