15836: Refuse project/collection names that fuse/webdav can't show.
[arvados.git] / services / keepstore / handler_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 // Tests for Keep HTTP handlers:
6 //
7 //     GetBlockHandler
8 //     PutBlockHandler
9 //     IndexHandler
10 //
11 // The HTTP handlers are responsible for enforcing permission policy,
12 // so these tests must exercise all possible permission permutations.
13
14 package main
15
16 import (
17         "bytes"
18         "context"
19         "encoding/json"
20         "fmt"
21         "net/http"
22         "net/http/httptest"
23         "os"
24         "regexp"
25         "strings"
26         "time"
27
28         "git.arvados.org/arvados.git/lib/config"
29         "git.arvados.org/arvados.git/sdk/go/arvados"
30         "git.arvados.org/arvados.git/sdk/go/arvadostest"
31         "git.arvados.org/arvados.git/sdk/go/ctxlog"
32         "github.com/prometheus/client_golang/prometheus"
33         check "gopkg.in/check.v1"
34 )
35
36 var testServiceURL = func() arvados.URL {
37         return arvados.URL{Host: "localhost:12345", Scheme: "http"}
38 }()
39
40 func testCluster(t TB) *arvados.Cluster {
41         cfg, err := config.NewLoader(bytes.NewBufferString("Clusters: {zzzzz: {}}"), ctxlog.TestLogger(t)).Load()
42         if err != nil {
43                 t.Fatal(err)
44         }
45         cluster, err := cfg.GetCluster("")
46         if err != nil {
47                 t.Fatal(err)
48         }
49         cluster.SystemRootToken = arvadostest.SystemRootToken
50         cluster.ManagementToken = arvadostest.ManagementToken
51         cluster.Collections.BlobSigning = false
52         return cluster
53 }
54
55 var _ = check.Suite(&HandlerSuite{})
56
57 type HandlerSuite struct {
58         cluster *arvados.Cluster
59         handler *handler
60 }
61
62 func (s *HandlerSuite) SetUpTest(c *check.C) {
63         s.cluster = testCluster(c)
64         s.cluster.Volumes = map[string]arvados.Volume{
65                 "zzzzz-nyw5e-000000000000000": {Replication: 1, Driver: "mock"},
66                 "zzzzz-nyw5e-111111111111111": {Replication: 1, Driver: "mock"},
67         }
68         s.handler = &handler{}
69 }
70
71 // A RequestTester represents the parameters for an HTTP request to
72 // be issued on behalf of a unit test.
73 type RequestTester struct {
74         uri         string
75         apiToken    string
76         method      string
77         requestBody []byte
78 }
79
80 // Test GetBlockHandler on the following situations:
81 //   - permissions off, unauthenticated request, unsigned locator
82 //   - permissions on, authenticated request, signed locator
83 //   - permissions on, authenticated request, unsigned locator
84 //   - permissions on, unauthenticated request, signed locator
85 //   - permissions on, authenticated request, expired locator
86 //   - permissions on, authenticated request, signed locator, transient error from backend
87 //
88 func (s *HandlerSuite) TestGetHandler(c *check.C) {
89         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
90
91         vols := s.handler.volmgr.AllWritable()
92         err := vols[0].Put(context.Background(), TestHash, TestBlock)
93         c.Check(err, check.IsNil)
94
95         // Create locators for testing.
96         // Turn on permission settings so we can generate signed locators.
97         s.cluster.Collections.BlobSigning = true
98         s.cluster.Collections.BlobSigningKey = knownKey
99         s.cluster.Collections.BlobSigningTTL.Set("5m")
100
101         var (
102                 unsignedLocator  = "/" + TestHash
103                 validTimestamp   = time.Now().Add(s.cluster.Collections.BlobSigningTTL.Duration())
104                 expiredTimestamp = time.Now().Add(-time.Hour)
105                 signedLocator    = "/" + SignLocator(s.cluster, TestHash, knownToken, validTimestamp)
106                 expiredLocator   = "/" + SignLocator(s.cluster, TestHash, knownToken, expiredTimestamp)
107         )
108
109         // -----------------
110         // Test unauthenticated request with permissions off.
111         s.cluster.Collections.BlobSigning = false
112
113         // Unauthenticated request, unsigned locator
114         // => OK
115         response := IssueRequest(s.handler,
116                 &RequestTester{
117                         method: "GET",
118                         uri:    unsignedLocator,
119                 })
120         ExpectStatusCode(c,
121                 "Unauthenticated request, unsigned locator", http.StatusOK, response)
122         ExpectBody(c,
123                 "Unauthenticated request, unsigned locator",
124                 string(TestBlock),
125                 response)
126
127         receivedLen := response.Header().Get("Content-Length")
128         expectedLen := fmt.Sprintf("%d", len(TestBlock))
129         if receivedLen != expectedLen {
130                 c.Errorf("expected Content-Length %s, got %s", expectedLen, receivedLen)
131         }
132
133         // ----------------
134         // Permissions: on.
