package org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime;

import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileUtil;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.registry.client.binding.RegistryPathUtils;
import org.apache.hadoop.util.Shell;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.ContainerLaunchContext;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.server.nodemanager.ContainerExecutor;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.container.Container;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperation;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationException;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.privileged.PrivilegedOperationExecutor;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.resources.CGroupsHandler;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.resources.ResourceHandlerModule;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.linux.runtime.docker.DockerRunCommand;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerExecutionException;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeConstants;
import org.apache.hadoop.yarn.server.nodemanager.containermanager.runtime.ContainerRuntimeContext;
import org.apache.hadoop.yarn.server.nodemanager.nodelabels.AbstractNodeLabelsProvider;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:test-classes/org/apache/hadoop/yarn/server/nodemanager/containermanager/linux/runtime/TestDockerContainerRuntime.class */
public class TestDockerContainerRuntime {
    private static final Logger LOG = LoggerFactory.getLogger(TestDockerContainerRuntime.class);
    private Configuration conf;
    private PrivilegedOperationExecutor mockExecutor;
    private CGroupsHandler mockCGroupsHandler;
    private String defaultHostname;
    private Container container;
    private ContainerId cId;
    private ContainerLaunchContext context;
    private HashMap<String, String> env;
    private String image;
    private String uidGidPair;
    private String runAsUser;
    private String user;
    private String appId;
    private Path containerWorkDir;
    private Path nmPrivateContainerScriptPath;
    private Path nmPrivateTokensPath;
    private Path pidFilePath;
    private List<String> localDirs;
    private List<String> logDirs;
    private List<String> filecacheDirs;
    private List<String> userLocalDirs;
    private List<String> containerLocalDirs;
    private List<String> containerLogDirs;
    private Map<Path, List<String>> localizedResources;
    private String resourcesOptions;
    private ContainerRuntimeContext.Builder builder;
    private String[] testCapabilities;
    private String containerId;
    private String containerIdStr = this.containerId;
    private final String submittingUser = "anakin";
    private final String whitelistedUser = "yoda";
    private final String signalPid = "1234";

