1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
19 "git.arvados.org/arvados.git/lib/boot"
20 "git.arvados.org/arvados.git/lib/config"
21 "git.arvados.org/arvados.git/lib/controller/rpc"
22 "git.arvados.org/arvados.git/lib/service"
23 "git.arvados.org/arvados.git/sdk/go/arvados"
24 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
25 "git.arvados.org/arvados.git/sdk/go/auth"
26 "git.arvados.org/arvados.git/sdk/go/ctxlog"
27 "git.arvados.org/arvados.git/sdk/go/keepclient"
28 check "gopkg.in/check.v1"
31 var _ = check.Suite(&IntegrationSuite{})
33 type testCluster struct {
36 controllerURL *url.URL
39 type IntegrationSuite struct {
40 testClusters map[string]*testCluster
43 func (s *IntegrationSuite) SetUpSuite(c *check.C) {
45 c.Skip("heavy integration tests don't run with forceLegacyAPI14")
50 s.testClusters = map[string]*testCluster{
55 hostport := map[string]string{}
56 for id := range s.testClusters {
57 hostport[id] = func() string {
58 // TODO: Instead of expecting random ports on
59 // 127.0.0.11, 22, 33 to be race-safe, try
60 // different 127.x.y.z until finding one that
62 ln, err := net.Listen("tcp", ":0")
63 c.Assert(err, check.IsNil)
65 _, port, err := net.SplitHostPort(ln.Addr().String())
66 c.Assert(err, check.IsNil)
67 return "127.0.0." + id[3:] + ":" + port
70 for id := range s.testClusters {
75 ExternalURL: https://` + hostport[id] + `
84 Host: ` + hostport["z1111"] + `
92 Host: ` + hostport["z2222"] + `
101 Host: ` + hostport["z3333"] + `
109 loader := config.NewLoader(bytes.NewBufferString(yaml), ctxlog.TestLogger(c))
111 loader.SkipLegacy = true
112 loader.SkipAPICalls = true
113 cfg, err := loader.Load()
114 c.Assert(err, check.IsNil)
115 s.testClusters[id] = &testCluster{
116 super: boot.Supervisor{
117 SourcePath: filepath.Join(cwd, "..", ".."),
119 ListenHost: "127.0.0." + id[3:],
120 ControllerAddr: ":0",
121 OwnTemporaryDatabase: true,
122 Stderr: &service.LogPrefixer{Writer: ctxlog.LogWriter(c.Log), Prefix: []byte("[" + id + "] ")},
126 s.testClusters[id].super.Start(context.Background(), &s.testClusters[id].config, "-")
128 for _, tc := range s.testClusters {
129 au, ok := tc.super.WaitReady()
130 c.Assert(ok, check.Equals, true)
132 tc.controllerURL = &u
136 func (s *IntegrationSuite) TearDownSuite(c *check.C) {
137 for _, c := range s.testClusters {
142 // Get rpc connection struct initialized to communicate with the
143 // specified cluster.
144 func (s *IntegrationSuite) conn(clusterID string) *rpc.Conn {
145 return rpc.NewConn(clusterID, s.testClusters[clusterID].controllerURL, true, rpc.PassthroughTokenProvider)
148 // Return Context, Arvados.Client and keepclient structs initialized
149 // to connect to the specified cluster (by clusterID) using with the supplied
151 func (s *IntegrationSuite) clientsWithToken(clusterID string, token string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
152 cl := s.testClusters[clusterID].config.Clusters[clusterID]
153 ctx := auth.NewContext(context.Background(), auth.NewCredentials(token))
154 ac, err := arvados.NewClientFromConfig(&cl)
159 arv, err := arvadosclient.New(ac)
163 kc := keepclient.New(arv)
167 // Log in as a user called "example", get the user's API token,
168 // initialize clients with the API token, set up the user and
169 // optionally activate the user. Return client structs for
170 // communicating with the cluster on behalf of the 'example' user.
171 func (s *IntegrationSuite) userClients(rootctx context.Context, c *check.C, conn *rpc.Conn, clusterID string, activate bool) (context.Context, *arvados.Client, *keepclient.KeepClient) {
172 login, err := conn.UserSessionCreate(rootctx, rpc.UserSessionCreateOptions{
173 ReturnTo: ",https://example.com",
174 AuthInfo: rpc.UserSessionAuthInfo{
175 Email: "user@example.com",
176 FirstName: "Example",
181 c.Assert(err, check.IsNil)
182 redirURL, err := url.Parse(login.RedirectLocation)
183 c.Assert(err, check.IsNil)
184 userToken := redirURL.Query().Get("api_token")
185 c.Logf("user token: %q", userToken)
186 ctx, ac, kc := s.clientsWithToken(clusterID, userToken)
187 user, err := conn.UserGetCurrent(ctx, arvados.GetOptions{})
188 c.Assert(err, check.IsNil)
189 _, err = conn.UserSetup(rootctx, arvados.UserSetupOptions{UUID: user.UUID})
190 c.Assert(err, check.IsNil)
192 _, err = conn.UserActivate(rootctx, arvados.UserActivateOptions{UUID: user.UUID})
193 c.Assert(err, check.IsNil)
194 user, err = conn.UserGetCurrent(ctx, arvados.GetOptions{})
195 c.Assert(err, check.IsNil)
196 c.Logf("user UUID: %q", user.UUID)
198 c.Fatalf("failed to activate user -- %#v", user)
204 // Return Context, arvados.Client and keepclient structs initialized
205 // to communicate with the cluster as the system root user.
