1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
20 "git.arvados.org/arvados.git/lib/config"
21 "git.arvados.org/arvados.git/sdk/go/arvados"
22 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
23 "git.arvados.org/arvados.git/sdk/go/arvadostest"
24 "git.arvados.org/arvados.git/sdk/go/ctxlog"
25 "git.arvados.org/arvados.git/sdk/go/keepclient"
26 log "github.com/sirupsen/logrus"
32 // Gocheck boilerplate
33 func Test(t *testing.T) {
37 // Gocheck boilerplate
38 var _ = Suite(&ServerRequiredSuite{})
40 // Tests that require the Keep server running
41 type ServerRequiredSuite struct{}
43 // Gocheck boilerplate
44 var _ = Suite(&ServerRequiredConfigYmlSuite{})
46 // Tests that require the Keep servers running as defined in config.yml
47 type ServerRequiredConfigYmlSuite struct{}
49 // Gocheck boilerplate
50 var _ = Suite(&NoKeepServerSuite{})
52 // Test with no keepserver to simulate errors
53 type NoKeepServerSuite struct{}
55 var TestProxyUUID = "zzzzz-bi6l4-lrixqc4fxofbmzz"
57 // Wait (up to 1 second) for keepproxy to listen on a port. This
58 // avoids a race condition where we hit a "connection refused" error
59 // because we start testing the proxy too soon.
60 func waitForListener() {
64 for i := 0; listener == nil && i < 10000; i += ms {
65 time.Sleep(ms * time.Millisecond)
68 panic("Timed out waiting for listener to start")
72 func closeListener() {
78 func (s *ServerRequiredSuite) SetUpSuite(c *C) {
79 arvadostest.StartKeep(2, false)
82 func (s *ServerRequiredSuite) SetUpTest(c *C) {
83 arvadostest.ResetEnv()
86 func (s *ServerRequiredSuite) TearDownSuite(c *C) {
87 arvadostest.StopKeep(2)
90 func (s *ServerRequiredConfigYmlSuite) SetUpSuite(c *C) {
91 // config.yml defines 4 keepstores
92 arvadostest.StartKeep(4, false)
95 func (s *ServerRequiredConfigYmlSuite) SetUpTest(c *C) {
96 arvadostest.ResetEnv()
99 func (s *ServerRequiredConfigYmlSuite) TearDownSuite(c *C) {
100 arvadostest.StopKeep(4)
103 func (s *NoKeepServerSuite) SetUpSuite(c *C) {
104 // We need API to have some keep services listed, but the
105 // services themselves should be unresponsive.
106 arvadostest.StartKeep(2, false)
107 arvadostest.StopKeep(2)
110 func (s *NoKeepServerSuite) SetUpTest(c *C) {
111 arvadostest.ResetEnv()
114 func runProxy(c *C, bogusClientToken bool, loadKeepstoresFromConfig bool, kp *arvados.UploadDownloadRolePermissions) (*keepclient.KeepClient, *bytes.Buffer) {
115 cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
116 c.Assert(err, Equals, nil)
117 cluster, err := cfg.GetCluster("")
118 c.Assert(err, Equals, nil)
120 if !loadKeepstoresFromConfig {
121 // Do not load Keepstore InternalURLs from the config file
122 cluster.Services.Keepstore.InternalURLs = make(map[arvados.URL]arvados.ServiceInstance)
125 cluster.Services.Keepproxy.InternalURLs = map[arvados.URL]arvados.ServiceInstance{{Host: ":0"}: {}}
128 cluster.Collections.KeepproxyPermission = *kp
132 logbuf := &bytes.Buffer{}
137 defer closeListener()
141 client := arvados.NewClientFromEnv()
142 arv, err := arvadosclient.New(client)
143 c.Assert(err, Equals, nil)
144 if bogusClientToken {
145 arv.ApiToken = "bogus-token"
147 kc := keepclient.New(arv)
148 sr := map[string]string{
149 TestProxyUUID: "http://" + listener.Addr().String(),
151 kc.SetServiceRoots(sr, sr, sr)
152 kc.Arvados.External = true
157 func (s *ServerRequiredSuite) TestResponseViaHeader(c *C) {
158 runProxy(c, false, false, nil)
159 defer closeListener()
161 req, err := http.NewRequest("POST",
162 "http://"+listener.Addr().String()+"/",
163 strings.NewReader("TestViaHeader"))
164 c.Assert(err, Equals, nil)
165 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