    @Before
    public void setup() {
        String stringBuffer = new StringBuffer(System.getProperty("test.build.data")).append('/').append("hadoop.tmp.dir").toString();
        this.conf = new Configuration();
        this.conf.set("hadoop.tmp.dir", stringBuffer);
        this.mockExecutor = (PrivilegedOperationExecutor) Mockito.mock(PrivilegedOperationExecutor.class);
        this.mockCGroupsHandler = (CGroupsHandler) Mockito.mock(CGroupsHandler.class);
        this.containerId = "container_id";
        this.defaultHostname = RegistryPathUtils.encodeYarnID(this.containerId);
        this.container = (Container) Mockito.mock(Container.class);
        this.cId = (ContainerId) Mockito.mock(ContainerId.class);
        this.context = (ContainerLaunchContext) Mockito.mock(ContainerLaunchContext.class);
        this.env = new HashMap<>();
        this.env.put("FROM_CLIENT", SchemaSymbols.ATTVAL_TRUE_1);
        this.image = "busybox:latest";
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_IMAGE, this.image);
        Mockito.when(this.container.getContainerId()).thenReturn(this.cId);
        Mockito.when(this.cId.toString()).thenReturn(this.containerId);
        Mockito.when(this.container.getLaunchContext()).thenReturn(this.context);
        Mockito.when(this.context.getEnvironment()).thenReturn(this.env);
        Mockito.when(this.container.getUser()).thenReturn("anakin");
        this.uidGidPair = "";
        this.runAsUser = "run_as_user";
        this.user = "user";
        this.appId = "app_id";
        this.containerIdStr = this.containerId;
        this.containerWorkDir = new Path("/test_container_work_dir");
        this.nmPrivateContainerScriptPath = new Path("/test_script_path");
        this.nmPrivateTokensPath = new Path("/test_private_tokens_path");
        this.pidFilePath = new Path("/test_pid_file_path");
        this.localDirs = new ArrayList();
        this.logDirs = new ArrayList();
        this.filecacheDirs = new ArrayList();
        this.resourcesOptions = "cgroups=none";
        this.userLocalDirs = new ArrayList();
        this.containerLocalDirs = new ArrayList();
        this.containerLogDirs = new ArrayList();
        this.localizedResources = new HashMap();
        this.localDirs.add("/test_local_dir");
        this.logDirs.add("/test_log_dir");
        this.filecacheDirs.add("/test_filecache_dir");
        this.userLocalDirs.add("/test_user_local_dir");
        this.containerLocalDirs.add("/test_container_local_dir");
        this.containerLogDirs.add("/test_container_log_dir");
        this.localizedResources.put(new Path("/test_local_dir/test_resource_file"), Collections.singletonList("test_dir/test_resource_file"));
        this.testCapabilities = new String[]{"NET_BIND_SERVICE", "SYS_CHROOT"};
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", this.testCapabilities);
        this.builder = new ContainerRuntimeContext.Builder(this.container);
        this.builder.setExecutionAttribute(LinuxContainerRuntimeConstants.RUN_AS_USER, this.runAsUser).setExecutionAttribute(LinuxContainerRuntimeConstants.USER, this.user).setExecutionAttribute(LinuxContainerRuntimeConstants.APPID, this.appId).setExecutionAttribute(LinuxContainerRuntimeConstants.CONTAINER_ID_STR, this.containerIdStr).setExecutionAttribute(LinuxContainerRuntimeConstants.CONTAINER_WORK_DIR, this.containerWorkDir).setExecutionAttribute(LinuxContainerRuntimeConstants.NM_PRIVATE_CONTAINER_SCRIPT_PATH, this.nmPrivateContainerScriptPath).setExecutionAttribute(LinuxContainerRuntimeConstants.NM_PRIVATE_TOKENS_PATH, this.nmPrivateTokensPath).setExecutionAttribute(LinuxContainerRuntimeConstants.PID_FILE_PATH, this.pidFilePath).setExecutionAttribute(LinuxContainerRuntimeConstants.LOCAL_DIRS, this.localDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.LOG_DIRS, this.logDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.FILECACHE_DIRS, this.filecacheDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.USER_LOCAL_DIRS, this.userLocalDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.CONTAINER_LOCAL_DIRS, this.containerLocalDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.CONTAINER_LOG_DIRS, this.containerLogDirs).setExecutionAttribute(LinuxContainerRuntimeConstants.LOCALIZED_RESOURCES, this.localizedResources).setExecutionAttribute(LinuxContainerRuntimeConstants.RESOURCES_OPTIONS, this.resourcesOptions);
    }

    @Test
    public void testSelectDockerContainerType() {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put(ContainerRuntimeConstants.ENV_CONTAINER_TYPE, "docker");
        hashMap2.put(ContainerRuntimeConstants.ENV_CONTAINER_TYPE, "other");
        Assert.assertEquals(false, Boolean.valueOf(DockerLinuxContainerRuntime.isDockerContainerRequested(null)));
        Assert.assertEquals(true, Boolean.valueOf(DockerLinuxContainerRuntime.isDockerContainerRequested(hashMap)));
        Assert.assertEquals(false, Boolean.valueOf(DockerLinuxContainerRuntime.isDockerContainerRequested(hashMap2)));
    }

    private PrivilegedOperation capturePrivilegedOperation() throws PrivilegedOperationException {
        ArgumentCaptor forClass = ArgumentCaptor.forClass(PrivilegedOperation.class);
        ((PrivilegedOperationExecutor) Mockito.verify(this.mockExecutor, Mockito.times(1))).executePrivilegedOperation(Mockito.anyList(), (PrivilegedOperation) forClass.capture(), (File) Mockito.any(File.class), (Map) Matchers.eq((Map) null), Matchers.eq(false), Matchers.eq(false));
        Mockito.reset(new PrivilegedOperationExecutor[]{this.mockExecutor});
        return (PrivilegedOperation) forClass.getValue();
    }