206 func (s *IntegrationSuite) rootClients(clusterID string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
207 return s.clientsWithToken(clusterID, s.testClusters[clusterID].config.Clusters[clusterID].SystemRootToken)
210 // Return Context, arvados.Client and keepclient structs initialized
211 // to communicate with the cluster as the anonymous user.
212 func (s *IntegrationSuite) anonymousClients(clusterID string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
213 return s.clientsWithToken(clusterID, s.testClusters[clusterID].config.Clusters[clusterID].Users.AnonymousUserToken)
216 func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
217 conn1 := s.conn("z1111")
218 rootctx1, _, _ := s.rootClients("z1111")
219 conn3 := s.conn("z3333")
220 userctx1, ac1, kc1 := s.userClients(rootctx1, c, conn1, "z1111", true)
222 // Create the collection to find its PDH (but don't save it
224 var coll1 arvados.Collection
225 fs1, err := coll1.FileSystem(ac1, kc1)
226 c.Assert(err, check.IsNil)
227 f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
228 c.Assert(err, check.IsNil)
229 _, err = io.WriteString(f, "IntegrationSuite.TestGetCollectionByPDH")
230 c.Assert(err, check.IsNil)
232 c.Assert(err, check.IsNil)
233 mtxt, err := fs1.MarshalManifest(".")
234 c.Assert(err, check.IsNil)
235 pdh := arvados.PortableDataHash(mtxt)
237 // Looking up the PDH before saving returns 404 if cycle
238 // detection is working.
239 _, err = conn1.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
240 c.Assert(err, check.ErrorMatches, `.*404 Not Found.*`)
242 // Save the collection on cluster z1111.
243 coll1, err = conn1.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
244 "manifest_text": mtxt,
246 c.Assert(err, check.IsNil)
248 // Retrieve the collection from cluster z3333.
249 coll, err := conn3.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
250 c.Check(err, check.IsNil)
251 c.Check(coll.PortableDataHash, check.Equals, pdh)
254 func (s *IntegrationSuite) TestGetCollectionAsAnonymous(c *check.C) {
255 conn1 := s.conn("z1111")
256 conn3 := s.conn("z3333")
257 rootctx1, ac1, kc1 := s.rootClients("z1111")
258 userctx3, ac3, _ := s.anonymousClients("z3333")
260 // Make sure anonymous token was set
261 c.Assert(ac3.AuthToken, check.Not(check.Equals), "")
263 // Create the collection to find its PDH (but don't save it
265 var coll1 arvados.Collection
266 fs1, err := coll1.FileSystem(ac1, kc1)
267 c.Assert(err, check.IsNil)
268 f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
269 c.Assert(err, check.IsNil)
270 _, err = io.WriteString(f, "IntegrationSuite.TestGetCollectionByPDH")
271 c.Assert(err, check.IsNil)
273 c.Assert(err, check.IsNil)
274 mtxt, err := fs1.MarshalManifest(".")
275 c.Assert(err, check.IsNil)
276 pdh := arvados.PortableDataHash(mtxt)
278 // Save the collection on cluster z1111.
279 coll1, err = conn1.CollectionCreate(rootctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
280 "manifest_text": mtxt,
282 c.Assert(err, check.IsNil)
284 // Share it with the anonymous users group.
285 var outLink arvados.Link
286 err = ac1.RequestAndDecode(&outLink, "POST", "/arvados/v1/links", nil, &arvados.Link{
287 LinkClass: "permission",
289 HeadUUID: coll1.UUID,
290 TailUUID: "z1111-j7d0g-anonymouspublic",
292 c.Check(err, check.IsNil)
294 outUser, err := ac3.CurrentUser()
295 c.Check(err, check.IsNil)
296 c.Check(outUser.UUID, check.Equals, "z3333-tpzed-anonymouspublic")
298 // Retrieve the collection as anonymous from cluster z3333.
299 coll, err := conn3.CollectionGet(userctx3, arvados.GetOptions{UUID: pdh})
300 c.Check(err, check.IsNil)
301 c.Check(coll.PortableDataHash, check.Equals, pdh)
304 // Get a token from the login cluster (z1111), use it to submit a
305 // container request on z2222.
