Merge branch 'master' into 3762-delete-list-worker
[arvados.git] / services / keepstore / handler_test.go
1 // Tests for Keep HTTP handlers:
2 //
3 //     GetBlockHandler
4 //     PutBlockHandler
5 //     IndexHandler
6 //
7 // The HTTP handlers are responsible for enforcing permission policy,
8 // so these tests must exercise all possible permission permutations.
9
10 package main
11
12 import (
13         "bytes"
14         "encoding/json"
15         "fmt"
16         "net/http"
17         "net/http/httptest"
18         "os"
19         "regexp"
20         "strings"
21         "testing"
22         "time"
23 )
24
25 // A RequestTester represents the parameters for an HTTP request to
26 // be issued on behalf of a unit test.
27 type RequestTester struct {
28         uri          string
29         api_token    string
30         method       string
31         request_body []byte
32 }
33
34 // Test GetBlockHandler on the following situations:
35 //   - permissions off, unauthenticated request, unsigned locator
36 //   - permissions on, authenticated request, signed locator
37 //   - permissions on, authenticated request, unsigned locator
38 //   - permissions on, unauthenticated request, signed locator
39 //   - permissions on, authenticated request, expired locator
40 //
41 func TestGetHandler(t *testing.T) {
42         defer teardown()
43
44         // Prepare two test Keep volumes. Our block is stored on the second volume.
45         KeepVM = MakeTestVolumeManager(2)
46         defer KeepVM.Quit()
47
48         vols := KeepVM.Volumes()
49         if err := vols[0].Put(TEST_HASH, TEST_BLOCK); err != nil {
50                 t.Error(err)
51         }
52
53         // Create locators for testing.
54         // Turn on permission settings so we can generate signed locators.
55         enforce_permissions = true
56         PermissionSecret = []byte(known_key)
57         permission_ttl = time.Duration(300) * time.Second
58
59         var (
60                 unsigned_locator  = "/" + TEST_HASH
61                 valid_timestamp   = time.Now().Add(permission_ttl)
62                 expired_timestamp = time.Now().Add(-time.Hour)
63                 signed_locator    = "/" + SignLocator(TEST_HASH, known_token, valid_timestamp)
64                 expired_locator   = "/" + SignLocator(TEST_HASH, known_token, expired_timestamp)
65         )
66
67         // -----------------
68         // Test unauthenticated request with permissions off.
69         enforce_permissions = false
70
71         // Unauthenticated request, unsigned locator
72         // => OK
73         response := IssueRequest(
74                 &RequestTester{
75                         method: "GET",
76                         uri:    unsigned_locator,
77                 })
78         ExpectStatusCode(t,
79                 "Unauthenticated request, unsigned locator", http.StatusOK, response)
80         ExpectBody(t,
81                 "Unauthenticated request, unsigned locator",
82                 string(TEST_BLOCK),
83                 response)
84
85         received_cl := response.Header().Get("Content-Length")
86         expected_cl := fmt.Sprintf("%d", len(TEST_BLOCK))
87         if received_cl != expected_cl {
88                 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
89         }
90
91         // ----------------
92         // Permissions: on.
93         enforce_permissions = true
94
95         // Authenticated request, signed locator
96         // => OK
97         response = IssueRequest(&RequestTester{
98                 method:    "GET",
99                 uri:       signed_locator,
100                 api_token: known_token,
101         })
102         ExpectStatusCode(t,
103                 "Authenticated request, signed locator", http.StatusOK, response)
104         ExpectBody(t,
105                 "Authenticated request, signed locator", string(TEST_BLOCK), response)
106
107         received_cl = response.Header().Get("Content-Length")
108         expected_cl = fmt.Sprintf("%d", len(TEST_BLOCK))
109         if received_cl != expected_cl {
110                 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
111         }
112
113         // Authenticated request, unsigned locator
114         // => PermissionError
115         response = IssueRequest(&RequestTester{
116                 method:    "GET",
117                 uri:       unsigned_locator,
118                 api_token: known_token,
119         })
120         ExpectStatusCode(t, "unsigned locator", PermissionError.HTTPCode, response)
121
122         // Unauthenticated request, signed locator
123         // => PermissionError
124         response = IssueRequest(&RequestTester{
125                 method: "GET",
126                 uri:    signed_locator,
127         })
128         ExpectStatusCode(t,
129                 "Unauthenticated request, signed locator",
130                 PermissionError.HTTPCode, response)
131
132         // Authenticated request, expired locator
133         // => ExpiredError
134         response = IssueRequest(&RequestTester{
135                 method:    "GET",
136                 uri:       expired_locator,
137                 api_token: known_token,
138         })
139         ExpectStatusCode(t,
140                 "Authenticated request, expired locator",
141                 ExpiredError.HTTPCode, response)
142 }
143
144 // Test PutBlockHandler on the following situations:
145 //   - no server key
146 //   - with server key, authenticated request, unsigned locator
147 //   - with server key, unauthenticated request, unsigned locator
148 //
149 func TestPutHandler(t *testing.T) {
150         defer teardown()
151
152         // Prepare two test Keep volumes.
