Merge branch '16265-security-updates' into dependabot/bundler/apps/workbench/loofah...
[arvados.git] / lib / config / deprecated_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package config
6
7 import (
8         "flag"
9         "fmt"
10         "io/ioutil"
11         "os"
12         "time"
13
14         "git.arvados.org/arvados.git/sdk/go/arvados"
15         check "gopkg.in/check.v1"
16 )
17
18 // Configured at: sdk/python/tests/run_test_server.py
19 const TestServerManagementToken = "e687950a23c3a9bceec28c6223a06c79"
20
21 func testLoadLegacyConfig(content []byte, mungeFlag string, c *check.C) (*arvados.Cluster, error) {
22         tmpfile, err := ioutil.TempFile("", "example")
23         if err != nil {
24                 return nil, err
25         }
26         defer os.Remove(tmpfile.Name())
27
28         if _, err := tmpfile.Write(content); err != nil {
29                 return nil, err
30         }
31         if err := tmpfile.Close(); err != nil {
32                 return nil, err
33         }
34         flags := flag.NewFlagSet("test", flag.ExitOnError)
35         ldr := testLoader(c, "Clusters: {zzzzz: {}}", nil)
36         ldr.SetupFlags(flags)
37         args := ldr.MungeLegacyConfigArgs(ldr.Logger, []string{"-config", tmpfile.Name()}, mungeFlag)
38         flags.Parse(args)
39         cfg, err := ldr.Load()
40         if err != nil {
41                 return nil, err
42         }
43         cluster, err := cfg.GetCluster("")
44         if err != nil {
45                 return nil, err
46         }
47         return cluster, nil
48 }
49
50 func (s *LoadSuite) TestDeprecatedNodeProfilesToServices(c *check.C) {
51         hostname, err := os.Hostname()
52         c.Assert(err, check.IsNil)
53         checkEquivalent(c, `
54 Clusters:
55  z1111:
56   NodeProfiles:
57    "*":
58     arvados-controller:
59      listen: ":9004"
60    `+hostname+`:
61     arvados-api-server:
62      listen: ":8000"
63    dispatch-host:
64     arvados-dispatch-cloud:
65      listen: ":9006"
66 `, `
67 Clusters:
68  z1111:
69   Services:
70    RailsAPI:
71     InternalURLs:
72      "http://localhost:8000": {}
73    Controller:
74     InternalURLs:
75      "http://localhost:9004": {}
76    DispatchCloud:
77     InternalURLs:
78      "http://dispatch-host:9006": {}
79   NodeProfiles:
80    "*":
81     arvados-controller:
82      listen: ":9004"
83    `+hostname+`:
84     arvados-api-server:
85      listen: ":8000"
86    dispatch-host:
87     arvados-dispatch-cloud:
88      listen: ":9006"
89 `)
90 }
91
92 func (s *LoadSuite) TestLegacyKeepWebConfig(c *check.C) {
93         content := []byte(`
94 {
95         "Client": {
96                 "Scheme": "",
97                 "APIHost": "example.com",
98                 "AuthToken": "abcdefg",
99         },
100         "Listen": ":80",
101         "AnonymousTokens": [
102                 "anonusertoken"
103         ],
104         "AttachmentOnlyHost": "download.example.com",
105         "TrustAllContent": true,
106         "Cache": {
107                 "TTL": "1m",
108                 "UUIDTTL": "1s",
109                 "MaxCollectionEntries": 42,
110                 "MaxCollectionBytes": 1234567890,
111                 "MaxPermissionEntries": 100,
112                 "MaxUUIDEntries": 100
113         },
114         "ManagementToken": "xyzzy"
115 }
116 `)
117         cluster, err := testLoadLegacyConfig(content, "-legacy-keepweb-config", c)
118         c.Check(err, check.IsNil)
119
120         c.Check(cluster.Services.Controller.ExternalURL, check.Equals, arvados.URL{Scheme: "https", Host: "example.com"})
121         c.Check(cluster.SystemRootToken, check.Equals, "abcdefg")
122
123         c.Check(cluster.Collections.WebDAVCache.TTL, check.Equals, arvados.Duration(60*time.Second))
124         c.Check(cluster.Collections.WebDAVCache.UUIDTTL, check.Equals, arvados.Duration(time.Second))
125         c.Check(cluster.Collections.WebDAVCache.MaxCollectionEntries, check.Equals, 42)
126         c.Check(cluster.Collections.WebDAVCache.MaxCollectionBytes, check.Equals, int64(1234567890))
