cmd/arvados-client/container_gateway_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: Apache-2.0
   4
   5 package main
   6
   7 import (
   8         "bytes"
   9         "context"
  10         "crypto/hmac"
  11         "crypto/sha256"
  12         "fmt"
  13         "io/ioutil"
  14         "net"
  15         "net/http"
  16         "net/url"
  17         "os"
  18         "os/exec"
  19         "strings"
  20         "sync"
  21         "syscall"
  22         "time"
  23
  24         "git.arvados.org/arvados.git/lib/controller/rpc"
  25         "git.arvados.org/arvados.git/lib/crunchrun"
  26         "git.arvados.org/arvados.git/sdk/go/arvados"
  27         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  28         "git.arvados.org/arvados.git/sdk/go/httpserver"
  29         check "gopkg.in/check.v1"
  30 )
  31
  32 func (s *ClientSuite) TestShellGatewayNotAvailable(c *check.C) {
  33         var stdout, stderr bytes.Buffer
  34         cmd := exec.Command("go", "run", ".", "shell", arvadostest.QueuedContainerUUID, "-o", "controlpath=none", "echo", "ok")
  35         cmd.Env = append(cmd.Env, os.Environ()...)
  36         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
  37         cmd.Stdout = &stdout
  38         cmd.Stderr = &stderr
  39         c.Check(cmd.Run(), check.NotNil)
  40         c.Log(stderr.String())
  41         c.Check(stderr.String(), check.Matches, `(?ms).*container is not running yet \(state is "Queued"\).*`)
  42 }
  43
  44 func (s *ClientSuite) TestShellGateway(c *check.C) {
  45         defer func() {
  46                 c.Check(arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil), check.IsNil)
  47         }()
  48         uuid := arvadostest.QueuedContainerUUID
  49         h := hmac.New(sha256.New, []byte(arvadostest.SystemRootToken))
  50         fmt.Fprint(h, uuid)
  51         authSecret := fmt.Sprintf("%x", h.Sum(nil))
  52         gw := crunchrun.Gateway{
  53                 ContainerUUID: uuid,
  54                 Address:       "0.0.0.0:0",
  55                 AuthSecret:    authSecret,
  56                 // Just forward connections to localhost instead of a
  57                 // container, so we can test without running a
  58                 // container.
  59                 Target: crunchrun.GatewayTargetStub{},
  60         }
  61         err := gw.Start()
  62         c.Assert(err, check.IsNil)
  63
  64         rpcconn := rpc.NewConn("",
  65                 &url.URL{
  66                         Scheme: "https",
  67                         Host:   os.Getenv("ARVADOS_API_HOST"),
  68                 },
  69                 true,
  70                 func(context.Context) ([]string, error) {
  71                         return []string{arvadostest.SystemRootToken}, nil
  72                 })
  73         _, err = rpcconn.ContainerUpdate(context.TODO(), arvados.UpdateOptions{UUID: uuid, Attrs: map[string]interface{}{
  74                 "state": arvados.ContainerStateLocked,
  75         }})
  76         c.Assert(err, check.IsNil)
  77         _, err = rpcconn.ContainerUpdate(context.TODO(), arvados.UpdateOptions{UUID: uuid, Attrs: map[string]interface{}{
  78                 "state":           arvados.ContainerStateRunning,
  79                 "gateway_address": gw.Address,
  80         }})
  81         c.Assert(err, check.IsNil)
  82
  83         var stdout, stderr bytes.Buffer
  84         cmd := exec.Command("go", "run", ".", "shell", uuid, "-o", "controlpath=none", "-o", "userknownhostsfile="+c.MkDir()+"/known_hosts", "echo", "ok")
  85         cmd.Env = append(cmd.Env, os.Environ()...)
  86         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
  87         cmd.Stdout = &stdout
  88         cmd.Stderr = &stderr
  89         c.Check(cmd.Run(), check.IsNil)
  90         c.Check(stdout.String(), check.Equals, "ok\n")
  91
  92         // Set up an http server, and try using "arvados-client shell"
  93         // to forward traffic to it.
  94         httpTarget := &httpserver.Server{}
  95         httpTarget.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  96                 c.Logf("httpTarget.Handler: incoming request: %s %s", r.Method, r.URL)
  97                 if r.URL.Path == "/foo" {
  98                         fmt.Fprintln(w, "bar baz")
  99                 } else {
 100                         w.WriteHeader(http.StatusNotFound)
 101                 }
 102         })
 103         err = httpTarget.Start()
 104         c.Assert(err, check.IsNil)
 105
 106         ln, err := net.Listen("tcp", ":0")
 107         c.Assert(err, check.IsNil)
 108         _, forwardedPort, _ := net.SplitHostPort(ln.Addr().String())
 109         ln.Close()
 110
 111         stdout.Reset()
 112         stderr.Reset()
 113         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 114         defer cancel()
 115         cmd = exec.CommandContext(ctx,
 116                 "go", "run", ".", "shell", uuid,
 117                 "-L", forwardedPort+":"+httpTarget.Addr,
 118                 "-o", "controlpath=none",
 119                 "-o", "userknownhostsfile="+c.MkDir()+"/known_hosts",
 120                 "-N",
 121         )
 122         c.Logf("cmd.Args: %s", cmd.Args)
 123         cmd.Env = append(cmd.Env, os.Environ()...)
 124         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
 125         cmd.Stdout = &stdout
 126         cmd.Stderr = &stderr
 127         cmd.Start()
 128
 129         forwardedURL := fmt.Sprintf("http://localhost:%s/foo", forwardedPort)
 130
 131         for range time.NewTicker(time.Second / 20).C {
 132                 resp, err := http.Get(forwardedURL)
 133                 if err != nil {
 134                         if !strings.Contains(err.Error(), "connect") {
 135                                 c.Fatal(err)
 136                         } else if ctx.Err() != nil {
 137                                 if cmd.Process.Signal(syscall.Signal(0)) != nil {
 138                                         c.Error("OpenSSH exited")
 139                                 } else {
 140                                         c.Errorf("timed out trying to connect: %s", err)
 141                                 }
 142                                 c.Logf("OpenSSH stdout:\n%s", stdout.String())
 143                                 c.Logf("OpenSSH stderr:\n%s", stderr.String())
 144                                 c.FailNow()
 145                         }
 146                         // Retry until OpenSSH starts listening
 147                         continue
 148                 }
 149                 c.Check(resp.StatusCode, check.Equals, http.StatusOK)
 150                 body, err := ioutil.ReadAll(resp.Body)
 151                 c.Check(err, check.IsNil)
 152                 c.Check(string(body), check.Equals, "bar baz\n")
 153                 break
 154         }
 155
 156         var wg sync.WaitGroup
 157         for i := 0; i < 10; i++ {
 158                 wg.Add(1)
 159                 go func() {
 160                         defer wg.Done()
 161                         resp, err := http.Get(forwardedURL)
 162                         if !c.Check(err, check.IsNil) {
 163                                 return
 164                         }
 165                         body, err := ioutil.ReadAll(resp.Body)
 166                         c.Check(err, check.IsNil)
 167                         c.Check(string(body), check.Equals, "bar baz\n")
 168                 }()
 169         }
 170         wg.Wait()
 171 }