1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
20 "git.curoverse.com/arvados.git/sdk/go/arvadosclient"
21 "git.curoverse.com/arvados.git/sdk/go/arvadostest"
22 "git.curoverse.com/arvados.git/sdk/go/keepclient"
27 // Gocheck boilerplate
28 func Test(t *testing.T) {
32 // Gocheck boilerplate
33 var _ = Suite(&ServerRequiredSuite{})
35 // Tests that require the Keep server running
36 type ServerRequiredSuite struct{}
38 // Gocheck boilerplate
39 var _ = Suite(&NoKeepServerSuite{})
41 // Test with no keepserver to simulate errors
42 type NoKeepServerSuite struct{}
44 var TestProxyUUID = "zzzzz-bi6l4-lrixqc4fxofbmzz"
46 // Wait (up to 1 second) for keepproxy to listen on a port. This
47 // avoids a race condition where we hit a "connection refused" error
48 // because we start testing the proxy too soon.
49 func waitForListener() {
53 for i := 0; listener == nil && i < 10000; i += ms {
54 time.Sleep(ms * time.Millisecond)
57 panic("Timed out waiting for listener to start")
61 func closeListener() {
67 func (s *ServerRequiredSuite) SetUpSuite(c *C) {
68 arvadostest.StartAPI()
69 arvadostest.StartKeep(2, false)
72 func (s *ServerRequiredSuite) SetUpTest(c *C) {
73 arvadostest.ResetEnv()
76 func (s *ServerRequiredSuite) TearDownSuite(c *C) {
77 arvadostest.StopKeep(2)
81 func (s *NoKeepServerSuite) SetUpSuite(c *C) {
82 arvadostest.StartAPI()
83 // We need API to have some keep services listed, but the
84 // services themselves should be unresponsive.
85 arvadostest.StartKeep(2, false)
86 arvadostest.StopKeep(2)
89 func (s *NoKeepServerSuite) SetUpTest(c *C) {
90 arvadostest.ResetEnv()
93 func (s *NoKeepServerSuite) TearDownSuite(c *C) {
97 func runProxy(c *C, args []string, bogusClientToken bool) *keepclient.KeepClient {
98 args = append([]string{"keepproxy"}, args...)
99 os.Args = append(args, "-listen=:0")
104 arv, err := arvadosclient.MakeArvadosClient()
105 c.Assert(err, Equals, nil)
106 if bogusClientToken {
107 arv.ApiToken = "bogus-token"
109 kc := keepclient.New(arv)
110 sr := map[string]string{
111 TestProxyUUID: "http://" + listener.Addr().String(),
113 kc.SetServiceRoots(sr, sr, sr)
114 kc.Arvados.External = true
119 func (s *ServerRequiredSuite) TestResponseViaHeader(c *C) {
120 runProxy(c, nil, false)
121 defer closeListener()
123 req, err := http.NewRequest("POST",
124 "http://"+listener.Addr().String()+"/",
125 strings.NewReader("TestViaHeader"))
126 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
127 resp, err := (&http.Client{}).Do(req)
128 c.Assert(err, Equals, nil)
129 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
130 locator, err := ioutil.ReadAll(resp.Body)
131 c.Assert(err, Equals, nil)
134 req, err = http.NewRequest("GET",
135 "http://"+listener.Addr().String()+"/"+string(locator),
137 c.Assert(err, Equals, nil)
138 resp, err = (&http.Client{}).Do(req)
139 c.Assert(err, Equals, nil)
140 c.Check(resp.Header.Get("Via"), Equals, "HTTP/1.1 keepproxy")
144 func (s *ServerRequiredSuite) TestLoopDetection(c *C) {
145 kc := runProxy(c, nil, false)
146 defer closeListener()
148 sr := map[string]string{
149 TestProxyUUID: "http://" + listener.Addr().String(),
151 router.(*proxyHandler).KeepClient.SetServiceRoots(sr, sr, sr)
153 content := []byte("TestLoopDetection")
