1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
18 "git.curoverse.com/arvados.git/sdk/go/arvados"
19 "git.curoverse.com/arvados.git/sdk/go/arvadostest"
20 "git.curoverse.com/arvados.git/sdk/go/ctxlog"
21 "git.curoverse.com/arvados.git/sdk/go/httpserver"
22 check "gopkg.in/check.v1"
25 // Gocheck boilerplate
26 func Test(t *testing.T) {
30 var _ = check.Suite(&HandlerSuite{})
32 type HandlerSuite struct {
33 cluster *arvados.Cluster
36 cancel context.CancelFunc
39 func (s *HandlerSuite) SetUpTest(c *check.C) {
40 s.ctx, s.cancel = context.WithCancel(context.Background())
41 s.ctx = ctxlog.Context(s.ctx, ctxlog.New(os.Stderr, "json", "debug"))
42 s.cluster = &arvados.Cluster{
44 PostgreSQL: integrationTestCluster().PostgreSQL,
46 s.cluster.TLS.Insecure = true
47 arvadostest.SetServiceURL(&s.cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST"))
48 arvadostest.SetServiceURL(&s.cluster.Services.Controller, "http://localhost:/")
49 s.handler = newHandler(s.ctx, s.cluster, "")
52 func (s *HandlerSuite) TearDownTest(c *check.C) {
56 func (s *HandlerSuite) TestConfigExport(c *check.C) {
57 s.cluster.ManagementToken = "secret"
58 s.cluster.SystemRootToken = "secret"
59 s.cluster.Collections.BlobSigning = true
60 s.cluster.Collections.BlobSigningTTL = arvados.Duration(23 * time.Second)
61 req := httptest.NewRequest("GET", "/arvados/v1/config", nil)
62 resp := httptest.NewRecorder()
63 s.handler.ServeHTTP(resp, req)
64 c.Check(resp.Code, check.Equals, http.StatusOK)
65 var cluster arvados.Cluster
66 c.Log(resp.Body.String())
67 err := json.Unmarshal(resp.Body.Bytes(), &cluster)
68 c.Check(err, check.IsNil)
69 c.Check(cluster.ManagementToken, check.Equals, "")
70 c.Check(cluster.SystemRootToken, check.Equals, "")
71 c.Check(cluster.Collections.BlobSigning, check.DeepEquals, true)
72 c.Check(cluster.Collections.BlobSigningTTL, check.Equals, arvados.Duration(23*time.Second))
75 func (s *HandlerSuite) TestProxyDiscoveryDoc(c *check.C) {
76 req := httptest.NewRequest("GET", "/discovery/v1/apis/arvados/v1/rest", nil)
77 resp := httptest.NewRecorder()
78 s.handler.ServeHTTP(resp, req)
79 c.Check(resp.Code, check.Equals, http.StatusOK)
80 var dd arvados.DiscoveryDocument
81 err := json.Unmarshal(resp.Body.Bytes(), &dd)
82 c.Check(err, check.IsNil)
83 c.Check(dd.BlobSignatureTTL, check.Not(check.Equals), int64(0))
84 c.Check(dd.BlobSignatureTTL > 0, check.Equals, true)
85 c.Check(len(dd.Resources), check.Not(check.Equals), 0)
86 c.Check(len(dd.Schemas), check.Not(check.Equals), 0)
89 func (s *HandlerSuite) TestRequestTimeout(c *check.C) {
90 s.cluster.API.RequestTimeout = arvados.Duration(time.Nanosecond)
91 req := httptest.NewRequest("GET", "/discovery/v1/apis/arvados/v1/rest", nil)
92 resp := httptest.NewRecorder()
93 s.handler.ServeHTTP(resp, req)
94 c.Check(resp.Code, check.Equals, http.StatusBadGateway)
95 var jresp httpserver.ErrorResponse
96 err := json.Unmarshal(resp.Body.Bytes(), &jresp)
97 c.Check(err, check.IsNil)
98 c.Assert(len(jresp.Errors), check.Equals, 1)
99 c.Check(jresp.Errors[0], check.Matches, `.*context deadline exceeded.*`)
102 func (s *HandlerSuite) TestProxyWithoutToken(c *check.C) {
103 req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil)
104 resp := httptest.NewRecorder()
105 s.handler.ServeHTTP(resp, req)
106 c.Check(resp.Code, check.Equals, http.StatusUnauthorized)
107 jresp := map[string]interface{}{}
108 err := json.Unmarshal(resp.Body.Bytes(), &jresp)
109 c.Check(err, check.IsNil)
110 c.Check(jresp["errors"], check.FitsTypeOf, []interface{}{})
113 func (s *HandlerSuite) TestProxyWithToken(c *check.C) {
