fix(beaker): supress 10_avc_check restraint plugin

It has happpened that this plugin sometimes ran after the dummy task, it reported fail that there was some AVC (probabaly from other thing) which then failed the job and thus mrack treated this as a provisioning failure. This patch instructs restraint to not run this plugin and thus avoid this situation. Signed-off-by: Petr Vobornik <[email protected]>
neoave · May 30, 2024 · 587a9c7 · 587a9c7
1 parent 2c0c2bb
commit 587a9c7
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 6 deletions.
diff --git a/src/mrack/providers/beaker.py b/src/mrack/providers/beaker.py
@@ -204,7 +204,11 @@ def _req_to_bkr_job(self, req):  # pylint: disable=too-many-locals
         recipe.addReservesys(duration=str(self.reserve_duration))
 
         for task in specs["tasks"]:
-            recipe.addTask(task=task["name"], role=task["role"])
+            recipe.addTask(
+                task=task["name"],
+                role=task["role"],
+                taskParams=task.get("params"),
+            )
 
         # Create RecipeSet and add our Recipe to it.
         recipe_set = BeakerRecipeSet(**specs)

diff --git a/src/mrack/transformers/beaker.py b/src/mrack/transformers/beaker.py
@@ -181,7 +181,13 @@ def create_host_requirement(self, host):
                 "tasks",
                 host["os"],
                 default=[  # we use dummy task because beaker require a task in recipe
-                    {"name": "/distribution/dummy", "role": "STANDALONE"}
+                    {
+                        "name": "/distribution/dummy",
+                        "role": "STANDALONE",
+                        "params": [
+                            "RSTRNT_DISABLED=10_avc_check",
+                        ],
+                    }
                 ],
             ),
             "ks_append": self._construct_ks_append_script(

diff --git a/tests/unit/test_beaker.py b/tests/unit/test_beaker.py
@@ -19,14 +19,20 @@
 
 import pytest
 
+from mrack.providers import providers
 from mrack.providers.beaker import BeakerProvider
 
+from .mock_data import MockedBeakerTransformer, provisioning_config
 from .utils import get_content, get_file_path
 
 
+@pytest.fixture
+def mock_beaker_conf(monkeypatch):
+    monkeypatch.setenv("BEAKER_CONF", get_file_path("client.conf"))
+
+
 class TestBeakerProvider:
     def setup_method(self):
-
         self.mock_hub = Mock()
         self.result_xml = get_content("result.xml")
         self.mock_hub.taskactions.to_xml = Mock(return_value=self.result_xml)
@@ -45,8 +51,7 @@ def teardown_method(self):
         mock.patch.stopall()
 
     @pytest.mark.asyncio
-    async def test_get_repo_info(self, monkeypatch):
-        monkeypatch.setenv("BEAKER_CONF", get_file_path("client.conf"))
+    async def test_get_repo_info(self, mock_beaker_conf):
         provider = BeakerProvider()
         await provider.init(self.distros, self.timeout, self.reserve_duration)
         bkr_res = provider._get_recipe_info(self.beaker_id, self.log_msg_start)
@@ -59,3 +64,30 @@ async def test_get_repo_info(self, monkeypatch):
             "console.log": "https://test.example.com/logs/console.log",
             "anaconda.log": "https://test.example.com/logs/anaconda.log",
         }
+
+    @pytest.mark.asyncio
+    async def test_beaker_job_creation(self, mock_beaker_conf):
+        # Given initialized beaker provider and transformer with real beaker
+        # calls mocked
+        providers.register("beaker", BeakerProvider)
+        provider = providers.get("beaker")
+        await provider.init(self.distros, self.timeout, self.reserve_duration)
+        bkr_transformer = MockedBeakerTransformer()
+
+        await bkr_transformer.init(provisioning_config(), {})
+        bkr_transformer.add_host(
+            {
+                "name": "host.example.test",
+                "group": "client",
+                "os": "Fedora-31%",
+            }
+        )
+
+        # When having a host requirement and creating a Beaker job
+        req = bkr_transformer.create_host_requirements()[0]
+        job = provider._req_to_bkr_job(req)
+
+        # Then the job contains param to supress 10_avc_check restraint plugin
+        # so that provisioning won't fail on AVC denials
+        xml = job.toxml()
+        assert '<param name="RSTRNT_DISABLED" value="10_avc_check"/>' in xml
diff --git a/tests/unit/test_beaker_transformer.py b/tests/unit/test_beaker_transformer.py
@@ -16,7 +16,15 @@ class TestBeakerTransformer:
     cat_release = "cat /etc/redhat-release"
     wget = "wget redhat.com"
     default_whiteboard = "This job has been created using mrack."
-    default_tasks = [{"name": "/distribution/dummy", "role": "STANDALONE"}]
+    default_tasks = [
+        {
+            "name": "/distribution/dummy",
+            "role": "STANDALONE",
+            "params": [
+                "RSTRNT_DISABLED=10_avc_check",
+            ],
+        }
+    ]
     default_retention_tag = "audit"
     default_product = "[internal]"