[Disable Sudo] Adding Unit Tests and updating Ineg tests

aws · Feb 8, 2024 · a75a6b6 · a75a6b6
1 parent 96233dd
commit a75a6b6
Show file tree

Hide file tree

Showing 15 changed files with 161 additions and 64 deletions.
diff --git a/cli/tests/pcluster/config/dummy_imagebuilder_config.py b/cli/tests/pcluster/config/dummy_imagebuilder_config.py
@@ -8,7 +8,7 @@
 # or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
 # OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
 # limitations under the License.
-from pcluster.config.common import BaseTag, Cookbook, DeploymentSettings, Imds, LambdaFunctionsVpcConfig
+from pcluster.config.common import BaseDeploymentSettings, BaseTag, Cookbook, Imds, LambdaFunctionsVpcConfig
 from pcluster.config.imagebuilder_config import (
     AdditionalIamPolicy,
     Build,
@@ -28,7 +28,7 @@
     "build": Build,
     "dev_settings": ImagebuilderDevSettings,
     "lambda_functions_vpc_config": LambdaFunctionsVpcConfig,
-    "deployment_settings": DeploymentSettings,
+    "deployment_settings": BaseDeploymentSettings,
     "root_volume": Volume,
     "tags": BaseTag,
     "components": Component,

diff --git a/cli/tests/pcluster/example_configs/slurm.full.yaml b/cli/tests/pcluster/example_configs/slurm.full.yaml
@@ -279,4 +279,5 @@ DevSettings:
     HeadNodeBootstrapTimeout: 1201  # Default 1800 (seconds)
     ComputeNodeBootstrapTimeout: 1001  # Default 1800 (seconds)
   ComputeStartupTimeMetricEnabled: false
-DisableSudoAccessForDefaultUser: True
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: True
diff --git a/cli/tests/pcluster/schemas/test_cluster_schema.py b/cli/tests/pcluster/schemas/test_cluster_schema.py
@@ -19,6 +19,7 @@
 from pcluster.aws.aws_resources import CapacityReservationInfo
 from pcluster.constants import NODE_BOOTSTRAP_TIMEOUT
 from pcluster.schemas.cluster_schema import (
+    ClusterDeploymentSettingsSchema,
     ClusterSchema,
     HeadNodeCustomActionsSchema,
     HeadNodeIamSchema,
@@ -1144,3 +1145,45 @@ def test_one_api(install_base_toolkit, install_hpc_toolkit, failure):
             OneApiSchema().load(config_dict)
     else:
         OneApiSchema().load(config_dict)
+
+
+@pytest.mark.parametrize(
+    "config_dict, failure_message",
+    [
+        (
+            {
+                "LambdaFunctionsVpcConfig": {
+                    "SubnetIds": ["subnet-8e482ce8"],
+                    "SecurityGroupIds": ["sg-028d73ae220157d96"],
+                },
+                "DisableSudoAccessForDefaultUser": "True",
+            },
+            None,
+        ),
+        (
+            {
+                "LambdaFunctionsVpcConfig": {
+                    "SubnetIds": ["subnet-8e482ce8"],
+                    "SecurityGroupIds": ["sg-028d73ae220157d96"],
+                },
+                "DisableSudoAccessForDefaultUser": "False",
+            },
+            None,
+        ),
+        ({"LambdaFunctionsVpcConfig": {"SubnetIds": ["subnet-8e482ce8"]}}, "Missing data for required field"),
+        (
+            {"LambdaFunctionsVpcConfig": {"SecurityGroupIds": ["sg-028d73ae220157d96"]}},
+            "Missing data for required field",
+        ),
+        ({"DisableSudoAccessForDefaultUser": "False"}, None),
+        ({"DisableSudoAccessForDefaultUser": "True"}, None),
+    ],
+)
+def test_cluster_deployment_settings_schema(mocker, config_dict, failure_message):
+    mock_aws_api(mocker)
+    if failure_message:
+        with pytest.raises(ValidationError, match=failure_message):
+            ClusterDeploymentSettingsSchema().load(config_dict)
+    else:
+        conf = ClusterDeploymentSettingsSchema().load(config_dict)
+        ClusterDeploymentSettingsSchema().dump(conf)
diff --git a/cli/tests/pcluster/schemas/test_imagebuilder_schema.py b/cli/tests/pcluster/schemas/test_imagebuilder_schema.py
@@ -3,14 +3,15 @@
 import pytest
 import yaml
 from assertpy import assert_that
+from marshmallow import ValidationError
 
 from pcluster.schemas.imagebuilder_schema import ImageBuilderSchema
 from pcluster.utils import load_yaml_dict
 from tests.pcluster.aws.dummy_aws_api import mock_aws_api
 
