didericis
a7633977de
PRD 0007: the launch ExitStack calls gate.stop on every failure path, so an early bring-up error (where the gate container was never created) must not raise from teardown. Mirrors the existing DockerPipelockProxy.stop assertion. The orphan-container enumeration in cleanup.py already covers ssh-gate containers via its `claude-bottle-` name prefix filter — no code change there.
92 lines
3.2 KiB
Python
92 lines
3.2 KiB
Python
"""Integration: the cleanup primitives the start-flow trap depends on
|
|
are idempotent. The original orphan-network bug was a trap-ordering
|
|
issue; the fix moved the install earlier. The trap is only safe if
|
|
network_remove, PipelockProxy.stop, and SSHGate.stop are no-ops
|
|
against missing resources."""
|
|
|
|
import os
|
|
import subprocess
|
|
import unittest
|
|
|
|
from claude_bottle.backend.docker.network import (
|
|
network_create_egress,
|
|
network_create_internal,
|
|
network_remove,
|
|
)
|
|
from claude_bottle.backend.docker.pipelock import (
|
|
DockerPipelockProxy,
|
|
pipelock_container_name,
|
|
)
|
|
from claude_bottle.backend.docker.ssh_gate import (
|
|
DockerSSHGate,
|
|
ssh_gate_container_name,
|
|
)
|
|
from tests._docker import skip_unless_docker
|
|
|
|
|
|
@skip_unless_docker()
|
|
class TestOrphanCleanup(unittest.TestCase):
|
|
def setUp(self):
|
|
self.slug = f"cb-test-orphan-{os.getpid()}"
|
|
self.internal_name = ""
|
|
self.egress_name = ""
|
|
|
|
def tearDown(self):
|
|
for n in (self.internal_name, self.egress_name):
|
|
if n:
|
|
subprocess.run(
|
|
["docker", "network", "rm", n],
|
|
stdout=subprocess.DEVNULL,
|
|
stderr=subprocess.DEVNULL,
|
|
check=False,
|
|
)
|
|
|
|
def test_remove_missing_is_noop(self):
|
|
# Returning True == idempotent success.
|
|
self.assertTrue(network_remove(f"claude-bottle-net-{self.slug}-does-not-exist"))
|
|
|
|
@unittest.skipIf(
|
|
os.environ.get("GITEA_ACTIONS") == "true",
|
|
"skipped under act_runner: docker socket mount topology breaks "
|
|
"in-process visibility of networks created on the host daemon",
|
|
)
|
|
def test_create_and_remove(self):
|
|
self.internal_name = network_create_internal(self.slug)
|
|
self.egress_name = network_create_egress(self.slug)
|
|
|
|
nets = subprocess.run(
|
|
["docker", "network", "ls", "--format", "{{.Name}}"],
|
|
capture_output=True, text=True, check=True,
|
|
).stdout.splitlines()
|
|
self.assertIn(self.internal_name, nets)
|
|
self.assertIn(self.egress_name, nets)
|
|
|
|
self.assertTrue(network_remove(self.internal_name))
|
|
self.assertTrue(network_remove(self.egress_name))
|
|
|
|
nets_after = subprocess.run(
|
|
["docker", "network", "ls", "--format", "{{.Name}}"],
|
|
capture_output=True, text=True, check=True,
|
|
).stdout.splitlines()
|
|
self.assertNotIn(self.internal_name, nets_after)
|
|
self.assertNotIn(self.egress_name, nets_after)
|
|
|
|
# Idempotent on already-removed.
|
|
self.assertTrue(network_remove(self.internal_name))
|
|
self.assertTrue(network_remove(self.egress_name))
|
|
|
|
def test_pipelock_stop_missing_sidecar(self):
|
|
# Should not raise.
|
|
DockerPipelockProxy().stop(pipelock_container_name(f"missing-{self.slug}"))
|
|
|
|
def test_ssh_gate_stop_missing_sidecar(self):
|
|
# Same trap-safety requirement for the gate (PRD 0007). The
|
|
# launch ExitStack calls gate.stop on every error path; if
|
|
# the container was never created (early failure), stop must
|
|
# still no-op.
|
|
DockerSSHGate().stop(ssh_gate_container_name(f"missing-{self.slug}"))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|