135         s.cluster.Collections.BlobSigning = true
136
137         // Authenticated request, signed locator
138         // => OK
139         response = IssueRequest(s.handler, &RequestTester{
140                 method:   "GET",
141                 uri:      signedLocator,
142                 apiToken: knownToken,
143         })
144         ExpectStatusCode(c,
145                 "Authenticated request, signed locator", http.StatusOK, response)
146         ExpectBody(c,
147                 "Authenticated request, signed locator", string(TestBlock), response)
148
149         receivedLen = response.Header().Get("Content-Length")
150         expectedLen = fmt.Sprintf("%d", len(TestBlock))
151         if receivedLen != expectedLen {
152                 c.Errorf("expected Content-Length %s, got %s", expectedLen, receivedLen)
153         }
154
155         // Authenticated request, unsigned locator
156         // => PermissionError
157         response = IssueRequest(s.handler, &RequestTester{
158                 method:   "GET",
159                 uri:      unsignedLocator,
160                 apiToken: knownToken,
161         })
162         ExpectStatusCode(c, "unsigned locator", PermissionError.HTTPCode, response)
163
164         // Unauthenticated request, signed locator
165         // => PermissionError
166         response = IssueRequest(s.handler, &RequestTester{
167                 method: "GET",
168                 uri:    signedLocator,
169         })
170         ExpectStatusCode(c,
171                 "Unauthenticated request, signed locator",
172                 PermissionError.HTTPCode, response)
173
174         // Authenticated request, expired locator
175         // => ExpiredError
176         response = IssueRequest(s.handler, &RequestTester{
177                 method:   "GET",
178                 uri:      expiredLocator,
179                 apiToken: knownToken,
180         })
181         ExpectStatusCode(c,
182                 "Authenticated request, expired locator",
183                 ExpiredError.HTTPCode, response)
184
185         // Authenticated request, signed locator
186         // => 503 Server busy (transient error)
187
188         // Set up the block owning volume to respond with errors
189         vols[0].Volume.(*MockVolume).Bad = true
190         vols[0].Volume.(*MockVolume).BadVolumeError = VolumeBusyError
191         response = IssueRequest(s.handler, &RequestTester{
192                 method:   "GET",
193                 uri:      signedLocator,
194                 apiToken: knownToken,
195         })
196         // A transient error from one volume while the other doesn't find the block
197         // should make the service return a 503 so that clients can retry.
198         ExpectStatusCode(c,
199                 "Volume backend busy",
200                 503, response)
201 }
202
203 // Test PutBlockHandler on the following situations:
204 //   - no server key
205 //   - with server key, authenticated request, unsigned locator
206 //   - with server key, unauthenticated request, unsigned locator
207 //
208 func (s *HandlerSuite) TestPutHandler(c *check.C) {
209         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
210
211         // --------------
212         // No server key.
213
214         s.cluster.Collections.BlobSigningKey = ""
215
216         // Unauthenticated request, no server key
217         // => OK (unsigned response)
218         unsignedLocator := "/" + TestHash
219         response := IssueRequest(s.handler,
220                 &RequestTester{
221                         method:      "PUT",
222                         uri:         unsignedLocator,
223                         requestBody: TestBlock,
224                 })
225
226         ExpectStatusCode(c,
227                 "Unauthenticated request, no server key", http.StatusOK, response)
228         ExpectBody(c,
229                 "Unauthenticated request, no server key",
230                 TestHashPutResp, response)
231
232         // ------------------
233         // With a server key.
234
235         s.cluster.Collections.BlobSigningKey = knownKey
236         s.cluster.Collections.BlobSigningTTL.Set("5m")
237
238         // When a permission key is available, the locator returned
239         // from an authenticated PUT request will be signed.
240
241         // Authenticated PUT, signed locator
242         // => OK (signed response)
243         response = IssueRequest(s.handler,
244                 &RequestTester{
245                         method:      "PUT",
246                         uri:         unsignedLocator,
247                         requestBody: TestBlock,
248                         apiToken:    knownToken,
249                 })
250
251         ExpectStatusCode(c,
252                 "Authenticated PUT, signed locator, with server key",
253                 http.StatusOK, response)
254         responseLocator := strings.TrimSpace(response.Body.String())
255         if VerifySignature(s.cluster, responseLocator, knownToken) != nil {
256                 c.Errorf("Authenticated PUT, signed locator, with server key:\n"+
257                         "response '%s' does not contain a valid signature",
258                         responseLocator)
259         }
260
261         // Unauthenticated PUT, unsigned locator
262         // => OK
263         response = IssueRequest(s.handler,
264                 &RequestTester{
265                         method:      "PUT",
266                         uri:         unsignedLocator,
267                         requestBody: TestBlock,
268                 })
269
270         ExpectStatusCode(c,
271                 "Unauthenticated PUT, unsigned locator, with server key",
272                 http.StatusOK, response)
273         ExpectBody(c,
274                 "Unauthenticated PUT, unsigned locator, with server key",
275                 TestHashPutResp, response)
276 }
277
278 func (s *HandlerSuite) TestPutAndDeleteSkipReadonlyVolumes(c *check.C) {
279         s.cluster.Volumes["zzzzz-nyw5e-000000000000000"] = arvados.Volume{Driver: "mock", ReadOnly: true}
280         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
281
282         s.cluster.SystemRootToken = "fake-data-manager-token"
283         IssueRequest(s.handler,
284                 &RequestTester{
285                         method:      "PUT",
286                         uri:         "/" + TestHash,
287                         requestBody: TestBlock,
288                 })
289
290         s.cluster.Collections.BlobTrash = true
291         IssueRequest(s.handler,
292                 &RequestTester{
293                         method:      "DELETE",
294                         uri:         "/" + TestHash,
295                         requestBody: TestBlock,
296                         apiToken:    s.cluster.SystemRootToken,
297                 })
298         type expect struct {
299                 volid     string
300                 method    string
301                 callcount int
302         }
303         for _, e := range []expect{
304                 {"zzzzz-nyw5e-000000000000000", "Get", 0},
305                 {"zzzzz-nyw5e-000000000000000", "Compare", 0},
306                 {"zzzzz-nyw5e-000000000000000", "Touch", 0},
307                 {"zzzzz-nyw5e-000000000000000", "Put", 0},
308                 {"zzzzz-nyw5e-000000000000000", "Delete", 0},
309                 {"zzzzz-nyw5e-111111111111111", "Get", 0},
310                 {"zzzzz-nyw5e-111111111111111", "Compare", 1},
311                 {"zzzzz-nyw5e-111111111111111", "Touch", 1},
312                 {"zzzzz-nyw5e-111111111111111", "Put", 1},
313                 {"zzzzz-nyw5e-111111111111111", "Delete", 1},
314         } {
315                 if calls := s.handler.volmgr.mountMap[e.volid].Volume.(*MockVolume).CallCount(e.method); calls != e.callcount {
316                         c.Errorf("Got %d %s() on vol %s, expect %d", calls, e.method, e.volid, e.callcount)
317                 }
318         }
319 }
320
321 // Test /index requests:
322 //   - unauthenticated /index request
323 //   - unauthenticated /index/prefix request
324 //   - authenticated   /index request        | non-superuser
325 //   - authenticated   /index/prefix request | non-superuser
326 //   - authenticated   /index request        | superuser
327 //   - authenticated   /index/prefix request | superuser
328 //
329 // The only /index requests that should succeed are those issued by the
330 // superuser. They should pass regardless of the value of BlobSigning.
