Skip to content

Commit

Permalink
Merge branch 'mainline' into no_instance_profile
Browse files Browse the repository at this point in the history
  • Loading branch information
@YutongLi291
YutongLi291 authored Nov 18, 2024
2 parents 6b90749 + a44f00a commit 6f1f777
Show file tree
Hide file tree
Showing 2 changed files with 97 additions and 4 deletions.
90 changes: 89 additions & 1 deletion test/e2e/test_job_submissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,13 @@
from typing import Any, Dict, List, Optional
import pytest
import logging
from deadline_test_fixtures import Job, DeadlineClient, TaskStatus, EC2InstanceWorker
from deadline_test_fixtures import (
Job,
DeadlineClient,
PosixSessionUser,
TaskStatus,
EC2InstanceWorker,
)
from e2e.conftest import DeadlineResources
import backoff
import boto3
Expand Down Expand Up @@ -55,6 +61,88 @@ def test_success(

assert job.task_run_status == TaskStatus.SUCCEEDED

@pytest.mark.skipif(
os.environ["OPERATING_SYSTEM"] == "windows",
reason="Linux specific worker log test",
)
def test_worker_writes_logs_to_disk_securely(
self,
deadline_resources,
session_worker: EC2InstanceWorker,
posix_job_user: PosixSessionUser,
deadline_client: DeadlineClient,
) -> None:
# WHEN

job = submit_sleep_job(
"Test Success Sleep Job",
deadline_client,
deadline_resources.farm,
deadline_resources.queue_a,
)

# THEN
LOG.info(f"Waiting for job {job.id} to complete")
job.wait_until_complete(client=deadline_client)
LOG.info(f"Job result: {job}")

assert job.task_run_status == TaskStatus.SUCCEEDED

sessions: list[dict[str, Any]] = deadline_client.list_sessions(
farmId=job.farm.id,
queueId=job.queue.id,
jobId=job.id,
).get("sessions")
assert sessions

worker_logs_directory: str = "/var/log/amazon/deadline"
# Check that the session log file is accessible by the worker agent user only
for session in sessions:
session_id: str = session["sessionId"]
session_logs_file_path: str = os.path.join(
worker_logs_directory, job.queue.id, f"{session_id}.log"
)

check_session_log_exists_result = session_worker.send_command(
command=f"sudo -u deadline-worker [ -e '{session_logs_file_path}' ]"
)
assert (
check_session_log_exists_result.exit_code == 0
) # The -e command returns 0 on linux if the file does exist

# Check that the session log file is not accessible by the job user
check_session_log_exists_result = session_worker.send_command(
command=f"sudo -u {posix_job_user.user} [ -e '{session_logs_file_path}' ]"
)
assert (
check_session_log_exists_result.exit_code == 1
) # The job user should not have access to the file

# Check that the worker agent log file is accessible by the worker user only

check_worker_log_exists_result = session_worker.send_command(
command=f"sudo -u deadline-worker [ -e '{worker_logs_directory}/worker-agent.log' ]"
)
assert check_worker_log_exists_result.exit_code == 0

# Check that the worker agent log file is not accessible by the job user
check_worker_log_accessible_by_job_user_result = session_worker.send_command(
command=f"sudo -u {posix_job_user.user} [ -e '{worker_logs_directory}/worker-agent.log' ]"
)
assert check_worker_log_accessible_by_job_user_result.exit_code == 1

# Check that the worker agent bootstrap log file is accessible by the worker user only
check_worker_bootstrap_log_exists_result = session_worker.send_command(
command=f"sudo -u deadline-worker [ -e '{worker_logs_directory}/worker-agent-bootstrap.log' ]"
)
assert check_worker_bootstrap_log_exists_result.exit_code == 0

# Check that the worker agent bootstrap log file is not accessible by the job user
check_worker_bootstrap_log_accessible_by_job_user_result = session_worker.send_command(
command=f"sudo -u {posix_job_user.user} [ -e '{worker_logs_directory}/worker-agent-bootstrap.log' ]"
)
assert check_worker_bootstrap_log_accessible_by_job_user_result.exit_code == 1

@pytest.mark.parametrize(
"run_actions,environment_actions, expected_failed_action",
[
Expand Down
11 changes: 8 additions & 3 deletions test/e2e/test_override_job_user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
EC2InstanceWorker,
)


LOG = logging.getLogger(__name__)


Expand Down Expand Up @@ -319,6 +318,9 @@ def test_no_user_override(

assert job.task_run_status == TaskStatus.SUCCEEDED

@pytest.mark.skip(
reason="Passes consistently on local but fails in Github. Will re-enable after investigation"
)
def test_config_file_user_override(
self,
deadline_resources,
Expand Down Expand Up @@ -346,7 +348,7 @@ def check_worker_service_stopped() -> None:
check_worker_service_stopped()

cmd_result = class_worker.send_command(
f'sed -i \'s/# posix_job_user = "user:group"/posix_job_user = "{posix_config_override_job_user.user}:{posix_config_override_job_user.group}"/g\' /etc/amazon/deadline/worker.toml'
command=f'sed -i \'s/# posix_job_user = "user:group"/posix_job_user = "{posix_config_override_job_user.user}:{posix_config_override_job_user.group}"/g\' /etc/amazon/deadline/worker.toml'
)
assert (
cmd_result.exit_code == 0
Expand Down Expand Up @@ -376,12 +378,15 @@ def check_worker_service_stopped() -> None:
assert job.task_run_status == TaskStatus.SUCCEEDED
finally:
cmd_result = class_worker.send_command(
f"sed -i '/posix_job_user = \"{posix_config_override_job_user.user}:{posix_config_override_job_user.group}\"/d' /etc/amazon/deadline/worker.toml"
command=f'sed -i \'s/posix_job_user = "{posix_config_override_job_user.user}:{posix_config_override_job_user.group}"/# posix_job_user = "user:group"/g\' /etc/amazon/deadline/worker.toml'
)
assert (
cmd_result.exit_code == 0
), f"Resetting the job user override via CLI failed: {cmd_result}"

@pytest.mark.skip(
reason="Passes consistently on local but fails in Github. Will re-enable after investigation"
)
def test_env_var_user_override(
self,
deadline_resources,
Expand Down

0 comments on commit 6f1f777

Please sign in to comment.