16914: "Get current user" is forwarded to LoginCluster
[arvados.git] / lib / controller / federation / user_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package federation
6
7 import (
8         "context"
9         "encoding/json"
10         "errors"
11         "math"
12         "net/url"
13         "os"
14         "strings"
15
16         "git.arvados.org/arvados.git/lib/controller/rpc"
17         "git.arvados.org/arvados.git/sdk/go/arvados"
18         "git.arvados.org/arvados.git/sdk/go/arvadostest"
19         "git.arvados.org/arvados.git/sdk/go/auth"
20         "git.arvados.org/arvados.git/sdk/go/ctxlog"
21         check "gopkg.in/check.v1"
22 )
23
24 var _ = check.Suite(&UserSuite{})
25
26 type UserSuite struct {
27         FederationSuite
28 }
29
30 func (s *UserSuite) TestLoginClusterUserList(c *check.C) {
31         s.cluster.ClusterID = "local"
32         s.cluster.Login.LoginCluster = "zzzzz"
33         s.fed = New(s.cluster)
34         s.addDirectRemote(c, "zzzzz", rpc.NewConn("zzzzz", &url.URL{Scheme: "https", Host: os.Getenv("ARVADOS_API_HOST")}, true, rpc.PassthroughTokenProvider))
35
36         for _, updateFail := range []bool{false, true} {
37                 for _, opts := range []arvados.ListOptions{
38                         {Offset: 0, Limit: -1, Select: nil},
39                         {Offset: 0, Limit: math.MaxInt64, Select: nil},
40                         {Offset: 1, Limit: 1, Select: nil},
41                         {Offset: 0, Limit: 2, Select: []string{"uuid"}},
42                         {Offset: 0, Limit: 2, Select: []string{"uuid", "email"}},
43                 } {
44                         c.Logf("updateFail %v, opts %#v", updateFail, opts)
45                         spy := arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
46                         stub := &arvadostest.APIStub{Error: errors.New("local cluster failure")}
47                         if updateFail {
48                                 s.fed.local = stub
49                         } else {
50                                 s.fed.local = rpc.NewConn(s.cluster.ClusterID, spy.URL, true, rpc.PassthroughTokenProvider)
51                         }
52                         userlist, err := s.fed.UserList(s.ctx, opts)
53                         if err != nil {
54                                 c.Logf("... UserList failed %q", err)
55                         }
56                         if updateFail && err == nil {
57                                 // All local updates fail, so the only
58                                 // cases expected to succeed are the
59                                 // ones with 0 results.
60                                 c.Check(userlist.Items, check.HasLen, 0)
61                                 c.Check(stub.Calls(nil), check.HasLen, 0)
62                         } else if updateFail {
63                                 c.Logf("... err %#v", err)
64                                 calls := stub.Calls(stub.UserBatchUpdate)
65                                 if c.Check(calls, check.HasLen, 1) {
66                                         c.Logf("... stub.UserUpdate called with options: %#v", calls[0].Options)
67                                         shouldUpdate := map[string]bool{
68                                                 "uuid":       false,
69                                                 "email":      true,
70                                                 "first_name": true,
71                                                 "last_name":  true,
72                                                 "is_admin":   true,
73                                                 "is_active":  true,
74                                                 "prefs":      true,
75                                                 // can't safely update locally
76                                                 "owner_uuid":   false,
77                                                 "identity_url": false,
78                                                 // virtual attrs
79                                                 "full_name":  false,
80                                                 "is_invited": false,
81                                         }
82                                         if opts.Select != nil {
83                                                 // Only the selected
84                                                 // fields (minus uuid)
85                                                 // should be updated.
86                                                 for k := range shouldUpdate {
87                                                         shouldUpdate[k] = false
88                                                 }
89                                                 for _, k := range opts.Select {
90                                                         if k != "uuid" {
91                                                                 shouldUpdate[k] = true
92                                                         }
93                                                 }
94                                         }
95                                         var uuid string
96                                         for uuid = range calls[0].Options.(arvados.UserBatchUpdateOptions).Updates {
97                                         }
98                                         for k, shouldFind := range shouldUpdate {
99                                                 _, found := calls[0].Options.(arvados.UserBatchUpdateOptions).Updates[uuid][k]
100                                                 c.Check(found, check.Equals, shouldFind, check.Commentf("offending attr: %s", k))
101                                         }
102                                 }
103                         } else {
104                                 updates := 0
105                                 for _, d := range spy.RequestDumps {
106                                         d := string(d)
107                                         if strings.Contains(d, "PATCH /arvados/v1/users/batch") {
108                                                 c.Check(d, check.Matches, `(?ms).*Authorization: Bearer `+arvadostest.SystemRootToken+`.*`)
109                                                 updates++
110                                         }
111                                 }
112                                 c.Check(err, check.IsNil)
113                                 c.Check(updates, check.Equals, 1)
114                                 c.Logf("... response items %#v", userlist.Items)
115                         }
116                 }
117         }
118 }
119
120 func (s *UserSuite) TestLoginClusterUserListBypassFederation(c *check.C) {
121         s.cluster.ClusterID = "local"
122         s.cluster.Login.LoginCluster = "zzzzz"
123         s.fed = New(s.cluster)
124         s.addDirectRemote(c, "zzzzz", rpc.NewConn("zzzzz", &url.URL{Scheme: "https", Host: os.Getenv("ARVADOS_API_HOST")},
125                 true, rpc.PassthroughTokenProvider))
126
127         spy := arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
128         s.fed.local = rpc.NewConn(s.cluster.ClusterID, spy.URL, true, rpc.PassthroughTokenProvider)
129
130         _, err := s.fed.UserList(s.ctx, arvados.ListOptions{Offset: 0, Limit: math.MaxInt64, Select: nil, BypassFederation: true})
131         // this will fail because it is not using a root token
132         c.Check(err.(*arvados.TransactionError).StatusCode, check.Equals, 403)
133
134         // Now use SystemRootToken
135         ctx := context.Background()
136         ctx = ctxlog.Context(ctx, ctxlog.TestLogger(c))
137         ctx = auth.NewContext(ctx, &auth.Credentials{Tokens: []string{arvadostest.SystemRootToken}})
138
139         // Assert that it did not try to batch update users.
140         _, err = s.fed.UserList(ctx, arvados.ListOptions{Offset: 0, Limit: math.MaxInt64, Select: nil, BypassFederation: true})
141         for _, d := range spy.RequestDumps {
142                 d := string(d)
143                 if strings.Contains(d, "PATCH /arvados/v1/users/batch") {
144                         c.Fail()
145                 }
146         }
147         c.Check(err, check.IsNil)
148 }
149
150 // userAttrsCachedFromLoginCluster must have an entry for every field
151 // in the User struct.
152 func (s *UserSuite) TestUserAttrsUpdateWhitelist(c *check.C) {
153         buf, err := json.Marshal(&arvados.User{})
154         c.Assert(err, check.IsNil)
155         var allFields map[string]interface{}
156         err = json.Unmarshal(buf, &allFields)
157         c.Assert(err, check.IsNil)
158         for k := range allFields {
159                 _, ok := userAttrsCachedFromLoginCluster[k]
160                 c.Check(ok, check.Equals, true, check.Commentf("field name %q missing from userAttrsCachedFromLoginCluster", k))
161         }
162 }