1 // Tests for Keep HTTP handlers:
7 // The HTTP handlers are responsible for enforcing permission policy,
8 // so these tests must exercise all possible permission permutations.
25 // A RequestTester represents the parameters for an HTTP request to
26 // be issued on behalf of a unit test.
27 type RequestTester struct {
34 // Test GetBlockHandler on the following situations:
35 // - permissions off, unauthenticated request, unsigned locator
36 // - permissions on, authenticated request, signed locator
37 // - permissions on, authenticated request, unsigned locator
38 // - permissions on, unauthenticated request, signed locator
39 // - permissions on, authenticated request, expired locator
41 func TestGetHandler(t *testing.T) {
44 // Prepare two test Keep volumes. Our block is stored on the second volume.
45 KeepVM = MakeTestVolumeManager(2)
48 vols := KeepVM.AllWritable()
49 if err := vols[0].Put(TEST_HASH, TEST_BLOCK); err != nil {
53 // Create locators for testing.
54 // Turn on permission settings so we can generate signed locators.
55 enforce_permissions = true
56 PermissionSecret = []byte(known_key)
57 blob_signature_ttl = 300 * time.Second
60 unsigned_locator = "/" + TEST_HASH
61 valid_timestamp = time.Now().Add(blob_signature_ttl)
62 expired_timestamp = time.Now().Add(-time.Hour)
63 signed_locator = "/" + SignLocator(TEST_HASH, known_token, valid_timestamp)
64 expired_locator = "/" + SignLocator(TEST_HASH, known_token, expired_timestamp)
68 // Test unauthenticated request with permissions off.
69 enforce_permissions = false
71 // Unauthenticated request, unsigned locator
73 response := IssueRequest(
76 uri: unsigned_locator,
79 "Unauthenticated request, unsigned locator", http.StatusOK, response)
81 "Unauthenticated request, unsigned locator",
85 received_cl := response.Header().Get("Content-Length")
86 expected_cl := fmt.Sprintf("%d", len(TEST_BLOCK))
87 if received_cl != expected_cl {
88 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
93 enforce_permissions = true
95 // Authenticated request, signed locator
97 response = IssueRequest(&RequestTester{
100 api_token: known_token,
103 "Authenticated request, signed locator", http.StatusOK, response)
105 "Authenticated request, signed locator", string(TEST_BLOCK), response)
107 received_cl = response.Header().Get("Content-Length")
108 expected_cl = fmt.Sprintf("%d", len(TEST_BLOCK))
109 if received_cl != expected_cl {
110 t.Errorf("expected Content-Length %s, got %s", expected_cl, received_cl)
113 // Authenticated request, unsigned locator
114 // => PermissionError
115 response = IssueRequest(&RequestTester{
117 uri: unsigned_locator,
118 api_token: known_token,
120 ExpectStatusCode(t, "unsigned locator", PermissionError.HTTPCode, response)
122 // Unauthenticated request, signed locator
123 // => PermissionError
124 response = IssueRequest(&RequestTester{
129 "Unauthenticated request, signed locator",
130 PermissionError.HTTPCode, response)
132 // Authenticated request, expired locator
134 response = IssueRequest(&RequestTester{
136 uri: expired_locator,
137 api_token: known_token,
140 "Authenticated request, expired locator",
141 ExpiredError.HTTPCode, response)
144 // Test PutBlockHandler on the following situations:
146 // - with server key, authenticated request, unsigned locator
147 // - with server key, unauthenticated request, unsigned locator
149 func TestPutHandler(t *testing.T) {
152 // Prepare two test Keep volumes.
153 KeepVM = MakeTestVolumeManager(2)
159 // Unauthenticated request, no server key
160 // => OK (unsigned response)
161 unsigned_locator := "/" + TEST_HASH
162 response := IssueRequest(
165 uri: unsigned_locator,
166 request_body: TEST_BLOCK,
170 "Unauthenticated request, no server key", http.StatusOK, response)
172 "Unauthenticated request, no server key",
173 TEST_HASH_PUT_RESPONSE, response)
175 // ------------------
176 // With a server key.
178 PermissionSecret = []byte(known_key)
179 blob_signature_ttl = 300 * time.Second
181 // When a permission key is available, the locator returned
182 // from an authenticated PUT request will be signed.
