Add WCOW sandbox mount tests

This change adds two cri-containerd tests to test WCOW sandbox mounts. One test verifies the general functionality by having two containers supply the same sandbox://<path> mount and validating that each container can see whats in the mount. Another tests verifies that if we don't supply the sandbox:/// mount for another container in the pod, it doesn't have access to the mount. Signed-off-by: Daniel Canter <dcanter@microsoft.com>
microsoft · Sep 24, 2021 · 92004da · 92004da
1 parent 3c9e4ff
commit 92004da
Showing 1 changed file with 124 additions and 0 deletions.
diff --git a/test/cri-containerd/runpodsandbox_test.go b/test/cri-containerd/runpodsandbox_test.go
@@ -853,6 +853,130 @@ func Test_RunPodSandbox_Mount_SandboxDir_LCOW(t *testing.T) {
 	//TODO: Parse the output of the exec command to make sure the uvm mount was successful
 }
 
+func Test_RunPodSandbox_Mount_SandboxDir_WCOW(t *testing.T) {
+	requireFeatures(t, featureWCOWHypervisor)
+
+	pullRequiredImages(t, []string{imageWindowsNanoserver})
+
+	client := newTestRuntimeClient(t)
+	ctx := context.Background()
+
+	sbRequest := getRunPodSandboxRequest(t, wcowHypervisorRuntimeHandler, nil)
+	podID := runPodSandbox(t, client, ctx, sbRequest)
+	defer removePodSandbox(t, client, ctx, podID)
+	defer stopPodSandbox(t, client, ctx, podID)
+
+	command := []string{
+		"cmd",
+		"/c",
+		"ping",
+		"-t",
+		"127.0.0.1",
+	}
+
+	mounts := []*runtime.Mount{
+		{
+			HostPath:      "sandbox:///test",
+			ContainerPath: "C:\\test",
+		},
+	}
+	// Create 2 containers with sandbox mounts and verify both can write and see the others files
+	container1Name := t.Name() + "-Container-" + "1"
+	container1Id := createContainerInSandbox(t, client, ctx, podID, container1Name, imageWindowsNanoserver, command, nil, mounts, sbRequest.Config)
+	defer removeContainer(t, client, ctx, container1Id)
+
+	startContainer(t, client, ctx, container1Id)
+	defer stopContainer(t, client, ctx, container1Id)
+
+	execEcho := []string{
+		"cmd",
+		"/c",
+		"echo",
+		`"test"`,
+		">",
+		"C:\\test\\test.txt",
+	}
+	_, errorMsg, exitCode := execContainer(t, client, ctx, container1Id, execEcho)
+	if exitCode != 0 {
+		t.Fatalf("Exec into container failed with: %v and exit code: %d, %s", errorMsg, exitCode, container1Id)
+	}
+
+	container2Name := t.Name() + "-Container-" + "2"
+	container2Id := createContainerInSandbox(t, client, ctx, podID, container2Name, imageWindowsNanoserver, command, nil, mounts, sbRequest.Config)
+	defer removeContainer(t, client, ctx, container2Id)
+
+	startContainer(t, client, ctx, container2Id)
+	defer stopContainer(t, client, ctx, container2Id)
+
+	// Test that we can see the file made in the first container in the second one.
+	execDir := []string{
+		"cmd",
+		"/c",
+		"dir",
+		"C:\\test\\test.txt",
+	}
+	_, errorMsg, exitCode = execContainer(t, client, ctx, container2Id, execDir)
+	if exitCode != 0 {
+		t.Fatalf("Exec into container failed with: %v and exit code: %d, %s", errorMsg, exitCode, container2Id)
+	}
+}
+
+func Test_RunPodSandbox_Mount_SandboxDir_NoShare_WCOW(t *testing.T) {
+	requireFeatures(t, featureWCOWHypervisor)
+
+	pullRequiredImages(t, []string{imageWindowsNanoserver})
+
+	client := newTestRuntimeClient(t)
+	ctx := context.Background()
+
+	sbRequest := getRunPodSandboxRequest(t, wcowHypervisorRuntimeHandler, nil)
+	podID := runPodSandbox(t, client, ctx, sbRequest)
+	defer removePodSandbox(t, client, ctx, podID)
+	defer stopPodSandbox(t, client, ctx, podID)
+
+	command := []string{
+		"cmd",
+		"/c",
+		"ping",
+		"-t",
+		"127.0.0.1",
+	}
+
+	mounts := []*runtime.Mount{
+		{
+			HostPath:      "sandbox:///test",
+			ContainerPath: "C:\\test",
+		},
+	}
+	// This test case is making sure that the sandbox mount doesn't show up in another container if not
+	// explicitly asked for. Make first container with the mount and another shortly after without.
+	container1Name := t.Name() + "-Container-" + "1"
+	container1Id := createContainerInSandbox(t, client, ctx, podID, container1Name, imageWindowsNanoserver, command, nil, mounts, sbRequest.Config)
+	defer removeContainer(t, client, ctx, container1Id)
+
+	startContainer(t, client, ctx, container1Id)
+	defer stopContainer(t, client, ctx, container1Id)
+
+	container2Name := t.Name() + "-Container-" + "2"
+	container2Id := createContainerInSandbox(t, client, ctx, podID, container2Name, imageWindowsNanoserver, command, nil, nil, sbRequest.Config)
+	defer removeContainer(t, client, ctx, container2Id)
+
+	startContainer(t, client, ctx, container2Id)
+	defer stopContainer(t, client, ctx, container2Id)
+
+	// Test that we can't see the file made in the first container in the second one.
+	execDir := []string{
+		"cmd",
+		"/c",
+		"dir",
+		"C:\\test\\",
+	}
+	output, _, exitCode := execContainer(t, client, ctx, container2Id, execDir)
+	if exitCode == 0 {
+		t.Fatalf("Found directory in second container when not expected: %s", output)
+	}
+}
+
 func Test_RunPodSandbox_CPUGroup(t *testing.T) {
 	testutilities.RequiresBuild(t, 20124)
 	ctx := context.Background()