    private PrivilegedOperation capturePrivilegedOperationAndVerifyArgs() throws PrivilegedOperationException {
        PrivilegedOperation capturePrivilegedOperation = capturePrivilegedOperation();
        Assert.assertEquals(PrivilegedOperation.OperationType.LAUNCH_DOCKER_CONTAINER, capturePrivilegedOperation.getOperationType());
        List<String> arguments = capturePrivilegedOperation.getArguments();
        Assert.assertEquals(13L, arguments.size());
        Assert.assertEquals(this.user, arguments.get(1));
        Assert.assertEquals(Integer.toString(PrivilegedOperation.RunAsUserCommand.LAUNCH_DOCKER_CONTAINER.getValue()), arguments.get(2));
        Assert.assertEquals(this.appId, arguments.get(3));
        Assert.assertEquals(this.containerId, arguments.get(4));
        Assert.assertEquals(this.containerWorkDir.toString(), arguments.get(5));
        Assert.assertEquals(this.nmPrivateContainerScriptPath.toUri().toString(), arguments.get(6));
        Assert.assertEquals(this.nmPrivateTokensPath.toUri().getPath(), arguments.get(7));
        Assert.assertEquals(this.pidFilePath.toString(), arguments.get(8));
        Assert.assertEquals(this.localDirs.get(0), arguments.get(9));
        Assert.assertEquals(this.logDirs.get(0), arguments.get(10));
        Assert.assertEquals(this.resourcesOptions, arguments.get(12));
        return capturePrivilegedOperation;
    }

    private String getExpectedTestCapabilitiesArgumentString() {
        HashSet hashSet = new HashSet(Arrays.asList(this.testCapabilities));
        StringBuilder sb = new StringBuilder("--cap-drop=ALL ");
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            sb.append("--cap-add=").append((String) it.next()).append(" ");
        }
        return sb.toString();
    }

    private String getExpectedCGroupsMountString() {
        CGroupsHandler cGroupsHandler = ResourceHandlerModule.getCGroupsHandler();
        if (cGroupsHandler == null) {
            return "";
        }
        String cGroupMountPath = cGroupsHandler.getCGroupMountPath();
        return new File(cGroupMountPath).exists() ? "-v " + cGroupMountPath + ":" + cGroupMountPath + ":ro " : "";
    }

    @Test
    public void testDockerContainerLaunch() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(13, readAllLines.size());
        int i = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        int i2 = i + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(i));
        int i3 = i2 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(i2));
        int i4 = i3 + 1;
        Assert.assertEquals("  detach=true", readAllLines.get(i3));
        int i5 = i4 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines.get(i4));
        int i6 = i5 + 1;
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(i5));
        int i7 = i6 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(i6));
        int i8 = i7 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(i7));
        int i9 = i8 + 1;
        Assert.assertEquals("  name=container_id", readAllLines.get(i8));
        int i10 = i9 + 1;
        Assert.assertEquals("  net=host", readAllLines.get(i9));
        int i11 = i10 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(i10));
        int i12 = i11 + 1;
        Assert.assertEquals("  user=run_as_user", readAllLines.get(i11));
        int i13 = i12 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(i12));
    }

    @Test
    public void testContainerLaunchWithUserRemapping() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        this.conf.setBoolean("yarn.nodemanager.runtime.linux.docker.enable-userremapping.allowed", true);
        Shell.ShellCommandExecutor shellCommandExecutor = new Shell.ShellCommandExecutor(new String[]{"whoami"});
        shellCommandExecutor.execute();
        this.runAsUser = shellCommandExecutor.getOutput().replaceAll("\n$", "");
        this.builder.setExecutionAttribute(LinuxContainerRuntimeConstants.RUN_AS_USER, this.runAsUser);
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        String str = capturePrivilegedOperationAndVerifyArgs().getArguments().get(11);
        String str2 = "";
        String str3 = "";
        String[] strArr = new String[0];
        Shell.ShellCommandExecutor shellCommandExecutor2 = new Shell.ShellCommandExecutor(new String[]{"id", "-u", this.runAsUser});
        Shell.ShellCommandExecutor shellCommandExecutor3 = new Shell.ShellCommandExecutor(new String[]{"id", "-g", this.runAsUser});
        Shell.ShellCommandExecutor shellCommandExecutor4 = new Shell.ShellCommandExecutor(new String[]{"id", "-G", this.runAsUser});
        try {
            shellCommandExecutor2.execute();
            str2 = shellCommandExecutor2.getOutput().replaceAll("\n$", "");
        } catch (Exception e) {
            LOG.info("Could not run id -u command: " + e);
        }
        try {
            shellCommandExecutor3.execute();
            str3 = shellCommandExecutor3.getOutput().replaceAll("\n$", "");
        } catch (Exception e2) {
            LOG.info("Could not run id -g command: " + e2);
        }
        try {
            shellCommandExecutor4.execute();
            strArr = shellCommandExecutor4.getOutput().replace("\n", " ").split(" ");
        } catch (Exception e3) {
            LOG.info("Could not run id -G command: " + e3);
        }
        this.uidGidPair = str2 + ":" + str3;
        List<String> readAllLines = Files.readAllLines(Paths.get(str, new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(14L, readAllLines.size());
        int i = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        int i2 = i + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(i));
        int i3 = i2 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(i2));
        int i4 = i3 + 1;
        Assert.assertEquals("  detach=true", readAllLines.get(i3));
        int i5 = i4 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines.get(i4));
        int i6 = i5 + 1;
        Assert.assertEquals("  group-add=" + StringUtils.join(AbstractNodeLabelsProvider.NODE_LABELS_SEPRATOR, strArr), readAllLines.get(i5));
        int i7 = i6 + 1;
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(i6));
        int i8 = i7 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(i7));
        int i9 = i8 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(i8));
        int i10 = i9 + 1;
        Assert.assertEquals("  name=container_id", readAllLines.get(i9));
        int i11 = i10 + 1;
        Assert.assertEquals("  net=host", readAllLines.get(i10));
        int i12 = i11 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(i11));
        int i13 = i12 + 1;
        Assert.assertEquals("  user=" + this.uidGidPair, readAllLines.get(i12));
        int i14 = i13 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(i13));
    }

