lib/controller/router/router_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package router
   6
   7 import (
   8         "bytes"
   9         "encoding/json"
  10         "io"
  11         "net/http"
  12         "net/http/httptest"
  13         "net/url"
  14         "os"
  15         "strings"
  16         "testing"
  17         "time"
  18
  19         "git.arvados.org/arvados.git/lib/controller/rpc"
  20         "git.arvados.org/arvados.git/sdk/go/arvados"
  21         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  22         "git.arvados.org/arvados.git/sdk/go/auth"
  23         "github.com/gorilla/mux"
  24         check "gopkg.in/check.v1"
  25 )
  26
  27 // Gocheck boilerplate
  28 func Test(t *testing.T) {
  29         check.TestingT(t)
  30 }
  31
  32 var _ = check.Suite(&RouterSuite{})
  33
  34 type RouterSuite struct {
  35         rtr  *router
  36         stub arvadostest.APIStub
  37 }
  38
  39 func (s *RouterSuite) SetUpTest(c *check.C) {
  40         s.stub = arvadostest.APIStub{}
  41         s.rtr = &router{
  42                 mux:     mux.NewRouter(),
  43                 backend: &s.stub,
  44                 config: Config{
  45                         ContainerWebServices: &arvados.ServiceWithPortRange{
  46                                 Service: arvados.Service{
  47                                         ExternalURL: arvados.URL{Host: "*.containers.zzzzz.example.com"},
  48                                 },
  49                         },
  50                 },
  51         }
  52         s.rtr.addRoutes()
  53 }
  54
  55 func (s *RouterSuite) TestOptions(c *check.C) {
  56         token := arvadostest.ActiveToken
  57         for _, trial := range []struct {
  58                 comment         string // unparsed -- only used to help match test failures to trials
  59                 method          string
  60                 path            string
  61                 header          http.Header
  62                 body            string
  63                 unauthenticated bool
  64                 shouldStatus    int // zero value means 200
  65                 shouldCall      string
  66                 withOptions     interface{}
  67                 checkOptions    func(interface{}) // if non-nil, call instead of checking withOptions
  68         }{
  69                 {
  70                         method:      "GET",
  71                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  72                         shouldCall:  "CollectionGet",
  73                         withOptions: arvados.GetOptions{UUID: arvadostest.FooCollection},
  74                 },
  75                 {
  76                         method:      "PUT",
  77                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  78                         shouldCall:  "CollectionUpdate",
  79                         withOptions: arvados.UpdateOptions{UUID: arvadostest.FooCollection},
  80                 },
  81                 {
  82                         method:      "PATCH",
  83                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  84                         shouldCall:  "CollectionUpdate",
  85                         withOptions: arvados.UpdateOptions{UUID: arvadostest.FooCollection},
  86                 },
  87                 {
  88                         method:      "DELETE",
  89                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  90                         shouldCall:  "CollectionDelete",
  91                         withOptions: arvados.DeleteOptions{UUID: arvadostest.FooCollection},
  92                 },
  93                 {
  94                         method:      "POST",
  95                         path:        "/arvados/v1/collections",
  96                         shouldCall:  "CollectionCreate",
  97                         withOptions: arvados.CreateOptions{},
  98                 },
  99                 {
 100                         method:      "GET",
 101                         path:        "/arvados/v1/collections",
 102                         shouldCall:  "CollectionList",
 103                         withOptions: arvados.ListOptions{Limit: -1},
 104                 },
 105                 {
 106                         method:      "GET",
 107                         path:        "/arvados/v1/api_client_authorizations",
 108                         shouldCall:  "APIClientAuthorizationList",
 109                         withOptions: arvados.ListOptions{Limit: -1},
 110                 },
 111                 {
 112                         method:      "GET",
 113                         path:        "/arvados/v1/collections?limit=123&offset=456&include_trash=true&include_old_versions=1",
 114                         shouldCall:  "CollectionList",
 115                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 116                 },
 117                 {
 118                         method:      "POST",
 119                         path:        "/arvados/v1/collections?limit=123&_method=GET",
 120                         body:        `{"offset":456,"include_trash":true,"include_old_versions":true}`,
 121                         shouldCall:  "CollectionList",
 122                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 123                 },
 124                 {
 125                         method:      "POST",