184 // Authenticated PUT, signed locator
185 // => OK (signed response)
186 response = IssueRequest(
189 uri: unsigned_locator,
190 request_body: TEST_BLOCK,
191 api_token: known_token,
195 "Authenticated PUT, signed locator, with server key",
196 http.StatusOK, response)
197 response_locator := strings.TrimSpace(response.Body.String())
198 if !VerifySignature(response_locator, known_token) {
199 t.Errorf("Authenticated PUT, signed locator, with server key:\n"+
200 "response '%s' does not contain a valid signature",
204 // Unauthenticated PUT, unsigned locator
206 response = IssueRequest(
209 uri: unsigned_locator,
210 request_body: TEST_BLOCK,
214 "Unauthenticated PUT, unsigned locator, with server key",
215 http.StatusOK, response)
217 "Unauthenticated PUT, unsigned locator, with server key",
218 TEST_HASH_PUT_RESPONSE, response)
221 func TestPutAndDeleteSkipReadonlyVolumes(t *testing.T) {
223 data_manager_token = "fake-data-manager-token"
224 vols := []*MockVolume{CreateMockVolume(), CreateMockVolume()}
225 vols[0].Readonly = true
226 KeepVM = MakeRRVolumeManager([]Volume{vols[0], vols[1]})
231 uri: "/" + TEST_HASH,
232 request_body: TEST_BLOCK,
237 uri: "/" + TEST_HASH,
238 request_body: TEST_BLOCK,
239 api_token: data_manager_token,
246 for _, e := range []expect{
255 if calls := vols[e.volnum].CallCount(e.method); calls != e.callcount {
256 t.Errorf("Got %d %s() on vol %d, expect %d", calls, e.method, e.volnum, e.callcount)
261 // Test /index requests:
262 // - unauthenticated /index request
263 // - unauthenticated /index/prefix request
264 // - authenticated /index request | non-superuser
265 // - authenticated /index/prefix request | non-superuser
266 // - authenticated /index request | superuser
267 // - authenticated /index/prefix request | superuser
269 // The only /index requests that should succeed are those issued by the
270 // superuser. They should pass regardless of the value of enforce_permissions.
272 func TestIndexHandler(t *testing.T) {
275 // Set up Keep volumes and populate them.
276 // Include multiple blocks on different volumes, and
277 // some metadata files (which should be omitted from index listings)
278 KeepVM = MakeTestVolumeManager(2)
281 vols := KeepVM.AllWritable()
282 vols[0].Put(TEST_HASH, TEST_BLOCK)
283 vols[1].Put(TEST_HASH_2, TEST_BLOCK_2)
284 vols[0].Put(TEST_HASH+".meta", []byte("metadata"))
285 vols[1].Put(TEST_HASH_2+".meta", []byte("metadata"))
287 data_manager_token = "DATA MANAGER TOKEN"
289 unauthenticated_req := &RequestTester{
293 authenticated_req := &RequestTester{
296 api_token: known_token,
298 superuser_req := &RequestTester{
301 api_token: data_manager_token,
303 unauth_prefix_req := &RequestTester{
305 uri: "/index/" + TEST_HASH[0:3],
307 auth_prefix_req := &RequestTester{
309 uri: "/index/" + TEST_HASH[0:3],
310 api_token: known_token,
312 superuser_prefix_req := &RequestTester{
314 uri: "/index/" + TEST_HASH[0:3],
315 api_token: data_manager_token,
318 // -------------------------------------------------------------
319 // Only the superuser should be allowed to issue /index requests.
321 // ---------------------------
322 // enforce_permissions enabled
323 // This setting should not affect tests passing.
324 enforce_permissions = true
326 // unauthenticated /index request
327 // => UnauthorizedError
328 response := IssueRequest(unauthenticated_req)
330 "enforce_permissions on, unauthenticated request",
331 UnauthorizedError.HTTPCode,
334 // unauthenticated /index/prefix request
335 // => UnauthorizedError
336 response = IssueRequest(unauth_prefix_req)
338 "permissions on, unauthenticated /index/prefix request",
339 UnauthorizedError.HTTPCode,
342 // authenticated /index request, non-superuser
343 // => UnauthorizedError
344 response = IssueRequest(authenticated_req)
346 "permissions on, authenticated request, non-superuser",
347 UnauthorizedError.HTTPCode,
350 // authenticated /index/prefix request, non-superuser
351 // => UnauthorizedError
352 response = IssueRequest(auth_prefix_req)
354 "permissions on, authenticated /index/prefix request, non-superuser",
355 UnauthorizedError.HTTPCode,
358 // superuser /index request
360 response = IssueRequest(superuser_req)
362 "permissions on, superuser request",
366 // ----------------------------
367 // enforce_permissions disabled
368 // Valid Request should still pass.
