Add tests for access to Docker socket

ckunki commented 7 months ago

Ticket #241 fixed access to Docker socket from within the AI-Lab container after using a non-root user.

Regarding the the gid (Group ID) of the Docker socket and the existing groups inside the Docker container there are two cases

Case	Action
gid is assigned to an existing group	Add user `jupyter` to this group
gid is not assigned to any group	Assign gid to group `docker` *)

*) Ansible tasks already created this group and added user jupyter to the group.

The current ticket requests to add two integration tests for the described cases.

The tests will require to inspect the existing groups inside docker container.

Hint: Using a Docker container the tests can assign an arbitrary gid to a file in the host's file system with the following command

docker run -v /path/to/file:/path/in/container <container> chgrp <gid> /path/in/container

Hint No. 2: The test could verify the successful access to the mounted file by writing to the file.

ckunki commented 7 months ago

Test for group with ID gid exists in Docker container DC

Select existing, yet "unusual" group G in DC, e.g. ubuntu.
Inquire GID := gid(G)
Create accessible file F on host with gid(F) = GID
Run DC
Verify in DC
- user jupyter is added to group G
- user can write string S to socket
Verify on host: File F contains S

Test for group with ID GID does not exist in Docker container DC

Select GID unused in DC.
Create accessible file F on host with gid(F) = GID.
Run DC
Verify in DC
- gid of group docker is GID
- user jupyter is added to group docker
- user can write string S to socket
Verify on host: File F contains S

ckunki commented 7 months ago

On my system the following groups in DC are unique (not on host) or have a different gid:

exasol / ai-lab