166 resp, err := (&http.Client{}).Do(req)
167 c.Assert(err, Equals, nil)
168 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
169 c.Assert(resp.StatusCode, Equals, http.StatusOK)
170 locator, err := ioutil.ReadAll(resp.Body)
171 c.Assert(err, Equals, nil)
174 req, err = http.NewRequest("GET",
175 "http://"+listener.Addr().String()+"/"+string(locator),
177 c.Assert(err, Equals, nil)
178 resp, err = (&http.Client{}).Do(req)
179 c.Assert(err, Equals, nil)
180 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
184 func (s *ServerRequiredSuite) TestLoopDetection(c *C) {
185 kc, _ := runProxy(c, false, false, nil)
186 defer closeListener()
188 sr := map[string]string{
189 TestProxyUUID: "http://" + listener.Addr().String(),
191 router.(*proxyHandler).KeepClient.SetServiceRoots(sr, sr, sr)
193 content := []byte("TestLoopDetection")
194 _, _, err := kc.PutB(content)
195 c.Check(err, ErrorMatches, `.*loop detected.*`)
197 hash := fmt.Sprintf("%x", md5.Sum(content))
198 _, _, _, err = kc.Get(hash)
199 c.Check(err, ErrorMatches, `.*loop detected.*`)
202 func (s *ServerRequiredSuite) TestStorageClassesHeader(c *C) {
203 kc, _ := runProxy(c, false, false, nil)
204 defer closeListener()
206 // Set up fake keepstore to record request headers
208 ts := httptest.NewServer(http.HandlerFunc(
209 func(w http.ResponseWriter, r *http.Request) {
211 http.Error(w, "Error", http.StatusInternalServerError)
215 // Point keepproxy router's keepclient to the fake keepstore
216 sr := map[string]string{
217 TestProxyUUID: ts.URL,
219 router.(*proxyHandler).KeepClient.SetServiceRoots(sr, sr, sr)
221 // Set up client to ask for storage classes to keepproxy
222 kc.StorageClasses = []string{"secure"}
223 content := []byte("Very important data")
224 _, _, err := kc.PutB(content)
226 c.Check(hdr.Get("X-Keep-Storage-Classes"), Equals, "secure")
229 func (s *ServerRequiredSuite) TestStorageClassesConfirmedHeader(c *C) {
230 runProxy(c, false, false, nil)
231 defer closeListener()
233 content := []byte("foo")
234 hash := fmt.Sprintf("%x", md5.Sum(content))
235 client := &http.Client{}
237 req, err := http.NewRequest("PUT",
238 fmt.Sprintf("http://%s/%s", listener.Addr().String(), hash),
239 bytes.NewReader(content))
241 req.Header.Set("X-Keep-Storage-Classes", "default")
242 req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken)
243 req.Header.Set("Content-Type", "application/octet-stream")
245 resp, err := client.Do(req)
247 c.Assert(resp.StatusCode, Equals, http.StatusOK)
248 c.Assert(resp.Header.Get("X-Keep-Storage-Classes-Confirmed"), Equals, "default=2")
251 func (s *ServerRequiredSuite) TestDesiredReplicas(c *C) {
252 kc, _ := runProxy(c, false, false, nil)
253 defer closeListener()
255 content := []byte("TestDesiredReplicas")
256 hash := fmt.Sprintf("%x", md5.Sum(content))
258 for _, kc.Want_replicas = range []int{0, 1, 2, 3} {
259 locator, rep, err := kc.PutB(content)
260 if kc.Want_replicas < 3 {
261 c.Check(err, Equals, nil)
262 c.Check(rep, Equals, kc.Want_replicas)
264 c.Check(locator, Matches, fmt.Sprintf(`^%s\+%d(\+.+)?$`, hash, len(content)))
267 c.Check(err, ErrorMatches, ".*503.*")
272 func (s *ServerRequiredSuite) TestPutWrongContentLength(c *C) {
273 kc, _ := runProxy(c, false, false, nil)
274 defer closeListener()
276 content := []byte("TestPutWrongContentLength")
277 hash := fmt.Sprintf("%x", md5.Sum(content))
279 // If we use http.Client to send these requests to the network
280 // server we just started, the Go http library automatically
281 // fixes the invalid Content-Length header. In order to test
282 // our server behavior, we have to call the handler directly
283 // using an httptest.ResponseRecorder.