153         KeepVM = MakeTestVolumeManager(2)
154         defer KeepVM.Quit()
155
156         // --------------
157         // No server key.
158
159         // Unauthenticated request, no server key
160         // => OK (unsigned response)
161         unsigned_locator := "/" + TEST_HASH
162         response := IssueRequest(
163                 &RequestTester{
164                         method:       "PUT",
165                         uri:          unsigned_locator,
166                         request_body: TEST_BLOCK,
167                 })
168
169         ExpectStatusCode(t,
170                 "Unauthenticated request, no server key", http.StatusOK, response)
171         ExpectBody(t,
172                 "Unauthenticated request, no server key",
173                 TEST_HASH_PUT_RESPONSE, response)
174
175         // ------------------
176         // With a server key.
177
178         PermissionSecret = []byte(known_key)
179         permission_ttl = time.Duration(300) * time.Second
180
181         // When a permission key is available, the locator returned
182         // from an authenticated PUT request will be signed.
183
184         // Authenticated PUT, signed locator
185         // => OK (signed response)
186         response = IssueRequest(
187                 &RequestTester{
188                         method:       "PUT",
189                         uri:          unsigned_locator,
190                         request_body: TEST_BLOCK,
191                         api_token:    known_token,
192                 })
193
194         ExpectStatusCode(t,
195                 "Authenticated PUT, signed locator, with server key",
196                 http.StatusOK, response)
197         response_locator := strings.TrimSpace(response.Body.String())
198         if !VerifySignature(response_locator, known_token) {
199                 t.Errorf("Authenticated PUT, signed locator, with server key:\n"+
200                         "response '%s' does not contain a valid signature",
201                         response_locator)
202         }
203
204         // Unauthenticated PUT, unsigned locator
205         // => OK
206         response = IssueRequest(
207                 &RequestTester{
208                         method:       "PUT",
209                         uri:          unsigned_locator,
210                         request_body: TEST_BLOCK,
211                 })
212
213         ExpectStatusCode(t,
214                 "Unauthenticated PUT, unsigned locator, with server key",
215                 http.StatusOK, response)
216         ExpectBody(t,
217                 "Unauthenticated PUT, unsigned locator, with server key",
218                 TEST_HASH_PUT_RESPONSE, response)
219 }
220
221 // Test /index requests:
222 //   - unauthenticated /index request
223 //   - unauthenticated /index/prefix request
224 //   - authenticated   /index request        | non-superuser
225 //   - authenticated   /index/prefix request | non-superuser
226 //   - authenticated   /index request        | superuser
227 //   - authenticated   /index/prefix request | superuser
228 //
229 // The only /index requests that should succeed are those issued by the
230 // superuser. They should pass regardless of the value of enforce_permissions.
231 //
232 func TestIndexHandler(t *testing.T) {
233         defer teardown()
234
235         // Set up Keep volumes and populate them.
