1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
22 "git.arvados.org/arvados.git/lib/config"
23 "git.arvados.org/arvados.git/sdk/go/arvados"
24 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
25 "git.arvados.org/arvados.git/sdk/go/arvadostest"
26 "git.arvados.org/arvados.git/sdk/go/ctxlog"
27 "git.arvados.org/arvados.git/sdk/go/httpserver"
28 "git.arvados.org/arvados.git/sdk/go/keepclient"
29 log "github.com/sirupsen/logrus"
35 // Gocheck boilerplate
36 func Test(t *testing.T) {
40 // Gocheck boilerplate
41 var _ = Suite(&ServerRequiredSuite{})
43 // Tests that require the Keep server running
44 type ServerRequiredSuite struct{}
46 // Gocheck boilerplate
47 var _ = Suite(&ServerRequiredConfigYmlSuite{})
49 // Tests that require the Keep servers running as defined in config.yml
50 type ServerRequiredConfigYmlSuite struct{}
52 // Gocheck boilerplate
53 var _ = Suite(&NoKeepServerSuite{})
55 // Test with no keepserver to simulate errors
56 type NoKeepServerSuite struct{}
58 var TestProxyUUID = "zzzzz-bi6l4-lrixqc4fxofbmzz"
60 func (s *ServerRequiredSuite) SetUpSuite(c *C) {
61 arvadostest.StartKeep(2, false)
64 func (s *ServerRequiredSuite) SetUpTest(c *C) {
65 arvadostest.ResetEnv()
68 func (s *ServerRequiredSuite) TearDownSuite(c *C) {
69 arvadostest.StopKeep(2)
72 func (s *ServerRequiredConfigYmlSuite) SetUpSuite(c *C) {
73 // config.yml defines 4 keepstores
74 arvadostest.StartKeep(4, false)
77 func (s *ServerRequiredConfigYmlSuite) SetUpTest(c *C) {
78 arvadostest.ResetEnv()
81 func (s *ServerRequiredConfigYmlSuite) TearDownSuite(c *C) {
82 arvadostest.StopKeep(4)
85 func (s *NoKeepServerSuite) SetUpSuite(c *C) {
86 // We need API to have some keep services listed, but the
87 // services themselves should be unresponsive.
88 arvadostest.StartKeep(2, false)
89 arvadostest.StopKeep(2)
92 func (s *NoKeepServerSuite) SetUpTest(c *C) {
93 arvadostest.ResetEnv()
96 type testServer struct {
98 proxyHandler *proxyHandler
101 func runProxy(c *C, bogusClientToken bool, loadKeepstoresFromConfig bool, kp *arvados.UploadDownloadRolePermissions) (*testServer, *keepclient.KeepClient, *bytes.Buffer) {
102 cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
103 c.Assert(err, Equals, nil)
104 cluster, err := cfg.GetCluster("")
105 c.Assert(err, Equals, nil)
107 if !loadKeepstoresFromConfig {
108 // Do not load Keepstore InternalURLs from the config file
109 cluster.Services.Keepstore.InternalURLs = make(map[arvados.URL]arvados.ServiceInstance)
112 cluster.Services.Keepproxy.InternalURLs = map[arvados.URL]arvados.ServiceInstance{{Host: ":0"}: {}}
115 cluster.Collections.KeepproxyPermission = *kp
118 logbuf := &bytes.Buffer{}
121 ctx := ctxlog.Context(context.Background(), logger)
123 handler := newHandlerOrErrorHandler(ctx, cluster, cluster.SystemRootToken, nil).(*proxyHandler)
125 Server: &httpserver.Server{
127 BaseContext: func(net.Listener) context.Context { return ctx },
128 Handler: httpserver.AddRequestIDs(
129 httpserver.LogRequests(handler)),
133 proxyHandler: handler,
138 client := arvados.NewClientFromEnv()
139 arv, err := arvadosclient.New(client)
141 if bogusClientToken {
142 arv.ApiToken = "bogus-token"
144 kc := keepclient.New(arv)
145 kc.DiskCacheSize = keepclient.DiskCacheDisabled
146 sr := map[string]string{
147 TestProxyUUID: "http://" + srv.Addr,
149 kc.SetServiceRoots(sr, sr, sr)
150 return srv, kc, logbuf
153 func (s *ServerRequiredSuite) TestResponseViaHeader(c *C) {
154 srv, _, _ := runProxy(c, false, false, nil)
157 req, err := http.NewRequest("POST",
158 "http://"+srv.Addr+"/",
159 strings.NewReader("TestViaHeader"))