369 enforce_permissions = false
371 // superuser /index request
373 response = IssueRequest(superuser_req)
375 "permissions on, superuser request",
379 expected := `^` + TEST_HASH + `\+\d+ \d+\n` +
380 TEST_HASH_2 + `\+\d+ \d+\n$`
381 match, _ := regexp.MatchString(expected, response.Body.String())
384 "permissions on, superuser request: expected %s, got:\n%s",
385 expected, response.Body.String())
388 // superuser /index/prefix request
390 response = IssueRequest(superuser_prefix_req)
392 "permissions on, superuser request",
396 expected = `^` + TEST_HASH + `\+\d+ \d+\n$`
397 match, _ = regexp.MatchString(expected, response.Body.String())
400 "permissions on, superuser /index/prefix request: expected %s, got:\n%s",
401 expected, response.Body.String())
409 // With no token and with a non-data-manager token:
410 // * Delete existing block
411 // (test for 403 Forbidden, confirm block not deleted)
413 // With data manager token:
415 // * Delete existing block
416 // (test for 200 OK, response counts, confirm block deleted)
418 // * Delete nonexistent block
419 // (test for 200 OK, response counts)
423 // * Delete block on read-only and read-write volume
424 // (test for 200 OK, response with copies_deleted=1,
425 // copies_failed=1, confirm block deleted only on r/w volume)
427 // * Delete block on read-only volume only
428 // (test for 200 OK, response with copies_deleted=0, copies_failed=1,
429 // confirm block not deleted)
431 func TestDeleteHandler(t *testing.T) {
434 // Set up Keep volumes and populate them.
435 // Include multiple blocks on different volumes, and
436 // some metadata files (which should be omitted from index listings)
437 KeepVM = MakeTestVolumeManager(2)
440 vols := KeepVM.AllWritable()
441 vols[0].Put(TEST_HASH, TEST_BLOCK)
443 // Explicitly set the blob_signature_ttl to 0 for these
444 // tests, to ensure the MockVolume deletes the blocks
445 // even though they have just been created.
446 blob_signature_ttl = time.Duration(0)
448 var user_token = "NOT DATA MANAGER TOKEN"
449 data_manager_token = "DATA MANAGER TOKEN"
451 unauth_req := &RequestTester{
453 uri: "/" + TEST_HASH,
456 user_req := &RequestTester{
458 uri: "/" + TEST_HASH,
459 api_token: user_token,
462 superuser_existing_block_req := &RequestTester{
464 uri: "/" + TEST_HASH,
465 api_token: data_manager_token,
468 superuser_nonexistent_block_req := &RequestTester{
470 uri: "/" + TEST_HASH_2,
471 api_token: data_manager_token,
474 // Unauthenticated request returns PermissionError.
475 var response *httptest.ResponseRecorder
476 response = IssueRequest(unauth_req)
478 "unauthenticated request",
479 PermissionError.HTTPCode,
482 // Authenticated non-admin request returns PermissionError.
483 response = IssueRequest(user_req)
485 "authenticated non-admin request",
486 PermissionError.HTTPCode,
489 // Authenticated admin request for nonexistent block.
490 type deletecounter struct {
491 Deleted int `json:"copies_deleted"`
492 Failed int `json:"copies_failed"`
494 var response_dc, expected_dc deletecounter
496 response = IssueRequest(superuser_nonexistent_block_req)
498 "data manager request, nonexistent block",
502 // Authenticated admin request for existing block while never_delete is set.
504 response = IssueRequest(superuser_existing_block_req)
506 "authenticated request, existing block, method disabled",
507 MethodDisabledError.HTTPCode,
511 // Authenticated admin request for existing block.
512 response = IssueRequest(superuser_existing_block_req)
514 "data manager request, existing block",
517 // Expect response {"copies_deleted":1,"copies_failed":0}
518 expected_dc = deletecounter{1, 0}
519 json.NewDecoder(response.Body).Decode(&response_dc)
520 if response_dc != expected_dc {
521 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
522 expected_dc, response_dc)
524 // Confirm the block has been deleted
525 _, err := vols[0].Get(TEST_HASH)
526 var block_deleted = os.IsNotExist(err)
528 t.Error("superuser_existing_block_req: block not deleted")
531 // A DELETE request on a block newer than blob_signature_ttl
532 // should return success but leave the block on the volume.