236         // Include multiple blocks on different volumes, and
237         // some metadata files (which should be omitted from index listings)
238         KeepVM = MakeTestVolumeManager(2)
239         defer KeepVM.Quit()
240
241         vols := KeepVM.Volumes()
242         vols[0].Put(TEST_HASH, TEST_BLOCK)
243         vols[1].Put(TEST_HASH_2, TEST_BLOCK_2)
244         vols[0].Put(TEST_HASH+".meta", []byte("metadata"))
245         vols[1].Put(TEST_HASH_2+".meta", []byte("metadata"))
246
247         data_manager_token = "DATA MANAGER TOKEN"
248
249         unauthenticated_req := &RequestTester{
250                 method: "GET",
251                 uri:    "/index",
252         }
253         authenticated_req := &RequestTester{
254                 method:    "GET",
255                 uri:       "/index",
256                 api_token: known_token,
257         }
258         superuser_req := &RequestTester{
259                 method:    "GET",
260                 uri:       "/index",
261                 api_token: data_manager_token,
262         }
263         unauth_prefix_req := &RequestTester{
264                 method: "GET",
265                 uri:    "/index/" + TEST_HASH[0:3],
266         }
267         auth_prefix_req := &RequestTester{
268                 method:    "GET",
269                 uri:       "/index/" + TEST_HASH[0:3],
270                 api_token: known_token,
271         }
272         superuser_prefix_req := &RequestTester{
273                 method:    "GET",
274                 uri:       "/index/" + TEST_HASH[0:3],
275                 api_token: data_manager_token,
276         }
277
278         // -------------------------------------------------------------
279         // Only the superuser should be allowed to issue /index requests.
280
281         // ---------------------------
282         // enforce_permissions enabled
283         // This setting should not affect tests passing.
284         enforce_permissions = true
285
286         // unauthenticated /index request
287         // => UnauthorizedError
288         response := IssueRequest(unauthenticated_req)
289         ExpectStatusCode(t,
290                 "enforce_permissions on, unauthenticated request",
291                 UnauthorizedError.HTTPCode,
292                 response)
293
294         // unauthenticated /index/prefix request
295         // => UnauthorizedError
296         response = IssueRequest(unauth_prefix_req)
297         ExpectStatusCode(t,
298                 "permissions on, unauthenticated /index/prefix request",
299                 UnauthorizedError.HTTPCode,
300                 response)
301
302         // authenticated /index request, non-superuser
303         // => UnauthorizedError
304         response = IssueRequest(authenticated_req)
305         ExpectStatusCode(t,
306                 "permissions on, authenticated request, non-superuser",
307                 UnauthorizedError.HTTPCode,
308                 response)
309
310         // authenticated /index/prefix request, non-superuser
311         // => UnauthorizedError
312         response = IssueRequest(auth_prefix_req)
313         ExpectStatusCode(t,
314                 "permissions on, authenticated /index/prefix request, non-superuser",
315                 UnauthorizedError.HTTPCode,
316                 response)
317
318         // superuser /index request
319         // => OK
320         response = IssueRequest(superuser_req)
321         ExpectStatusCode(t,
322                 "permissions on, superuser request",
323                 http.StatusOK,
324                 response)
325
326         // ----------------------------
327         // enforce_permissions disabled
328         // Valid Request should still pass.
329         enforce_permissions = false
330
331         // superuser /index request
332         // => OK
333         response = IssueRequest(superuser_req)
334         ExpectStatusCode(t,
335                 "permissions on, superuser request",
336                 http.StatusOK,
337                 response)
338
339         expected := `^` + TEST_HASH + `\+\d+ \d+\n` +
340                 TEST_HASH_2 + `\+\d+ \d+\n$`
341         match, _ := regexp.MatchString(expected, response.Body.String())
342         if !match {
343                 t.Errorf(
344                         "permissions on, superuser request: expected %s, got:\n%s",
345                         expected, response.Body.String())
346         }
347
348         // superuser /index/prefix request
349         // => OK
350         response = IssueRequest(superuser_prefix_req)
351         ExpectStatusCode(t,
352                 "permissions on, superuser request",
353                 http.StatusOK,
354                 response)
355
356         expected = `^` + TEST_HASH + `\+\d+ \d+\n$`
357         match, _ = regexp.MatchString(expected, response.Body.String())
358         if !match {
359                 t.Errorf(
360                         "permissions on, superuser /index/prefix request: expected %s, got:\n%s",
361                         expected, response.Body.String())
362         }
363 }
364
365 // TestDeleteHandler
366 //
367 // Cases tested:
368 //
369 //   With no token and with a non-data-manager token:
370 //   * Delete existing block
371 //     (test for 403 Forbidden, confirm block not deleted)
372 //
373 //   With data manager token:
374 //
375 //   * Delete existing block
376 //     (test for 200 OK, response counts, confirm block deleted)
377 //
378 //   * Delete nonexistent block
379 //     (test for 200 OK, response counts)
380 //
381 //   TODO(twp):
382 //
383 //   * Delete block on read-only and read-write volume
384 //     (test for 200 OK, response with copies_deleted=1,
385 //     copies_failed=1, confirm block deleted only on r/w volume)
386 //
387 //   * Delete block on read-only volume only
388 //     (test for 200 OK, response with copies_deleted=0, copies_failed=1,
389 //     confirm block not deleted)
390 //
391 func TestDeleteHandler(t *testing.T) {
392         defer teardown()
393
394         // Set up Keep volumes and populate them.
