mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00

Add the following two methods in the isolation provider: 1. `.is_available()`: Mainly used for the Container isolation provider, it specifies whether the container runtime is up and running. May be used in the future by other similar providers. 2. `.should_wait_install()`: Whether the isolation provider takes a while to be installed. Should be `True` only for the Container isolation provider, for the time being.
117 lines
3.5 KiB
Python
117 lines
3.5 KiB
Python
import os
|
|
|
|
import pytest
|
|
from pytest_mock import MockerFixture
|
|
from pytest_subprocess import FakeProcess
|
|
|
|
from dangerzone.isolation_provider.container import (
|
|
Container,
|
|
ImageInstallationException,
|
|
ImageNotPresentException,
|
|
NotAvailableContainerTechException,
|
|
)
|
|
from dangerzone.isolation_provider.qubes import is_qubes_native_conversion
|
|
|
|
from .base import IsolationProviderTermination, IsolationProviderTest
|
|
|
|
# Run the tests in this module only if we can spawn containers.
|
|
if is_qubes_native_conversion():
|
|
pytest.skip("Qubes native conversion is enabled", allow_module_level=True)
|
|
elif os.environ.get("DUMMY_CONVERSION", False):
|
|
pytest.skip("Dummy conversion is enabled", allow_module_level=True)
|
|
|
|
|
|
@pytest.fixture
|
|
def provider() -> Container:
|
|
return Container()
|
|
|
|
|
|
class TestContainer(IsolationProviderTest):
|
|
def test_is_available_raises(self, provider: Container, fp: FakeProcess) -> None:
|
|
"""
|
|
NotAvailableContainerTechException should be raised when
|
|
the "podman image ls" command fails.
|
|
"""
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "image", "ls"],
|
|
returncode=-1,
|
|
stderr="podman image ls logs",
|
|
)
|
|
with pytest.raises(NotAvailableContainerTechException):
|
|
provider.is_available()
|
|
|
|
def test_is_available_works(self, provider: Container, fp: FakeProcess) -> None:
|
|
"""
|
|
No exception should be raised when the "podman image ls" can return properly.
|
|
"""
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "image", "ls"],
|
|
)
|
|
provider.is_available()
|
|
|
|
def test_install_raise_if_image_cant_be_installed(
|
|
self, mocker: MockerFixture, provider: Container, fp: FakeProcess
|
|
) -> None:
|
|
"""When an image installation fails, an exception should be raised"""
|
|
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "image", "ls"],
|
|
)
|
|
|
|
# First check should return nothing.
|
|
fp.register_subprocess(
|
|
[
|
|
provider.get_runtime(),
|
|
"image",
|
|
"list",
|
|
"--format",
|
|
"{{ .Tag }}",
|
|
"dangerzone.rocks/dangerzone",
|
|
],
|
|
occurrences=2,
|
|
)
|
|
|
|
# Make podman load fail
|
|
mocker.patch("gzip.open", mocker.mock_open(read_data=""))
|
|
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "load"],
|
|
returncode=-1,
|
|
)
|
|
|
|
with pytest.raises(ImageInstallationException):
|
|
provider.install()
|
|
|
|
def test_install_raises_if_still_not_installed(
|
|
self, mocker: MockerFixture, provider: Container, fp: FakeProcess
|
|
) -> None:
|
|
"""When an image keep being not installed, it should return False"""
|
|
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "image", "ls"],
|
|
)
|
|
|
|
# First check should return nothing.
|
|
fp.register_subprocess(
|
|
[
|
|
provider.get_runtime(),
|
|
"image",
|
|
"list",
|
|
"--format",
|
|
"{{ .Tag }}",
|
|
"dangerzone.rocks/dangerzone",
|
|
],
|
|
occurrences=2,
|
|
)
|
|
|
|
# Patch gzip.open and podman load so that it works
|
|
mocker.patch("gzip.open", mocker.mock_open(read_data=""))
|
|
fp.register_subprocess(
|
|
[provider.get_runtime(), "load"],
|
|
)
|
|
with pytest.raises(ImageNotPresentException):
|
|
provider.install()
|
|
|
|
|
|
class TestContainerTermination(IsolationProviderTermination):
|
|
pass
|