    @Test
    public void testAllowedNetworksConfiguration() throws ContainerExecutionException {
        new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler).initialize(this.conf);
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.allowed-container-networks", new String[]{"host", PrivilegedOperation.CGROUP_ARG_NO_TASKS, "bridge", "sdn1"});
        this.conf.set("yarn.nodemanager.runtime.linux.docker.default-container-network", "sdn2");
        try {
            new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler).initialize(this.conf);
            Assert.fail("Invalid default network configuration should did not trigger initialization failure.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
        this.conf.set("yarn.nodemanager.runtime.linux.docker.default-container-network", "sdn1");
        new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler).initialize(this.conf);
    }

    @Test
    public void testContainerLaunchWithNetworkingDefaults() throws ContainerExecutionException, IOException, PrivilegedOperationException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        Random random = new Random();
        String str = "sdn" + Integer.toString(random.nextInt());
        try {
            this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, str);
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Network was expected to be disallowed: " + str);
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception: " + e);
        }
        String str2 = YarnConfiguration.DEFAULT_NM_DOCKER_ALLOWED_CONTAINER_NETWORKS[random.nextInt(YarnConfiguration.DEFAULT_NM_DOCKER_ALLOWED_CONTAINER_NETWORKS.length)];
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, str2);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_HOSTNAME, "test.hostname");
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(13, readAllLines.size());
        int i = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        int i2 = i + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(i));
        int i3 = i2 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(i2));
        int i4 = i3 + 1;
        Assert.assertEquals("  detach=true", readAllLines.get(i3));
        int i5 = i4 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines.get(i4));
        int i6 = i5 + 1;
        Assert.assertEquals("  hostname=test.hostname", readAllLines.get(i5));
        int i7 = i6 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(i6));
        int i8 = i7 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(i7));
        int i9 = i8 + 1;
        Assert.assertEquals("  name=container_id", readAllLines.get(i8));
        int i10 = i9 + 1;
        Assert.assertEquals("  net=" + str2, readAllLines.get(i9));
        int i11 = i10 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(i10));
        int i12 = i11 + 1;
        Assert.assertEquals("  user=run_as_user", readAllLines.get(i11));
        int i13 = i12 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(i12));
    }