284 rtr, err := MakeRESTRouter(kc, 10*time.Second, &arvados.Cluster{}, log.New())
285 c.Assert(err, check.IsNil)
287 type testcase struct {
292 for _, t := range []testcase{
293 {"1", http.StatusBadRequest},
294 {"", http.StatusLengthRequired},
295 {"-1", http.StatusLengthRequired},
296 {"abcdef", http.StatusLengthRequired},
298 req, err := http.NewRequest("PUT",
299 fmt.Sprintf("http://%s/%s+%d", listener.Addr().String(), hash, len(content)),
300 bytes.NewReader(content))
302 req.Header.Set("Content-Length", t.sendLength)
303 req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken)
304 req.Header.Set("Content-Type", "application/octet-stream")
306 resp := httptest.NewRecorder()
307 rtr.ServeHTTP(resp, req)
308 c.Check(resp.Code, Equals, t.expectStatus)
312 func (s *ServerRequiredSuite) TestManyFailedPuts(c *C) {
313 kc, _ := runProxy(c, false, false, nil)
314 defer closeListener()
315 router.(*proxyHandler).timeout = time.Nanosecond
317 buf := make([]byte, 1<<20)
319 var wg sync.WaitGroup
320 for i := 0; i < 128; i++ {
327 done := make(chan bool)
334 case <-time.After(10 * time.Second):
339 func (s *ServerRequiredSuite) TestPutAskGet(c *C) {
340 kc, logbuf := runProxy(c, false, false, nil)
341 defer closeListener()
343 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
347 _, _, err := kc.Ask(hash)
348 c.Check(err, Equals, keepclient.BlockNotFound)
349 c.Log("Finished Ask (expected BlockNotFound)")
353 reader, _, _, err := kc.Get(hash)
354 c.Check(reader, Equals, nil)
355 c.Check(err, Equals, keepclient.BlockNotFound)
356 c.Log("Finished Get (expected BlockNotFound)")
359 // Note in bug #5309 among other errors keepproxy would set
360 // Content-Length incorrectly on the 404 BlockNotFound response, this
361 // would result in a protocol violation that would prevent reuse of the
362 // connection, which would manifest by the next attempt to use the
363 // connection (in this case the PutB below) failing. So to test for
364 // that bug it's necessary to trigger an error response (such as
365 // BlockNotFound) and then do something else with the same httpClient
371 hash2, rep, err = kc.PutB([]byte("foo"))
372 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
373 c.Check(rep, Equals, 2)
374 c.Check(err, Equals, nil)
375 c.Log("Finished PutB (expected success)")
377 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block upload" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="TestCase Administrator" user_uuid=zzzzz-tpzed-d9tiejq69daie8f.*`)
382 blocklen, _, err := kc.Ask(hash2)
383 c.Assert(err, Equals, nil)
384 c.Check(blocklen, Equals, int64(3))
385 c.Log("Finished Ask (expected success)")
386 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block download" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="TestCase Administrator" user_uuid=zzzzz-tpzed-d9tiejq69daie8f.*`)
391 reader, blocklen, _, err := kc.Get(hash2)
392 c.Assert(err, Equals, nil)
393 all, err := ioutil.ReadAll(reader)
395 c.Check(all, DeepEquals, []byte("foo"))
396 c.Check(blocklen, Equals, int64(3))
397 c.Log("Finished Get (expected success)")
398 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block download" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="TestCase Administrator" user_uuid=zzzzz-tpzed-d9tiejq69daie8f.*`)
405 hash2, rep, err = kc.PutB([]byte(""))
406 c.Check(hash2, Matches, `^d41d8cd98f00b204e9800998ecf8427e\+0(\+.+)?$`)
407 c.Check(rep, Equals, 2)
408 c.Check(err, Equals, nil)
409 c.Log("Finished PutB zero block")
413 reader, blocklen, _, err := kc.Get("d41d8cd98f00b204e9800998ecf8427e")
414 c.Assert(err, Equals, nil)
415 all, err := ioutil.ReadAll(reader)
417 c.Check(all, DeepEquals, []byte(""))
418 c.Check(blocklen, Equals, int64(0))
419 c.Log("Finished Get zero block")
423 func (s *ServerRequiredSuite) TestPutAskGetForbidden(c *C) {
424 kc, _ := runProxy(c, true, false, nil)
425 defer closeListener()
427 hash := fmt.Sprintf("%x+3", md5.Sum([]byte("bar")))
429 _, _, err := kc.Ask(hash)
430 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
432 hash2, rep, err := kc.PutB([]byte("bar"))
433 c.Check(hash2, Equals, "")
