3 # ARVADOS_API_TOKEN=abc ARVADOS_API_HOST=arvados.local python -m unittest discover
10 import run_test_server
12 @contextlib.contextmanager
13 def unauthenticated_client(keep_client=None):
14 if keep_client is None:
15 keep_client = arvados.keep.global_client_object
16 if not hasattr(keep_client, 'api_token'):
19 orig_token = keep_client.api_token
20 keep_client.api_token = ''
22 keep_client.api_token = orig_token
24 class KeepTestCase(run_test_server.TestCaseWithServers):
29 arvados.keep.global_client_object = None
30 run_test_server.authorize_with("admin")
32 def test_KeepBasicRWTest(self):
33 foo_locator = arvados.Keep.put('foo')
34 self.assertRegexpMatches(
36 '^acbd18db4cc2f85cedef654fccc4a4d8\+3',
37 'wrong md5 hash from Keep.put("foo"): ' + foo_locator)
38 self.assertEqual(arvados.Keep.get(foo_locator),
40 'wrong content from Keep.get(md5("foo"))')
42 def test_KeepBinaryRWTest(self):
43 blob_str = '\xff\xfe\xf7\x00\x01\x02'
44 blob_locator = arvados.Keep.put(blob_str)
45 self.assertRegexpMatches(
47 '^7fc7c53b45e53926ba52821140fef396\+6',
48 ('wrong locator from Keep.put(<binarydata>):' + blob_locator))
49 self.assertEqual(arvados.Keep.get(blob_locator),
51 'wrong content from Keep.get(md5(<binarydata>))')
53 def test_KeepLongBinaryRWTest(self):
54 blob_str = '\xff\xfe\xfd\xfc\x00\x01\x02\x03'
56 blob_str = blob_str + blob_str
57 blob_locator = arvados.Keep.put(blob_str)
58 self.assertRegexpMatches(
60 '^84d90fc0d8175dd5dcfab04b999bc956\+67108864',
61 ('wrong locator from Keep.put(<binarydata>): ' + blob_locator))
62 self.assertEqual(arvados.Keep.get(blob_locator),
64 'wrong content from Keep.get(md5(<binarydata>))')
66 def test_KeepSingleCopyRWTest(self):
67 blob_str = '\xff\xfe\xfd\xfc\x00\x01\x02\x03'
68 blob_locator = arvados.Keep.put(blob_str, copies=1)
69 self.assertRegexpMatches(
71 '^c902006bc98a3eb4a3663b65ab4a6fab\+8',
72 ('wrong locator from Keep.put(<binarydata>): ' + blob_locator))
73 self.assertEqual(arvados.Keep.get(blob_locator),
75 'wrong content from Keep.get(md5(<binarydata>))')
78 class KeepPermissionTestCase(run_test_server.TestCaseWithServers):
80 KEEP_SERVER = {'blob_signing_key': 'abcdefghijk0123456789',
81 'enforce_permissions': True}
83 def test_KeepBasicRWTest(self):
84 run_test_server.authorize_with('active')
85 foo_locator = arvados.Keep.put('foo')
86 self.assertRegexpMatches(
88 r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$',
89 'invalid locator from Keep.put("foo"): ' + foo_locator)
90 self.assertEqual(arvados.Keep.get(foo_locator),
92 'wrong content from Keep.get(md5("foo"))')
94 # GET with an unsigned locator => NotFound
95 bar_locator = arvados.Keep.put('bar')
96 unsigned_bar_locator = "37b51d194a7513e45b56f6524f2d51f2+3"
97 self.assertRegexpMatches(
99 r'^37b51d194a7513e45b56f6524f2d51f2\+3\+A[a-f0-9]+@[a-f0-9]+$',
100 'invalid locator from Keep.put("bar"): ' + bar_locator)
101 self.assertRaises(arvados.errors.NotFoundError,
103 unsigned_bar_locator)
105 # GET from a different user => NotFound
106 run_test_server.authorize_with('spectator')
107 self.assertRaises(arvados.errors.NotFoundError,
111 # Unauthenticated GET for a signed locator => NotFound
112 # Unauthenticated GET for an unsigned locator => NotFound
113 with unauthenticated_client():
114 self.assertRaises(arvados.errors.NotFoundError,
117 self.assertRaises(arvados.errors.NotFoundError,
119 unsigned_bar_locator)
122 # KeepOptionalPermission: starts Keep with --permission-key-file
123 # but not --enforce-permissions (i.e. generate signatures on PUT
124 # requests, but do not require them for GET requests)
126 # All of these requests should succeed when permissions are optional:
127 # * authenticated request, signed locator
128 # * authenticated request, unsigned locator
