aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@apache.org>
Subject Re: Review Request 45506: Execute shell-based health checks as the task user.
Date Thu, 31 Mar 2016 18:49:17 GMT


> On March 31, 2016, 6:11 p.m., Zameer Manji wrote:
> > The change and the tests LGTM.
> > 
> > I currently have great ideas on how to ensure end to end validation. The best idea
that I can provide is make use of the shell checker in the e2e tests. The program executed
by the shell checker should just return 1 if it is executed as root and return 0 if it isn't.
The e2e test can check for task failure and infer that the command was run as root if the
task fails.
> 
> Joshua Cohen wrote:
>     If we want something that would give us more certainty that the e2e test behaved
as expected, we could touch a file in /tmp as root (from the test runner) and configure a
shell health checker that tries to remove it. Then we can assert that the health check failed
and that the file still exists (thus giving us confidence that the reason for the failure
was permission-based and not due to some other factor).
> 
> Bill Farner wrote:
>     I was thinking something along the lines of access as well.  How about a check that
tries to do something pseudo-malicious like delete `/etc/passwd`?
> 
> Zameer Manji wrote:
>     +1 deleting /etc/passwd or similar it a good test.
> 
> Dmitriy Shirchenko wrote:
>     Yea, e2e has a test which makes sure a failed health check rolls back the update:
https://github.com/apache/aurora/blob/master/src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh#L206
>     
>     Should be super easy to modify it to roll back on a file you aren't supposed to delete.

Sounds good to me!


- Joshua


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/45506/#review126378
-----------------------------------------------------------


On March 31, 2016, 6:38 p.m., Bill Farner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/45506/
> -----------------------------------------------------------
> 
> (Updated March 31, 2016, 6:38 p.m.)
> 
> 
> Review request for Aurora, Dmitriy Shirchenko and Zameer Manji.
> 
> 
> Bugs: AURORA-1641
>     https://issues.apache.org/jira/browse/AURORA-1641
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Here's a stab at this using `os` and `pwd` modules directly to demote health checks to
the target user.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/aurora/common/health_check/shell.py 6cb7dfc164f4e16143fc974d50c19a5887d32015

>   src/main/python/apache/aurora/executor/common/health_checker.py 28fd3ec3ef7d0b66621c0295804af0eb72c64b4a

>   src/test/python/apache/aurora/common/health_check/test_shell.py 7026af8c4671a40f4b517ecf12149eac34a552c8

>   src/test/python/apache/aurora/executor/common/test_health_checker.py 19c4f76347e34374c29974c182d1f4c118bcb18d

> 
> Diff: https://reviews.apache.org/r/45506/diff/
> 
> 
> Testing
> -------
> 
> I haven't spent any time thinking of a test strategy for this, but i don't think we should
proceed without end-to-end validation.  I'm open to ideas here.
> 
> 
> Thanks,
> 
> Bill Farner
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message