434 c.Check(rep, Equals, 0)
435 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError{})
437 blocklen, _, err := kc.Ask(hash)
438 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
439 c.Check(err, ErrorMatches, ".*HTTP 403.*")
440 c.Check(blocklen, Equals, int64(0))
442 _, blocklen, _, err = kc.Get(hash)
443 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
444 c.Check(err, ErrorMatches, ".*HTTP 403.*")
445 c.Check(blocklen, Equals, int64(0))
448 func testPermission(c *C, admin bool, perm arvados.UploadDownloadPermission) {
449 kp := arvados.UploadDownloadRolePermissions{}
452 kp.User = arvados.UploadDownloadPermission{Upload: true, Download: true}
454 kp.Admin = arvados.UploadDownloadPermission{Upload: true, Download: true}
458 kc, logbuf := runProxy(c, false, false, &kp)
459 defer closeListener()
461 kc.Arvados.ApiToken = arvadostest.AdminToken
463 kc.Arvados.ApiToken = arvadostest.ActiveToken
466 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
472 hash2, rep, err = kc.PutB([]byte("foo"))
475 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
476 c.Check(rep, Equals, 2)
477 c.Check(err, Equals, nil)
478 c.Log("Finished PutB (expected success)")
480 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block upload" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="TestCase Administrator" user_uuid=zzzzz-tpzed-d9tiejq69daie8f.*`)
483 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block upload" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="Active User" user_uuid=zzzzz-tpzed-xurymjxw79nv3jz.*`)
486 c.Check(hash2, Equals, "")
487 c.Check(rep, Equals, 0)
488 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError{})
493 // can't test download without upload.
495 reader, blocklen, _, err := kc.Get(hash2)
497 c.Assert(err, Equals, nil)
498 all, err := ioutil.ReadAll(reader)
500 c.Check(all, DeepEquals, []byte("foo"))
501 c.Check(blocklen, Equals, int64(3))
502 c.Log("Finished Get (expected success)")
504 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block download" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="TestCase Administrator" user_uuid=zzzzz-tpzed-d9tiejq69daie8f.*`)
506 c.Check(logbuf.String(), Matches, `(?ms).*msg="Block download" locator=acbd18db4cc2f85cedef654fccc4a4d8\+3 user_full_name="Active User" user_uuid=zzzzz-tpzed-xurymjxw79nv3jz.*`)
509 c.Check(err, FitsTypeOf, &keepclient.ErrNotFound{})
510 c.Check(err, ErrorMatches, ".*Missing or invalid Authorization header, or method not allowed.*")
511 c.Check(blocklen, Equals, int64(0))
518 func (s *ServerRequiredSuite) TestPutGetPermission(c *C) {
520 for _, adminperm := range []bool{true, false} {
521 for _, userperm := range []bool{true, false} {
523 testPermission(c, true,
524 arvados.UploadDownloadPermission{
528 testPermission(c, true,
529 arvados.UploadDownloadPermission{
533 testPermission(c, false,
534 arvados.UploadDownloadPermission{
538 testPermission(c, false,
539 arvados.UploadDownloadPermission{
547 func (s *ServerRequiredSuite) TestCorsHeaders(c *C) {
548 runProxy(c, false, false, nil)
549 defer closeListener()
552 client := http.Client{}
553 req, err := http.NewRequest("OPTIONS",
554 fmt.Sprintf("http://%s/%x+3", listener.Addr().String(), md5.Sum([]byte("foo"))),
557 req.Header.Add("Access-Control-Request-Method", "PUT")
558 req.Header.Add("Access-Control-Request-Headers", "Authorization, X-Keep-Desired-Replicas")
559 resp, err := client.Do(req)
560 c.Check(err, Equals, nil)
561 c.Check(resp.StatusCode, Equals, 200)
562 body, err := ioutil.ReadAll(resp.Body)
564 c.Check(string(body), Equals, "")
565 c.Check(resp.Header.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, POST, PUT, OPTIONS")
566 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
570 resp, err := http.Get(
571 fmt.Sprintf("http://%s/%x+3", listener.Addr().String(), md5.Sum([]byte("foo"))))
572 c.Check(err, Equals, nil)
573 c.Check(resp.Header.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
574 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
578 func (s *ServerRequiredSuite) TestPostWithoutHash(c *C) {