 126                         path:        "/arvados/v1/collections?limit=123",
 127                         body:        `{"offset":456,"include_trash":true,"include_old_versions":true}`,
 128                         header:      http.Header{"X-Http-Method-Override": {"GET"}, "Content-Type": {"application/json"}},
 129                         shouldCall:  "CollectionList",
 130                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 131                 },
 132                 {
 133                         method:      "POST",
 134                         path:        "/arvados/v1/collections?limit=123",
 135                         body:        "offset=456&include_trash=true&include_old_versions=1&_method=GET",
 136                         header:      http.Header{"Content-Type": {"application/x-www-form-urlencoded"}},
 137                         shouldCall:  "CollectionList",
 138                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 139                 },
 140                 {
 141                         comment:     "form-encoded expression filter in query string",
 142                         method:      "GET",
 143                         path:        "/arvados/v1/collections?filters=[%22(foo<bar)%22]",
 144                         shouldCall:  "CollectionList",
 145                         withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
 146                 },
 147                 {
 148                         comment:     "form-encoded expression filter in POST body",
 149                         method:      "POST",
 150                         path:        "/arvados/v1/collections",
 151                         body:        "filters=[\"(foo<bar)\"]&_method=GET",
 152                         header:      http.Header{"Content-Type": {"application/x-www-form-urlencoded"}},
 153                         shouldCall:  "CollectionList",
 154                         withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
 155                 },
 156                 {
 157                         comment:     "json-encoded expression filter in POST body",
 158                         method:      "POST",
 159                         path:        "/arvados/v1/collections?_method=GET",
 160                         body:        `{"filters":["(foo<bar)",["bar","=","baz"]],"limit":2}`,
 161                         header:      http.Header{"Content-Type": {"application/json"}},
 162                         shouldCall:  "CollectionList",
 163                         withOptions: arvados.ListOptions{Limit: 2, Filters: []arvados.Filter{{"(foo<bar)", "=", true}, {"bar", "=", "baz"}}},
 164                 },
 165                 {
 166                         comment:     "json-encoded select param in query string",
 167                         method:      "GET",
 168                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection + "?select=[%22portable_data_hash%22]",
 169                         shouldCall:  "CollectionGet",
 170                         withOptions: arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"portable_data_hash"}},
 171                 },
 172                 {
 173                         method:       "PATCH",
 174                         path:         "/arvados/v1/collections",
 175                         shouldStatus: http.StatusMethodNotAllowed,
 176                 },
 177                 {
 178                         method:       "PUT",
 179                         path:         "/arvados/v1/collections",
 180                         shouldStatus: http.StatusMethodNotAllowed,
 181                 },
 182                 {
 183                         method:       "DELETE",
 184                         path:         "/arvados/v1/collections",
 185                         shouldStatus: http.StatusMethodNotAllowed,
 186                 },
 187                 {
 188                         comment:    "container log webdav GET root",
 189                         method:     "GET",
 190                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 191                         shouldCall: "ContainerRequestLog",
 192                         withOptions: arvados.ContainerLogOptions{
 193                                 UUID: arvadostest.CompletedContainerRequestUUID,
 194                                 WebDAVOptions: arvados.WebDAVOptions{
 195                                         Method: "GET",
 196                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 197                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 198                 },
 199                 {
 200                         comment:    "container log webdav GET root without trailing slash",
 201                         method:     "GET",
 202                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
 203                         shouldCall: "ContainerRequestLog",
 204                         withOptions: arvados.ContainerLogOptions{
 205                                 UUID: arvadostest.CompletedContainerRequestUUID,
 206                                 WebDAVOptions: arvados.WebDAVOptions{
 207                                         Method: "GET",
 208                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 209                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 210                 },
 211                 {