    @Test
    public void testContainerLaunchWithCustomNetworks() throws ContainerExecutionException, IOException, PrivilegedOperationException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.allowed-container-networks", new String[]{"host", PrivilegedOperation.CGROUP_ARG_NO_TASKS, "bridge", "sdn1", "sdn2"});
        this.conf.set("yarn.nodemanager.runtime.linux.docker.default-container-network", "sdn1");
        dockerLinuxContainerRuntime.initialize(this.conf);
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(13, readAllLines.size());
        int i = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        int i2 = i + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(i));
        int i3 = i2 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(i2));
        int i4 = i3 + 1;
        Assert.assertEquals("  detach=true", readAllLines.get(i3));
        int i5 = i4 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines.get(i4));
        int i6 = i5 + 1;
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(i5));
        int i7 = i6 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(i6));
        int i8 = i7 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(i7));
        int i9 = i8 + 1;
        Assert.assertEquals("  name=container_id", readAllLines.get(i8));
        int i10 = i9 + 1;
        Assert.assertEquals("  net=sdn1", readAllLines.get(i9));
        int i11 = i10 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(i10));
        int i12 = i11 + 1;
        Assert.assertEquals("  user=run_as_user", readAllLines.get(i11));
        int i13 = i12 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(i12));
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, "sdn2");
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines2 = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(13, readAllLines2.size());
        int i14 = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines2.get(0));
        int i15 = i14 + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines2.get(i14));
        int i16 = i15 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines2.get(i15));
        int i17 = i16 + 1;
        Assert.assertEquals("  detach=true", readAllLines2.get(i16));
        int i18 = i17 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines2.get(i17));
        int i19 = i18 + 1;
        Assert.assertEquals("  hostname=ctr-id", readAllLines2.get(i18));
        int i20 = i19 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines2.get(i19));
        int i21 = i20 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines2.get(i20));
        int i22 = i21 + 1;
        Assert.assertEquals("  name=container_id", readAllLines2.get(i21));
        int i23 = i22 + 1;
        Assert.assertEquals("  net=sdn2", readAllLines2.get(i22));
        int i24 = i23 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines2.get(i23));
        int i25 = i24 + 1;
        Assert.assertEquals("  user=run_as_user", readAllLines2.get(i24));
        int i26 = i25 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines2.get(i25));
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_NETWORK, "sdn3");
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Disallowed network : sdn3did not trigger launch failure.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testLaunchPrivilegedContainersInvalidEnvVar() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, "invalid-value");
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(13, readAllLines.size());
        String str = readAllLines.get(0);
        Assert.assertTrue("Unexpected --privileged in docker run args : " + str, !str.contains("--privileged"));
    }

    @Test
    public void testLaunchPrivilegedContainersWithDisabledSetting() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, SchemaSymbols.ATTVAL_TRUE);
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Expected a privileged launch container failure.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testLaunchPrivilegedContainersWithEnabledSettingAndDefaultACL() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        this.conf.setBoolean("yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed", true);
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, SchemaSymbols.ATTVAL_TRUE);
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Expected a privileged launch container failure.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testLaunchPrivilegedContainersEnabledAndUserNotInWhitelist() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        this.conf.setBoolean("yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed", true);
        this.conf.set("yarn.nodemanager.runtime.linux.docker.privileged-containers.acl", "yoda");
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, SchemaSymbols.ATTVAL_TRUE);
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Expected a privileged launch container failure.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testLaunchPrivilegedContainersEnabledAndUserInWhitelist() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        this.conf.setBoolean("yarn.nodemanager.runtime.linux.docker.privileged-containers.allowed", true);
        this.conf.set("yarn.nodemanager.runtime.linux.docker.privileged-containers.acl", "anakin");
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_RUN_PRIVILEGED_CONTAINER, SchemaSymbols.ATTVAL_TRUE);
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(14, readAllLines.size());
        int i = 0 + 1;
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        int i2 = i + 1;
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(i));
        int i3 = i2 + 1;
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(i2));
        int i4 = i3 + 1;
        Assert.assertEquals("  detach=true", readAllLines.get(i3));
        int i5 = i4 + 1;
        Assert.assertEquals("  docker-command=run", readAllLines.get(i4));
        int i6 = i5 + 1;
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(i5));
        int i7 = i6 + 1;
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(i6));
        int i8 = i7 + 1;
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(i7));
        int i9 = i8 + 1;
        Assert.assertEquals("  name=container_id", readAllLines.get(i8));
        int i10 = i9 + 1;
        Assert.assertEquals("  net=host", readAllLines.get(i9));
        int i11 = i10 + 1;
        Assert.assertEquals("  privileged=true", readAllLines.get(i10));
        int i12 = i11 + 1;
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(i11));
        int i13 = i12 + 1;
        Assert.assertEquals("  user=run_as_user", readAllLines.get(i12));
        int i14 = i13 + 1;
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(i13));
    }