114 req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil)
115 req.Header.Set("Authorization", "Bearer "+arvadostest.ActiveToken)
116 resp := httptest.NewRecorder()
117 s.handler.ServeHTTP(resp, req)
118 c.Check(resp.Code, check.Equals, http.StatusOK)
120 err := json.Unmarshal(resp.Body.Bytes(), &u)
121 c.Check(err, check.IsNil)
122 c.Check(u.UUID, check.Equals, arvadostest.ActiveUserUUID)
125 func (s *HandlerSuite) TestProxyWithTokenInRequestBody(c *check.C) {
126 req := httptest.NewRequest("POST", "/arvados/v1/users/current", strings.NewReader(url.Values{
128 "api_token": {arvadostest.ActiveToken},
130 req.Header.Set("Content-type", "application/x-www-form-urlencoded")
131 resp := httptest.NewRecorder()
132 s.handler.ServeHTTP(resp, req)
133 c.Check(resp.Code, check.Equals, http.StatusOK)
135 err := json.Unmarshal(resp.Body.Bytes(), &u)
136 c.Check(err, check.IsNil)
137 c.Check(u.UUID, check.Equals, arvadostest.ActiveUserUUID)
140 func (s *HandlerSuite) TestProxyNotFound(c *check.C) {
141 req := httptest.NewRequest("GET", "/arvados/v1/xyzzy", nil)
142 resp := httptest.NewRecorder()
143 s.handler.ServeHTTP(resp, req)
144 c.Check(resp.Code, check.Equals, http.StatusNotFound)
145 jresp := map[string]interface{}{}
146 err := json.Unmarshal(resp.Body.Bytes(), &jresp)
147 c.Check(err, check.IsNil)
148 c.Check(jresp["errors"], check.FitsTypeOf, []interface{}{})
151 func (s *HandlerSuite) TestProxyRedirect(c *check.C) {
152 req := httptest.NewRequest("GET", "https://0.0.0.0:1/login?return_to=foo", nil)
153 resp := httptest.NewRecorder()
154 s.handler.ServeHTTP(resp, req)
155 c.Check(resp.Code, check.Equals, http.StatusFound)
156 c.Check(resp.Header().Get("Location"), check.Matches, `https://0.0.0.0:1/auth/joshid\?return_to=%2Cfoo&?`)
159 func (s *HandlerSuite) TestValidateV1APIToken(c *check.C) {
160 req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil)
161 user, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveToken)
162 c.Assert(err, check.IsNil)
163 c.Check(user.Authorization.UUID, check.Equals, arvadostest.ActiveTokenUUID)
164 c.Check(user.Authorization.APIToken, check.Equals, arvadostest.ActiveToken)
165 c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"})
166 c.Check(user.UUID, check.Equals, arvadostest.ActiveUserUUID)
169 func (s *HandlerSuite) TestValidateV2APIToken(c *check.C) {
170 req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil)
171 user, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveTokenV2)
172 c.Assert(err, check.IsNil)
173 c.Check(user.Authorization.UUID, check.Equals, arvadostest.ActiveTokenUUID)
174 c.Check(user.Authorization.APIToken, check.Equals, arvadostest.ActiveToken)
175 c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"})
176 c.Check(user.UUID, check.Equals, arvadostest.ActiveUserUUID)
177 c.Check(user.Authorization.TokenV2(), check.Equals, arvadostest.ActiveTokenV2)
180 func (s *HandlerSuite) TestCreateAPIToken(c *check.C) {
181 req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil)
182 auth, err := s.handler.(*Handler).createAPItoken(req, arvadostest.ActiveUserUUID, nil)
183 c.Assert(err, check.IsNil)
184 c.Check(auth.Scopes, check.DeepEquals, []string{"all"})
186 user, err := s.handler.(*Handler).validateAPItoken(req, auth.TokenV2())
187 c.Assert(err, check.IsNil)
188 c.Check(user.Authorization.UUID, check.Equals, auth.UUID)
189 c.Check(user.Authorization.APIToken, check.Equals, auth.APIToken)
190 c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"})
191 c.Check(user.UUID, check.Equals, arvadostest.ActiveUserUUID)
192 c.Check(user.Authorization.TokenV2(), check.Equals, auth.TokenV2())