127         c.Check(cluster.Collections.WebDAVCache.MaxPermissionEntries, check.Equals, 100)
128         c.Check(cluster.Collections.WebDAVCache.MaxUUIDEntries, check.Equals, 100)
129
130         c.Check(cluster.Services.WebDAVDownload.ExternalURL, check.Equals, arvados.URL{Host: "download.example.com"})
131         c.Check(cluster.Services.WebDAVDownload.InternalURLs[arvados.URL{Host: ":80"}], check.NotNil)
132         c.Check(cluster.Services.WebDAV.InternalURLs[arvados.URL{Host: ":80"}], check.NotNil)
133
134         c.Check(cluster.Collections.TrustAllContent, check.Equals, true)
135         c.Check(cluster.Users.AnonymousUserToken, check.Equals, "anonusertoken")
136         c.Check(cluster.ManagementToken, check.Equals, "xyzzy")
137 }
138
139 // Tests fix for https://dev.arvados.org/issues/15642
140 func (s *LoadSuite) TestLegacyKeepWebConfigDoesntDisableMissingItems(c *check.C) {
141         content := []byte(`
142 {
143         "Client": {
144                 "Scheme": "",
145                 "APIHost": "example.com",
146                 "AuthToken": "abcdefg",
147         }
148 }
149 `)
150         cluster, err := testLoadLegacyConfig(content, "-legacy-keepweb-config", c)
151         c.Check(err, check.IsNil)
152         // The resulting ManagementToken should be the one set up on the test server.
153         c.Check(cluster.ManagementToken, check.Equals, TestServerManagementToken)
154 }
155
156 func (s *LoadSuite) TestLegacyKeepproxyConfig(c *check.C) {
157         f := "-legacy-keepproxy-config"
158         content := []byte(fmtKeepproxyConfig("", true))
159         cluster, err := testLoadLegacyConfig(content, f, c)
160
161         c.Check(err, check.IsNil)
162         c.Check(cluster, check.NotNil)
163         c.Check(cluster.Services.Controller.ExternalURL, check.Equals, arvados.URL{Scheme: "https", Host: "example.com"})
164         c.Check(cluster.SystemRootToken, check.Equals, "abcdefg")
165         c.Check(cluster.ManagementToken, check.Equals, "xyzzy")
166         c.Check(cluster.Services.Keepproxy.InternalURLs[arvados.URL{Host: ":80"}], check.Equals, arvados.ServiceInstance{})
167         c.Check(cluster.Collections.DefaultReplication, check.Equals, 0)
168         c.Check(cluster.API.KeepServiceRequestTimeout.String(), check.Equals, "15s")
169         c.Check(cluster.SystemLogs.LogLevel, check.Equals, "debug")
170
171         content = []byte(fmtKeepproxyConfig("", false))
172         cluster, err = testLoadLegacyConfig(content, f, c)
173         c.Check(cluster.SystemLogs.LogLevel, check.Equals, "info")
174
175         content = []byte(fmtKeepproxyConfig(`"DisableGet": true,`, true))
176         _, err = testLoadLegacyConfig(content, f, c)
177         c.Check(err, check.NotNil)
178
179         content = []byte(fmtKeepproxyConfig(`"DisablePut": true,`, true))
180         _, err = testLoadLegacyConfig(content, f, c)
181         c.Check(err, check.NotNil)
182
183         content = []byte(fmtKeepproxyConfig(`"PIDFile": "test",`, true))
184         _, err = testLoadLegacyConfig(content, f, c)
185         c.Check(err, check.NotNil)
186
187         content = []byte(fmtKeepproxyConfig(`"DisableGet": false, "DisablePut": false, "PIDFile": "",`, true))
188         _, err = testLoadLegacyConfig(content, f, c)
189         c.Check(err, check.IsNil)
190 }
191
192 func fmtKeepproxyConfig(param string, debugLog bool) string {
193         return fmt.Sprintf(`
194 {
195         "Client": {
196                 "Scheme": "",
197                 "APIHost": "example.com",
198                 "AuthToken": "abcdefg",
199                 "Insecure": false
200         },
201         "Listen": ":80",
202         "DefaultReplicas": 0,
203         "Timeout": "15s",
204         "Debug": %t,
205         %s
206         "ManagementToken": "xyzzy"
207 }
208 `, debugLog, param)
209 }
210
211 func (s *LoadSuite) TestLegacyArvGitHttpdConfig(c *check.C) {
212         content := []byte(`
213 {
214         "Client": {
215                 "Scheme": "",
216                 "APIHost": "example.com",
217                 "AuthToken": "abcdefg",
218         },
219         "Listen": ":9000",