160 c.Assert(err, Equals, nil)
161 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
162 resp, err := (&http.Client{}).Do(req)
163 c.Assert(err, Equals, nil)
164 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
165 c.Assert(resp.StatusCode, Equals, http.StatusOK)
166 locator, err := ioutil.ReadAll(resp.Body)
167 c.Assert(err, Equals, nil)
170 req, err = http.NewRequest("GET",
171 "http://"+srv.Addr+"/"+string(locator),
173 c.Assert(err, Equals, nil)
174 resp, err = (&http.Client{}).Do(req)
175 c.Assert(err, Equals, nil)
176 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
180 func (s *ServerRequiredSuite) TestLoopDetection(c *C) {
181 srv, kc, _ := runProxy(c, false, false, nil)
184 sr := map[string]string{
185 TestProxyUUID: "http://" + srv.Addr,
187 srv.proxyHandler.KeepClient.SetServiceRoots(sr, sr, sr)
189 content := []byte("TestLoopDetection")
190 _, _, err := kc.PutB(content)
191 c.Check(err, ErrorMatches, `.*loop detected.*`)
193 hash := fmt.Sprintf("%x", md5.Sum(content))
194 _, _, _, err = kc.Get(hash)
195 c.Check(err, ErrorMatches, `.*loop detected.*`)
198 func (s *ServerRequiredSuite) TestStorageClassesHeader(c *C) {
199 srv, kc, _ := runProxy(c, false, false, nil)
202 // Set up fake keepstore to record request headers
204 ts := httptest.NewServer(http.HandlerFunc(
205 func(w http.ResponseWriter, r *http.Request) {
207 http.Error(w, "Error", http.StatusInternalServerError)
211 // Point keepproxy router's keepclient to the fake keepstore
212 sr := map[string]string{
213 TestProxyUUID: ts.URL,
215 srv.proxyHandler.KeepClient.SetServiceRoots(sr, sr, sr)
217 // Set up client to ask for storage classes to keepproxy
218 kc.StorageClasses = []string{"secure"}
219 content := []byte("Very important data")
220 _, _, err := kc.PutB(content)
222 c.Check(hdr.Get("X-Keep-Storage-Classes"), Equals, "secure")
225 func (s *ServerRequiredSuite) TestStorageClassesConfirmedHeader(c *C) {
226 srv, _, _ := runProxy(c, false, false, nil)
229 content := []byte("foo")
230 hash := fmt.Sprintf("%x", md5.Sum(content))
231 client := &http.Client{}
233 req, err := http.NewRequest("PUT",
234 fmt.Sprintf("http://%s/%s", srv.Addr, hash),
235 bytes.NewReader(content))
237 req.Header.Set("X-Keep-Storage-Classes", "default")
238 req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken)
239 req.Header.Set("Content-Type", "application/octet-stream")
241 resp, err := client.Do(req)
243 c.Assert(resp.StatusCode, Equals, http.StatusOK)
244 c.Assert(resp.Header.Get("X-Keep-Storage-Classes-Confirmed"), Equals, "default=2")
247 func (s *ServerRequiredSuite) TestDesiredReplicas(c *C) {
248 srv, kc, _ := runProxy(c, false, false, nil)
251 content := []byte("TestDesiredReplicas")
252 hash := fmt.Sprintf("%x", md5.Sum(content))
254 for _, kc.Want_replicas = range []int{0, 1, 2, 3} {
255 locator, rep, err := kc.PutB(content)
256 if kc.Want_replicas < 3 {
257 c.Check(err, Equals, nil)
258 c.Check(rep, Equals, kc.Want_replicas)
260 c.Check(locator, Matches, fmt.Sprintf(`^%s\+%d(\+.+)?$`, hash, len(content)))
263 c.Check(err, ErrorMatches, ".*503.*")
268 func (s *ServerRequiredSuite) TestPutWrongContentLength(c *C) {
269 srv, kc, _ := runProxy(c, false, false, nil)
272 content := []byte("TestPutWrongContentLength")
273 hash := fmt.Sprintf("%x", md5.Sum(content))
275 // If we use http.Client to send these requests to the network
276 // server we just started, the Go http library automatically
277 // fixes the invalid Content-Length header. In order to test
278 // our server behavior, we have to call the handler directly
279 // using an httptest.ResponseRecorder.