    @Test
    public void testCGroupParent() throws ContainerExecutionException {
        this.conf.set("yarn.nodemanager.linux-container-executor.cgroups.hierarchy", "hadoop-yarn-test");
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        DockerRunCommand dockerRunCommand = (DockerRunCommand) Mockito.mock(DockerRunCommand.class);
        Mockito.when(this.mockCGroupsHandler.getRelativePathForCGroup(this.containerId)).thenReturn("hadoop-yarn-test/" + this.containerIdStr);
        dockerLinuxContainerRuntime.addCGroupParentIfRequired("cgroups=none", this.containerIdStr, dockerRunCommand);
        Mockito.verifyZeroInteractions(new Object[]{dockerRunCommand});
        String str = "/sys/fs/cgroup/cpu/hadoop-yarn-test" + this.containerIdStr;
        dockerLinuxContainerRuntime.addCGroupParentIfRequired(str, this.containerIdStr, dockerRunCommand);
        ((DockerRunCommand) Mockito.verify(dockerRunCommand)).setCGroupParent("/hadoop-yarn-test/" + this.containerIdStr);
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime2 = new DockerLinuxContainerRuntime(this.mockExecutor, null);
        dockerLinuxContainerRuntime2.initialize(this.conf);
        dockerLinuxContainerRuntime2.addCGroupParentIfRequired("cgroups=none", this.containerIdStr, dockerRunCommand);
        dockerLinuxContainerRuntime2.addCGroupParentIfRequired(str, this.containerIdStr, dockerRunCommand);
        Mockito.verifyZeroInteractions(new Object[]{dockerRunCommand});
    }

    @Test
    public void testMountSourceOnly() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "source");
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Expected a launch container failure due to invalid mount.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testMountSourceTarget() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "test_dir/test_resource_file:test_mount");
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(14L, readAllLines.size());
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(1));
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(2));
        Assert.assertEquals("  detach=true", readAllLines.get(3));
        Assert.assertEquals("  docker-command=run", readAllLines.get(4));
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(5));
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(6));
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(7));
        Assert.assertEquals("  name=container_id", readAllLines.get(8));
        Assert.assertEquals("  net=host", readAllLines.get(9));
        Assert.assertEquals("  ro-mounts=/test_local_dir/test_resource_file:test_mount", readAllLines.get(10));
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(11));
        Assert.assertEquals("  user=run_as_user", readAllLines.get(12));
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(13));
    }

    @Test
    public void testMountInvalid() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "source:target:other");
        try {
            dockerLinuxContainerRuntime.launchContainer(this.builder.build());
            Assert.fail("Expected a launch container failure due to invalid mount.");
        } catch (ContainerExecutionException e) {
            LOG.info("Caught expected exception : " + e);
        }
    }

    @Test
    public void testMountMultiple() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        dockerLinuxContainerRuntime.initialize(this.conf);
        this.env.put(DockerLinuxContainerRuntime.ENV_DOCKER_CONTAINER_LOCAL_RESOURCE_MOUNTS, "test_dir/test_resource_file:test_mount1,test_dir/test_resource_file:test_mount2");
        dockerLinuxContainerRuntime.launchContainer(this.builder.build());
        List<String> readAllLines = Files.readAllLines(Paths.get(capturePrivilegedOperationAndVerifyArgs().getArguments().get(11), new String[0]), Charset.forName("UTF-8"));
        Assert.assertEquals(14L, readAllLines.size());
        Assert.assertEquals("[docker-command-execution]", readAllLines.get(0));
        Assert.assertEquals("  cap-add=SYS_CHROOT,NET_BIND_SERVICE", readAllLines.get(1));
        Assert.assertEquals("  cap-drop=ALL", readAllLines.get(2));
        Assert.assertEquals("  detach=true", readAllLines.get(3));
        Assert.assertEquals("  docker-command=run", readAllLines.get(4));
        Assert.assertEquals("  hostname=ctr-id", readAllLines.get(5));
        Assert.assertEquals("  image=busybox:latest", readAllLines.get(6));
        Assert.assertEquals("  launch-command=bash,/test_container_work_dir/launch_container.sh", readAllLines.get(7));
        Assert.assertEquals("  name=container_id", readAllLines.get(8));
        Assert.assertEquals("  net=host", readAllLines.get(9));
        Assert.assertEquals("  ro-mounts=/test_local_dir/test_resource_file:test_mount1,/test_local_dir/test_resource_file:test_mount2", readAllLines.get(10));
        Assert.assertEquals("  rw-mounts=/test_container_local_dir:/test_container_local_dir,/test_filecache_dir:/test_filecache_dir,/test_container_work_dir:/test_container_work_dir,/test_container_log_dir:/test_container_log_dir,/test_user_local_dir:/test_user_local_dir", readAllLines.get(11));
        Assert.assertEquals("  user=run_as_user", readAllLines.get(12));
        Assert.assertEquals("  workdir=/test_container_work_dir", readAllLines.get(13));
    }