 
 @pytest.mark.parametrize(
-    "config_file_name, response",
+    "config_file_name, describe_image_response, failure_message",
     [
         (
             "imagebuilder_schema_required.yaml",
@@ -29,6 +30,7 @@
                     }
                 ],
             },
+            None,
         ),
         (
             "imagebuilder_schema_dev.yaml",
@@ -47,30 +49,64 @@
                     }
                 ],
             },
+            None,
+        ),
+        (
+            "imagebuilder_schema_dev.yaml",
+            {
+                "Architecture": "x86_64",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": True,
+                            "SnapshotId": "snap-0a20b6671bc5e3ead",
+                            "VolumeSize": 25,
+                            "VolumeType": "gp2",
+                            "Encrypted": False,
+                        },
+                    }
+                ],
+            },
+            "Unknown field.",
         ),
     ],
 )
-def test_imagebuilder_schema(mocker, test_datadir, config_file_name, response):
+def test_imagebuilder_schema(
+    mocker, test_datadir, config_file_name, describe_image_response, failure_message, pcluster_config_reader
+):
     mock_aws_api(mocker)
     mocker.patch("pcluster.imagebuilder_utils.get_ami_id", return_value="ami-0185634c5a8a37250")
     mocker.patch(
         "pcluster.aws.ec2.Ec2Client.describe_image",
-        return_value=response,
+        return_value=describe_image_response,
+    )
+    disable_sudo_access_for_default_user = "False"
+    if failure_message:
+        disable_sudo_access_for_default_user = "True"
+
+    rendered_config_file = pcluster_config_reader(
+        config_file_name, disable_sudo_access_for_default_user=disable_sudo_access_for_default_user
     )
     # Load imagebuilder model from Yaml file
-    input_yaml = load_yaml_dict(test_datadir / config_file_name)
+    input_yaml = load_yaml_dict(rendered_config_file)
     print(input_yaml)
-    imagebuilder_config = ImageBuilderSchema().load(input_yaml)
-    print(imagebuilder_config)
 
-    # Re-create Yaml file from model and compare content
-    image_builder_schema = ImageBuilderSchema()
-    image_builder_schema.context = {"delete_defaults_when_dump": True}
-    output_json = image_builder_schema.dump(imagebuilder_config)
+    if failure_message:
+        with pytest.raises(ValidationError, match=failure_message):
+            ImageBuilderSchema().load(input_yaml)
+    else:
+        imagebuilder_config = ImageBuilderSchema().load(input_yaml)
+        print(imagebuilder_config)
+
+        # Re-create Yaml file from model and compare content
+        image_builder_schema = ImageBuilderSchema()
+        image_builder_schema.context = {"delete_defaults_when_dump": True}
+        output_json = image_builder_schema.dump(imagebuilder_config)
 
-    # Assert imagebuilder config file can be convert to imagebuilder config
-    assert_that(json.dumps(input_yaml, sort_keys=True)).is_equal_to(json.dumps(output_json, sort_keys=True))
+        # Assert imagebuilder config file can be convert to imagebuilder config
+        assert_that(json.dumps(input_yaml, sort_keys=True)).is_equal_to(json.dumps(output_json, sort_keys=True))
 
-    # Print output yaml
-    output_yaml = yaml.dump(output_json)
-    print(output_yaml)
+        # Print output yaml
+        output_yaml = yaml.dump(output_json)
+        print(output_yaml)
diff --git a/...er/schemas/test_imagebuilder_schema/test_imagebuilder_schema/imagebuilder_schema_dev.yaml b/...er/schemas/test_imagebuilder_schema/test_imagebuilder_schema/imagebuilder_schema_dev.yaml
@@ -54,4 +54,10 @@ DevSettings:
   DisableValidateAndTest: True
   DisableKernelUpdate: True
 