280 rtr, err := newHandler(context.Background(), kc, 10*time.Second, &arvados.Cluster{})
281 c.Assert(err, check.IsNil)
283 type testcase struct {
288 for _, t := range []testcase{
289 {"1", http.StatusBadRequest},
290 {"", http.StatusLengthRequired},
291 {"-1", http.StatusLengthRequired},
292 {"abcdef", http.StatusLengthRequired},
294 req, err := http.NewRequest("PUT",
295 fmt.Sprintf("http://%s/%s+%d", srv.Addr, hash, len(content)),
296 bytes.NewReader(content))
298 req.Header.Set("Content-Length", t.sendLength)
299 req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken)
300 req.Header.Set("Content-Type", "application/octet-stream")
302 resp := httptest.NewRecorder()
303 rtr.ServeHTTP(resp, req)
304 c.Check(resp.Code, Equals, t.expectStatus)
308 func (s *ServerRequiredSuite) TestManyFailedPuts(c *C) {
309 srv, kc, _ := runProxy(c, false, false, nil)
311 srv.proxyHandler.timeout = time.Nanosecond
313 buf := make([]byte, 1<<20)
315 var wg sync.WaitGroup
316 for i := 0; i < 128; i++ {
323 done := make(chan bool)
330 case <-time.After(10 * time.Second):
335 func (s *ServerRequiredSuite) TestPutAskGet(c *C) {
336 srv, kc, logbuf := runProxy(c, false, false, nil)
339 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
343 _, _, err := kc.Ask(hash)
344 c.Check(err, Equals, keepclient.BlockNotFound)
345 c.Log("Finished Ask (expected BlockNotFound)")
349 reader, _, _, err := kc.Get(hash)
350 c.Check(reader, Equals, nil)
351 c.Check(err, Equals, keepclient.BlockNotFound)
352 c.Log("Finished Get (expected BlockNotFound)")
355 // Note in bug #5309 among other errors keepproxy would set
356 // Content-Length incorrectly on the 404 BlockNotFound response, this
357 // would result in a protocol violation that would prevent reuse of the
358 // connection, which would manifest by the next attempt to use the
359 // connection (in this case the PutB below) failing. So to test for
360 // that bug it's necessary to trigger an error response (such as
361 // BlockNotFound) and then do something else with the same httpClient
367 hash2, rep, err = kc.PutB([]byte("foo"))
368 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
369 c.Check(rep, Equals, 2)
370 c.Check(err, Equals, nil)
371 c.Log("Finished PutB (expected success)")
373 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="TestCase Administrator".* userUUID=zzzzz-tpzed-d9tiejq69daie8f.*`)
378 blocklen, _, err := kc.Ask(hash2)
379 c.Assert(err, Equals, nil)
380 c.Check(blocklen, Equals, int64(3))
381 c.Log("Finished Ask (expected success)")
382 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="TestCase Administrator".* userUUID=zzzzz-tpzed-d9tiejq69daie8f.*`)
387 reader, blocklen, _, err := kc.Get(hash2)
388 c.Assert(err, Equals, nil)
389 all, err := ioutil.ReadAll(reader)
391 c.Check(all, DeepEquals, []byte("foo"))
392 c.Check(blocklen, Equals, int64(3))
393 c.Log("Finished Get (expected success)")
394 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="TestCase Administrator".* userUUID=zzzzz-tpzed-d9tiejq69daie8f.*`)
401 hash2, rep, err = kc.PutB([]byte(""))
402 c.Check(hash2, Matches, `^d41d8cd98f00b204e9800998ecf8427e\+0(\+.+)?$`)
403 c.Check(rep, Equals, 2)
404 c.Check(err, Equals, nil)
405 c.Log("Finished PutB zero block")
409 reader, blocklen, _, err := kc.Get("d41d8cd98f00b204e9800998ecf8427e")
411 all, err := ioutil.ReadAll(reader)
413 c.Check(all, DeepEquals, []byte(""))
414 c.Check(blocklen, Equals, int64(0))
415 c.Log("Finished Get zero block")
419 func (s *ServerRequiredSuite) TestPutAskGetForbidden(c *C) {
420 srv, kc, _ := runProxy(c, true, false, nil)
423 hash := fmt.Sprintf("%x+3", md5.Sum([]byte("bar")))
425 _, _, err := kc.Ask(hash)
426 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
428 hash2, rep, err := kc.PutB([]byte("bar"))
429 c.Check(hash2, Equals, "")
430 c.Check(rep, Equals, 0)
431 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError{})