331 //
332 func (s *HandlerSuite) TestIndexHandler(c *check.C) {
333         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
334
335         // Include multiple blocks on different volumes, and
336         // some metadata files (which should be omitted from index listings)
337         vols := s.handler.volmgr.AllWritable()
338         vols[0].Put(context.Background(), TestHash, TestBlock)
339         vols[1].Put(context.Background(), TestHash2, TestBlock2)
340         vols[0].Put(context.Background(), TestHash+".meta", []byte("metadata"))
341         vols[1].Put(context.Background(), TestHash2+".meta", []byte("metadata"))
342
343         s.cluster.SystemRootToken = "DATA MANAGER TOKEN"
344
345         unauthenticatedReq := &RequestTester{
346                 method: "GET",
347                 uri:    "/index",
348         }
349         authenticatedReq := &RequestTester{
350                 method:   "GET",
351                 uri:      "/index",
352                 apiToken: knownToken,
353         }
354         superuserReq := &RequestTester{
355                 method:   "GET",
356                 uri:      "/index",
357                 apiToken: s.cluster.SystemRootToken,
358         }
359         unauthPrefixReq := &RequestTester{
360                 method: "GET",
361                 uri:    "/index/" + TestHash[0:3],
362         }
363         authPrefixReq := &RequestTester{
364                 method:   "GET",
365                 uri:      "/index/" + TestHash[0:3],
366                 apiToken: knownToken,
367         }
368         superuserPrefixReq := &RequestTester{
369                 method:   "GET",
370                 uri:      "/index/" + TestHash[0:3],
371                 apiToken: s.cluster.SystemRootToken,
372         }
373         superuserNoSuchPrefixReq := &RequestTester{
374                 method:   "GET",
375                 uri:      "/index/abcd",
376                 apiToken: s.cluster.SystemRootToken,
377         }
378         superuserInvalidPrefixReq := &RequestTester{
379                 method:   "GET",
380                 uri:      "/index/xyz",
381                 apiToken: s.cluster.SystemRootToken,
382         }
383
384         // -------------------------------------------------------------
385         // Only the superuser should be allowed to issue /index requests.
386
387         // ---------------------------
388         // BlobSigning enabled
389         // This setting should not affect tests passing.
390         s.cluster.Collections.BlobSigning = true
391
392         // unauthenticated /index request
393         // => UnauthorizedError
394         response := IssueRequest(s.handler, unauthenticatedReq)
395         ExpectStatusCode(c,
396                 "permissions on, unauthenticated request",
397                 UnauthorizedError.HTTPCode,
398                 response)
399
400         // unauthenticated /index/prefix request
401         // => UnauthorizedError
402         response = IssueRequest(s.handler, unauthPrefixReq)
403         ExpectStatusCode(c,
404                 "permissions on, unauthenticated /index/prefix request",
405                 UnauthorizedError.HTTPCode,
406                 response)
407
408         // authenticated /index request, non-superuser
409         // => UnauthorizedError
410         response = IssueRequest(s.handler, authenticatedReq)
411         ExpectStatusCode(c,
412                 "permissions on, authenticated request, non-superuser",
413                 UnauthorizedError.HTTPCode,
414                 response)
415
416         // authenticated /index/prefix request, non-superuser
417         // => UnauthorizedError
418         response = IssueRequest(s.handler, authPrefixReq)
419         ExpectStatusCode(c,
420                 "permissions on, authenticated /index/prefix request, non-superuser",
421                 UnauthorizedError.HTTPCode,
422                 response)
423
424         // superuser /index request
425         // => OK
426         response = IssueRequest(s.handler, superuserReq)
427         ExpectStatusCode(c,
428                 "permissions on, superuser request",
429                 http.StatusOK,
430                 response)
431
432         // ----------------------------
433         // BlobSigning disabled
434         // Valid Request should still pass.
