1 // Tests for Keep HTTP handlers:
7 // The HTTP handlers are responsible for enforcing permission policy,
8 // so these tests must exercise all possible permission permutations.
25 // A RequestTester represents the parameters for an HTTP request to
26 // be issued on behalf of a unit test.
27 type RequestTester struct {
34 // Test GetBlockHandler on the following situations:
35 // - permissions off, unauthenticated request, unsigned locator
36 // - permissions on, authenticated request, signed locator
37 // - permissions on, authenticated request, unsigned locator
38 // - permissions on, unauthenticated request, signed locator
39 // - permissions on, authenticated request, expired locator
41 func TestGetHandler(t *testing.T) {
44 // Prepare two test Keep volumes. Our block is stored on the second volume.
45 KeepVM = MakeTestVolumeManager(2)
48 vols := KeepVM.Volumes()
49 if err := vols[0].Put(TEST_HASH, TEST_BLOCK); err != nil {
53 // Create locators for testing.
54 // Turn on permission settings so we can generate signed locators.
55 enforce_permissions = true
56 PermissionSecret = []byte(known_key)
57 permission_ttl = time.Duration(300) * time.Second
60 unsigned_locator = "/" + TEST_HASH
61 valid_timestamp = time.Now().Add(permission_ttl)
62 expired_timestamp = time.Now().Add(-time.Hour)
63 signed_locator = "/" + SignLocator(TEST_HASH, known_token, valid_timestamp)
64 expired_locator = "/" + SignLocator(TEST_HASH, known_token, expired_timestamp)
68 // Test unauthenticated request with permissions off.
69 enforce_permissions = false
71 // Unauthenticated request, unsigned locator
73 response := IssueRequest(
76 uri: unsigned_locator,
79 "Unauthenticated request, unsigned locator", http.StatusOK, response)
81 "Unauthenticated request, unsigned locator",
85 received_cl := response.Header().Get("Content-Length")
86 expected_cl := fmt.Sprintf("%d", len(TEST_BLOCK))
87 if received_cl != expected_cl {
88 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
93 enforce_permissions = true
95 // Authenticated request, signed locator
97 response = IssueRequest(&RequestTester{
100 api_token: known_token,
103 "Authenticated request, signed locator", http.StatusOK, response)
105 "Authenticated request, signed locator", string(TEST_BLOCK), response)
107 received_cl = response.Header().Get("Content-Length")
108 expected_cl = fmt.Sprintf("%d", len(TEST_BLOCK))
109 if received_cl != expected_cl {
110 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
113 // Authenticated request, unsigned locator
114 // => PermissionError
115 response = IssueRequest(&RequestTester{
117 uri: unsigned_locator,
118 api_token: known_token,
120 ExpectStatusCode(t, "unsigned locator", PermissionError.HTTPCode, response)
122 // Unauthenticated request, signed locator
123 // => PermissionError
124 response = IssueRequest(&RequestTester{
129 "Unauthenticated request, signed locator",
130 PermissionError.HTTPCode, response)
132 // Authenticated request, expired locator
134 response = IssueRequest(&RequestTester{
136 uri: expired_locator,
137 api_token: known_token,
140 "Authenticated request, expired locator",
141 ExpiredError.HTTPCode, response)
144 // Test PutBlockHandler on the following situations:
146 // - with server key, authenticated request, unsigned locator
147 // - with server key, unauthenticated request, unsigned locator
149 func TestPutHandler(t *testing.T) {
152 // Prepare two test Keep volumes.
153 KeepVM = MakeTestVolumeManager(2)
159 // Unauthenticated request, no server key
160 // => OK (unsigned response)
161 unsigned_locator := "/" + TEST_HASH
162 response := IssueRequest(
165 uri: unsigned_locator,
166 request_body: TEST_BLOCK,
170 "Unauthenticated request, no server key", http.StatusOK, response)
172 "Unauthenticated request, no server key",
173 TEST_HASH_PUT_RESPONSE, response)
175 // ------------------
176 // With a server key.
178 PermissionSecret = []byte(known_key)
179 permission_ttl = time.Duration(300) * time.Second
181 // When a permission key is available, the locator returned
182 // from an authenticated PUT request will be signed.