579 runProxy(c, false, false, nil)
580 defer closeListener()
583 client := http.Client{}
584 req, err := http.NewRequest("POST",
585 "http://"+listener.Addr().String()+"/",
586 strings.NewReader("qux"))
588 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
589 req.Header.Add("Content-Type", "application/octet-stream")
590 resp, err := client.Do(req)
591 c.Check(err, Equals, nil)
592 body, err := ioutil.ReadAll(resp.Body)
593 c.Check(err, Equals, nil)
594 c.Check(string(body), Matches,
595 fmt.Sprintf(`^%x\+3(\+.+)?$`, md5.Sum([]byte("qux"))))
599 func (s *ServerRequiredSuite) TestStripHint(c *C) {
600 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz", "$1"),
602 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
603 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
605 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
606 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz", "$1"),
608 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz")
609 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
611 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
616 // Put one block, with 2 replicas
617 // With no prefix (expect the block locator, twice)
618 // With an existing prefix (expect the block locator, twice)
619 // With a valid but non-existing prefix (expect "\n")
620 // With an invalid prefix (expect error)
621 func (s *ServerRequiredSuite) TestGetIndex(c *C) {
622 getIndexWorker(c, false)
627 // Put one block, with 2 replicas
628 // With no prefix (expect the block locator, twice)
629 // With an existing prefix (expect the block locator, twice)
630 // With a valid but non-existing prefix (expect "\n")
631 // With an invalid prefix (expect error)
632 func (s *ServerRequiredConfigYmlSuite) TestGetIndex(c *C) {
633 getIndexWorker(c, true)
636 func getIndexWorker(c *C, useConfig bool) {
637 kc, _ := runProxy(c, false, useConfig, nil)
638 defer closeListener()
640 // Put "index-data" blocks
641 data := []byte("index-data")
642 hash := fmt.Sprintf("%x", md5.Sum(data))
644 hash2, rep, err := kc.PutB(data)
645 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+10(\+.+)?$`, hash))
646 c.Check(rep, Equals, 2)
647 c.Check(err, Equals, nil)
649 reader, blocklen, _, err := kc.Get(hash)
651 c.Check(blocklen, Equals, int64(10))
652 all, err := ioutil.ReadAll(reader)
654 c.Check(all, DeepEquals, data)
656 // Put some more blocks
657 _, _, err = kc.PutB([]byte("some-more-index-data"))
660 kc.Arvados.ApiToken = arvadostest.SystemRootToken
663 for _, spec := range []struct {
668 {"", true, true}, // with no prefix
669 {hash[:3], true, false}, // with matching prefix
670 {"abcdef", false, false}, // with no such prefix
672 indexReader, err := kc.GetIndex(TestProxyUUID, spec.prefix)
673 c.Assert(err, Equals, nil)
674 indexResp, err := ioutil.ReadAll(indexReader)
675 c.Assert(err, Equals, nil)
676 locators := strings.Split(string(indexResp), "\n")
679 for _, locator := range locators {
683 c.Check(locator[:len(spec.prefix)], Equals, spec.prefix)
684 if locator[:32] == hash {
690 c.Check(gotTestHash == 2, Equals, spec.expectTestHash)
691 c.Check(gotOther > 0, Equals, spec.expectOther)
694 // GetIndex with invalid prefix
695 _, err = kc.GetIndex(TestProxyUUID, "xyz")
696 c.Assert((err != nil), Equals, true)
699 func (s *ServerRequiredSuite) TestCollectionSharingToken(c *C) {
700 kc, _ := runProxy(c, false, false, nil)
701 defer closeListener()
702 hash, _, err := kc.PutB([]byte("shareddata"))
704 kc.Arvados.ApiToken = arvadostest.FooCollectionSharingToken
705 rdr, _, _, err := kc.Get(hash)
707 data, err := ioutil.ReadAll(rdr)
709 c.Check(data, DeepEquals, []byte("shareddata"))
712 func (s *ServerRequiredSuite) TestPutAskGetInvalidToken(c *C) {
713 kc, _ := runProxy(c, false, false, nil)
714 defer closeListener()
717 hash, rep, err := kc.PutB([]byte("foo"))
719 c.Check(rep, Equals, 2)
721 for _, badToken := range []string{
723 "2ym314ysp27sk7h943q6vtc378srb06se3pq6ghurylyf3pdmx", // expired
725 kc.Arvados.ApiToken = badToken
727 // Ask and Get will fail only if the upstream
728 // keepstore server checks for valid signatures.
