1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class Arvados::V1::ContainersControllerTest < ActionController::TestCase
9 authorize_with :system_user
12 command: ['echo', 'hello'],
13 container_image: 'test',
17 assert_response :success
20 [Container::Queued, Container::Complete].each do |state|
21 test "cannot get auth in #{state} state" do
22 authorize_with :dispatch1
23 get :auth, id: containers(:queued).uuid
28 test 'cannot get auth with wrong token' do
29 authorize_with :dispatch1
30 c = containers(:queued)
31 assert c.lock, show_errors(c)
33 authorize_with :system_user
39 authorize_with :dispatch1
40 c = containers(:queued)
41 assert c.lock, show_errors(c)
43 assert_response :success
44 assert_operator 32, :<, json_response['api_token'].length
45 assert_equal 'arvados#apiClientAuthorization', json_response['kind']
48 test 'no auth or secret_mounts in container response' do
49 authorize_with :dispatch1
50 c = containers(:queued)
51 assert c.lock, show_errors(c)
53 assert_response :success
54 assert_nil json_response['auth']
55 assert_nil json_response['secret_mounts']
58 test "lock container" do
59 authorize_with :dispatch1
60 uuid = containers(:queued).uuid
61 post :lock, {id: uuid}
62 assert_response :success
63 assert_nil json_response['mounts']
64 assert_nil json_response['command']
65 assert_not_nil json_response['auth_uuid']
66 assert_not_nil json_response['locked_by_uuid']
67 assert_equal containers(:queued).uuid, json_response['uuid']
68 assert_equal 'Locked', json_response['state']
69 assert_equal containers(:queued).priority, json_response['priority']
71 container = Container.where(uuid: uuid).first
72 assert_equal 'Locked', container.state
73 assert_not_nil container.locked_by_uuid
74 assert_not_nil container.auth_uuid
77 test "unlock container" do
78 authorize_with :dispatch1
79 uuid = containers(:locked).uuid
80 post :unlock, {id: uuid}
81 assert_response :success
82 assert_nil json_response['mounts']
83 assert_nil json_response['command']
84 assert_nil json_response['auth_uuid']
85 assert_nil json_response['locked_by_uuid']
86 assert_equal containers(:locked).uuid, json_response['uuid']
87 assert_equal 'Queued', json_response['state']
88 assert_equal containers(:locked).priority, json_response['priority']
90 container = Container.where(uuid: uuid).first
91 assert_equal 'Queued', container.state
92 assert_nil container.locked_by_uuid
93 assert_nil container.auth_uuid
96 test "unlock container locked by different dispatcher" do
97 authorize_with :dispatch2
98 uuid = containers(:locked).uuid
99 post :unlock, {id: uuid}
104 [:queued, :lock, :success, 'Locked'],
105 [:queued, :unlock, 422, 'Queued'],
106 [:locked, :lock, 422, 'Locked'],
107 [:running, :lock, 422, 'Running'],
108 [:running, :unlock, 422, 'Running'],
109 ].each do |fixture, action, response, state|
110 test "state transitions from #{fixture} to #{action}" do
111 authorize_with :dispatch1
112 uuid = containers(fixture).uuid
113 post action, {id: uuid}
114 assert_response response
115 assert_equal state, Container.where(uuid: uuid).first.state
119 test 'get current container for token' do
120 authorize_with :running_container_auth
122 assert_response :success
123 assert_equal containers(:running).uuid, json_response['uuid']
126 test 'no container associated with token' do
127 authorize_with :dispatch1
132 test 'try get current container, no token' do
138 [true, :running_container_auth],
142 ].each do |expect_success, auth|
143 test "get secret_mounts with #{auth} token" do
145 get :secret_mounts, {id: containers(:running).uuid}
147 assert_response :success
148 assert_equal "42\n", json_response["secret_mounts"]["/secret/6x9"]["content"]
155 test 'get runtime_token auth' do
156 authorize_with :dispatch1
157 c = containers(:runtime_token)
158 assert c.lock, show_errors(c)
159 get :auth, id: c.uuid
160 assert_response :success
161 assert_equal "v2/#{json_response['uuid']}/#{json_response['api_token']}", api_client_authorizations(:container_runtime_token).token
162 assert_equal 'arvados#apiClientAuthorization', json_response['kind']