533 vols[0].Put(TEST_HASH, TEST_BLOCK)
534 blob_signature_ttl = time.Hour
536 response = IssueRequest(superuser_existing_block_req)
538 "data manager request, existing block",
541 // Expect response {"copies_deleted":1,"copies_failed":0}
542 expected_dc = deletecounter{1, 0}
543 json.NewDecoder(response.Body).Decode(&response_dc)
544 if response_dc != expected_dc {
545 t.Errorf("superuser_existing_block_req\nexpected: %+v\nreceived: %+v",
546 expected_dc, response_dc)
548 // Confirm the block has NOT been deleted.
549 _, err = vols[0].Get(TEST_HASH)
551 t.Errorf("testing delete on new block: %s\n", err)
557 // Test handling of the PUT /pull statement.
559 // Cases tested: syntactically valid and invalid pull lists, from the
560 // data manager and from unprivileged users:
562 // 1. Valid pull list from an ordinary user
563 // (expected result: 401 Unauthorized)
565 // 2. Invalid pull request from an ordinary user
566 // (expected result: 401 Unauthorized)
568 // 3. Valid pull request from the data manager
569 // (expected result: 200 OK with request body "Received 3 pull
572 // 4. Invalid pull request from the data manager
573 // (expected result: 400 Bad Request)
575 // Test that in the end, the pull manager received a good pull list with
576 // the expected number of requests.
578 // TODO(twp): test concurrency: launch 100 goroutines to update the
579 // pull list simultaneously. Make sure that none of them return 400
580 // Bad Request and that pullq.GetList() returns a valid list.
582 func TestPullHandler(t *testing.T) {
585 var user_token = "USER TOKEN"
586 data_manager_token = "DATA MANAGER TOKEN"
588 pullq = NewWorkQueue()
590 good_json := []byte(`[
592 "locator":"locator_with_two_servers",
599 "locator":"locator_with_no_servers",
604 "servers":["empty_locator"]
608 bad_json := []byte(`{ "key":"I'm a little teapot" }`)
610 type pullTest struct {
616 var testcases = []pullTest{
618 "Valid pull list from an ordinary user",
619 RequestTester{"/pull", user_token, "PUT", good_json},
620 http.StatusUnauthorized,
624 "Invalid pull request from an ordinary user",
625 RequestTester{"/pull", user_token, "PUT", bad_json},
626 http.StatusUnauthorized,
630 "Valid pull request from the data manager",
631 RequestTester{"/pull", data_manager_token, "PUT", good_json},
633 "Received 3 pull requests\n",
636 "Invalid pull request from the data manager",
637 RequestTester{"/pull", data_manager_token, "PUT", bad_json},
638 http.StatusBadRequest,
643 for _, tst := range testcases {
644 response := IssueRequest(&tst.req)
645 ExpectStatusCode(t, tst.name, tst.response_code, response)
646 ExpectBody(t, tst.name, tst.response_body, response)
649 // The Keep pull manager should have received one good list with 3
651 for i := 0; i < 3; i++ {
652 item := <-pullq.NextItem
653 if _, ok := item.(PullRequest); !ok {
654 t.Errorf("item %v could not be parsed as a PullRequest", item)
658 expectChannelEmpty(t, pullq.NextItem)
665 // Cases tested: syntactically valid and invalid trash lists, from the
666 // data manager and from unprivileged users:
668 // 1. Valid trash list from an ordinary user
669 // (expected result: 401 Unauthorized)
671 // 2. Invalid trash list from an ordinary user
672 // (expected result: 401 Unauthorized)
674 // 3. Valid trash list from the data manager
675 // (expected result: 200 OK with request body "Received 3 trash
678 // 4. Invalid trash list from the data manager
679 // (expected result: 400 Bad Request)
681 // Test that in the end, the trash collector received a good list
682 // trash list with the expected number of requests.
684 // TODO(twp): test concurrency: launch 100 goroutines to update the
685 // pull list simultaneously. Make sure that none of them return 400
686 // Bad Request and that replica.Dump() returns a valid list.