    @Test
    public void testContainerLivelinessCheck() throws ContainerExecutionException, PrivilegedOperationException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        this.builder.setExecutionAttribute(LinuxContainerRuntimeConstants.RUN_AS_USER, this.runAsUser).setExecutionAttribute(LinuxContainerRuntimeConstants.USER, this.user).setExecutionAttribute(LinuxContainerRuntimeConstants.PID, "1234").setExecutionAttribute(LinuxContainerRuntimeConstants.SIGNAL, ContainerExecutor.Signal.NULL);
        dockerLinuxContainerRuntime.initialize(enableMockContainerExecutor(this.conf));
        dockerLinuxContainerRuntime.signalContainer(this.builder.build());
        PrivilegedOperation capturePrivilegedOperation = capturePrivilegedOperation();
        Assert.assertEquals(capturePrivilegedOperation.getOperationType(), PrivilegedOperation.OperationType.SIGNAL_CONTAINER);
        Assert.assertEquals("run_as_user", capturePrivilegedOperation.getArguments().get(0));
        Assert.assertEquals("user", capturePrivilegedOperation.getArguments().get(1));
        Assert.assertEquals("2", capturePrivilegedOperation.getArguments().get(2));
        Assert.assertEquals("1234", capturePrivilegedOperation.getArguments().get(3));
        Assert.assertEquals(SchemaSymbols.ATTVAL_FALSE_0, capturePrivilegedOperation.getArguments().get(4));
    }

    @Test
    public void testDockerStopOnTermSignal() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        List<String> dockerCommandsForSignal = getDockerCommandsForSignal(ContainerExecutor.Signal.TERM);
        Assert.assertEquals(3L, dockerCommandsForSignal.size());
        Assert.assertEquals("[docker-command-execution]", dockerCommandsForSignal.get(0));
        Assert.assertEquals("  docker-command=stop", dockerCommandsForSignal.get(1));
        Assert.assertEquals("  name=container_id", dockerCommandsForSignal.get(2));
    }

    @Test
    public void testDockerStopOnKillSignal() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        List<String> dockerCommandsForSignal = getDockerCommandsForSignal(ContainerExecutor.Signal.KILL);
        Assert.assertEquals(3L, dockerCommandsForSignal.size());
        Assert.assertEquals("[docker-command-execution]", dockerCommandsForSignal.get(0));
        Assert.assertEquals("  docker-command=stop", dockerCommandsForSignal.get(1));
        Assert.assertEquals("  name=container_id", dockerCommandsForSignal.get(2));
    }

    @Test
    public void testDockerStopOnQuitSignal() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        List<String> dockerCommandsForSignal = getDockerCommandsForSignal(ContainerExecutor.Signal.QUIT);
        Assert.assertEquals(3L, dockerCommandsForSignal.size());
        Assert.assertEquals("[docker-command-execution]", dockerCommandsForSignal.get(0));
        Assert.assertEquals("  docker-command=stop", dockerCommandsForSignal.get(1));
        Assert.assertEquals("  name=container_id", dockerCommandsForSignal.get(2));
    }

    private List<String> getDockerCommandsForSignal(ContainerExecutor.Signal signal) throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        this.builder.setExecutionAttribute(LinuxContainerRuntimeConstants.RUN_AS_USER, this.runAsUser).setExecutionAttribute(LinuxContainerRuntimeConstants.USER, this.user).setExecutionAttribute(LinuxContainerRuntimeConstants.PID, "1234").setExecutionAttribute(LinuxContainerRuntimeConstants.SIGNAL, signal);
        dockerLinuxContainerRuntime.initialize(enableMockContainerExecutor(this.conf));
        dockerLinuxContainerRuntime.signalContainer(this.builder.build());
        PrivilegedOperation capturePrivilegedOperation = capturePrivilegedOperation();
        Assert.assertEquals(capturePrivilegedOperation.getOperationType(), PrivilegedOperation.OperationType.RUN_DOCKER_CMD);
        return Files.readAllLines(Paths.get(capturePrivilegedOperation.getArguments().get(0), new String[0]), Charset.forName("UTF-8"));
    }