395         // Include multiple blocks on different volumes, and
396         // some metadata files (which should be omitted from index listings)
397         KeepVM = MakeTestVolumeManager(2)
398         defer KeepVM.Quit()
399
400         vols := KeepVM.Volumes()
401         vols[0].Put(TEST_HASH, TEST_BLOCK)
402
403         // Explicitly set the permission_ttl to 0 for these
404         // tests, to ensure the MockVolume deletes the blocks
405         // even though they have just been created.
406         permission_ttl = time.Duration(0)
407
408         var user_token = "NOT DATA MANAGER TOKEN"
409         data_manager_token = "DATA MANAGER TOKEN"
410
411         unauth_req := &RequestTester{
412                 method: "DELETE",
413                 uri:    "/" + TEST_HASH,
414         }
415
416         user_req := &RequestTester{
417                 method:    "DELETE",
418                 uri:       "/" + TEST_HASH,
419                 api_token: user_token,
420         }
421
422         superuser_existing_block_req := &RequestTester{
423                 method:    "DELETE",
424                 uri:       "/" + TEST_HASH,
425                 api_token: data_manager_token,
426         }
427
428         superuser_nonexistent_block_req := &RequestTester{
429                 method:    "DELETE",
430                 uri:       "/" + TEST_HASH_2,
431                 api_token: data_manager_token,
432         }
433
434         // Unauthenticated request returns PermissionError.
435         var response *httptest.ResponseRecorder
436         response = IssueRequest(unauth_req)
437         ExpectStatusCode(t,
438                 "unauthenticated request",
439                 PermissionError.HTTPCode,
440                 response)
441
442         // Authenticated non-admin request returns PermissionError.
443         response = IssueRequest(user_req)
444         ExpectStatusCode(t,
445                 "authenticated non-admin request",
446                 PermissionError.HTTPCode,
447                 response)
448
449         // Authenticated admin request for nonexistent block.
450         type deletecounter struct {
451                 Deleted int `json:"copies_deleted"`
452                 Failed  int `json:"copies_failed"`
453         }
454         var response_dc, expected_dc deletecounter
455
456         response = IssueRequest(superuser_nonexistent_block_req)
457         ExpectStatusCode(t,
458                 "data manager request, nonexistent block",
459                 http.StatusNotFound,
460                 response)
461
462         // Authenticated admin request for existing block while never_delete is set.
463         never_delete = true
464         response = IssueRequest(superuser_existing_block_req)
465         ExpectStatusCode(t,
466                 "authenticated request, existing block, method disabled",
467                 MethodDisabledError.HTTPCode,
468                 response)
469         never_delete = false
470
471         // Authenticated admin request for existing block.
472         response = IssueRequest(superuser_existing_block_req)
473         ExpectStatusCode(t,
474                 "data manager request, existing block",
475                 http.StatusOK,
476                 response)
477         // Expect response {"copies_deleted":1,"copies_failed":0}
478         expected_dc = deletecounter{1, 0}
479         json.NewDecoder(response.Body).Decode(&response_dc)
480         if response_dc != expected_dc {
481                 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
482                         expected_dc, response_dc)
483         }
484         // Confirm the block has been deleted
485         _, err := vols[0].Get(TEST_HASH)
486         var block_deleted = os.IsNotExist(err)
487         if !block_deleted {
488                 t.Error("superuser_existing_block_req: block not deleted")
489         }
490
491         // A DELETE request on a block newer than permission_ttl should return
492         // success but leave the block on the volume.