184 // Authenticated PUT, signed locator
185 // => OK (signed response)
186 response = IssueRequest(
189 uri: unsigned_locator,
190 request_body: TEST_BLOCK,
191 api_token: known_token,
195 "Authenticated PUT, signed locator, with server key",
196 http.StatusOK, response)
197 response_locator := strings.TrimSpace(response.Body.String())
198 if !VerifySignature(response_locator, known_token) {
199 t.Errorf("Authenticated PUT, signed locator, with server key:\n"+
200 "response '%s' does not contain a valid signature",
204 // Unauthenticated PUT, unsigned locator
206 response = IssueRequest(
209 uri: unsigned_locator,
210 request_body: TEST_BLOCK,
214 "Unauthenticated PUT, unsigned locator, with server key",
215 http.StatusOK, response)
217 "Unauthenticated PUT, unsigned locator, with server key",
218 TEST_HASH_PUT_RESPONSE, response)
221 // Test /index requests:
222 // - unauthenticated /index request
223 // - unauthenticated /index/prefix request
224 // - authenticated /index request | non-superuser
225 // - authenticated /index/prefix request | non-superuser
226 // - authenticated /index request | superuser
227 // - authenticated /index/prefix request | superuser
229 // The only /index requests that should succeed are those issued by the
230 // superuser. They should pass regardless of the value of enforce_permissions.
232 func TestIndexHandler(t *testing.T) {
235 // Set up Keep volumes and populate them.
236 // Include multiple blocks on different volumes, and
237 // some metadata files (which should be omitted from index listings)
238 KeepVM = MakeTestVolumeManager(2)
241 vols := KeepVM.Volumes()
242 vols[0].Put(TEST_HASH, TEST_BLOCK)
243 vols[1].Put(TEST_HASH_2, TEST_BLOCK_2)
244 vols[0].Put(TEST_HASH+".meta", []byte("metadata"))
245 vols[1].Put(TEST_HASH_2+".meta", []byte("metadata"))
247 data_manager_token = "DATA MANAGER TOKEN"
249 unauthenticated_req := &RequestTester{
253 authenticated_req := &RequestTester{
256 api_token: known_token,
258 superuser_req := &RequestTester{
261 api_token: data_manager_token,
263 unauth_prefix_req := &RequestTester{
265 uri: "/index/" + TEST_HASH[0:3],
267 auth_prefix_req := &RequestTester{
269 uri: "/index/" + TEST_HASH[0:3],
270 api_token: known_token,
272 superuser_prefix_req := &RequestTester{
274 uri: "/index/" + TEST_HASH[0:3],
275 api_token: data_manager_token,
278 // -------------------------------------------------------------
279 // Only the superuser should be allowed to issue /index requests.
281 // ---------------------------
282 // enforce_permissions enabled
283 // This setting should not affect tests passing.
284 enforce_permissions = true
286 // unauthenticated /index request
287 // => UnauthorizedError
288 response := IssueRequest(unauthenticated_req)
290 "enforce_permissions on, unauthenticated request",
291 UnauthorizedError.HTTPCode,
294 // unauthenticated /index/prefix request
295 // => UnauthorizedError
296 response = IssueRequest(unauth_prefix_req)
298 "permissions on, unauthenticated /index/prefix request",
299 UnauthorizedError.HTTPCode,
302 // authenticated /index request, non-superuser
303 // => UnauthorizedError
304 response = IssueRequest(authenticated_req)
306 "permissions on, authenticated request, non-superuser",
307 UnauthorizedError.HTTPCode,
310 // authenticated /index/prefix request, non-superuser
311 // => UnauthorizedError
312 response = IssueRequest(auth_prefix_req)
314 "permissions on, authenticated /index/prefix request, non-superuser",
315 UnauthorizedError.HTTPCode,
318 // superuser /index request
320 response = IssueRequest(superuser_req)
322 "permissions on, superuser request",
326 // ----------------------------
327 // enforce_permissions disabled
328 // Valid Request should still pass.
329 enforce_permissions = false
331 // superuser /index request
333 response = IssueRequest(superuser_req)
335 "permissions on, superuser request",
339 expected := `^` + TEST_HASH + `\+\d+ \d+\n` +
340 TEST_HASH_2 + `\+\d+ \d+\n$`
341 match, _ := regexp.MatchString(expected, response.Body.String())
344 "permissions on, superuser request: expected %s, got:\n%s",
345 expected, response.Body.String())
348 // superuser /index/prefix request
350 response = IssueRequest(superuser_prefix_req)
352 "permissions on, superuser request",
356 expected = `^` + TEST_HASH + `\+\d+ \d+\n$`
357 match, _ = regexp.MatchString(expected, response.Body.String())
360 "permissions on, superuser /index/prefix request: expected %s, got:\n%s",
361 expected, response.Body.String())
369 // With no token and with a non-data-manager token:
370 // * Delete existing block
371 // (test for 403 Forbidden, confirm block not deleted)
373 // With data manager token:
375 // * Delete existing block
376 // (test for 200 OK, response counts, confirm block deleted)
378 // * Delete nonexistent block
379 // (test for 200 OK, response counts)
383 // * Delete block on read-only and read-write volume
384 // (test for 200 OK, response with copies_deleted=1,
385 // copies_failed=1, confirm block deleted only on r/w volume)
387 // * Delete block on read-only volume only
388 // (test for 200 OK, response with copies_deleted=0, copies_failed=1,
389 // confirm block not deleted)
391 func TestDeleteHandler(t *testing.T) {
394 // Set up Keep volumes and populate them.