306 func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) {
307 conn1 := s.conn("z1111")
308 rootctx1, _, _ := s.rootClients("z1111")
309 _, ac1, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
311 // Use ac2 to get the discovery doc with a blank token, so the
312 // SDK doesn't magically pass the z1111 token to z2222 before
313 // we're ready to start our test.
314 _, ac2, _ := s.clientsWithToken("z2222", "")
315 var dd map[string]interface{}
316 err := ac2.RequestAndDecode(&dd, "GET", "discovery/v1/apis/arvados/v1/rest", nil, nil)
317 c.Assert(err, check.IsNil)
324 cr arvados.ContainerRequest
326 json.NewEncoder(&body).Encode(map[string]interface{}{
327 "container_request": map[string]interface{}{
328 "command": []string{"echo"},
329 "container_image": "d41d8cd98f00b204e9800998ecf8427e+0",
334 ac2.AuthToken = ac1.AuthToken
336 c.Log("...post CR with good (but not yet cached) token")
337 cr = arvados.ContainerRequest{}
338 req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
339 c.Assert(err, check.IsNil)
340 req.Header.Set("Content-Type", "application/json")
341 err = ac2.DoAndDecode(&cr, req)
342 c.Logf("err == %#v", err)
344 c.Log("...get user with good token")
346 req, err = http.NewRequest("GET", "https://"+ac2.APIHost+"/arvados/v1/users/current", nil)
347 c.Assert(err, check.IsNil)
348 err = ac2.DoAndDecode(&u, req)
349 c.Check(err, check.IsNil)
350 c.Check(u.UUID, check.Matches, "z1111-tpzed-.*")
352 c.Log("...post CR with good cached token")
353 cr = arvados.ContainerRequest{}
354 req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
355 c.Assert(err, check.IsNil)
356 req.Header.Set("Content-Type", "application/json")
357 err = ac2.DoAndDecode(&cr, req)
358 c.Check(err, check.IsNil)
359 c.Check(cr.UUID, check.Matches, "z2222-.*")
361 c.Log("...post with good cached token ('OAuth2 ...')")
362 cr = arvados.ContainerRequest{}
363 req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
364 c.Assert(err, check.IsNil)
365 req.Header.Set("Content-Type", "application/json")
366 req.Header.Set("Authorization", "OAuth2 "+ac2.AuthToken)
367 resp, err = arvados.InsecureHTTPClient.Do(req)
368 if c.Check(err, check.IsNil) {
369 err = json.NewDecoder(resp.Body).Decode(&cr)
370 c.Check(err, check.IsNil)
371 c.Check(cr.UUID, check.Matches, "z2222-.*")
375 // Test for bug #16263
376 func (s *IntegrationSuite) TestListUsers(c *check.C) {
377 rootctx1, _, _ := s.rootClients("z1111")
378 conn1 := s.conn("z1111")
379 conn3 := s.conn("z3333")
380 userctx1, _, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
382 // Make sure LoginCluster is properly configured
383 for cls := range s.testClusters {
385 s.testClusters[cls].config.Clusters[cls].Login.LoginCluster,
386 check.Equals, "z1111",
387 check.Commentf("incorrect LoginCluster config on cluster %q", cls))
389 // Make sure z1111 has users with NULL usernames
390 lst, err := conn1.UserList(rootctx1, arvados.ListOptions{
391 Limit: math.MaxInt64, // check that large limit works (see #16263)
393 nullUsername := false
394 c.Assert(err, check.IsNil)
395 c.Assert(len(lst.Items), check.Not(check.Equals), 0)
396 for _, user := range lst.Items {
397 if user.Username == "" {
401 c.Assert(nullUsername, check.Equals, true)
403 user1, err := conn1.UserGetCurrent(userctx1, arvados.GetOptions{})
404 c.Assert(err, check.IsNil)
405 c.Check(user1.IsActive, check.Equals, true)
407 // Ask for the user list on z3333 using z1111's system root token
408 lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
409 c.Assert(err, check.IsNil)
411 for _, user := range lst.Items {
412 if user.UUID == user1.UUID {
413 c.Check(user.IsActive, check.Equals, true)
418 c.Check(found, check.Equals, true)
420 // Deactivate user acct on z1111
421 _, err = conn1.UserUnsetup(rootctx1, arvados.GetOptions{UUID: user1.UUID})
422 c.Assert(err, check.IsNil)
424 // Get user list from z3333, check the returned z1111 user is
426 lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
427 c.Assert(err, check.IsNil)
429 for _, user := range lst.Items {
430 if user.UUID == user1.UUID {
431 c.Check(user.IsActive, check.Equals, false)
436 c.Check(found, check.Equals, true)
438 // Deactivated user can see is_active==false via "get current
440 user1, err = conn3.UserGetCurrent(userctx1, arvados.GetOptions{})
441 c.Assert(err, check.IsNil)
442 c.Check(user1.IsActive, check.Equals, false)