    public static Configuration enableMockContainerExecutor(Configuration configuration) {
        File file = new File("./src/test/resources/mock-container-executor");
        if (!FileUtil.canExecute(file)) {
            FileUtil.setExecutable(file, true);
        }
        configuration.set("yarn.nodemanager.linux-container-executor.path", file.getAbsolutePath());
        return configuration;
    }

    @Test
    public void testDockerImageNamePattern() throws Exception {
        String[] strArr = {"Ubuntu", "ubuntu || fedora", "ubuntu#", "myregistryhost:50AB0/ubuntu", "myregistry#host:50AB0/ubuntu", ":8080/ubuntu"};
        for (String str : new String[]{"ubuntu", "fedora/httpd:version1.0", "fedora/httpd:version1.0.test", "fedora/httpd:version1.0.TEST", "myregistryhost:5000/ubuntu", "myregistryhost:5000/fedora/httpd:version1.0", "myregistryhost:5000/fedora/httpd:version1.0.test", "myregistryhost:5000/fedora/httpd:version1.0.TEST"}) {
            DockerLinuxContainerRuntime.validateImageName(str);
        }
        for (String str2 : strArr) {
            try {
                DockerLinuxContainerRuntime.validateImageName(str2);
                Assert.fail(str2 + " is an invalid name and should fail the regex");
            } catch (ContainerExecutionException e) {
            }
        }
    }

    @Test
    public void testDockerHostnamePattern() throws Exception {
        String[] strArr = {"a", "a#.b.c", "-a.b.c", "a@b.c", "a/b/c"};
        for (String str : new String[]{"ab", "a.b.c.d", "a1-b.cd.ef", "0AB.", "C_D-"}) {
            DockerLinuxContainerRuntime.validateHostname(str);
        }
        for (String str2 : strArr) {
            try {
                DockerLinuxContainerRuntime.validateHostname(str2);
                Assert.fail(str2 + " is an invalid hostname and should fail the regex");
            } catch (ContainerExecutionException e) {
            }
        }
    }

    @Test
    public void testDockerCapabilities() throws ContainerExecutionException, PrivilegedOperationException, IOException {
        DockerLinuxContainerRuntime dockerLinuxContainerRuntime = new DockerLinuxContainerRuntime(this.mockExecutor, this.mockCGroupsHandler);
        try {
            this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", new String[]{PrivilegedOperation.CGROUP_ARG_NO_TASKS, "CHOWN", "DAC_OVERRIDE"});
            dockerLinuxContainerRuntime.initialize(this.conf);
            Assert.fail("Initialize didn't fail with invalid capabilities 'none', 'CHOWN', 'DAC_OVERRIDE'");
        } catch (ContainerExecutionException e) {
        }
        try {
            this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", new String[]{"CHOWN", "DAC_OVERRIDE", "NONE"});
            dockerLinuxContainerRuntime.initialize(this.conf);
            Assert.fail("Initialize didn't fail with invalid capabilities 'CHOWN', 'DAC_OVERRIDE', 'NONE'");
        } catch (ContainerExecutionException e2) {
        }
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", new String[]{"NONE"});
        dockerLinuxContainerRuntime.initialize(this.conf);
        Assert.assertEquals(0L, dockerLinuxContainerRuntime.getCapabilities().size());
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", new String[]{PrivilegedOperation.CGROUP_ARG_NO_TASKS});
        dockerLinuxContainerRuntime.initialize(this.conf);
        Assert.assertEquals(0L, dockerLinuxContainerRuntime.getCapabilities().size());
        this.conf.setStrings("yarn.nodemanager.runtime.linux.docker.capabilities", new String[]{"CHOWN", "DAC_OVERRIDE"});
        dockerLinuxContainerRuntime.initialize(this.conf);
        Iterator<String> it = dockerLinuxContainerRuntime.getCapabilities().iterator();
        Assert.assertEquals("CHOWN", it.next());
        Assert.assertEquals("DAC_OVERRIDE", it.next());
    }
}
