mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-01 12:02:05 +00:00
88 lines
No EOL
2.9 KiB
Python
88 lines
No EOL
2.9 KiB
Python
"""Runtime smoke tests for Docker PUID/PGID and UID/GID remap.
|
|
|
|
Build the real image and verify the actual runtime behavior:
|
|
|
|
1. PUID/PGID env vars remap the hermes user UID/GID at boot
|
|
2. HERMES_UID/HERMES_GID take precedence over PUID/PGID aliases
|
|
3. NAS-style low UIDs (99:100) are accepted and remapped
|
|
4. Invalid UIDs are rejected
|
|
5. The remapped user can write to the data volume
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from tests.docker.conftest import docker_exec_sh, start_container
|
|
|
|
|
|
def test_puid_pgid_remaps_hermes_user(
|
|
built_image: str, container_name: str,
|
|
) -> None:
|
|
"""PUID=1000 PGID=1000 must remap the hermes user to UID 1000."""
|
|
start_container(built_image, container_name, "PUID=1000", "PGID=1000")
|
|
|
|
r = docker_exec_sh(
|
|
container_name,
|
|
"id -u hermes",
|
|
timeout=10,
|
|
)
|
|
assert r.stdout.strip() == "1000", (
|
|
f"expected hermes UID 1000 after PUID remap, got: {r.stdout.strip()}"
|
|
)
|
|
|
|
r = docker_exec_sh(
|
|
container_name,
|
|
"id -g hermes",
|
|
timeout=10,
|
|
)
|
|
assert r.stdout.strip() == "1000", (
|
|
f"expected hermes GID 1000 after PGID remap, got: {r.stdout.strip()}"
|
|
)
|
|
|
|
|
|
def test_hermes_uid_gid_take_precedence_over_aliases(
|
|
built_image: str, container_name: str,
|
|
) -> None:
|
|
"""HERMES_UID/HERMES_GID must win over PUID/PGID when both are set."""
|
|
start_container(built_image, container_name, "HERMES_UID=2000", "HERMES_GID=2001", "PUID=1000", "PGID=1000")
|
|
|
|
r = docker_exec_sh(container_name, "id -u hermes", timeout=10)
|
|
assert r.stdout.strip() == "2000", (
|
|
f"expected hermes UID 2000 (HERMES_UID wins), got: {r.stdout.strip()}"
|
|
)
|
|
|
|
r = docker_exec_sh(container_name, "id -g hermes", timeout=10)
|
|
assert r.stdout.strip() == "2001", (
|
|
f"expected hermes GID 2001 (HERMES_GID wins), got: {r.stdout.strip()}"
|
|
)
|
|
|
|
|
|
def test_nas_low_uid_accepted(
|
|
built_image: str, container_name: str,
|
|
) -> None:
|
|
"""NAS-style low UIDs (99:100, common on Unraid) must be accepted."""
|
|
start_container(built_image, container_name, "PUID=99", "PGID=100")
|
|
|
|
r = docker_exec_sh(container_name, "id -u hermes", timeout=10)
|
|
assert r.stdout.strip() == "99", (
|
|
f"expected hermes UID 99, got: {r.stdout.strip()}"
|
|
)
|
|
|
|
r = docker_exec_sh(container_name, "id -g hermes", timeout=10)
|
|
assert r.stdout.strip() == "100", (
|
|
f"expected hermes GID 100, got: {r.stdout.strip()}"
|
|
)
|
|
|
|
|
|
def test_remap_enables_data_volume_writes(
|
|
built_image: str, container_name: str,
|
|
) -> None:
|
|
"""After remap, the hermes user must be able to write to /opt/data."""
|
|
start_container(built_image, container_name, "PUID=1000", "PGID=1000")
|
|
|
|
r = docker_exec_sh(
|
|
container_name,
|
|
"touch /opt/data/test_write && echo WRITE_OK || echo WRITE_FAIL",
|
|
timeout=10,
|
|
)
|
|
assert "WRITE_OK" in r.stdout, (
|
|
f"hermes user cannot write to /opt/data after remap: {r.stdout}"
|
|
) |