 212                         comment:    "container log webdav OPTIONS root",
 213                         method:     "OPTIONS",
 214                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 215                         shouldCall: "ContainerRequestLog",
 216                         withOptions: arvados.ContainerLogOptions{
 217                                 UUID: arvadostest.CompletedContainerRequestUUID,
 218                                 WebDAVOptions: arvados.WebDAVOptions{
 219                                         Method: "OPTIONS",
 220                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 221                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 222                 },
 223                 {
 224                         comment:    "container log webdav OPTIONS root without trailing slash",
 225                         method:     "OPTIONS",
 226                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID,
 227                         shouldCall: "ContainerRequestLog",
 228                         withOptions: arvados.ContainerLogOptions{
 229                                 UUID: arvadostest.CompletedContainerRequestUUID,
 230                                 WebDAVOptions: arvados.WebDAVOptions{
 231                                         Method: "OPTIONS",
 232                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 233                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 234                 },
 235                 {
 236                         comment:         "container log webdav OPTIONS for CORS",
 237                         unauthenticated: true,
 238                         method:          "OPTIONS",
 239                         path:            "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 240                         header:          http.Header{"Access-Control-Request-Method": {"POST"}},
 241                         shouldCall:      "ContainerRequestLog",
 242                         withOptions: arvados.ContainerLogOptions{
 243                                 UUID: arvadostest.CompletedContainerRequestUUID,
 244                                 WebDAVOptions: arvados.WebDAVOptions{
 245                                         Method: "OPTIONS",
 246                                         Header: http.Header{
 247                                                 "Access-Control-Request-Method": {"POST"},
 248                                         },
 249                                         Path: "/" + arvadostest.CompletedContainerUUID + "/"}},
 250                 },
 251                 {
 252                         comment:    "container log webdav PROPFIND root",
 253                         method:     "PROPFIND",
 254                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 255                         shouldCall: "ContainerRequestLog",
 256                         withOptions: arvados.ContainerLogOptions{
 257                                 UUID: arvadostest.CompletedContainerRequestUUID,
 258                                 WebDAVOptions: arvados.WebDAVOptions{
 259                                         Method: "PROPFIND",
 260                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 261                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 262                 },
 263                 {
 264                         comment:    "container log webdav PROPFIND root without trailing slash",
 265                         method:     "PROPFIND",
 266                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
 267                         shouldCall: "ContainerRequestLog",
 268                         withOptions: arvados.ContainerLogOptions{
 269                                 UUID: arvadostest.CompletedContainerRequestUUID,
 270                                 WebDAVOptions: arvados.WebDAVOptions{
 271                                         Method: "PROPFIND",
 272                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 273                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 274                 },
 275                 {
 276                         comment:    "container log webdav no_forward=true",
 277                         method:     "GET",
 278                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/?no_forward=true",
 279                         shouldCall: "ContainerRequestLog",
 280                         withOptions: arvados.ContainerLogOptions{
 281                                 UUID:      arvadostest.CompletedContainerRequestUUID,
 282                                 NoForward: true,
 283                                 WebDAVOptions: arvados.WebDAVOptions{
 284                                         Method: "GET",
 285                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 286                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 287                 },
 288                 {
 289                         comment:      "/logX does not route to ContainerRequestLog",
 290                         method:       "GET",
 291                         path:         "/arvados/v1/containers/" + arvadostest.CompletedContainerRequestUUID + "/logX",
 292                         shouldStatus: http.StatusNotFound,
 293                         shouldCall:   "",
 294                 },
 295                 {