435         s.cluster.Collections.BlobSigning = false
436
437         // superuser /index request
438         // => OK
439         response = IssueRequest(s.handler, superuserReq)
440         ExpectStatusCode(c,
441                 "permissions on, superuser request",
442                 http.StatusOK,
443                 response)
444
445         expected := `^` + TestHash + `\+\d+ \d+\n` +
446                 TestHash2 + `\+\d+ \d+\n\n$`
447         match, _ := regexp.MatchString(expected, response.Body.String())
448         if !match {
449                 c.Errorf(
450                         "permissions on, superuser request: expected %s, got:\n%s",
451                         expected, response.Body.String())
452         }
453
454         // superuser /index/prefix request
455         // => OK
456         response = IssueRequest(s.handler, superuserPrefixReq)
457         ExpectStatusCode(c,
458                 "permissions on, superuser request",
459                 http.StatusOK,
460                 response)
461
462         expected = `^` + TestHash + `\+\d+ \d+\n\n$`
463         match, _ = regexp.MatchString(expected, response.Body.String())
464         if !match {
465                 c.Errorf(
466                         "permissions on, superuser /index/prefix request: expected %s, got:\n%s",
467                         expected, response.Body.String())
468         }
469
470         // superuser /index/{no-such-prefix} request
471         // => OK
472         response = IssueRequest(s.handler, superuserNoSuchPrefixReq)
473         ExpectStatusCode(c,
474                 "permissions on, superuser request",
475                 http.StatusOK,
476                 response)
477
478         if "\n" != response.Body.String() {
479                 c.Errorf("Expected empty response for %s. Found %s", superuserNoSuchPrefixReq.uri, response.Body.String())
480         }
481
482         // superuser /index/{invalid-prefix} request
483         // => StatusBadRequest
484         response = IssueRequest(s.handler, superuserInvalidPrefixReq)
485         ExpectStatusCode(c,
486                 "permissions on, superuser request",
487                 http.StatusBadRequest,
488                 response)
489 }
490
491 // TestDeleteHandler
492 //
493 // Cases tested:
494 //
495 //   With no token and with a non-data-manager token:
496 //   * Delete existing block
497 //     (test for 403 Forbidden, confirm block not deleted)
498 //
499 //   With data manager token:
500 //
501 //   * Delete existing block
502 //     (test for 200 OK, response counts, confirm block deleted)
503 //
504 //   * Delete nonexistent block
505 //     (test for 200 OK, response counts)
506 //
507 //   TODO(twp):
508 //
509 //   * Delete block on read-only and read-write volume
510 //     (test for 200 OK, response with copies_deleted=1,
511 //     copies_failed=1, confirm block deleted only on r/w volume)
512 //
513 //   * Delete block on read-only volume only
514 //     (test for 200 OK, response with copies_deleted=0, copies_failed=1,
515 //     confirm block not deleted)
516 //
517 func (s *HandlerSuite) TestDeleteHandler(c *check.C) {
518         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
519
520         vols := s.handler.volmgr.AllWritable()
521         vols[0].Put(context.Background(), TestHash, TestBlock)
522
523         // Explicitly set the BlobSigningTTL to 0 for these
524         // tests, to ensure the MockVolume deletes the blocks
525         // even though they have just been created.
526         s.cluster.Collections.BlobSigningTTL = arvados.Duration(0)
527
528         var userToken = "NOT DATA MANAGER TOKEN"
529         s.cluster.SystemRootToken = "DATA MANAGER TOKEN"
530
531         s.cluster.Collections.BlobTrash = true
532
533         unauthReq := &RequestTester{
534                 method: "DELETE",
535                 uri:    "/" + TestHash,
536         }
537
538         userReq := &RequestTester{
539                 method:   "DELETE",
540                 uri:      "/" + TestHash,
541                 apiToken: userToken,
542         }
543
544         superuserExistingBlockReq := &RequestTester{
545                 method:   "DELETE",
546                 uri:      "/" + TestHash,
547                 apiToken: s.cluster.SystemRootToken,
548         }
549
550         superuserNonexistentBlockReq := &RequestTester{
551                 method:   "DELETE",
552                 uri:      "/" + TestHash2,
553                 apiToken: s.cluster.SystemRootToken,
554         }
555
556         // Unauthenticated request returns PermissionError.
557         var response *httptest.ResponseRecorder
558         response = IssueRequest(s.handler, unauthReq)
559         ExpectStatusCode(c,
560                 "unauthenticated request",
561                 PermissionError.HTTPCode,
562                 response)
563
564         // Authenticated non-admin request returns PermissionError.
565         response = IssueRequest(s.handler, userReq)
566         ExpectStatusCode(c,
567                 "authenticated non-admin request",
568                 PermissionError.HTTPCode,
569                 response)
570
571         // Authenticated admin request for nonexistent block.
572         type deletecounter struct {
573                 Deleted int `json:"copies_deleted"`
574                 Failed  int `json:"copies_failed"`
575         }
576         var responseDc, expectedDc deletecounter
577
578         response = IssueRequest(s.handler, superuserNonexistentBlockReq)
579         ExpectStatusCode(c,
580                 "data manager request, nonexistent block",
581                 http.StatusNotFound,
582                 response)
583
584         // Authenticated admin request for existing block while BlobTrash is false.
585         s.cluster.Collections.BlobTrash = false
586         response = IssueRequest(s.handler, superuserExistingBlockReq)
587         ExpectStatusCode(c,
588                 "authenticated request, existing block, method disabled",
589                 MethodDisabledError.HTTPCode,
590                 response)
591         s.cluster.Collections.BlobTrash = true
592
593         // Authenticated admin request for existing block.
