mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Block network access for unit tests in docker.
This commit is contained in:
parent
af40d8c2a5
commit
99cac99cbc
2 changed files with 28 additions and 0 deletions
|
@ -52,6 +52,8 @@ from lib.docker_util import (
|
||||||
docker_rm,
|
docker_rm,
|
||||||
docker_run,
|
docker_run,
|
||||||
docker_available,
|
docker_available,
|
||||||
|
docker_network_disconnect,
|
||||||
|
get_docker_networks,
|
||||||
)
|
)
|
||||||
|
|
||||||
from lib.cloud import (
|
from lib.cloud import (
|
||||||
|
@ -276,6 +278,7 @@ def delegate_docker(args, exclude, require, integration_targets):
|
||||||
cmd += ['--python', 'default']
|
cmd += ['--python', 'default']
|
||||||
|
|
||||||
# run unit tests unprivileged to prevent stray writes to the source tree
|
# run unit tests unprivileged to prevent stray writes to the source tree
|
||||||
|
# also disconnect from the network once requirements have been installed
|
||||||
if isinstance(args, UnitsConfig):
|
if isinstance(args, UnitsConfig):
|
||||||
writable_dirs = [
|
writable_dirs = [
|
||||||
'/root/ansible/.pytest_cache',
|
'/root/ansible/.pytest_cache',
|
||||||
|
@ -293,6 +296,11 @@ def delegate_docker(args, exclude, require, integration_targets):
|
||||||
|
|
||||||
docker_exec(args, test_id, cmd + ['--requirements-mode', 'only'], options=cmd_options)
|
docker_exec(args, test_id, cmd + ['--requirements-mode', 'only'], options=cmd_options)
|
||||||
|
|
||||||
|
networks = get_docker_networks(args, test_id)
|
||||||
|
|
||||||
|
for network in networks:
|
||||||
|
docker_network_disconnect(args, test_id, network)
|
||||||
|
|
||||||
cmd += ['--requirements-mode', 'skip']
|
cmd += ['--requirements-mode', 'skip']
|
||||||
|
|
||||||
cmd_options += ['--user', 'pytest']
|
cmd_options += ['--user', 'pytest']
|
||||||
|
|
|
@ -67,6 +67,17 @@ def get_docker_container_ip(args, container_id):
|
||||||
return ipaddress
|
return ipaddress
|
||||||
|
|
||||||
|
|
||||||
|
def get_docker_networks(args, container_id):
|
||||||
|
"""
|
||||||
|
:param args: EnvironmentConfig
|
||||||
|
:param container_id: str
|
||||||
|
:rtype: list[str]
|
||||||
|
"""
|
||||||
|
results = docker_inspect(args, container_id)
|
||||||
|
networks = sorted(results[0]['NetworkSettings']['Networks'])
|
||||||
|
return networks
|
||||||
|
|
||||||
|
|
||||||
def docker_pull(args, image):
|
def docker_pull(args, image):
|
||||||
"""
|
"""
|
||||||
:type args: EnvironmentConfig
|
:type args: EnvironmentConfig
|
||||||
|
@ -165,6 +176,15 @@ def docker_inspect(args, container_id):
|
||||||
raise ex # pylint: disable=locally-disabled, raising-bad-type
|
raise ex # pylint: disable=locally-disabled, raising-bad-type
|
||||||
|
|
||||||
|
|
||||||
|
def docker_network_disconnect(args, container_id, network):
|
||||||
|
"""
|
||||||
|
:param args: EnvironmentConfig
|
||||||
|
:param container_id: str
|
||||||
|
:param network: str
|
||||||
|
"""
|
||||||
|
docker_command(args, ['network', 'disconnect', network, container_id], capture=True)
|
||||||
|
|
||||||
|
|
||||||
def docker_network_inspect(args, network):
|
def docker_network_inspect(args, network):
|
||||||
"""
|
"""
|
||||||
:type args: EnvironmentConfig
|
:type args: EnvironmentConfig
|
||||||
|
|
Loading…
Reference in a new issue