-CustomS3Bucket: bucket-name
+DeploymentSettings:
+  {% if disable_sudo_access_for_default_user == "True" %}DisableSudoAccessForDefaultUser: True{% endif %}
+  LambdaFunctionsVpcConfig:
+    SecurityGroupIds: ["sg-028d73ae220157d96"]
+    SubnetIds: ["subnet-8e482ce8"]
+
+CustomS3Bucket: bucket-name
diff --git a/...r/templates/test_cluster_stack/test_cluster_config_limits/slurm.full_config.snapshot.yaml b/...r/templates/test_cluster_stack/test_cluster_config_limits/slurm.full_config.snapshot.yaml
@@ -19,7 +19,6 @@ DirectoryService:
   LdapTlsCaCert: string
   LdapTlsReqCert: never
   PasswordSecretArn: arn:aws:secretsmanager:us-east-1:111111111111:secret:Secret-xxxxxxxx-xxxxx
-DisableSudoAccessForDefaultUser: null
 HeadNode:
   CustomActions:
     OnNodeConfigured:

diff --git a/...cluster/templates/test_cluster_stack/test_head_node_dna_json/slurm-imds-secured-true.yaml b/...cluster/templates/test_cluster_stack/test_head_node_dna_json/slurm-imds-secured-true.yaml
@@ -1,4 +1,5 @@
-DisableSudoAccessForDefaultUser: True
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: True
 Image:
   Os: alinux2
 HeadNode:

diff --git a/cli/tests/pcluster/templates/test_login_nodes_stack/test_login_nodes_dna_json/config-1.yaml b/cli/tests/pcluster/templates/test_login_nodes_stack/test_login_nodes_dna_json/config-1.yaml
@@ -1,3 +1,5 @@
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: True
 Region: us-east-1
 Image:
   Os: alinux2