 296                         comment:         "container http proxy no_forward=true",
 297                         unauthenticated: true,
 298                         method:          "POST",
 299                         path:            "/foo/bar",
 300                         header: http.Header{
 301                                 "Cookie":               {"arvados_api_token=" + auth.EncodeTokenCookie([]byte(arvadostest.ActiveToken))},
 302                                 "Host":                 {arvadostest.RunningContainerUUID + "-12345.containers.zzzzz.example.com"},
 303                                 "X-Arvados-No-Forward": {"1"},
 304                                 "X-Example-Header":     {"preserved header value"},
 305                         },
 306                         shouldCall: "ContainerHTTPProxy",
 307                         checkOptions: func(gotOptions interface{}) {
 308                                 opts, _ := gotOptions.(arvados.ContainerHTTPProxyOptions)
 309                                 if !c.Check(opts, check.NotNil) {
 310                                         return
 311                                 }
 312                                 c.Check(opts.Request.Method, check.Equals, "POST")
 313                                 c.Check(opts.Request.URL.Path, check.Equals, "/foo/bar")
 314                                 c.Check(opts.Request.Host, check.Equals, arvadostest.RunningContainerUUID+"-12345.containers.zzzzz.example.com")
 315                                 c.Check(opts.Request.Header, check.DeepEquals, http.Header{
 316                                         "Cookie":           {"arvados_api_token=" + auth.EncodeTokenCookie([]byte(arvadostest.ActiveToken))},
 317                                         "X-Example-Header": {"preserved header value"},
 318                                 })
 319                                 opts.Request = nil
 320                                 c.Check(opts, check.DeepEquals, arvados.ContainerHTTPProxyOptions{
 321                                         Target:    arvadostest.RunningContainerUUID + "-12345",
 322                                         NoForward: true,
 323                                 })
 324                         },
 325                 },
 326         } {
 327                 // Reset calls captured in previous trial
 328                 s.stub = arvadostest.APIStub{}
 329
 330                 c.Logf("trial: %+v", trial)
 331                 comment := check.Commentf("trial comment: %s", trial.comment)
 332
 333                 _, rr := doRequest(c, s.rtr, token, trial.method, trial.path, !trial.unauthenticated, trial.header, bytes.NewBufferString(trial.body), nil)
 334                 if trial.shouldStatus == 0 {
 335                         c.Check(rr.Code, check.Equals, http.StatusOK, comment)
 336                 } else {
 337                         c.Check(rr.Code, check.Equals, trial.shouldStatus, comment)
 338                 }
 339                 calls := s.stub.Calls(nil)
 340                 if trial.shouldCall == "" {
 341                         c.Check(calls, check.HasLen, 0, comment)
 342                         continue
 343                 }
 344                 if !c.Check(calls, check.HasLen, 1, comment) {
 345                         continue
 346                 }
 347                 c.Check(calls[0].Method, isMethodNamed, trial.shouldCall, comment)
 348                 if trial.checkOptions != nil {
 349                         trial.checkOptions(calls[0].Options)
 350                 } else {
 351                         c.Check(calls[0].Options, check.DeepEquals, trial.withOptions, comment)
 352                 }
 353         }
 354 }
 355
 356 var _ = check.Suite(&RouterIntegrationSuite{})
 357
 358 type RouterIntegrationSuite struct {
 359         rtr *router
 360 }
 361
 362 func (s *RouterIntegrationSuite) SetUpTest(c *check.C) {
 363         cluster := &arvados.Cluster{}
 364         cluster.TLS.Insecure = true
 365         arvadostest.SetServiceURL(&cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST"))
 366         arvadostest.SetServiceURL(&cluster.Services.ContainerWebServices.Service, "https://*.containers.zzzzz.example.com")
 367         url, _ := url.Parse("https://" + os.Getenv("ARVADOS_TEST_API_HOST"))
 368         s.rtr = New(rpc.NewConn("zzzzz", url, true, rpc.PassthroughTokenProvider), Config{})
 369 }
 370
 371 func (s *RouterIntegrationSuite) TearDownSuite(c *check.C) {
 372         err := arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil)
 373         c.Check(err, check.IsNil)
 374 }
 375
 376 func (s *RouterIntegrationSuite) TestCollectionResponses(c *check.C) {
 377         token := arvadostest.ActiveTokenV2
 378
 379         // Check "get collection" response has "kind" key
 380         jresp := map[string]interface{}{}
 381         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"include_trash":true}`), jresp)
 382         c.Check(rr.Code, check.Equals, http.StatusOK)
 383         c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
 384         c.Check(jresp["kind"], check.Equals, "arvados#collectionList")
 385         c.Check(jresp["items"].([]interface{})[0].(map[string]interface{})["kind"], check.Equals, "arvados#collection")
 386
 387         // Check items in list response have a "kind" key regardless
 388         // of whether a uuid/pdh is selected.