154 _, _, err := kc.PutB(content)
155 c.Check(err, ErrorMatches, `.*loop detected.*`)
157 hash := fmt.Sprintf("%x", md5.Sum(content))
158 _, _, _, err = kc.Get(hash)
159 c.Check(err, ErrorMatches, `.*loop detected.*`)
162 func (s *ServerRequiredSuite) TestDesiredReplicas(c *C) {
163 kc := runProxy(c, nil, false)
164 defer closeListener()
166 content := []byte("TestDesiredReplicas")
167 hash := fmt.Sprintf("%x", md5.Sum(content))
169 for _, kc.Want_replicas = range []int{0, 1, 2} {
170 locator, rep, err := kc.PutB(content)
171 c.Check(err, Equals, nil)
172 c.Check(rep, Equals, kc.Want_replicas)
174 c.Check(locator, Matches, fmt.Sprintf(`^%s\+%d(\+.+)?$`, hash, len(content)))
179 func (s *ServerRequiredSuite) TestPutWrongContentLength(c *C) {
180 kc := runProxy(c, nil, false)
181 defer closeListener()
183 content := []byte("TestPutWrongContentLength")
184 hash := fmt.Sprintf("%x", md5.Sum(content))
186 // If we use http.Client to send these requests to the network
187 // server we just started, the Go http library automatically
188 // fixes the invalid Content-Length header. In order to test
189 // our server behavior, we have to call the handler directly
190 // using an httptest.ResponseRecorder.
191 rtr := MakeRESTRouter(true, true, kc, 10*time.Second, "")
193 type testcase struct {
198 for _, t := range []testcase{
199 {"1", http.StatusBadRequest},
200 {"", http.StatusLengthRequired},
201 {"-1", http.StatusLengthRequired},
202 {"abcdef", http.StatusLengthRequired},
204 req, err := http.NewRequest("PUT",
205 fmt.Sprintf("http://%s/%s+%d", listener.Addr().String(), hash, len(content)),
206 bytes.NewReader(content))
208 req.Header.Set("Content-Length", t.sendLength)
209 req.Header.Set("Authorization", "OAuth2 "+arvadostest.ActiveToken)
210 req.Header.Set("Content-Type", "application/octet-stream")
212 resp := httptest.NewRecorder()
213 rtr.ServeHTTP(resp, req)
214 c.Check(resp.Code, Equals, t.expectStatus)
218 func (s *ServerRequiredSuite) TestPutAskGet(c *C) {
219 kc := runProxy(c, nil, false)
220 defer closeListener()
222 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
226 _, _, err := kc.Ask(hash)
227 c.Check(err, Equals, keepclient.BlockNotFound)
228 c.Log("Finished Ask (expected BlockNotFound)")
232 reader, _, _, err := kc.Get(hash)
233 c.Check(reader, Equals, nil)
234 c.Check(err, Equals, keepclient.BlockNotFound)
235 c.Log("Finished Get (expected BlockNotFound)")
238 // Note in bug #5309 among other errors keepproxy would set
239 // Content-Length incorrectly on the 404 BlockNotFound response, this
240 // would result in a protocol violation that would prevent reuse of the
241 // connection, which would manifest by the next attempt to use the
242 // connection (in this case the PutB below) failing. So to test for
243 // that bug it's necessary to trigger an error response (such as
244 // BlockNotFound) and then do something else with the same httpClient
250 hash2, rep, err = kc.PutB([]byte("foo"))
251 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
252 c.Check(rep, Equals, 2)
253 c.Check(err, Equals, nil)
254 c.Log("Finished PutB (expected success)")
258 blocklen, _, err := kc.Ask(hash2)
259 c.Assert(err, Equals, nil)