688 func TestTrashHandler(t *testing.T) {
691 var user_token = "USER TOKEN"
692 data_manager_token = "DATA MANAGER TOKEN"
694 trashq = NewWorkQueue()
696 good_json := []byte(`[
699 "block_mtime":1409082153
703 "block_mtime":1409082153
707 "block_mtime":1409082153
711 bad_json := []byte(`I am not a valid JSON string`)
713 type trashTest struct {
720 var testcases = []trashTest{
722 "Valid trash list from an ordinary user",
723 RequestTester{"/trash", user_token, "PUT", good_json},
724 http.StatusUnauthorized,
728 "Invalid trash list from an ordinary user",
729 RequestTester{"/trash", user_token, "PUT", bad_json},
730 http.StatusUnauthorized,
734 "Valid trash list from the data manager",
735 RequestTester{"/trash", data_manager_token, "PUT", good_json},
737 "Received 3 trash requests\n",
740 "Invalid trash list from the data manager",
741 RequestTester{"/trash", data_manager_token, "PUT", bad_json},
742 http.StatusBadRequest,
747 for _, tst := range testcases {
748 response := IssueRequest(&tst.req)
749 ExpectStatusCode(t, tst.name, tst.response_code, response)
750 ExpectBody(t, tst.name, tst.response_body, response)
753 // The trash collector should have received one good list with 3
755 for i := 0; i < 3; i++ {
756 item := <-trashq.NextItem
757 if _, ok := item.(TrashRequest); !ok {
758 t.Errorf("item %v could not be parsed as a TrashRequest", item)
762 expectChannelEmpty(t, trashq.NextItem)
765 // ====================
767 // ====================
769 // IssueTestRequest executes an HTTP request described by rt, to a
770 // REST router. It returns the HTTP response to the request.
771 func IssueRequest(rt *RequestTester) *httptest.ResponseRecorder {
772 response := httptest.NewRecorder()
773 body := bytes.NewReader(rt.request_body)
774 req, _ := http.NewRequest(rt.method, rt.uri, body)
775 if rt.api_token != "" {
776 req.Header.Set("Authorization", "OAuth2 "+rt.api_token)
778 loggingRouter := MakeLoggingRESTRouter()
779 loggingRouter.ServeHTTP(response, req)
783 // ExpectStatusCode checks whether a response has the specified status code,
784 // and reports a test failure if not.
785 func ExpectStatusCode(
789 response *httptest.ResponseRecorder) {
790 if response.Code != expected_status {
791 t.Errorf("%s: expected status %s, got %+v",
792 testname, expected_status, response)
799 expected_body string,
800 response *httptest.ResponseRecorder) {
801 if expected_body != "" && response.Body.String() != expected_body {
802 t.Errorf("%s: expected response body '%s', got %+v",
803 testname, expected_body, response)
807 // Invoke the PutBlockHandler a bunch of times to test for bufferpool resource
809 func TestPutHandlerNoBufferleak(t *testing.T) {
812 // Prepare two test Keep volumes.
813 KeepVM = MakeTestVolumeManager(2)
816 ok := make(chan bool)
818 for i := 0; i < maxBuffers+1; i += 1 {
819 // Unauthenticated request, no server key
820 // => OK (unsigned response)
821 unsigned_locator := "/" + TEST_HASH
822 response := IssueRequest(
825 uri: unsigned_locator,
826 request_body: TEST_BLOCK,
829 "TestPutHandlerBufferleak", http.StatusOK, response)
831 "TestPutHandlerBufferleak",
832 TEST_HASH_PUT_RESPONSE, response)
837 case <-time.After(20 * time.Second):
838 // If the buffer pool leaks, the test goroutine hangs.
839 t.Fatal("test did not finish, assuming pool leaked")
844 // Invoke the GetBlockHandler a bunch of times to test for bufferpool resource
846 func TestGetHandlerNoBufferleak(t *testing.T) {
849 // Prepare two test Keep volumes. Our block is stored on the second volume.
850 KeepVM = MakeTestVolumeManager(2)
853 vols := KeepVM.AllWritable()
854 if err := vols[0].Put(TEST_HASH, TEST_BLOCK); err != nil {
858 ok := make(chan bool)
860 for i := 0; i < maxBuffers+1; i += 1 {
861 // Unauthenticated request, unsigned locator
863 unsigned_locator := "/" + TEST_HASH
864 response := IssueRequest(
867 uri: unsigned_locator,
870 "Unauthenticated request, unsigned locator", http.StatusOK, response)
872 "Unauthenticated request, unsigned locator",
879 case <-time.After(20 * time.Second):
880 // If the buffer pool leaks, the test goroutine hangs.
881 t.Fatal("test did not finish, assuming pool leaked")