From 4871254408f8a9330de08fde2c21cb60ae1e5aa6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Thu, 29 Apr 2021 19:56:55 -0300 Subject: [PATCH] fix(config): ensure AnonymousUserToken is set * added tests to verify it's set either in the `tokens` or the `Users` dicts --- arvados/config/file.sls | 2 ++ kitchen.yml | 5 ++--- pillar.example | 2 ++ test/integration/api/controls/config_spec.rb | 6 ++++++ test/integration/keepstore/controls/config_spec.rb | 6 ++++++ test/integration/shell/controls/config_spec.rb | 8 ++++++++ test/salt/pillar/arvados.sls | 2 +- test/salt/pillar/arvados_dev.sls | 9 ++++++++- 8 files changed, 35 insertions(+), 5 deletions(-) diff --git a/arvados/config/file.sls b/arvados/config/file.sls index 5a9c1f0..fb9ab67 100644 --- a/arvados/config/file.sls +++ b/arvados/config/file.sls @@ -6,6 +6,8 @@ {%- from tplroot ~ "/map.jinja" import arvados with context %} {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} +{%- do arvados.cluster.Users.update({'AnonymousUserToken': arvados.cluster.tokens.anonymous_user }) if arvados.cluster.Users.AnonymousUserToken is not defined %} + include: - .package diff --git a/kitchen.yml b/kitchen.yml index e47ea24..cb35319 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -325,6 +325,7 @@ suites: # yamllint enable rule:line-length verifier: inspec_tests: + - path: test/integration/repo - path: test/integration/workbench - path: test/integration/workbench2 #### shell @@ -360,15 +361,13 @@ suites: - arvados._mapdata - arvados.repo - arvados.keepstore - # - arvados.clean pillars: top.sls: base: '*': - arvados pillars_from_files: - arvados.sls: test/salt/pillar/arvados.sls + arvados.sls: test/salt/pillar/arvados_dev.sls verifier: inspec_tests: - - path: test/integration/repo - path: test/integration/keepstore diff --git a/pillar.example b/pillar.example index 233b492..b8acf45 100644 --- a/pillar.example +++ b/pillar.example @@ -86,6 +86,8 @@ arvados: # See https://dev.arvados.org/issues/17150 system_root: changemesystemroottoken management: changememanagementtoken + # The AnonymousUserToken can be set here or in the + # USers dictionary below. The latter will be used if set. anonymous_user: changemeanonymoususertoken ### KEYS diff --git a/test/integration/api/controls/config_spec.rb b/test/integration/api/controls/config_spec.rb index 0f64cb2..7131096 100644 --- a/test/integration/api/controls/config_spec.rb +++ b/test/integration/api/controls/config_spec.rb @@ -1,5 +1,10 @@ # frozen_string_literal: true +users_stanza = <<-USERS_STANZA + Users: + AnonymousUserToken: anonymoususertokensetinthetokensdict +USERS_STANZA + api_stanza = <<-API_STANZA API: API_STANZA @@ -47,5 +52,6 @@ control 'arvados configuration' do its('content') { should include(api_stanza) } its('content') { should include(rails_stanza) } its('content') { should include(database_stanza) } + its('content') { should include(users_stanza) } end end diff --git a/test/integration/keepstore/controls/config_spec.rb b/test/integration/keepstore/controls/config_spec.rb index d44e673..7113e2b 100644 --- a/test/integration/keepstore/controls/config_spec.rb +++ b/test/integration/keepstore/controls/config_spec.rb @@ -1,5 +1,10 @@ # frozen_string_literal: true +users_stanza = <<-USERS_STANZA + Users: + AnonymousUserToken: anonymoususertokensetintheusersdict +USERS_STANZA + keepstore_stanza = <<-KEEPSTORE_STANZA Keepstore: InternalURLs: @@ -33,5 +38,6 @@ control 'arvados configuration' do end its('content') { should include(keepstore_stanza) } its('content') { should include(volumes_stanza) } + its('content') { should include(users_stanza) } end end diff --git a/test/integration/shell/controls/config_spec.rb b/test/integration/shell/controls/config_spec.rb index 603e337..f0e8a7e 100644 --- a/test/integration/shell/controls/config_spec.rb +++ b/test/integration/shell/controls/config_spec.rb @@ -1,5 +1,13 @@ # frozen_string_literal: true +control 'arvados configuration file' do + title 'should not exist' + + describe file('/etc/arvados/config.yml') do + it { should_not exist} + end +end + control 'shellinabox configuration' do title 'should match desired lines' diff --git a/test/salt/pillar/arvados.sls b/test/salt/pillar/arvados.sls index a063823..635b894 100644 --- a/test/salt/pillar/arvados.sls +++ b/test/salt/pillar/arvados.sls @@ -59,7 +59,7 @@ arvados: tokens: system_root: changemesystemroottoken management: changememanagementtoken - anonymous_user: changemeanonymoususertoken + anonymous_user: anonymoususertokensetinthetokensdict ### KEYS secrets: diff --git a/test/salt/pillar/arvados_dev.sls b/test/salt/pillar/arvados_dev.sls index 35a5bff..1dcc78b 100644 --- a/test/salt/pillar/arvados_dev.sls +++ b/test/salt/pillar/arvados_dev.sls @@ -67,6 +67,13 @@ arvados: user: arvados extra_conn_params: client_encoding: UTF8 + # Centos7 does not enable SSL by default, so we disable + # it here just for testing of the formula purposes only. + # You should not do this in production, and should + # configure Postgres certificates correctly + {%- if grains.os_family in ('RedHat',) %} + sslmode: disable + {%- endif %} tls: # certificate: '' @@ -78,7 +85,6 @@ arvados: tokens: system_root: changemesystemroottoken management: changememanagementtoken - anonymous_user: changemeanonymoususertoken ### KEYS secrets: @@ -108,6 +114,7 @@ arvados: Root: /tmp Users: + AnonymousUserToken: anonymoususertokensetintheusersdict NewUsersAreActive: true AutoAdminFirstUser: true AutoSetupNewUsers: true -- 2.30.2