260 c.Check(blocklen, Equals, int64(3))
261 c.Log("Finished Ask (expected success)")
265 reader, blocklen, _, err := kc.Get(hash2)
266 c.Assert(err, Equals, nil)
267 all, err := ioutil.ReadAll(reader)
268 c.Check(all, DeepEquals, []byte("foo"))
269 c.Check(blocklen, Equals, int64(3))
270 c.Log("Finished Get (expected success)")
276 hash2, rep, err = kc.PutB([]byte(""))
277 c.Check(hash2, Matches, `^d41d8cd98f00b204e9800998ecf8427e\+0(\+.+)?$`)
278 c.Check(rep, Equals, 2)
279 c.Check(err, Equals, nil)
280 c.Log("Finished PutB zero block")
284 reader, blocklen, _, err := kc.Get("d41d8cd98f00b204e9800998ecf8427e")
285 c.Assert(err, Equals, nil)
286 all, err := ioutil.ReadAll(reader)
287 c.Check(all, DeepEquals, []byte(""))
288 c.Check(blocklen, Equals, int64(0))
289 c.Log("Finished Get zero block")
293 func (s *ServerRequiredSuite) TestPutAskGetForbidden(c *C) {
294 kc := runProxy(c, nil, true)
295 defer closeListener()
297 hash := fmt.Sprintf("%x", md5.Sum([]byte("bar")))
300 _, _, err := kc.Ask(hash)
301 errNotFound, _ := err.(keepclient.ErrNotFound)
302 c.Check(errNotFound, NotNil)
303 c.Assert(strings.Contains(err.Error(), "HTTP 403"), Equals, true)
308 hash2, rep, err := kc.PutB([]byte("bar"))
309 c.Check(hash2, Equals, "")
310 c.Check(rep, Equals, 0)
311 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError(errors.New("")))
316 blocklen, _, err := kc.Ask(hash)
317 errNotFound, _ := err.(keepclient.ErrNotFound)
318 c.Check(errNotFound, NotNil)
319 c.Assert(strings.Contains(err.Error(), "HTTP 403"), Equals, true)
320 c.Check(blocklen, Equals, int64(0))
325 _, blocklen, _, err := kc.Get(hash)
326 errNotFound, _ := err.(keepclient.ErrNotFound)
327 c.Check(errNotFound, NotNil)
328 c.Assert(strings.Contains(err.Error(), "HTTP 403"), Equals, true)
329 c.Check(blocklen, Equals, int64(0))
334 func (s *ServerRequiredSuite) TestGetDisabled(c *C) {
335 kc := runProxy(c, []string{"-no-get"}, false)
336 defer closeListener()
338 hash := fmt.Sprintf("%x", md5.Sum([]byte("baz")))
341 _, _, err := kc.Ask(hash)
342 errNotFound, _ := err.(keepclient.ErrNotFound)
343 c.Check(errNotFound, NotNil)
344 c.Assert(strings.Contains(err.Error(), "HTTP 400"), Equals, true)
349 hash2, rep, err := kc.PutB([]byte("baz"))
350 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+3(\+.+)?$`, hash))
351 c.Check(rep, Equals, 2)
352 c.Check(err, Equals, nil)
357 blocklen, _, err := kc.Ask(hash)
358 errNotFound, _ := err.(keepclient.ErrNotFound)
359 c.Check(errNotFound, NotNil)
360 c.Assert(strings.Contains(err.Error(), "HTTP 400"), Equals, true)
361 c.Check(blocklen, Equals, int64(0))
366 _, blocklen, _, err := kc.Get(hash)
367 errNotFound, _ := err.(keepclient.ErrNotFound)
368 c.Check(errNotFound, NotNil)
369 c.Assert(strings.Contains(err.Error(), "HTTP 400"), Equals, true)
370 c.Check(blocklen, Equals, int64(0))
375 func (s *ServerRequiredSuite) TestPutDisabled(c *C) {
376 kc := runProxy(c, []string{"-no-put"}, false)
377 defer closeListener()
379 hash2, rep, err := kc.PutB([]byte("quux"))
380 c.Check(hash2, Equals, "")
381 c.Check(rep, Equals, 0)
382 c.Check(err, FitsTypeOf, keepclient.InsufficientReplicasError(errors.New("")))
385 func (s *ServerRequiredSuite) TestCorsHeaders(c *C) {
386 runProxy(c, nil, false)