433 blocklen, _, err := kc.Ask(hash)
434 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
435 c.Check(err, ErrorMatches, ".*HTTP 403.*")
436 c.Check(blocklen, Equals, int64(0))
438 _, blocklen, _, err = kc.Get(hash)
439 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
440 c.Check(err, ErrorMatches, ".*HTTP 403.*")
441 c.Check(blocklen, Equals, int64(0))
444 func testPermission(c *C, admin bool, perm arvados.UploadDownloadPermission) {
445 kp := arvados.UploadDownloadRolePermissions{}
448 kp.User = arvados.UploadDownloadPermission{Upload: true, Download: true}
450 kp.Admin = arvados.UploadDownloadPermission{Upload: true, Download: true}
454 srv, kc, logbuf := runProxy(c, false, false, &kp)
457 kc.Arvados.ApiToken = arvadostest.AdminToken
459 kc.Arvados.ApiToken = arvadostest.ActiveToken
462 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
468 hash2, rep, err = kc.PutB([]byte("foo"))
471 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
472 c.Check(rep, Equals, 2)
473 c.Check(err, Equals, nil)
474 c.Log("Finished PutB (expected success)")
476 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="TestCase Administrator".* userUUID=zzzzz-tpzed-d9tiejq69daie8f.*`)
479 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="Active User".* userUUID=zzzzz-tpzed-xurymjxw79nv3jz.*`)
482 c.Check(hash2, Equals, "")
483 c.Check(rep, Equals, 0)
484 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError{})
489 // can't test download without upload.
491 reader, blocklen, _, err := kc.Get(hash2)
493 c.Assert(err, Equals, nil)
494 all, err := ioutil.ReadAll(reader)
496 c.Check(all, DeepEquals, []byte("foo"))
497 c.Check(blocklen, Equals, int64(3))
498 c.Log("Finished Get (expected success)")
500 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="TestCase Administrator".* userUUID=zzzzz-tpzed-d9tiejq69daie8f.*`)
502 c.Check(logbuf.String(), Matches, `(?ms).* locator=acbd18db4cc2f85cedef654fccc4a4d8\+3.* userFullName="Active User".* userUUID=zzzzz-tpzed-xurymjxw79nv3jz.*`)
505 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
506 c.Check(err, ErrorMatches, ".*Missing or invalid Authorization header, or method not allowed.*")
507 c.Check(blocklen, Equals, int64(0))
514 func (s *ServerRequiredSuite) TestPutGetPermission(c *C) {
516 for _, adminperm := range []bool{true, false} {
517 for _, userperm := range []bool{true, false} {
519 testPermission(c, true,
520 arvados.UploadDownloadPermission{
524 testPermission(c, true,
525 arvados.UploadDownloadPermission{
529 testPermission(c, false,
530 arvados.UploadDownloadPermission{
534 testPermission(c, false,
535 arvados.UploadDownloadPermission{
543 func (s *ServerRequiredSuite) TestCorsHeaders(c *C) {
544 srv, _, _ := runProxy(c, false, false, nil)
548 client := http.Client{}
549 req, err := http.NewRequest("OPTIONS",
550 fmt.Sprintf("http://%s/%x+3", srv.Addr, md5.Sum([]byte("foo"))),
553 req.Header.Add("Access-Control-Request-Method", "PUT")
554 req.Header.Add("Access-Control-Request-Headers", "Authorization, X-Keep-Desired-Replicas")
555 resp, err := client.Do(req)
556 c.Check(err, Equals, nil)
557 c.Check(resp.StatusCode, Equals, 200)
558 body, err := ioutil.ReadAll(resp.Body)
560 c.Check(string(body), Equals, "")
561 c.Check(resp.Header.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, POST, PUT, OPTIONS")
562 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
566 resp, err := http.Get(fmt.Sprintf("http://%s/%x+3", srv.Addr, md5.Sum([]byte("foo"))))
567 c.Check(err, Equals, nil)
568 c.Check(resp.Header.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
569 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
573 func (s *ServerRequiredSuite) TestPostWithoutHash(c *C) {
574 srv, _, _ := runProxy(c, false, false, nil)
578 client := http.Client{}
579 req, err := http.NewRequest("POST",
580 "http://"+srv.Addr+"/",
