cmd/arvados-client/container_gateway_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: Apache-2.0
   4
   5 package main
   6
   7 import (
   8         "bytes"
   9         "context"
  10         "crypto/hmac"
  11         "crypto/sha256"
  12         "fmt"
  13         "io/ioutil"
  14         "net"
  15         "net/http"
  16         "net/url"
  17         "os"
  18         "os/exec"
  19         "strings"
  20         "sync"
  21         "syscall"
  22         "time"
  23
  24         "git.arvados.org/arvados.git/lib/controller/rpc"
  25         "git.arvados.org/arvados.git/lib/crunchrun"
  26         "git.arvados.org/arvados.git/sdk/go/arvados"
  27         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  28         "git.arvados.org/arvados.git/sdk/go/httpserver"
  29         check "gopkg.in/check.v1"
  30 )
  31
  32 func (s *ClientSuite) TestShellGatewayNotAvailable(c *check.C) {
  33         var stdout, stderr bytes.Buffer
  34         cmd := exec.Command("go", "run", ".", "shell", arvadostest.QueuedContainerUUID, "-o", "controlpath=none", "echo", "ok")
  35         cmd.Env = append(cmd.Env, os.Environ()...)
  36         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
  37         cmd.Stdout = &stdout
  38         cmd.Stderr = &stderr
  39         c.Check(cmd.Run(), check.NotNil)
  40         c.Log(stderr.String())
  41         c.Check(stderr.String(), check.Matches, `(?ms).*container is not running yet \(state is "Queued"\).*`)
  42 }
  43
  44 func (s *ClientSuite) TestShellGateway(c *check.C) {
  45         defer func() {
  46                 c.Check(arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil), check.IsNil)
  47         }()
  48         uuid := arvadostest.QueuedContainerUUID
  49         h := hmac.New(sha256.New, []byte(arvadostest.SystemRootToken))
  50         fmt.Fprint(h, uuid)
  51         authSecret := fmt.Sprintf("%x", h.Sum(nil))
  52         dcid := "theperthcountyconspiracy"
  53         gw := crunchrun.Gateway{
  54                 DockerContainerID: &dcid,
  55                 ContainerUUID:     uuid,
  56                 Address:           "0.0.0.0:0",
  57                 AuthSecret:        authSecret,
  58                 // Just forward connections to localhost instead of a
  59                 // container, so we can test without running a
  60                 // container.
  61                 ContainerIPAddress: func() (string, error) { return "0.0.0.0", nil },
  62         }
  63         err := gw.Start()
  64         c.Assert(err, check.IsNil)
  65
  66         rpcconn := rpc.NewConn("",
  67                 &url.URL{
  68                         Scheme: "https",
  69                         Host:   os.Getenv("ARVADOS_API_HOST"),
  70                 },
  71                 true,
  72                 func(context.Context) ([]string, error) {
  73                         return []string{arvadostest.SystemRootToken}, nil
  74                 })
  75         _, err = rpcconn.ContainerUpdate(context.TODO(), arvados.UpdateOptions{UUID: uuid, Attrs: map[string]interface{}{
  76                 "state": arvados.ContainerStateLocked,
  77         }})
  78         c.Assert(err, check.IsNil)
  79         _, err = rpcconn.ContainerUpdate(context.TODO(), arvados.UpdateOptions{UUID: uuid, Attrs: map[string]interface{}{
  80                 "state":           arvados.ContainerStateRunning,
  81                 "gateway_address": gw.Address,
  82         }})
  83         c.Assert(err, check.IsNil)
  84
  85         var stdout, stderr bytes.Buffer
  86         cmd := exec.Command("go", "run", ".", "shell", uuid, "-o", "controlpath=none", "-o", "userknownhostsfile="+c.MkDir()+"/known_hosts", "echo", "ok")
  87         cmd.Env = append(cmd.Env, os.Environ()...)
  88         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
  89         cmd.Stdout = &stdout
  90         cmd.Stderr = &stderr
  91         c.Check(cmd.Run(), check.NotNil)
  92         c.Log(stderr.String())
  93         c.Check(stderr.String(), check.Matches, `(?ms).*(No such container: theperthcountyconspiracy|exec: \"docker\": executable file not found in \$PATH).*`)
  94
  95         // Set up an http server, and try using "arvados-client shell"
  96         // to forward traffic to it.
  97         httpTarget := &httpserver.Server{}
  98         httpTarget.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  99                 c.Logf("httpTarget.Handler: incoming request: %s %s", r.Method, r.URL)
 100                 if r.URL.Path == "/foo" {
 101                         fmt.Fprintln(w, "bar baz")
 102                 } else {
 103                         w.WriteHeader(http.StatusNotFound)
 104                 }
 105         })
 106         err = httpTarget.Start()
 107         c.Assert(err, check.IsNil)
 108
 109         ln, err := net.Listen("tcp", ":0")
 110         c.Assert(err, check.IsNil)
 111         _, forwardedPort, _ := net.SplitHostPort(ln.Addr().String())
 112         ln.Close()
 113
 114         stdout.Reset()
 115         stderr.Reset()
 116         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 117         defer cancel()
 118         cmd = exec.CommandContext(ctx,
 119                 "go", "run", ".", "shell", uuid,
 120                 "-L", forwardedPort+":"+httpTarget.Addr,
 121                 "-o", "controlpath=none",
 122                 "-o", "userknownhostsfile="+c.MkDir()+"/known_hosts",
 123                 "-N",
 124         )
 125         c.Logf("cmd.Args: %s", cmd.Args)
 126         cmd.Env = append(cmd.Env, os.Environ()...)
 127         cmd.Env = append(cmd.Env, "ARVADOS_API_TOKEN="+arvadostest.ActiveTokenV2)
 128         cmd.Stdout = &stdout
 129         cmd.Stderr = &stderr
 130         cmd.Start()
 131
 132         forwardedURL := fmt.Sprintf("http://localhost:%s/foo", forwardedPort)
 133
 134         for range time.NewTicker(time.Second / 20).C {
 135                 resp, err := http.Get(forwardedURL)
 136                 if err != nil {
 137                         if !strings.Contains(err.Error(), "connect") {
 138                                 c.Fatal(err)
 139                         } else if ctx.Err() != nil {
 140                                 if cmd.Process.Signal(syscall.Signal(0)) != nil {
 141                                         c.Error("OpenSSH exited")
 142                                 } else {
 143                                         c.Errorf("timed out trying to connect: %s", err)
 144                                 }
 145                                 c.Logf("OpenSSH stdout:\n%s", stdout.String())
 146                                 c.Logf("OpenSSH stderr:\n%s", stderr.String())
 147                                 c.FailNow()
 148                         }
 149                         // Retry until OpenSSH starts listening
 150                         continue
 151                 }
 152                 c.Check(resp.StatusCode, check.Equals, http.StatusOK)
 153                 body, err := ioutil.ReadAll(resp.Body)
 154                 c.Check(err, check.IsNil)
 155                 c.Check(string(body), check.Equals, "bar baz\n")
 156                 break
 157         }
 158
 159         var wg sync.WaitGroup
 160         for i := 0; i < 10; i++ {
 161                 wg.Add(1)
 162                 go func() {
 163                         defer wg.Done()
 164                         resp, err := http.Get(forwardedURL)
 165                         if !c.Check(err, check.IsNil) {
 166                                 return
 167                         }
 168                         body, err := ioutil.ReadAll(resp.Body)
 169                         c.Check(err, check.IsNil)
 170                         c.Check(string(body), check.Equals, "bar baz\n")
 171                 }()
 172         }
 173         wg.Wait()
 174 }