387 defer closeListener()
390 client := http.Client{}
391 req, err := http.NewRequest("OPTIONS",
392 fmt.Sprintf("http://%s/%x+3", listener.Addr().String(), md5.Sum([]byte("foo"))),
394 req.Header.Add("Access-Control-Request-Method", "PUT")
395 req.Header.Add("Access-Control-Request-Headers", "Authorization, X-Keep-Desired-Replicas")
396 resp, err := client.Do(req)
397 c.Check(err, Equals, nil)
398 c.Check(resp.StatusCode, Equals, 200)
399 body, err := ioutil.ReadAll(resp.Body)
400 c.Check(string(body), Equals, "")
401 c.Check(resp.Header.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, POST, PUT, OPTIONS")
402 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
406 resp, err := http.Get(
407 fmt.Sprintf("http://%s/%x+3", listener.Addr().String(), md5.Sum([]byte("foo"))))
408 c.Check(err, Equals, nil)
409 c.Check(resp.Header.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
410 c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
414 func (s *ServerRequiredSuite) TestPostWithoutHash(c *C) {
415 runProxy(c, nil, false)
416 defer closeListener()
419 client := http.Client{}
420 req, err := http.NewRequest("POST",
421 "http://"+listener.Addr().String()+"/",
422 strings.NewReader("qux"))
423 req.Header.Add("Authorization", "OAuth2 "+arvadostest.ActiveToken)
424 req.Header.Add("Content-Type", "application/octet-stream")
425 resp, err := client.Do(req)
426 c.Check(err, Equals, nil)
427 body, err := ioutil.ReadAll(resp.Body)
428 c.Check(err, Equals, nil)
429 c.Check(string(body), Matches,
430 fmt.Sprintf(`^%x\+3(\+.+)?$`, md5.Sum([]byte("qux"))))
434 func (s *ServerRequiredSuite) TestStripHint(c *C) {
435 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz", "$1"),
437 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
438 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
440 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
441 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz", "$1"),
443 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz")
444 c.Check(removeHint.ReplaceAllString("http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73", "$1"),
446 "http://keep.zzzzz.arvadosapi.com:25107/2228819a18d3727630fa30c81853d23f+67108864+K@zzzzz-zzzzz-zzzzzzzzzzzzzzz+A37b6ab198qqqq28d903b975266b23ee711e1852c@55635f73")
451 // Put one block, with 2 replicas
452 // With no prefix (expect the block locator, twice)
453 // With an existing prefix (expect the block locator, twice)
454 // With a valid but non-existing prefix (expect "\n")
455 // With an invalid prefix (expect error)
456 func (s *ServerRequiredSuite) TestGetIndex(c *C) {
457 kc := runProxy(c, nil, false)
458 defer closeListener()
460 // Put "index-data" blocks
461 data := []byte("index-data")
462 hash := fmt.Sprintf("%x", md5.Sum(data))
464 hash2, rep, err := kc.PutB(data)
465 c.Check(hash2, Matches, fmt.Sprintf(`^%s\+10(\+.+)?$`, hash))
466 c.Check(rep, Equals, 2)
467 c.Check(err, Equals, nil)
469 reader, blocklen, _, err := kc.Get(hash)
470 c.Assert(err, Equals, nil)
471 c.Check(blocklen, Equals, int64(10))
472 all, err := ioutil.ReadAll(reader)
473 c.Check(all, DeepEquals, data)
475 // Put some more blocks
476 _, rep, err = kc.PutB([]byte("some-more-index-data"))
477 c.Check(err, Equals, nil)