220         "GitCommand": "/test/git",
221         "GitoliteHome": "/test/gitolite",
222         "RepoRoot": "/test/reporoot",
223         "ManagementToken": "xyzzy"
224 }
225 `)
226         f := "-legacy-git-httpd-config"
227         cluster, err := testLoadLegacyConfig(content, f, c)
228
229         c.Check(err, check.IsNil)
230         c.Check(cluster, check.NotNil)
231         c.Check(cluster.Services.Controller.ExternalURL, check.Equals, arvados.URL{Scheme: "https", Host: "example.com"})
232         c.Check(cluster.SystemRootToken, check.Equals, "abcdefg")
233         c.Check(cluster.ManagementToken, check.Equals, "xyzzy")
234         c.Check(cluster.Git.GitCommand, check.Equals, "/test/git")
235         c.Check(cluster.Git.GitoliteHome, check.Equals, "/test/gitolite")
236         c.Check(cluster.Git.Repositories, check.Equals, "/test/reporoot")
237         c.Check(cluster.Services.Keepproxy.InternalURLs[arvados.URL{Host: ":9000"}], check.Equals, arvados.ServiceInstance{})
238 }
239
240 // Tests fix for https://dev.arvados.org/issues/15642
241 func (s *LoadSuite) TestLegacyArvGitHttpdConfigDoesntDisableMissingItems(c *check.C) {
242         content := []byte(`
243 {
244         "Client": {
245                 "Scheme": "",
246                 "APIHost": "example.com",
247                 "AuthToken": "abcdefg",
248         }
249 }
250 `)
251         cluster, err := testLoadLegacyConfig(content, "-legacy-git-httpd-config", c)
252         c.Check(err, check.IsNil)
253         // The resulting ManagementToken should be the one set up on the test server.
254         c.Check(cluster.ManagementToken, check.Equals, TestServerManagementToken)
255 }
256
257 func (s *LoadSuite) TestLegacyKeepBalanceConfig(c *check.C) {
258         f := "-legacy-keepbalance-config"
259         content := []byte(fmtKeepBalanceConfig(""))
260         cluster, err := testLoadLegacyConfig(content, f, c)
261
262         c.Check(err, check.IsNil)
263         c.Check(cluster, check.NotNil)
264         c.Check(cluster.ManagementToken, check.Equals, "xyzzy")
265         c.Check(cluster.Services.Keepbalance.InternalURLs[arvados.URL{Host: ":80"}], check.Equals, arvados.ServiceInstance{})
266         c.Check(cluster.Collections.BalanceCollectionBuffers, check.Equals, 1000)
267         c.Check(cluster.Collections.BalanceCollectionBatch, check.Equals, 100000)
268         c.Check(cluster.Collections.BalancePeriod.String(), check.Equals, "10m")
269         c.Check(cluster.Collections.BlobMissingReport, check.Equals, "testfile")
270         c.Check(cluster.API.KeepServiceRequestTimeout.String(), check.Equals, "30m")
271
272         content = []byte(fmtKeepBalanceConfig(`"KeepServiceTypes":["disk"],`))
273         _, err = testLoadLegacyConfig(content, f, c)
274         c.Check(err, check.IsNil)
275
276         content = []byte(fmtKeepBalanceConfig(`"KeepServiceTypes":[],`))
277         _, err = testLoadLegacyConfig(content, f, c)
278         c.Check(err, check.IsNil)
279
280         content = []byte(fmtKeepBalanceConfig(`"KeepServiceTypes":["proxy"],`))
281         _, err = testLoadLegacyConfig(content, f, c)
282         c.Check(err, check.NotNil)
283
284         content = []byte(fmtKeepBalanceConfig(`"KeepServiceTypes":["disk", "proxy"],`))
285         _, err = testLoadLegacyConfig(content, f, c)
286         c.Check(err, check.NotNil)
287
288         content = []byte(fmtKeepBalanceConfig(`"KeepServiceList":{},`))
289         _, err = testLoadLegacyConfig(content, f, c)
290         c.Check(err, check.NotNil)
291 }
292
293 func fmtKeepBalanceConfig(param string) string {
294         return fmt.Sprintf(`
295 {
296         "Client": {
297                 "Scheme": "",
298                 "APIHost": "example.com",
299                 "AuthToken": "abcdefg",
300                 "Insecure": false
301         },
302         "Listen": ":80",
303         %s
304         "RunPeriod": "10m",
305         "CollectionBatchSize": 100000,
306         "CollectionBuffers": 1000,
307         "RequestTimeout": "30m",
308         "ManagementToken": "xyzzy",
309         "LostBlocksFile": "testfile"
310 }
311 `, param)
312 }