581 strings.NewReader("qux"))
583 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
584 req.Header.Add("Content-Type", "application/octet-stream")
585 resp, err := client.Do(req)
586 c.Check(err, Equals, nil)
587 body, err := ioutil.ReadAll(resp.Body)
588 c.Check(err, Equals, nil)
589 c.Check(string(body), Matches,
590 fmt.Sprintf(`^%x\+3(\+.+)?$`, md5.Sum([]byte("qux"))))
594 func (s *ServerRequiredSuite) TestStripHint(c *C) {
595 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz", "$1"),
597 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
598 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
600 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
601 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz", "$1"),
603 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz")
604 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
606 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
611 // - Put one block, with 2 replicas
612 // - With no prefix (expect the block locator, twice)
613 // - With an existing prefix (expect the block locator, twice)
614 // - With a valid but non-existing prefix (expect "\n")
615 // - With an invalid prefix (expect error)
616 func (s *ServerRequiredSuite) TestGetIndex(c *C) {
617 getIndexWorker(c, false)
622 // - Put one block, with 2 replicas
623 // - With no prefix (expect the block locator, twice)
624 // - With an existing prefix (expect the block locator, twice)
625 // - With a valid but non-existing prefix (expect "\n")
626 // - With an invalid prefix (expect error)
627 func (s *ServerRequiredConfigYmlSuite) TestGetIndex(c *C) {
628 getIndexWorker(c, true)
631 func getIndexWorker(c *C, useConfig bool) {
632 srv, kc, _ := runProxy(c, false, useConfig, nil)
635 // Put "index-data" blocks
636 data := []byte("index-data")
637 hash := fmt.Sprintf("%x", md5.Sum(data))
639 hash2, rep, err := kc.PutB(data)
640 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+10(\+.+)?$`, hash))
641 c.Check(rep, Equals, 2)
642 c.Check(err, Equals, nil)
644 reader, blocklen, _, err := kc.Get(hash2)
646 c.Check(blocklen, Equals, int64(10))
647 all, err := ioutil.ReadAll(reader)
649 c.Check(all, DeepEquals, data)
651 // Put some more blocks
652 _, _, err = kc.PutB([]byte("some-more-index-data"))
655 kc.Arvados.ApiToken = arvadostest.SystemRootToken
658 for _, spec := range []struct {
663 {"", true, true}, // with no prefix
664 {hash[:3], true, false}, // with matching prefix
665 {"abcdef", false, false}, // with no such prefix
667 indexReader, err := kc.GetIndex(TestProxyUUID, spec.prefix)
668 c.Assert(err, Equals, nil)
669 indexResp, err := ioutil.ReadAll(indexReader)
670 c.Assert(err, Equals, nil)
671 locators := strings.Split(string(indexResp), "\n")
674 for _, locator := range locators {
678 c.Check(locator[:len(spec.prefix)], Equals, spec.prefix)
679 if locator[:32] == hash {
685 c.Check(gotTestHash == 2, Equals, spec.expectTestHash)
686 c.Check(gotOther > 0, Equals, spec.expectOther)
689 // GetIndex with invalid prefix
690 _, err = kc.GetIndex(TestProxyUUID, "xyz")
691 c.Assert((err != nil), Equals, true)
694 func (s *ServerRequiredSuite) TestCollectionSharingToken(c *C) {
695 srv, kc, _ := runProxy(c, false, false, nil)
697 hash, _, err := kc.PutB([]byte("shareddata"))
699 kc.Arvados.ApiToken = arvadostest.FooFileCollectionSharingToken
700 rdr, _, _, err := kc.Get(hash)
702 data, err := ioutil.ReadAll(rdr)
704 c.Check(data, DeepEquals, []byte("shareddata"))
707 func (s *ServerRequiredSuite) TestPutAskGetInvalidToken(c *C) {
708 srv, kc, _ := runProxy(c, false, false, nil)
712 hash, rep, err := kc.PutB([]byte("foo"))
714 c.Check(rep, Equals, 2)
716 for _, badToken := range []string{
718 "2ym314ysp27sk7h943q6vtc378srb06se3pq6ghurylyf3pdmx", // expired
720 kc.Arvados.ApiToken = badToken
722 // Ask and Get will fail only if the upstream
723 // keepstore server checks for valid signatures.