594         response = IssueRequest(s.handler, superuserExistingBlockReq)
595         ExpectStatusCode(c,
596                 "data manager request, existing block",
597                 http.StatusOK,
598                 response)
599         // Expect response {"copies_deleted":1,"copies_failed":0}
600         expectedDc = deletecounter{1, 0}
601         json.NewDecoder(response.Body).Decode(&responseDc)
602         if responseDc != expectedDc {
603                 c.Errorf("superuserExistingBlockReq\nexpected: %+v\nreceived: %+v",
604                         expectedDc, responseDc)
605         }
606         // Confirm the block has been deleted
607         buf := make([]byte, BlockSize)
608         _, err := vols[0].Get(context.Background(), TestHash, buf)
609         var blockDeleted = os.IsNotExist(err)
610         if !blockDeleted {
611                 c.Error("superuserExistingBlockReq: block not deleted")
612         }
613
614         // A DELETE request on a block newer than BlobSigningTTL
615         // should return success but leave the block on the volume.
616         vols[0].Put(context.Background(), TestHash, TestBlock)
617         s.cluster.Collections.BlobSigningTTL = arvados.Duration(time.Hour)
618
619         response = IssueRequest(s.handler, superuserExistingBlockReq)
620         ExpectStatusCode(c,
621                 "data manager request, existing block",
622                 http.StatusOK,
623                 response)
624         // Expect response {"copies_deleted":1,"copies_failed":0}
625         expectedDc = deletecounter{1, 0}
626         json.NewDecoder(response.Body).Decode(&responseDc)
627         if responseDc != expectedDc {
628                 c.Errorf("superuserExistingBlockReq\nexpected: %+v\nreceived: %+v",
629                         expectedDc, responseDc)
630         }
631         // Confirm the block has NOT been deleted.
632         _, err = vols[0].Get(context.Background(), TestHash, buf)
633         if err != nil {
634                 c.Errorf("testing delete on new block: %s\n", err)
635         }
636 }
637
638 // TestPullHandler
639 //
640 // Test handling of the PUT /pull statement.
641 //
642 // Cases tested: syntactically valid and invalid pull lists, from the
643 // data manager and from unprivileged users:
644 //
645 //   1. Valid pull list from an ordinary user
646 //      (expected result: 401 Unauthorized)
647 //
648 //   2. Invalid pull request from an ordinary user
649 //      (expected result: 401 Unauthorized)
650 //
651 //   3. Valid pull request from the data manager
652 //      (expected result: 200 OK with request body "Received 3 pull
653 //      requests"
654 //
655 //   4. Invalid pull request from the data manager
656 //      (expected result: 400 Bad Request)
657 //
658 // Test that in the end, the pull manager received a good pull list with
659 // the expected number of requests.
660 //
661 // TODO(twp): test concurrency: launch 100 goroutines to update the
662 // pull list simultaneously.  Make sure that none of them return 400
663 // Bad Request and that pullq.GetList() returns a valid list.
664 //
665 func (s *HandlerSuite) TestPullHandler(c *check.C) {
666         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
667
668         // Replace the router's pullq -- which the worker goroutines
669         // started by setup() are now receiving from -- with a new
670         // one, so we can see what the handler sends to it.
671         pullq := NewWorkQueue()
672         s.handler.Handler.(*router).pullq = pullq
673
674         var userToken = "USER TOKEN"
675         s.cluster.SystemRootToken = "DATA MANAGER TOKEN"
676
677         goodJSON := []byte(`[
678                 {
679                         "locator":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa+12345",
680                         "servers":[
681                                 "http://server1",
682                                 "http://server2"
683                         ]
684                 },
685                 {
686                         "locator":"bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb+12345",
687                         "servers":[]
688                 },
689                 {
690                         "locator":"cccccccccccccccccccccccccccccccc+12345",
691                         "servers":["http://server1"]
692                 }
693         ]`)
694
695         badJSON := []byte(`{ "key":"I'm a little teapot" }`)
696
697         type pullTest struct {
698                 name         string
699                 req          RequestTester
700                 responseCode int
701                 responseBody string
702         }
703         var testcases = []pullTest{
704                 {
705                         "Valid pull list from an ordinary user",
706                         RequestTester{"/pull", userToken, "PUT", goodJSON},
707                         http.StatusUnauthorized,
708                         "Unauthorized\n",
709                 },
710                 {
711                         "Invalid pull request from an ordinary user",
712                         RequestTester{"/pull", userToken, "PUT", badJSON},
713                         http.StatusUnauthorized,
714                         "Unauthorized\n",
715                 },
716                 {
717                         "Valid pull request from the data manager",
718                         RequestTester{"/pull", s.cluster.SystemRootToken, "PUT", goodJSON},
719                         http.StatusOK,
720                         "Received 3 pull requests\n",
721                 },
722                 {
723                         "Invalid pull request from the data manager",
724                         RequestTester{"/pull", s.cluster.SystemRootToken, "PUT", badJSON},
725                         http.StatusBadRequest,
726                         "",
727                 },
728         }
729
730         for _, tst := range testcases {
731                 response := IssueRequest(s.handler, &tst.req)
732                 ExpectStatusCode(c, tst.name, tst.responseCode, response)
733                 ExpectBody(c, tst.name, tst.responseBody, response)
734         }
735
736         // The Keep pull manager should have received one good list with 3
737         // requests on it.