493         vols[0].Put(TEST_HASH, TEST_BLOCK)
494         permission_ttl = time.Duration(1) * time.Hour
495
496         response = IssueRequest(superuser_existing_block_req)
497         ExpectStatusCode(t,
498                 "data manager request, existing block",
499                 http.StatusOK,
500                 response)
501         // Expect response {"copies_deleted":1,"copies_failed":0}
502         expected_dc = deletecounter{1, 0}
503         json.NewDecoder(response.Body).Decode(&response_dc)
504         if response_dc != expected_dc {
505                 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
506                         expected_dc, response_dc)
507         }
508         // Confirm the block has NOT been deleted.
509         _, err = vols[0].Get(TEST_HASH)
510         if err != nil {
511                 t.Errorf("testing delete on new block: %s\n", err)
512         }
513 }
514
515 // TestPullHandler
516 //
517 // Test handling of the PUT /pull statement.
518 //
519 // Cases tested: syntactically valid and invalid pull lists, from the
520 // data manager and from unprivileged users:
521 //
522 //   1. Valid pull list from an ordinary user
523 //      (expected result: 401 Unauthorized)
524 //
525 //   2. Invalid pull request from an ordinary user
526 //      (expected result: 401 Unauthorized)
527 //
528 //   3. Valid pull request from the data manager
529 //      (expected result: 200 OK with request body "Received 3 pull
530 //      requests"
531 //
532 //   4. Invalid pull request from the data manager
533 //      (expected result: 400 Bad Request)
534 //
535 // Test that in the end, the pull manager received a good pull list with
536 // the expected number of requests.
537 //
538 // TODO(twp): test concurrency: launch 100 goroutines to update the
539 // pull list simultaneously.  Make sure that none of them return 400
540 // Bad Request and that pullq.GetList() returns a valid list.
541 //
542 func TestPullHandler(t *testing.T) {
543         defer teardown()
544
545         var user_token = "USER TOKEN"
546         data_manager_token = "DATA MANAGER TOKEN"
547
548         pullq = NewWorkQueue()
549
550         good_json := []byte(`[
551                 {
552                         "locator":"locator_with_two_servers",
553                         "servers":[
554                                 "server1",
555                                 "server2"
556                         ]
557                 },
558                 {
559                         "locator":"locator_with_no_servers",
560                         "servers":[]
561                 },
562                 {
563                         "locator":"",
564                         "servers":["empty_locator"]
565                 }
566         ]`)
567
568         bad_json := []byte(`{ "key":"I'm a little teapot" }`)
569
570         type pullTest struct {
571                 name          string
572                 req           RequestTester
573                 response_code int
574                 response_body string
575         }
576         var testcases = []pullTest{
577                 {
578                         "Valid pull list from an ordinary user",
579                         RequestTester{"/pull", user_token, "PUT", good_json},
580                         http.StatusUnauthorized,
581                         "Unauthorized\n",
582                 },
583                 {
584                         "Invalid pull request from an ordinary user",
585                         RequestTester{"/pull", user_token, "PUT", bad_json},
586                         http.StatusUnauthorized,
587                         "Unauthorized\n",
588                 },
589                 {
590                         "Valid pull request from the data manager",
591                         RequestTester{"/pull", data_manager_token, "PUT", good_json},
592                         http.StatusOK,
593                         "Received 3 pull requests\n",
594                 },
595                 {
596                         "Invalid pull request from the data manager",
597                         RequestTester{"/pull", data_manager_token, "PUT", bad_json},
598                         http.StatusBadRequest,
599                         "Bad Request\n",
600                 },
601         }
602
603         for _, tst := range testcases {
604                 response := IssueRequest(&tst.req)
605                 ExpectStatusCode(t, tst.name, tst.response_code, response)
606                 ExpectBody(t, tst.name, tst.response_body, response)
607         }
608
609         // The Keep pull manager should have received one good list with 3
610         // requests on it.
611         for i := 0; i < 3; i++ {
612                 item := <-pullq.NextItem
613                 if _, ok := item.(PullRequest); !ok {
614                         t.Errorf("item %v could not be parsed as a PullRequest", item)
615                 }
616         }
617
618         expectChannelEmpty(t, pullq.NextItem)
619 }
620
621 // TestTrashHandler
622 //
623 // Test cases:
624 //
625 // Cases tested: syntactically valid and invalid trash lists, from the
626 // data manager and from unprivileged users:
627 //
628 //   1. Valid trash list from an ordinary user
629 //      (expected result: 401 Unauthorized)
630 //
631 //   2. Invalid trash list from an ordinary user
632 //      (expected result: 401 Unauthorized)
633 //
634 //   3. Valid trash list from the data manager
635 //      (expected result: 200 OK with request body "Received 3 trash
636 //      requests"
637 //
638 //   4. Invalid trash list from the data manager
639 //      (expected result: 400 Bad Request)
640 //
641 // Test that in the end, the trash collector received a good list
642 // trash list with the expected number of requests.