 389         for _, selectj := range []string{
 390                 ``,
 391                 `,"select":["portable_data_hash"]`,
 392                 `,"select":["name"]`,
 393                 `,"select":["uuid"]`,
 394         } {
 395                 jresp := map[string]interface{}{}
 396                 _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"where":{"uuid":["`+arvadostest.FooCollection+`"]}`+selectj+`}`), jresp)
 397                 c.Check(rr.Code, check.Equals, http.StatusOK)
 398                 c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
 399                 c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 400                 c.Check(jresp["kind"], check.Equals, "arvados#collectionList")
 401                 item0 := jresp["items"].([]interface{})[0].(map[string]interface{})
 402                 c.Check(item0["kind"], check.Equals, "arvados#collection")
 403                 if selectj == "" || strings.Contains(selectj, "portable_data_hash") {
 404                         c.Check(item0["portable_data_hash"], check.Equals, arvadostest.FooCollectionPDH)
 405                 } else {
 406                         c.Check(item0["portable_data_hash"], check.IsNil)
 407                 }
 408                 if selectj == "" || strings.Contains(selectj, "name") {
 409                         c.Check(item0["name"], check.FitsTypeOf, "")
 410                 } else {
 411                         c.Check(item0["name"], check.IsNil)
 412                 }
 413                 if selectj == "" || strings.Contains(selectj, "uuid") {
 414                         c.Check(item0["uuid"], check.Equals, arvadostest.FooCollection)
 415                 } else {
 416                         c.Check(item0["uuid"], check.IsNil)
 417                 }
 418         }
 419
 420         // Check "create collection" response has "kind" key
 421         jresp = map[string]interface{}{}
 422         _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}, bytes.NewBufferString(`ensure_unique_name=true`), jresp)
 423         c.Check(rr.Code, check.Equals, http.StatusOK)
 424         c.Check(jresp["uuid"], check.FitsTypeOf, "")
 425         c.Check(jresp["kind"], check.Equals, "arvados#collection")
 426 }
 427
 428 func (s *RouterIntegrationSuite) TestMaxRequestSize(c *check.C) {
 429         token := arvadostest.ActiveTokenV2
 430         for _, maxRequestSize := range []int{
 431                 // Ensure 5M limit is enforced.
 432                 5000000,
 433                 // Ensure 50M limit is enforced, and that a >25M body
 434                 // is accepted even though the default Go request size
 435                 // limit is 10M.
 436                 50000000,
 437         } {
 438                 s.rtr.config.MaxRequestSize = maxRequestSize
 439                 okstr := "a"
 440                 for len(okstr) < maxRequestSize/2 {
 441                         okstr = okstr + okstr
 442                 }
 443
 444                 hdr := http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}
 445
 446                 body := bytes.NewBufferString(url.Values{"foo_bar": {okstr}}.Encode())
 447                 _, rr := doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
 448                 c.Check(rr.Code, check.Equals, http.StatusOK)
 449
 450                 body = bytes.NewBufferString(url.Values{"foo_bar": {okstr + okstr}}.Encode())
 451                 _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
 452                 c.Check(rr.Code, check.Equals, http.StatusRequestEntityTooLarge)
 453         }
 454 }
 455
 456 func (s *RouterIntegrationSuite) TestContainerList(c *check.C) {
 457         token := arvadostest.ActiveTokenV2
 458
 459         jresp := map[string]interface{}{}
 460         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=0`, true, nil, nil, jresp)
 461         c.Check(rr.Code, check.Equals, http.StatusOK)
 462         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 463         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 464         c.Check(jresp["items"], check.NotNil)
 465         c.Check(jresp["items"], check.HasLen, 0)
 466
 467         jresp = map[string]interface{}{}
 468         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?filters=[["uuid","in",[]]]`, true, nil, nil, jresp)
 469         c.Check(rr.Code, check.Equals, http.StatusOK)
 470         c.Check(jresp["items_available"], check.Equals, float64(0))
 471         c.Check(jresp["items"], check.NotNil)
 472         c.Check(jresp["items"], check.HasLen, 0)
 473
 474         jresp = map[string]interface{}{}
 475         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=2&select=["uuid","command"]`, true, nil, nil, jresp)
