diff options
| author | Matt Clay <matt@mystile.com> | 2018-09-19 01:48:59 +0200 |
|---|---|---|
| committer | Matt Clay <matt@mystile.com> | 2018-09-19 02:53:04 +0200 |
| commit | 99cac99cbc3b49ad9fb39950d881e0f266775320 (patch) | |
| tree | 4192efa9f8d315bd50ab9f45352849745c8c2f98 | |
| parent | Fix mixed output from ansible and lxd when using the lxd connection plugin (#... (diff) | |
| download | ansible-99cac99cbc3b49ad9fb39950d881e0f266775320.tar.xz ansible-99cac99cbc3b49ad9fb39950d881e0f266775320.zip | |
Block network access for unit tests in docker.
| -rw-r--r-- | test/runner/lib/delegation.py | 8 | ||||
| -rw-r--r-- | test/runner/lib/docker_util.py | 20 |
2 files changed, 28 insertions, 0 deletions
diff --git a/test/runner/lib/delegation.py b/test/runner/lib/delegation.py index 2c7900ce9a..e94557884d 100644 --- a/test/runner/lib/delegation.py +++ b/test/runner/lib/delegation.py @@ -52,6 +52,8 @@ from lib.docker_util import ( docker_rm, docker_run, docker_available, + docker_network_disconnect, + get_docker_networks, ) from lib.cloud import ( @@ -276,6 +278,7 @@ def delegate_docker(args, exclude, require, integration_targets): cmd += ['--python', 'default'] # run unit tests unprivileged to prevent stray writes to the source tree + # also disconnect from the network once requirements have been installed if isinstance(args, UnitsConfig): writable_dirs = [ '/root/ansible/.pytest_cache', @@ -293,6 +296,11 @@ def delegate_docker(args, exclude, require, integration_targets): docker_exec(args, test_id, cmd + ['--requirements-mode', 'only'], options=cmd_options) + networks = get_docker_networks(args, test_id) + + for network in networks: + docker_network_disconnect(args, test_id, network) + cmd += ['--requirements-mode', 'skip'] cmd_options += ['--user', 'pytest'] diff --git a/test/runner/lib/docker_util.py b/test/runner/lib/docker_util.py index 691d73d45c..afa81d93b7 100644 --- a/test/runner/lib/docker_util.py +++ b/test/runner/lib/docker_util.py @@ -67,6 +67,17 @@ def get_docker_container_ip(args, container_id): return ipaddress +def get_docker_networks(args, container_id): + """ + :param args: EnvironmentConfig + :param container_id: str + :rtype: list[str] + """ + results = docker_inspect(args, container_id) + networks = sorted(results[0]['NetworkSettings']['Networks']) + return networks + + def docker_pull(args, image): """ :type args: EnvironmentConfig @@ -165,6 +176,15 @@ def docker_inspect(args, container_id): raise ex # pylint: disable=locally-disabled, raising-bad-type +def docker_network_disconnect(args, container_id, network): + """ + :param args: EnvironmentConfig + :param container_id: str + :param network: str + """ + docker_command(args, ['network', 'disconnect', network, container_id], capture=True) + + def docker_network_inspect(args, network): """ :type args: EnvironmentConfig |