129 # * unauthenticated request, signed locator
130 # * unauthenticated request, unsigned locator
131 class KeepOptionalPermission(run_test_server.TestCaseWithServers):
133 KEEP_SERVER = {'blob_signing_key': 'abcdefghijk0123456789',
134 'enforce_permissions': False}
136 def test_KeepAuthenticatedSignedTest(self):
137 run_test_server.authorize_with('active')
138 signed_locator = arvados.Keep.put('foo')
139 self.assertRegexpMatches(
141 r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$',
142 'invalid locator from Keep.put("foo"): ' + signed_locator)
143 self.assertEqual(arvados.Keep.get(signed_locator),
145 'wrong content from Keep.get(md5("foo"))')
147 def test_KeepAuthenticatedUnsignedTest(self):
148 run_test_server.authorize_with('active')
149 signed_locator = arvados.Keep.put('foo')
150 self.assertRegexpMatches(
152 r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$',
153 'invalid locator from Keep.put("foo"): ' + signed_locator)
154 self.assertEqual(arvados.Keep.get("acbd18db4cc2f85cedef654fccc4a4d8"),
156 'wrong content from Keep.get(md5("foo"))')
158 def test_KeepUnauthenticatedSignedTest(self):
159 # Since --enforce-permissions is not in effect, GET requests
160 # need not be authenticated.
161 run_test_server.authorize_with('active')
162 signed_locator = arvados.Keep.put('foo')
163 self.assertRegexpMatches(
165 r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$',
166 'invalid locator from Keep.put("foo"): ' + signed_locator)
168 with unauthenticated_client():
169 self.assertEqual(arvados.Keep.get(signed_locator),
171 'wrong content from Keep.get(md5("foo"))')
173 def test_KeepUnauthenticatedUnsignedTest(self):
174 # Since --enforce-permissions is not in effect, GET requests
175 # need not be authenticated.
176 run_test_server.authorize_with('active')
177 signed_locator = arvados.Keep.put('foo')
178 self.assertRegexpMatches(
180 r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$',
181 'invalid locator from Keep.put("foo"): ' + signed_locator)
183 with unauthenticated_client():
184 self.assertEqual(arvados.Keep.get("acbd18db4cc2f85cedef654fccc4a4d8"),
186 'wrong content from Keep.get(md5("foo"))')
189 class KeepProxyTestCase(run_test_server.TestCaseWithServers):
192 KEEP_PROXY_SERVER = {'auth': 'admin'}
196 super(KeepProxyTestCase, cls).setUpClass()
197 cls.proxy_addr = os.environ['ARVADOS_KEEP_PROXY']
200 arvados.keep.global_client_object = None
201 os.environ['ARVADOS_KEEP_PROXY'] = self.proxy_addr
202 os.environ.pop('ARVADOS_EXTERNAL_CLIENT', None)
204 def test_KeepProxyTest1(self):
205 # Will use ARVADOS_KEEP_PROXY environment variable that is set by
207 baz_locator = arvados.Keep.put('baz')
208 self.assertRegexpMatches(
210 '^73feffa4b7f6bb68e44cf984c85f6e88\+3',
211 'wrong md5 hash from Keep.put("baz"): ' + baz_locator)
212 self.assertEqual(arvados.Keep.get(baz_locator),
214 'wrong content from Keep.get(md5("baz"))')
216 self.assertEqual(True, arvados.Keep.global_client_object().using_proxy)
218 def test_KeepProxyTest2(self):
219 # We don't want to use ARVADOS_KEEP_PROXY from run_keep_proxy() in
220 # setUpClass(), so clear it and set ARVADOS_EXTERNAL_CLIENT which will
221 # contact the API server.
222 os.environ["ARVADOS_KEEP_PROXY"] = ""
223 os.environ["ARVADOS_EXTERNAL_CLIENT"] = "true"
225 # Will send X-External-Client to server and get back the proxy from
226 # keep_services/accessible
227 baz_locator = arvados.Keep.put('baz2')
228 self.assertRegexpMatches(
230 '^91f372a266fe2bf2823cb8ec7fda31ce\+4',
231 'wrong md5 hash from Keep.put("baz2"): ' + baz_locator)
232 self.assertEqual(arvados.Keep.get(baz_locator),
234 'wrong content from Keep.get(md5("baz2"))')
236 self.assertEqual(True, arvados.Keep.global_client_object().using_proxy)