724 // Without knowing the blob signing key, there is no
725 // way for keepproxy to know whether a given token is
726 // permitted to read a block. So these tests fail:
728 _, _, err = kc.Ask(hash)
729 c.Assert(err, FitsTypeOf, &keepclient.ErrNotFound{})
730 c.Check(err.(*keepclient.ErrNotFound).Temporary(), Equals, false)
731 c.Check(err, ErrorMatches, ".*HTTP 403.*")
733 _, _, _, err = kc.Get(hash)
734 c.Assert(err, FitsTypeOf, &keepclient.ErrNotFound{})
735 c.Check(err.(*keepclient.ErrNotFound).Temporary(), Equals, false)
736 c.Check(err, ErrorMatches, ".*HTTP 403 \"Missing or invalid Authorization header, or method not allowed\".*")
739 _, _, err = kc.PutB([]byte("foo"))
740 c.Check(err, ErrorMatches, ".*403.*Missing or invalid Authorization header, or method not allowed")
744 func (s *ServerRequiredSuite) TestAskGetKeepProxyConnectionError(c *C) {
745 srv, kc, _ := runProxy(c, false, false, nil)
748 // Point keepproxy at a non-existent keepstore
749 locals := map[string]string{
750 TestProxyUUID: "http://localhost:12345",
752 srv.proxyHandler.KeepClient.SetServiceRoots(locals, nil, nil)
754 // Ask should result in temporary bad gateway error
755 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
756 _, _, err := kc.Ask(hash)
758 errNotFound, _ := err.(*keepclient.ErrNotFound)
759 c.Check(errNotFound.Temporary(), Equals, true)
760 c.Assert(err, ErrorMatches, ".*HTTP 502.*")
762 // Get should result in temporary bad gateway error
763 _, _, _, err = kc.Get(hash)
765 errNotFound, _ = err.(*keepclient.ErrNotFound)
766 c.Check(errNotFound.Temporary(), Equals, true)
767 c.Assert(err, ErrorMatches, ".*HTTP 502.*")
770 func (s *NoKeepServerSuite) TestAskGetNoKeepServerError(c *C) {
771 srv, kc, _ := runProxy(c, false, false, nil)
774 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
775 for _, f := range []func() error{
777 _, _, err := kc.Ask(hash)
781 _, _, _, err := kc.Get(hash)
787 errNotFound, _ := err.(*keepclient.ErrNotFound)
788 if c.Check(errNotFound, NotNil) {
789 c.Check(errNotFound.Temporary(), Equals, true)
790 c.Check(err, ErrorMatches, `.*HTTP 502.*`)
795 func (s *ServerRequiredSuite) TestPing(c *C) {
796 srv, kc, _ := runProxy(c, false, false, nil)
799 rtr, err := newHandler(context.Background(), kc, 10*time.Second, &arvados.Cluster{ManagementToken: arvadostest.ManagementToken})
800 c.Assert(err, check.IsNil)
802 req, err := http.NewRequest("GET",
803 "http://"+srv.Addr+"/_health/ping",
806 req.Header.Set("Authorization", "Bearer "+arvadostest.ManagementToken)
808 resp := httptest.NewRecorder()
809 rtr.ServeHTTP(resp, req)
810 c.Check(resp.Code, Equals, 200)
811 c.Assert(resp.Body.String(), Matches, `{"health":"OK"}\n?`)