 476         c.Check(rr.Code, check.Equals, http.StatusOK)
 477         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 478         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 479         c.Check(jresp["items"], check.HasLen, 2)
 480         item0 := jresp["items"].([]interface{})[0].(map[string]interface{})
 481         c.Check(item0["uuid"], check.HasLen, 27)
 482         c.Check(item0["command"], check.FitsTypeOf, []interface{}{})
 483         c.Check(item0["command"].([]interface{})[0], check.FitsTypeOf, "")
 484         c.Check(item0["mounts"], check.IsNil)
 485
 486         jresp = map[string]interface{}{}
 487         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers`, true, nil, nil, jresp)
 488         c.Check(rr.Code, check.Equals, http.StatusOK)
 489         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 490         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 491         avail := int(jresp["items_available"].(float64))
 492         c.Check(jresp["items"], check.HasLen, avail)
 493         item0 = jresp["items"].([]interface{})[0].(map[string]interface{})
 494         c.Check(item0["uuid"], check.HasLen, 27)
 495         c.Check(item0["command"], check.FitsTypeOf, []interface{}{})
 496         c.Check(item0["command"].([]interface{})[0], check.FitsTypeOf, "")
 497         c.Check(item0["mounts"], check.NotNil)
 498 }
 499
 500 func (s *RouterIntegrationSuite) TestContainerLock(c *check.C) {
 501         uuid := arvadostest.QueuedContainerUUID
 502         token := arvadostest.AdminToken
 503
 504         jresp := map[string]interface{}{}
 505         _, rr := doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, jresp)
 506         c.Check(rr.Code, check.Equals, http.StatusOK)
 507         c.Check(jresp["uuid"], check.HasLen, 27)
 508         c.Check(jresp["state"], check.Equals, "Locked")
 509
 510         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, nil)
 511         c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
 512         c.Check(rr.Body.String(), check.Not(check.Matches), `.*"uuid":.*`)
 513
 514         jresp = map[string]interface{}{}
 515         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
 516         c.Check(rr.Code, check.Equals, http.StatusOK)
 517         c.Check(jresp["uuid"], check.HasLen, 27)
 518         c.Check(jresp["state"], check.Equals, "Queued")
 519         c.Check(jresp["environment"], check.IsNil)
 520
 521         jresp = map[string]interface{}{}
 522         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
 523         c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
 524         c.Check(jresp["uuid"], check.IsNil)
 525 }
 526
 527 func (s *RouterIntegrationSuite) TestWritableBy(c *check.C) {
 528         jresp := map[string]interface{}{}
 529         _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "GET", `/arvados/v1/users/`+arvadostest.ActiveUserUUID, true, nil, nil, jresp)
 530         c.Check(rr.Code, check.Equals, http.StatusOK)
 531         c.Check(jresp["writable_by"], check.DeepEquals, []interface{}{"zzzzz-tpzed-000000000000000", "zzzzz-tpzed-xurymjxw79nv3jz", "zzzzz-j7d0g-48foin4vonvc2at"})
 532 }
 533
 534 func (s *RouterIntegrationSuite) TestFullTimestampsInResponse(c *check.C) {
 535         uuid := arvadostest.CollectionReplicationDesired2Confirmed2UUID
 536         token := arvadostest.ActiveTokenV2
 537
 538         jresp := map[string]interface{}{}
 539         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections/`+uuid, true, nil, nil, jresp)
 540         c.Check(rr.Code, check.Equals, http.StatusOK)
 541         c.Check(jresp["uuid"], check.Equals, uuid)
 542         expectNS := map[string]int{
 543                 "created_at":  596506000, // fixture says 596506247, but truncated by postgresql
 544                 "modified_at": 596338000, // fixture says 596338465, but truncated by postgresql
 545         }
 546         for key, ns := range expectNS {
 547                 mt, ok := jresp[key].(string)
 548                 c.Logf("jresp[%q] == %q", key, mt)
 549                 c.Assert(ok, check.Equals, true)
 550                 t, err := time.Parse(time.RFC3339Nano, mt)
 551                 c.Check(err, check.IsNil)
 552                 c.Check(t.Nanosecond(), check.Equals, ns)
 553         }
 554 }
 555
 556 func (s *RouterIntegrationSuite) TestSelectParam(c *check.C) {
 557         uuid := arvadostest.QueuedContainerUUID
 558         token := arvadostest.ActiveTokenV2
 559         // GET
 560         for _, sel := range [][]string{
 561                 {"uuid", "command"},
 562                 {"uuid", "command", "uuid"},
 563         } {
 564                 j, err := json.Marshal(sel)