395 // Include multiple blocks on different volumes, and
396 // some metadata files (which should be omitted from index listings)
397 KeepVM = MakeTestVolumeManager(2)
400 vols := KeepVM.Volumes()
401 vols[0].Put(TEST_HASH, TEST_BLOCK)
403 // Explicitly set the permission_ttl to 0 for these
404 // tests, to ensure the MockVolume deletes the blocks
405 // even though they have just been created.
406 permission_ttl = time.Duration(0)
408 var user_token = "NOT DATA MANAGER TOKEN"
409 data_manager_token = "DATA MANAGER TOKEN"
411 unauth_req := &RequestTester{
413 uri: "/" + TEST_HASH,
416 user_req := &RequestTester{
418 uri: "/" + TEST_HASH,
419 api_token: user_token,
422 superuser_existing_block_req := &RequestTester{
424 uri: "/" + TEST_HASH,
425 api_token: data_manager_token,
428 superuser_nonexistent_block_req := &RequestTester{
430 uri: "/" + TEST_HASH_2,
431 api_token: data_manager_token,
434 // Unauthenticated request returns PermissionError.
435 var response *httptest.ResponseRecorder
436 response = IssueRequest(unauth_req)
438 "unauthenticated request",
439 PermissionError.HTTPCode,
442 // Authenticated non-admin request returns PermissionError.
443 response = IssueRequest(user_req)
445 "authenticated non-admin request",
446 PermissionError.HTTPCode,
449 // Authenticated admin request for nonexistent block.
450 type deletecounter struct {
451 Deleted int `json:"copies_deleted"`
452 Failed int `json:"copies_failed"`
454 var response_dc, expected_dc deletecounter
456 response = IssueRequest(superuser_nonexistent_block_req)
458 "data manager request, nonexistent block",
462 // Authenticated admin request for existing block while never_delete is set.
464 response = IssueRequest(superuser_existing_block_req)
466 "authenticated request, existing block, method disabled",
467 MethodDisabledError.HTTPCode,
471 // Authenticated admin request for existing block.
472 response = IssueRequest(superuser_existing_block_req)
474 "data manager request, existing block",
477 // Expect response {"copies_deleted":1,"copies_failed":0}
478 expected_dc = deletecounter{1, 0}
479 json.NewDecoder(response.Body).Decode(&response_dc)
480 if response_dc != expected_dc {
481 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
482 expected_dc, response_dc)
484 // Confirm the block has been deleted
485 _, err := vols[0].Get(TEST_HASH)
486 var block_deleted = os.IsNotExist(err)
488 t.Error("superuser_existing_block_req: block not deleted")
491 // A DELETE request on a block newer than permission_ttl should return
492 // success but leave the block on the volume.
493 vols[0].Put(TEST_HASH, TEST_BLOCK)
494 permission_ttl = time.Duration(1) * time.Hour
496 response = IssueRequest(superuser_existing_block_req)
498 "data manager request, existing block",
501 // Expect response {"copies_deleted":1,"copies_failed":0}
502 expected_dc = deletecounter{1, 0}
503 json.NewDecoder(response.Body).Decode(&response_dc)
504 if response_dc != expected_dc {
505 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
506 expected_dc, response_dc)
508 // Confirm the block has NOT been deleted.
509 _, err = vols[0].Get(TEST_HASH)
511 t.Errorf("testing delete on new block: %s\n", err)
517 // Test handling of the PUT /pull statement.
519 // Cases tested: syntactically valid and invalid pull lists, from the
520 // data manager and from unprivileged users:
522 // 1. Valid pull list from an ordinary user
523 // (expected result: 401 Unauthorized)
525 // 2. Invalid pull request from an ordinary user
526 // (expected result: 401 Unauthorized)
528 // 3. Valid pull request from the data manager
529 // (expected result: 200 OK with request body "Received 3 pull
532 // 4. Invalid pull request from the data manager
533 // (expected result: 400 Bad Request)
535 // Test that in the end, the pull manager received a good pull list with
536 // the expected number of requests.
538 // TODO(twp): test concurrency: launch 100 goroutines to update the
539 // pull list simultaneously. Make sure that none of them return 400
540 // Bad Request and that pullq.GetList() returns a valid list.