738         for i := 0; i < 3; i++ {
739                 var item interface{}
740                 select {
741                 case item = <-pullq.NextItem:
742                 case <-time.After(time.Second):
743                         c.Error("timed out")
744                 }
745                 if _, ok := item.(PullRequest); !ok {
746                         c.Errorf("item %v could not be parsed as a PullRequest", item)
747                 }
748         }
749
750         expectChannelEmpty(c, pullq.NextItem)
751 }
752
753 // TestTrashHandler
754 //
755 // Test cases:
756 //
757 // Cases tested: syntactically valid and invalid trash lists, from the
758 // data manager and from unprivileged users:
759 //
760 //   1. Valid trash list from an ordinary user
761 //      (expected result: 401 Unauthorized)
762 //
763 //   2. Invalid trash list from an ordinary user
764 //      (expected result: 401 Unauthorized)
765 //
766 //   3. Valid trash list from the data manager
767 //      (expected result: 200 OK with request body "Received 3 trash
768 //      requests"
769 //
770 //   4. Invalid trash list from the data manager
771 //      (expected result: 400 Bad Request)
772 //
773 // Test that in the end, the trash collector received a good list
774 // trash list with the expected number of requests.
775 //
776 // TODO(twp): test concurrency: launch 100 goroutines to update the
777 // pull list simultaneously.  Make sure that none of them return 400
778 // Bad Request and that replica.Dump() returns a valid list.
779 //
780 func (s *HandlerSuite) TestTrashHandler(c *check.C) {
781         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
782         // Replace the router's trashq -- which the worker goroutines
783         // started by setup() are now receiving from -- with a new
784         // one, so we can see what the handler sends to it.
785         trashq := NewWorkQueue()
786         s.handler.Handler.(*router).trashq = trashq
787
788         var userToken = "USER TOKEN"
789         s.cluster.SystemRootToken = "DATA MANAGER TOKEN"
790
791         goodJSON := []byte(`[
792                 {
793                         "locator":"block1",
794                         "block_mtime":1409082153
795                 },
796                 {
797                         "locator":"block2",
798                         "block_mtime":1409082153
799                 },
800                 {
801                         "locator":"block3",
802                         "block_mtime":1409082153
803                 }
804         ]`)
805
806         badJSON := []byte(`I am not a valid JSON string`)
807
808         type trashTest struct {
809                 name         string
810                 req          RequestTester
811                 responseCode int
812                 responseBody string
813         }
814
815         var testcases = []trashTest{
816                 {
817                         "Valid trash list from an ordinary user",
818                         RequestTester{"/trash", userToken, "PUT", goodJSON},
819                         http.StatusUnauthorized,
820                         "Unauthorized\n",
821                 },
822                 {
823                         "Invalid trash list from an ordinary user",
824                         RequestTester{"/trash", userToken, "PUT", badJSON},
825                         http.StatusUnauthorized,
826                         "Unauthorized\n",
827                 },
828                 {
829                         "Valid trash list from the data manager",
830                         RequestTester{"/trash", s.cluster.SystemRootToken, "PUT", goodJSON},
831                         http.StatusOK,
832                         "Received 3 trash requests\n",
833                 },
834                 {
835                         "Invalid trash list from the data manager",
836                         RequestTester{"/trash", s.cluster.SystemRootToken, "PUT", badJSON},
837                         http.StatusBadRequest,
838                         "",
839                 },
840         }
841
842         for _, tst := range testcases {
843                 response := IssueRequest(s.handler, &tst.req)
844                 ExpectStatusCode(c, tst.name, tst.responseCode, response)
845                 ExpectBody(c, tst.name, tst.responseBody, response)
846         }
847
848         // The trash collector should have received one good list with 3
849         // requests on it.
850         for i := 0; i < 3; i++ {
851                 item := <-trashq.NextItem
852                 if _, ok := item.(TrashRequest); !ok {
853                         c.Errorf("item %v could not be parsed as a TrashRequest", item)
854                 }
855         }
856
857         expectChannelEmpty(c, trashq.NextItem)
858 }
859
860 // ====================
861 // Helper functions
862 // ====================
863
864 // IssueTestRequest executes an HTTP request described by rt, to a
865 // REST router.  It returns the HTTP response to the request.
866 func IssueRequest(handler http.Handler, rt *RequestTester) *httptest.ResponseRecorder {
867         response := httptest.NewRecorder()
868         body := bytes.NewReader(rt.requestBody)
869         req, _ := http.NewRequest(rt.method, rt.uri, body)
870         if rt.apiToken != "" {
871                 req.Header.Set("Authorization", "OAuth2 "+rt.apiToken)
872         }
873         handler.ServeHTTP(response, req)
874         return response
875 }
876
877 func IssueHealthCheckRequest(handler http.Handler, rt *RequestTester) *httptest.ResponseRecorder {
878         response := httptest.NewRecorder()
879         body := bytes.NewReader(rt.requestBody)
880         req, _ := http.NewRequest(rt.method, rt.uri, body)
881         if rt.apiToken != "" {
882                 req.Header.Set("Authorization", "Bearer "+rt.apiToken)
883         }
884         handler.ServeHTTP(response, req)
885         return response
886 }
887
888 // ExpectStatusCode checks whether a response has the specified status code,
889 // and reports a test failure if not.