 565                 c.Assert(err, check.IsNil)
 566                 jresp := map[string]interface{}{}
 567                 _, rr := doRequest(c, s.rtr, token, "GET", "/arvados/v1/containers/"+uuid+"?select="+string(j), true, nil, nil, jresp)
 568                 c.Check(rr.Code, check.Equals, http.StatusOK)
 569
 570                 c.Check(jresp["kind"], check.Equals, "arvados#container")
 571                 c.Check(jresp["uuid"], check.HasLen, 27)
 572                 c.Check(jresp["command"], check.HasLen, 2)
 573                 c.Check(jresp["mounts"], check.IsNil)
 574                 _, hasMounts := jresp["mounts"]
 575                 c.Check(hasMounts, check.Equals, false)
 576         }
 577         // POST & PUT
 578         uuid = arvadostest.FooCollection
 579         j, err := json.Marshal([]string{"uuid", "description"})
 580         c.Assert(err, check.IsNil)
 581         for _, method := range []string{"PUT", "POST"} {
 582                 desc := "Today is " + time.Now().String()
 583                 reqBody := "{\"description\":\"" + desc + "\"}"
 584                 jresp := map[string]interface{}{}
 585                 var rr *httptest.ResponseRecorder
 586                 if method == "PUT" {
 587                         _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections/"+uuid+"?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
 588                 } else {
 589                         _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
 590                 }
 591                 c.Check(rr.Code, check.Equals, http.StatusOK)
 592                 c.Check(jresp["kind"], check.Equals, "arvados#collection")
 593                 c.Check(jresp["uuid"], check.HasLen, 27)
 594                 c.Check(jresp["description"], check.Equals, desc)
 595                 c.Check(jresp["manifest_text"], check.IsNil)
 596         }
 597 }
 598
 599 func (s *RouterIntegrationSuite) TestIncluded(c *check.C) {
 600         for _, trial := range []struct {
 601                 uuid            string
 602                 expectOwnerUUID string
 603                 expectOwnerKind string
 604         }{
 605                 {
 606                         uuid:            arvadostest.ASubprojectUUID,
 607                         expectOwnerUUID: arvadostest.AProjectUUID,
 608                         expectOwnerKind: "arvados#group",
 609                 },
 610                 {
 611                         uuid:            arvadostest.AProjectUUID,
 612                         expectOwnerUUID: arvadostest.ActiveUserUUID,
 613                         expectOwnerKind: "arvados#user",
 614                 },
 615         } {
 616                 c.Logf("trial: %#v", trial)
 617                 token := arvadostest.ActiveTokenV2
 618                 jresp := map[string]interface{}{}
 619                 _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/groups/contents?include=owner_uuid&filters=[["uuid","=","`+trial.uuid+`"]]`, true, nil, nil, jresp)
 620                 c.Check(rr.Code, check.Equals, http.StatusOK)
 621
 622                 c.Assert(jresp["included"], check.FitsTypeOf, []interface{}{})
 623                 included, ok := jresp["included"].([]interface{})
 624                 c.Assert(ok, check.Equals, true)
 625                 c.Assert(included, check.HasLen, 1)
 626                 owner, ok := included[0].(map[string]interface{})
 627                 c.Assert(ok, check.Equals, true)
 628                 c.Check(owner["kind"], check.Equals, trial.expectOwnerKind)
 629                 c.Check(owner["uuid"], check.Equals, trial.expectOwnerUUID)
 630         }
 631 }
 632
 633 func (s *RouterIntegrationSuite) TestHEAD(c *check.C) {
 634         _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "HEAD", "/arvados/v1/containers/"+arvadostest.QueuedContainerUUID, true, nil, nil, nil)
 635         c.Check(rr.Code, check.Equals, http.StatusOK)
 636 }
 637
 638 func (s *RouterIntegrationSuite) TestRouteNotFound(c *check.C) {
 639         token := arvadostest.ActiveTokenV2
 640         req := (&testReq{
 641                 method: "POST",
 642                 path:   "arvados/v1/collections/" + arvadostest.FooCollection + "/error404pls",
 643                 token:  token,
 644         }).Request()
 645         rr := httptest.NewRecorder()
 646         s.rtr.ServeHTTP(rr, req)
 647         c.Check(rr.Code, check.Equals, http.StatusNotFound)
 648         c.Logf("body: %q", rr.Body.String())
 649         var j map[string]interface{}
 650         err := json.Unmarshal(rr.Body.Bytes(), &j)
 651         c.Check(err, check.IsNil)
 652         c.Logf("decoded: %v", j)
 653         c.Assert(j["errors"], check.FitsTypeOf, []interface{}{})
