Flamenco Unit Test - meta_test.go - TestCheckSharedStoragePath fails if run as root user (linux) #104233

New Issue

MichaelC · 2023-07-06T02:58:30+02:00

MichaelC commented

2023-07-06 02:58:30 +02:00

System Information
Operating System(s): Ubuntu / linux

Flamenco Version
Is Broken: main branch
Worked OK: This works for non-root users.

Short description of error

https://projects.blender.org/studio/flamenco/src/branch/main/internal/manager/api_impl/meta_test.go#L191

If the mock tests are run by root user then this specific test of inaccessible path fails because root can write files to anywhere on the filesystem. It is not clear that Flamenco Manager test TestCheckSharedStoragePath is checking inaccessible file locations when it fails and that it should be run by an unprivileged user.

Exact steps for others to reproduce the error

Method 1 - On a local workstation as root.

sudo su - root
make test

Method 2 - In a docker container with a default root user.

docker run flamenco_dev make test

Example error...

--- FAIL: TestCheckSharedStoragePath (0.00s)
    meta_test.go:204: 
        	Error Trace:	meta_test.go:204
        	Error:      	Should be false
        	Test:       	TestCheckSharedStoragePath
    meta_test.go:205: 
        	Error Trace:	meta_test.go:205
        	Error:      	"Directory checked successfully" does not contain "Unable to create a file"
        	Test:       	TestCheckSharedStoragePath

The error means it was in fact successful in creating a file in a permission-restricted sub folder (eg: /tmp/test-temp-dir2053501336/deep/nesting/) on a non-windows platform (ie: linux)...

Error:      	"Directory checked successfully" does not contain "Unable to create a file"

**System Information** Operating System(s): Ubuntu / linux **Flamenco Version** Is Broken: main branch Worked OK: This works for non-root users. **Short description of error** https://projects.blender.org/studio/flamenco/src/branch/main/internal/manager/api_impl/meta_test.go#L191 If the mock tests are run by root user then this specific test of inaccessible path fails because root can write files to anywhere on the filesystem. It is not clear that Flamenco Manager test TestCheckSharedStoragePath is checking inaccessible file locations when it fails and that it should be run by an unprivileged user. **Exact steps for others to reproduce the error** Method 1 - On a local workstation as root. 1. `sudo su - root` 2. `make test` Method 2 - In a docker container with a default root user. 1. docker run flamenco_dev make test Example error... ``` --- FAIL: TestCheckSharedStoragePath (0.00s) meta_test.go:204: Error Trace: meta_test.go:204 Error: Should be false Test: TestCheckSharedStoragePath meta_test.go:205: Error Trace: meta_test.go:205 Error: "Directory checked successfully" does not contain "Unable to create a file" Test: TestCheckSharedStoragePath ``` The error means it was in fact successful in creating a file in a permission-restricted sub folder (eg: `/tmp/test-temp-dir2053501336/deep/nesting/`) on a non-windows platform (ie: linux)... ``` Error: "Directory checked successfully" does not contain "Unable to create a file" ```

MichaelC commented

2023-07-06 04:15:45 +02:00

A side effect of this test failing appears to mock test testing.go CreateTestConfig() leave ~5 "shaman-test-*" directories lying around despite there being cleanup function to remove them.

Clean in this function doesn't appear to happen...
https://projects.blender.org/studio/flamenco/src/branch/main/pkg/shaman/config/testing.go#L34

Example from one make test run...

/tmp/shaman-filestore-test-1190834888:
/tmp/shaman-filestore-test-1276991087:
/tmp/shaman-filestore-test-266393462:
/tmp/shaman-filestore-test-3899934464:
/tmp/shaman-filestore-test-747529704:

A side effect of this test failing appears to mock test testing.go CreateTestConfig() leave ~5 "shaman-test-*" directories lying around despite there being cleanup function to remove them. Clean in this function doesn't appear to happen... https://projects.blender.org/studio/flamenco/src/branch/main/pkg/shaman/config/testing.go#L34 Example from one `make test` run... ``` /tmp/shaman-filestore-test-1190834888: /tmp/shaman-filestore-test-1276991087: /tmp/shaman-filestore-test-266393462: /tmp/shaman-filestore-test-3899934464: /tmp/shaman-filestore-test-747529704: ```

MichaelC referenced this issue

2023-07-06 04:35:25 +02:00

Shaman: fail unit test when running as root user (linux) #104234

MichaelC commented

2023-07-06 04:35:42 +02:00

Possible solution #104234

Possible solution https://projects.blender.org/studio/flamenco/pulls/104234

Sybren A. Stüvel commented

2023-07-06 10:36:49 +02:00

The unit tests should not be run as root, so the fact that they're broken in that case seems acceptable to me. Any program should be run as non-privileged user, unless explicitly mentioned that it requires otherwise. So I don't feel that this is an issue. If anything, it forces people to set up their Docker environment to use a regular user account, instead of defaulting to root.

As for #104234, I'll comment on that PR directly.

The unit tests should not be run as root, so the fact that they're broken in that case seems acceptable to me. Any program should be run as non-privileged user, unless explicitly mentioned that it requires otherwise. So I don't feel that this is an issue. If anything, it forces people to set up their Docker environment to use a regular user account, instead of defaulting to root. As for #104234, I'll comment on that PR directly.

MichaelC commented

2023-07-06 14:52:30 +02:00

Makes sense. Thanks for the feedback!

MichaelC closed this issue

2023-07-06 14:52:30 +02:00

Sign in to join this conversation.