729 // Without knowing the blob signing key, there is no
730 // way for keepproxy to know whether a given token is
731 // permitted to read a block. So these tests fail:
733 _, _, err = kc.Ask(hash)
734 c.Assert(err, FitsTypeOf, &keepclient.ErrNotFound{})
735 c.Check(err.(*keepclient.ErrNotFound).Temporary(), Equals, false)
736 c.Check(err, ErrorMatches, ".*HTTP 403.*")
738 _, _, _, err = kc.Get(hash)
739 c.Assert(err, FitsTypeOf, &keepclient.ErrNotFound{})
740 c.Check(err.(*keepclient.ErrNotFound).Temporary(), Equals, false)
741 c.Check(err, ErrorMatches, ".*HTTP 403 \"Missing or invalid Authorization header, or method not allowed\".*")
744 _, _, err = kc.PutB([]byte("foo"))
745 c.Check(err, ErrorMatches, ".*403.*Missing or invalid Authorization header, or method not allowed")
749 func (s *ServerRequiredSuite) TestAskGetKeepProxyConnectionError(c *C) {
750 kc, _ := runProxy(c, false, false, nil)
751 defer closeListener()
753 // Point keepproxy at a non-existent keepstore
754 locals := map[string]string{
755 TestProxyUUID: "http://localhost:12345",
757 router.(*proxyHandler).KeepClient.SetServiceRoots(locals, nil, nil)
759 // Ask should result in temporary bad gateway error
760 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
761 _, _, err := kc.Ask(hash)
763 errNotFound, _ := err.(*keepclient.ErrNotFound)
764 c.Check(errNotFound.Temporary(), Equals, true)
765 c.Assert(err, ErrorMatches, ".*HTTP 502.*")
767 // Get should result in temporary bad gateway error
768 _, _, _, err = kc.Get(hash)
770 errNotFound, _ = err.(*keepclient.ErrNotFound)
771 c.Check(errNotFound.Temporary(), Equals, true)
772 c.Assert(err, ErrorMatches, ".*HTTP 502.*")
775 func (s *NoKeepServerSuite) TestAskGetNoKeepServerError(c *C) {
776 kc, _ := runProxy(c, false, false, nil)
777 defer closeListener()
779 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
780 for _, f := range []func() error{
782 _, _, err := kc.Ask(hash)
786 _, _, _, err := kc.Get(hash)
791 c.Assert(err, NotNil)
792 errNotFound, _ := err.(*keepclient.ErrNotFound)
793 c.Check(errNotFound.Temporary(), Equals, true)
794 c.Check(err, ErrorMatches, `.*HTTP 502.*`)
798 func (s *ServerRequiredSuite) TestPing(c *C) {
799 kc, _ := runProxy(c, false, false, nil)
800 defer closeListener()
802 rtr, err := MakeRESTRouter(kc, 10*time.Second, &arvados.Cluster{ManagementToken: arvadostest.ManagementToken}, log.New())
803 c.Assert(err, check.IsNil)
805 req, err := http.NewRequest("GET",
806 "http://"+listener.Addr().String()+"/_health/ping",
809 req.Header.Set("Authorization", "Bearer "+arvadostest.ManagementToken)
811 resp := httptest.NewRecorder()
812 rtr.ServeHTTP(resp, req)
813 c.Check(resp.Code, Equals, 200)
814 c.Assert(resp.Body.String(), Matches, `{"health":"OK"}\n?`)
projects / arvados.git / blob