890 func ExpectStatusCode(
891         c *check.C,
892         testname string,
893         expectedStatus int,
894         response *httptest.ResponseRecorder) {
895         c.Check(response.Code, check.Equals, expectedStatus, check.Commentf("%s", testname))
896 }
897
898 func ExpectBody(
899         c *check.C,
900         testname string,
901         expectedBody string,
902         response *httptest.ResponseRecorder) {
903         if expectedBody != "" && response.Body.String() != expectedBody {
904                 c.Errorf("%s: expected response body '%s', got %+v",
905                         testname, expectedBody, response)
906         }
907 }
908
909 // See #7121
910 func (s *HandlerSuite) TestPutNeedsOnlyOneBuffer(c *check.C) {
911         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
912
913         defer func(orig *bufferPool) {
914                 bufs = orig
915         }(bufs)
916         bufs = newBufferPool(ctxlog.TestLogger(c), 1, BlockSize)
917
918         ok := make(chan struct{})
919         go func() {
920                 for i := 0; i < 2; i++ {
921                         response := IssueRequest(s.handler,
922                                 &RequestTester{
923                                         method:      "PUT",
924                                         uri:         "/" + TestHash,
925                                         requestBody: TestBlock,
926                                 })
927                         ExpectStatusCode(c,
928                                 "TestPutNeedsOnlyOneBuffer", http.StatusOK, response)
929                 }
930                 ok <- struct{}{}
931         }()
932
933         select {
934         case <-ok:
935         case <-time.After(time.Second):
936                 c.Fatal("PUT deadlocks with MaxKeepBlobBuffers==1")
937         }
938 }
939
940 // Invoke the PutBlockHandler a bunch of times to test for bufferpool resource
941 // leak.
942 func (s *HandlerSuite) TestPutHandlerNoBufferleak(c *check.C) {
943         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
944
945         ok := make(chan bool)
946         go func() {
947                 for i := 0; i < s.cluster.API.MaxKeepBlobBuffers+1; i++ {
948                         // Unauthenticated request, no server key
949                         // => OK (unsigned response)
950                         unsignedLocator := "/" + TestHash
951                         response := IssueRequest(s.handler,
952                                 &RequestTester{
953                                         method:      "PUT",
954                                         uri:         unsignedLocator,
955                                         requestBody: TestBlock,
956                                 })
957                         ExpectStatusCode(c,
958                                 "TestPutHandlerBufferleak", http.StatusOK, response)
959                         ExpectBody(c,
960                                 "TestPutHandlerBufferleak",
961                                 TestHashPutResp, response)
962                 }
963                 ok <- true
964         }()
965         select {
966         case <-time.After(20 * time.Second):
967                 // If the buffer pool leaks, the test goroutine hangs.
968                 c.Fatal("test did not finish, assuming pool leaked")
969         case <-ok:
970         }
971 }
972
973 type notifyingResponseRecorder struct {
974         *httptest.ResponseRecorder
975         closer chan bool
976 }
977
978 func (r *notifyingResponseRecorder) CloseNotify() <-chan bool {
979         return r.closer
980 }
981
982 func (s *HandlerSuite) TestGetHandlerClientDisconnect(c *check.C) {
983         s.cluster.Collections.BlobSigning = false
984         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
985
986         defer func(orig *bufferPool) {
987                 bufs = orig
988         }(bufs)
989         bufs = newBufferPool(ctxlog.TestLogger(c), 1, BlockSize)
990         defer bufs.Put(bufs.Get(BlockSize))
991
992         if err := s.handler.volmgr.AllWritable()[0].Put(context.Background(), TestHash, TestBlock); err != nil {
993                 c.Error(err)
994         }
995
996         resp := &notifyingResponseRecorder{
997                 ResponseRecorder: httptest.NewRecorder(),
998                 closer:           make(chan bool, 1),
999         }
1000         if _, ok := http.ResponseWriter(resp).(http.CloseNotifier); !ok {
1001                 c.Fatal("notifyingResponseRecorder is broken")
1002         }
1003         // If anyone asks, the client has disconnected.
1004         resp.closer <- true
1005
1006         ok := make(chan struct{})
1007         go func() {
1008                 req, _ := http.NewRequest("GET", fmt.Sprintf("/%s+%d", TestHash, len(TestBlock)), nil)
1009                 s.handler.ServeHTTP(resp, req)
1010                 ok <- struct{}{}
1011         }()
1012
1013         select {
1014         case <-time.After(20 * time.Second):
1015                 c.Fatal("request took >20s, close notifier must be broken")
1016         case <-ok:
1017         }
1018
1019         ExpectStatusCode(c, "client disconnect", http.StatusServiceUnavailable, resp.ResponseRecorder)
1020         for i, v := range s.handler.volmgr.AllWritable() {
1021                 if calls := v.Volume.(*MockVolume).called["GET"]; calls != 0 {
1022                         c.Errorf("volume %d got %d calls, expected 0", i, calls)
1023                 }
1024         }
1025 }
1026
1027 // Invoke the GetBlockHandler a bunch of times to test for bufferpool resource
1028 // leak.
1029 func (s *HandlerSuite) TestGetHandlerNoBufferLeak(c *check.C) {
1030         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
1031
1032         vols := s.handler.volmgr.AllWritable()
1033         if err := vols[0].Put(context.Background(), TestHash, TestBlock); err != nil {
1034                 c.Error(err)
1035         }
1036
1037         ok := make(chan bool)
1038         go func() {
1039                 for i := 0; i < s.cluster.API.MaxKeepBlobBuffers+1; i++ {
1040                         // Unauthenticated request, unsigned locator
1041                         // => OK
1042                         unsignedLocator := "/" + TestHash
1043                         response := IssueRequest(s.handler,
1044                                 &RequestTester{
1045                                         method: "GET",
1046                                         uri:    unsignedLocator,
1047                                 })
1048                         ExpectStatusCode(c,
1049                                 "Unauthenticated request, unsigned locator", http.StatusOK, response)
1050                         ExpectBody(c,
1051                                 "Unauthenticated request, unsigned locator",
1052                                 string(TestBlock),
1053                                 response)
1054                 }
1055                 ok <- true
1056         }()
1057         select {
1058         case <-time.After(20 * time.Second):
1059                 // If the buffer pool leaks, the test goroutine hangs.