 654         c.Check(j["errors"].([]interface{})[0], check.Equals, "API endpoint not found")
 655 }
 656
 657 func (s *RouterIntegrationSuite) TestCORS(c *check.C) {
 658         token := arvadostest.ActiveTokenV2
 659         req := (&testReq{
 660                 method: "OPTIONS",
 661                 path:   "arvados/v1/collections/" + arvadostest.FooCollection,
 662                 header: http.Header{"Origin": {"https://example.com"}},
 663                 token:  token,
 664         }).Request()
 665         rr := httptest.NewRecorder()
 666         s.rtr.ServeHTTP(rr, req)
 667         c.Check(rr.Code, check.Equals, http.StatusOK)
 668         c.Check(rr.Body.String(), check.HasLen, 0)
 669         c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "*")
 670         for _, hdr := range []string{"Authorization", "Content-Type"} {
 671                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Matches, ".*"+hdr+".*")
 672         }
 673         for _, method := range []string{"GET", "HEAD", "PUT", "POST", "PATCH", "DELETE"} {
 674                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Matches, ".*"+method+".*")
 675         }
 676
 677         for _, unsafe := range []string{"login", "logout", "auth", "auth/foo", "login/?blah"} {
 678                 req := (&testReq{
 679                         method: "OPTIONS",
 680                         path:   unsafe,
 681                         header: http.Header{"Origin": {"https://example.com"}},
 682                         token:  token,
 683                 }).Request()
 684                 rr := httptest.NewRecorder()
 685                 s.rtr.ServeHTTP(rr, req)
 686                 c.Check(rr.Code, check.Equals, http.StatusOK)
 687                 c.Check(rr.Body.String(), check.HasLen, 0)
 688                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "")
 689                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Equals, "")
 690                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Equals, "")
 691
 692                 req = (&testReq{
 693                         method: "POST",
 694                         path:   unsafe,
 695                         header: http.Header{"Origin": {"https://example.com"}},
 696                         token:  token,
 697                 }).Request()
 698                 rr = httptest.NewRecorder()
 699                 s.rtr.ServeHTTP(rr, req)
 700                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "")
 701                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Equals, "")
 702                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Equals, "")
 703         }
 704 }
 705
 706 func (s *RouterIntegrationSuite) TestComputedPermissionList(c *check.C) {
 707         token := arvadostest.AdminToken
 708
 709         jresp := map[string]interface{}{}
 710         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/computed_permissions?filters=[["user_uuid","=","`+arvadostest.ActiveUserUUID+`"],["target_uuid","=","`+arvadostest.AProjectUUID+`"]]&select=["perm_level"]`, true, nil, nil, jresp)
 711         c.Check(rr.Code, check.Equals, http.StatusOK)
 712         c.Check(jresp["items_available"], check.IsNil)
 713         if c.Check(jresp["items"], check.HasLen, 1) {
 714                 item := jresp["items"].([]interface{})[0].(map[string]interface{})
 715                 c.Check(item, check.DeepEquals, map[string]interface{}{
 716                         "kind":       "arvados#computedPermission",
 717                         "perm_level": "can_manage",
 718                 })
 719         }
 720 }
 721
 722 func doRequest(c *check.C, rtr http.Handler, token, method, path string, auth bool, hdrs http.Header, body io.Reader, jresp map[string]interface{}) (*http.Request, *httptest.ResponseRecorder) {
 723         req := httptest.NewRequest(method, path, body)
 724         for k, v := range hdrs {
 725                 if k == "Host" && len(v) == 1 {
 726                         req.Host = v[0]
 727                 } else {
 728                         req.Header[k] = v
 729                 }
 730         }
 731         if auth {
 732                 req.Header.Set("Authorization", "Bearer "+token)
 733         }
 734         rr := httptest.NewRecorder()
 735         rtr.ServeHTTP(rr, req)
 736         respbody := rr.Body.String()
 737         if len(respbody) > 10000 {
 738                 respbody = respbody[:10000] + "[...]"
 739         }
 740         c.Logf("response body: %s", respbody)
 741         if jresp != nil {
 742                 err := json.Unmarshal(rr.Body.Bytes(), &jresp)
 743                 c.Check(err, check.IsNil)
 744         }
 745         return req, rr
 746 }