diff --git a/cli/tests/pcluster/templates/test_queues_stack/test_compute_nodes_dna_json/config-2.yaml b/cli/tests/pcluster/templates/test_queues_stack/test_compute_nodes_dna_json/config-2.yaml
@@ -25,4 +25,6 @@ DirectoryService:
   PasswordSecretArn: arn:aws:secretsmanager:eu-west-1:XXXXXXXXXXXX:secret:XXXXXXXXXX
   DomainReadOnlyUser: cn=ReadOnlyUser,ou=Users,ou=CORP,dc=corp,dc=pcluster,dc=com
   LdapTlsReqCert: never
-  GenerateSshKeysForUsers: true
+  GenerateSshKeysForUsers: true
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: True
diff --git a/cli/tests/pcluster/templates/test_queues_stack/test_compute_nodes_dna_json/dna-2.json b/cli/tests/pcluster/templates/test_queues_stack/test_compute_nodes_dna_json/dna-2.json
@@ -1,50 +1,50 @@
 {
   "cluster": {
-    "cluster_name": "clustername",
-    "stack_name": "clustername",
-    "stack_arn": "{\"Ref\": \"AWS::StackId\"}",
-    "cluster_s3_bucket": "parallelcluster-a69601b5ee1fc2f2-v1-do-not-delete",
+    "base_os": "alinux2",
     "cluster_config_s3_key": "parallelcluster/clusters/dummy-cluster-randomstring123/configs/cluster-config-with-implied-values.yaml",
     "cluster_config_version": "",
-    "enable_efa": "NONE",
-    "raid_shared_dir": "",
-    "raid_type": "",
-    "base_os": "alinux2",
-    "region": "us-east-1",
-    "shared_storage_type": "ebs",
-    "efs_fs_ids": "",
-    "efs_shared_dirs": "",
+    "cluster_name": "clustername",
+    "cluster_s3_bucket": "parallelcluster-a69601b5ee1fc2f2-v1-do-not-delete",
+    "cluster_user": "ec2-user",
+    "custom_awsbatchcli_package": "",
+    "custom_node_package": "",
+    "cw_logging_enabled": "true",
+    "directory_service": {
+      "enabled": "true"
+    },
+    "disable_sudo_access_for_default_user": "true",
+    "dns_domain": "{\"Ref\": \"referencetoclusternameClusterDNSDomain8D0872E1Ref\"}",
+    "ebs_shared_dirs": "",
     "efs_encryption_in_transits": "",
+    "efs_fs_ids": "",
     "efs_iam_authorizations": "",
-    "fsx_fs_ids": "",
-    "fsx_mount_names": "",
+    "efs_shared_dirs": "",
+    "enable_efa": "NONE",
+    "enable_efa_gdr": "NONE",
+    "enable_intel_hpc_platform": "false",
+    "ephemeral_dir": "/scratch",
     "fsx_dns_names": "",
-    "fsx_volume_junction_paths": "",
+    "fsx_fs_ids": "",
     "fsx_fs_types": "",
+    "fsx_mount_names": "",
     "fsx_shared_dirs": "",
-    "scheduler": "slurm",
-    "ephemeral_dir": "/scratch",
-    "ebs_shared_dirs": "",
-    "proxy": "NONE",
-    "slurm_ddb_table": "{\"Ref\": \"referencetoclusternameSlurmDynamoDBTable99119DBERef\"}",
-    "log_group_name": "/aws/parallelcluster/clustername-202401151530",
-    "dns_domain": "{\"Ref\": \"referencetoclusternameClusterDNSDomain8D0872E1Ref\"}",
+    "fsx_volume_junction_paths": "",
+    "head_node_private_ip": "{\"Ref\": \"referencetoclusternameHeadNodeENI6497A502PrimaryPrivateIpAddress\"}",
     "hosted_zone": "{\"Ref\": \"referencetoclusternameRoute53HostedZone2388733DRef\"}",
-    "node_type": "ComputeFleet",
-    "cluster_user": "ec2-user",
-    "enable_intel_hpc_platform": "false",
-    "cw_logging_enabled": "true",
+    "log_group_name": "/aws/parallelcluster/clustername-202401151530",
     "log_rotation_enabled": "true",
-    "scheduler_queue_name": "queue1",
+    "node_type": "ComputeFleet",
+    "proxy": "NONE",
+    "raid_shared_dir": "",
+    "raid_type": "",
+    "region": "us-east-1",
+    "scheduler": "slurm",
     "scheduler_compute_resource_name": "cr1",
-    "enable_efa_gdr": "NONE",
-    "custom_node_package": "",
-    "custom_awsbatchcli_package": "",
-    "use_private_hostname": "false",
-    "head_node_private_ip": "{\"Ref\": \"referencetoclusternameHeadNodeENI6497A502PrimaryPrivateIpAddress\"}",
-    "directory_service": {
-      "enabled": "true"
-    },
-    "disable_sudo_access_for_default_user": "false"
+    "scheduler_queue_name": "queue1",
+    "shared_storage_type": "ebs",
+    "slurm_ddb_table": "{\"Ref\": \"referencetoclusternameSlurmDynamoDBTable99119DBERef\"}",
+    "stack_arn": "{\"Ref\": \"AWS::StackId\"}",
+    "stack_name": "clustername",
+    "use_private_hostname": "false"
   }
-}
+}
diff --git a/...pcluster/validators/test_all_validators/test_slurm_all_validators_are_called/slurm_1.yaml b/...pcluster/validators/test_all_validators/test_slurm_all_validators_are_called/slurm_1.yaml
@@ -247,4 +247,4 @@ DeploymentSettings:
   LambdaFunctionsVpcConfig:
     SecurityGroupIds: ["sg-028d73ae220157d96"]
     SubnetIds: ["subnet-8e482ce8"]
-DisableSudoAccessForDefaultUser: true
+  DisableSudoAccessForDefaultUser: true
diff --git a/...pcluster/validators/test_all_validators/test_slurm_all_validators_are_called/slurm_2.yaml b/...pcluster/validators/test_all_validators/test_slurm_all_validators_are_called/slurm_2.yaml
@@ -61,4 +61,8 @@ AdditionalPackages:
     OneApi:
       BaseToolkit: true
     Python: true
-DisableSudoAccessForDefaultUser: false
+DeploymentSettings:
+  LambdaFunctionsVpcConfig:
+    SecurityGroupIds: ["sg-028d73ae220157d96"]
+    SubnetIds: ["subnet-8e482ce8"]
+  DisableSudoAccessForDefaultUser: false
diff --git a/.../create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml b/.../create/test_create/test_create_disable_sudo_access_for_default_user/pcluster.config.yaml
@@ -28,4 +28,5 @@ Scheduling:
       Networking:
         SubnetIds:
           - {{ private_subnet_id }}
-DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}
diff --git a/...e_disable_sudo_access_for_default_user/pcluster_update_login_nodes_count_to_0.config.yaml b/...e_disable_sudo_access_for_default_user/pcluster_update_login_nodes_count_to_0.config.yaml
@@ -28,4 +28,5 @@ Scheduling:
       Networking:
         SubnetIds:
           - {{ private_subnet_id }}
-DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}
diff --git a/...e_disable_sudo_access_for_default_user/pcluster_update_login_nodes_count_to_1.config.yaml b/...e_disable_sudo_access_for_default_user/pcluster_update_login_nodes_count_to_1.config.yaml
@@ -28,4 +28,5 @@ Scheduling:
       Networking:
         SubnetIds:
           - {{ private_subnet_id }}
-DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}
+DeploymentSettings:
+  DisableSudoAccessForDefaultUser: {{ disable_sudo_access_default_user }}