542 func TestPullHandler(t *testing.T) {
545 var user_token = "USER TOKEN"
546 data_manager_token = "DATA MANAGER TOKEN"
548 good_json := []byte(`[
550 "locator":"locator_with_two_servers",
557 "locator":"locator_with_no_servers",
562 "servers":["empty_locator"]
566 bad_json := []byte(`{ "key":"I'm a little teapot" }`)
568 type pullTest struct {
574 var testcases = []pullTest{
576 "Valid pull list from an ordinary user",
577 RequestTester{"/pull", user_token, "PUT", good_json},
578 http.StatusUnauthorized,
582 "Invalid pull request from an ordinary user",
583 RequestTester{"/pull", user_token, "PUT", bad_json},
584 http.StatusUnauthorized,
588 "Valid pull request from the data manager",
589 RequestTester{"/pull", data_manager_token, "PUT", good_json},
591 "Received 3 pull requests\n",
594 "Invalid pull request from the data manager",
595 RequestTester{"/pull", data_manager_token, "PUT", bad_json},
596 http.StatusBadRequest,
601 for _, tst := range testcases {
602 response := IssueRequest(&tst.req)
603 ExpectStatusCode(t, tst.name, tst.response_code, response)
604 ExpectBody(t, tst.name, tst.response_body, response)
607 // The Keep pull manager should have received one good list with 3
609 for i := 0; i < 3; i++ {
610 item := <-pullq.NextItem
611 if _, ok := item.(PullRequest); !ok {
612 t.Errorf("item %v could not be parsed as a PullRequest", item)
616 expectChannelEmpty(t, pullq.NextItem)
623 // Cases tested: syntactically valid and invalid trash lists, from the
624 // data manager and from unprivileged users:
626 // 1. Valid trash list from an ordinary user
627 // (expected result: 401 Unauthorized)
629 // 2. Invalid trash list from an ordinary user
630 // (expected result: 401 Unauthorized)
632 // 3. Valid trash list from the data manager
633 // (expected result: 200 OK with request body "Received 3 trash
636 // 4. Invalid trash list from the data manager
637 // (expected result: 400 Bad Request)
639 // Test that in the end, the trash collector received a good list
640 // trash list with the expected number of requests.
642 // TODO(twp): test concurrency: launch 100 goroutines to update the
643 // pull list simultaneously. Make sure that none of them return 400
644 // Bad Request and that replica.Dump() returns a valid list.
646 func TestTrashHandler(t *testing.T) {
649 var user_token = "USER TOKEN"
650 data_manager_token = "DATA MANAGER TOKEN"
652 good_json := []byte(`[
655 "block_mtime":1409082153
659 "block_mtime":1409082153
663 "block_mtime":1409082153
667 bad_json := []byte(`I am not a valid JSON string`)
669 type trashTest struct {
676 var testcases = []trashTest{
678 "Valid trash list from an ordinary user",
679 RequestTester{"/trash", user_token, "PUT", good_json},
680 http.StatusUnauthorized,
684 "Invalid trash list from an ordinary user",
685 RequestTester{"/trash", user_token, "PUT", bad_json},
686 http.StatusUnauthorized,
690 "Valid trash list from the data manager",
691 RequestTester{"/trash", data_manager_token, "PUT", good_json},
693 "Received 3 trash requests\n",
696 "Invalid trash list from the data manager",
697 RequestTester{"/trash", data_manager_token, "PUT", bad_json},
698 http.StatusBadRequest,
703 for _, tst := range testcases {
704 response := IssueRequest(&tst.req)
705 ExpectStatusCode(t, tst.name, tst.response_code, response)
706 ExpectBody(t, tst.name, tst.response_body, response)
709 // The trash collector should have received one good list with 3
711 for i := 0; i < 3; i++ {
712 item := <-trashq.NextItem
713 if _, ok := item.(TrashRequest); !ok {
714 t.Errorf("item %v could not be parsed as a TrashRequest", item)
718 expectChannelEmpty(t, trashq.NextItem)
721 // ====================
723 // ====================
725 // IssueTestRequest executes an HTTP request described by rt, to a
726 // REST router. It returns the HTTP response to the request.
727 func IssueRequest(rt *RequestTester) *httptest.ResponseRecorder {
728 response := httptest.NewRecorder()
729 body := bytes.NewReader(rt.request_body)
730 req, _ := http.NewRequest(rt.method, rt.uri, body)
731 if rt.api_token != "" {
732 req.Header.Set("Authorization", "OAuth2 "+rt.api_token)
734 loggingRouter := MakeLoggingRESTRouter()
735 loggingRouter.ServeHTTP(response, req)
739 // ExpectStatusCode checks whether a response has the specified status code,
740 // and reports a test failure if not.
741 func ExpectStatusCode(
745 response *httptest.ResponseRecorder) {
746 if response.Code != expected_status {
747 t.Errorf("%s: expected status %s, got %+v",
748 testname, expected_status, response)
755 expected_body string,
756 response *httptest.ResponseRecorder) {
757 if response.Body.String() != expected_body {
758 t.Errorf("%s: expected response body '%s', got %+v",
759 testname, expected_body, response)
projects / arvados.git / blob