mardi 24 mai 2016

Testing a Node library working with Docker containers

I'm currently writing a Node library to execute untrusted code within Docker containers. It basically maintains a pool of containers running, and provides an interface to run code in one of them. Once the execution is complete, the corresponding container is destroyed and replaced by a new one.

The four main classes of the library are:

  • Sandbox. Exposes a constructor with various options including the pool size, and two public methods: executeCode(code, callback) and cleanup(callback)
  • Job. A class with two attributes, code and callback (to be called when the execution is complete)
  • PoolManager, used by the Sandbox class to manage the pool of containers. Provides the public methods initialize(size, callback) and executeJob(job, callback). It has internal methods related to the management of the containers (_startContainer, _stopContainer, _registerContainer, etc.). It uses an instance of the dockerode library, passed in the constructor, to do all the docker related stuff per se.
  • Container. A class with the attributes tmpDir, dockerodeInstance, IP and a public method executeCode(code, callback) which basically sends a HTTP POST request against ContainerIP:3000/compile along with the code to compile (a minimalist API runs inside each Docker container).

In the end, the final users of the library will only be using the Sandbox class.

Now, my question is: how should I test this?

First, it seems pretty clear to my that I should begin by writing functional tests against my Sandbox class:

  • it should create X containers, where X is the required pool size
  • it should correctly execute code (including the security aspects: handling timeouts, fork bombs, etc. which are in the library's requirements)
  • it should correctly cleanup the resources it uses

But then I'm not sure what else it would make sense to test, how to do it, and if the architecture I'm using is suitable to be correctly tested.

Any idea or suggestion related to this is highly appreciated! :) And feel free to ask for a clarification if anything looks unclear.

Christophe

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)