643 //
644 // TODO(twp): test concurrency: launch 100 goroutines to update the
645 // pull list simultaneously.  Make sure that none of them return 400
646 // Bad Request and that replica.Dump() returns a valid list.
647 //
648 func TestTrashHandler(t *testing.T) {
649         defer teardown()
650
651         var user_token = "USER TOKEN"
652         data_manager_token = "DATA MANAGER TOKEN"
653
654         trashq = NewWorkQueue()
655
656         good_json := []byte(`[
657                 {
658                         "locator":"block1",
659                         "block_mtime":1409082153
660                 },
661                 {
662                         "locator":"block2",
663                         "block_mtime":1409082153
664                 },
665                 {
666                         "locator":"block3",
667                         "block_mtime":1409082153
668                 }
669         ]`)
670
671         bad_json := []byte(`I am not a valid JSON string`)
672
673         type trashTest struct {
674                 name          string
675                 req           RequestTester
676                 response_code int
677                 response_body string
678         }
679
680         var testcases = []trashTest{
681                 {
682                         "Valid trash list from an ordinary user",
683                         RequestTester{"/trash", user_token, "PUT", good_json},
684                         http.StatusUnauthorized,
685                         "Unauthorized\n",
686                 },
687                 {
688                         "Invalid trash list from an ordinary user",
689                         RequestTester{"/trash", user_token, "PUT", bad_json},
690                         http.StatusUnauthorized,
691                         "Unauthorized\n",
692                 },
693                 {
694                         "Valid trash list from the data manager",
695                         RequestTester{"/trash", data_manager_token, "PUT", good_json},
696                         http.StatusOK,
697                         "Received 3 trash requests\n",
698                 },
699                 {
700                         "Invalid trash list from the data manager",
701                         RequestTester{"/trash", data_manager_token, "PUT", bad_json},
702                         http.StatusBadRequest,
703                         "Bad Request\n",
704                 },
705         }
706
707         for _, tst := range testcases {
708                 response := IssueRequest(&tst.req)
709                 ExpectStatusCode(t, tst.name, tst.response_code, response)
710                 ExpectBody(t, tst.name, tst.response_body, response)
711         }
712
713         // The trash collector should have received one good list with 3
714         // requests on it.
715         for i := 0; i < 3; i++ {
716                 item := <-trashq.NextItem
717                 if _, ok := item.(TrashRequest); !ok {
718                         t.Errorf("item %v could not be parsed as a TrashRequest", item)
719                 }
720         }
721
722         expectChannelEmpty(t, trashq.NextItem)
723 }
724
725 // ====================
726 // Helper functions
727 // ====================
728
729 // IssueTestRequest executes an HTTP request described by rt, to a
730 // REST router.  It returns the HTTP response to the request.
731 func IssueRequest(rt *RequestTester) *httptest.ResponseRecorder {
732         response := httptest.NewRecorder()
733         body := bytes.NewReader(rt.request_body)
734         req, _ := http.NewRequest(rt.method, rt.uri, body)
735         if rt.api_token != "" {
736                 req.Header.Set("Authorization", "OAuth2 "+rt.api_token)
737         }
738         loggingRouter := MakeLoggingRESTRouter()
739         loggingRouter.ServeHTTP(response, req)
740         return response
741 }
742
743 // ExpectStatusCode checks whether a response has the specified status code,
744 // and reports a test failure if not.
745 func ExpectStatusCode(
746         t *testing.T,
747         testname string,
748         expected_status int,
749         response *httptest.ResponseRecorder) {
750         if response.Code != expected_status {
751                 t.Errorf("%s: expected status %s, got %+v",
752                         testname, expected_status, response)
753         }
754 }
755
756 func ExpectBody(
757         t *testing.T,
758         testname string,
759         expected_body string,
760         response *httptest.ResponseRecorder) {
761         if response.Body.String() != expected_body {
762                 t.Errorf("%s: expected response body '%s', got %+v",
763                         testname, expected_body, response)
764         }
765 }