1060                 c.Fatal("test did not finish, assuming pool leaked")
1061         case <-ok:
1062         }
1063 }
1064
1065 func (s *HandlerSuite) TestPutReplicationHeader(c *check.C) {
1066         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
1067
1068         resp := IssueRequest(s.handler, &RequestTester{
1069                 method:      "PUT",
1070                 uri:         "/" + TestHash,
1071                 requestBody: TestBlock,
1072         })
1073         if r := resp.Header().Get("X-Keep-Replicas-Stored"); r != "1" {
1074                 c.Logf("%#v", resp)
1075                 c.Errorf("Got X-Keep-Replicas-Stored: %q, expected %q", r, "1")
1076         }
1077 }
1078
1079 func (s *HandlerSuite) TestUntrashHandler(c *check.C) {
1080         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
1081
1082         // Set up Keep volumes
1083         vols := s.handler.volmgr.AllWritable()
1084         vols[0].Put(context.Background(), TestHash, TestBlock)
1085
1086         s.cluster.SystemRootToken = "DATA MANAGER TOKEN"
1087
1088         // unauthenticatedReq => UnauthorizedError
1089         unauthenticatedReq := &RequestTester{
1090                 method: "PUT",
1091                 uri:    "/untrash/" + TestHash,
1092         }
1093         response := IssueRequest(s.handler, unauthenticatedReq)
1094         ExpectStatusCode(c,
1095                 "Unauthenticated request",
1096                 UnauthorizedError.HTTPCode,
1097                 response)
1098
1099         // notDataManagerReq => UnauthorizedError
1100         notDataManagerReq := &RequestTester{
1101                 method:   "PUT",
1102                 uri:      "/untrash/" + TestHash,
1103                 apiToken: knownToken,
1104         }
1105
1106         response = IssueRequest(s.handler, notDataManagerReq)
1107         ExpectStatusCode(c,
1108                 "Non-datamanager token",
1109                 UnauthorizedError.HTTPCode,
1110                 response)
1111
1112         // datamanagerWithBadHashReq => StatusBadRequest
1113         datamanagerWithBadHashReq := &RequestTester{
1114                 method:   "PUT",
1115                 uri:      "/untrash/thisisnotalocator",
1116                 apiToken: s.cluster.SystemRootToken,
1117         }
1118         response = IssueRequest(s.handler, datamanagerWithBadHashReq)
1119         ExpectStatusCode(c,
1120                 "Bad locator in untrash request",
1121                 http.StatusBadRequest,
1122                 response)
1123
1124         // datamanagerWrongMethodReq => StatusBadRequest
1125         datamanagerWrongMethodReq := &RequestTester{
1126                 method:   "GET",
1127                 uri:      "/untrash/" + TestHash,
1128                 apiToken: s.cluster.SystemRootToken,
1129         }
1130         response = IssueRequest(s.handler, datamanagerWrongMethodReq)
1131         ExpectStatusCode(c,
1132                 "Only PUT method is supported for untrash",
1133                 http.StatusMethodNotAllowed,
1134                 response)
1135
1136         // datamanagerReq => StatusOK
1137         datamanagerReq := &RequestTester{
1138                 method:   "PUT",
1139                 uri:      "/untrash/" + TestHash,
1140                 apiToken: s.cluster.SystemRootToken,
1141         }
1142         response = IssueRequest(s.handler, datamanagerReq)
1143         ExpectStatusCode(c,
1144                 "",
1145                 http.StatusOK,
1146                 response)
1147         c.Check(response.Body.String(), check.Equals, "Successfully untrashed on: [MockVolume], [MockVolume]\n")
1148 }
1149
1150 func (s *HandlerSuite) TestUntrashHandlerWithNoWritableVolumes(c *check.C) {
1151         // Change all volumes to read-only
1152         for uuid, v := range s.cluster.Volumes {
1153                 v.ReadOnly = true
1154                 s.cluster.Volumes[uuid] = v
1155         }
1156         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
1157
1158         // datamanagerReq => StatusOK
1159         datamanagerReq := &RequestTester{
1160                 method:   "PUT",
1161                 uri:      "/untrash/" + TestHash,
1162                 apiToken: s.cluster.SystemRootToken,
1163         }
1164         response := IssueRequest(s.handler, datamanagerReq)
1165         ExpectStatusCode(c,
1166                 "No writable volumes",
1167                 http.StatusNotFound,
1168                 response)
1169 }
1170
1171 func (s *HandlerSuite) TestHealthCheckPing(c *check.C) {
1172         s.cluster.ManagementToken = arvadostest.ManagementToken
1173         c.Assert(s.handler.setup(context.Background(), s.cluster, "", prometheus.NewRegistry(), testServiceURL), check.IsNil)
1174         pingReq := &RequestTester{
1175                 method:   "GET",
1176                 uri:      "/_health/ping",
1177                 apiToken: arvadostest.ManagementToken,
1178         }
1179         response := IssueHealthCheckRequest(s.handler, pingReq)
1180         ExpectStatusCode(c,
1181                 "",
1182                 http.StatusOK,
1183                 response)
1184         want := `{"health":"OK"}`
1185         if !strings.Contains(response.Body.String(), want) {
1186                 c.Errorf("expected response to include %s: got %s", want, response.Body.String())
1187         }
1188 }