479 kc.Arvados.ApiToken = arvadostest.DataManagerToken
482 for _, spec := range []struct {
487 {"", true, true}, // with no prefix
488 {hash[:3], true, false}, // with matching prefix
489 {"abcdef", false, false}, // with no such prefix
491 indexReader, err := kc.GetIndex(TestProxyUUID, spec.prefix)
492 c.Assert(err, Equals, nil)
493 indexResp, err := ioutil.ReadAll(indexReader)
494 c.Assert(err, Equals, nil)
495 locators := strings.Split(string(indexResp), "\n")
498 for _, locator := range locators {
502 c.Check(locator[:len(spec.prefix)], Equals, spec.prefix)
503 if locator[:32] == hash {
509 c.Check(gotTestHash == 2, Equals, spec.expectTestHash)
510 c.Check(gotOther > 0, Equals, spec.expectOther)
513 // GetIndex with invalid prefix
514 _, err = kc.GetIndex(TestProxyUUID, "xyz")
515 c.Assert((err != nil), Equals, true)
518 func (s *ServerRequiredSuite) TestPutAskGetInvalidToken(c *C) {
519 kc := runProxy(c, nil, false)
520 defer closeListener()
523 hash, rep, err := kc.PutB([]byte("foo"))
524 c.Check(err, Equals, nil)
525 c.Check(rep, Equals, 2)
527 for _, token := range []string{
529 "2ym314ysp27sk7h943q6vtc378srb06se3pq6ghurylyf3pdmx", // expired
531 // Change token to given bad token
532 kc.Arvados.ApiToken = token
534 // Ask should result in error
535 _, _, err = kc.Ask(hash)
537 errNotFound, _ := err.(keepclient.ErrNotFound)
538 c.Check(errNotFound.Temporary(), Equals, false)
539 c.Assert(strings.Contains(err.Error(), "HTTP 403"), Equals, true)
541 // Get should result in error
542 _, _, _, err = kc.Get(hash)
544 errNotFound, _ = err.(keepclient.ErrNotFound)
545 c.Check(errNotFound.Temporary(), Equals, false)
546 c.Assert(strings.Contains(err.Error(), "HTTP 403 \"Missing or invalid Authorization header\""), Equals, true)
550 func (s *ServerRequiredSuite) TestAskGetKeepProxyConnectionError(c *C) {
551 arv, err := arvadosclient.MakeArvadosClient()
552 c.Assert(err, Equals, nil)
554 // keepclient with no such keep server
555 kc := keepclient.New(arv)
556 locals := map[string]string{
557 TestProxyUUID: "http://localhost:12345",
559 kc.SetServiceRoots(locals, nil, nil)
561 // Ask should result in temporary connection refused error
562 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
563 _, _, err = kc.Ask(hash)
565 errNotFound, _ := err.(*keepclient.ErrNotFound)
566 c.Check(errNotFound.Temporary(), Equals, true)
567 c.Assert(strings.Contains(err.Error(), "connection refused"), Equals, true)
569 // Get should result in temporary connection refused error
570 _, _, _, err = kc.Get(hash)
572 errNotFound, _ = err.(*keepclient.ErrNotFound)
573 c.Check(errNotFound.Temporary(), Equals, true)
574 c.Assert(strings.Contains(err.Error(), "connection refused"), Equals, true)
577 func (s *NoKeepServerSuite) TestAskGetNoKeepServerError(c *C) {
578 kc := runProxy(c, nil, false)
579 defer closeListener()
581 hash := fmt.Sprintf("%x", md5.Sum([]byte("foo")))
582 for _, f := range []func() error{
584 _, _, err := kc.Ask(hash)
588 _, _, _, err := kc.Get(hash)
593 c.Assert(err, NotNil)
594 errNotFound, _ := err.(*keepclient.ErrNotFound)
595 c.Check(errNotFound.Temporary(), Equals, true)
596 c.Check(err, ErrorMatches, `.*HTTP 502.*`)
600 func (s *ServerRequiredSuite) TestPing(c *C) {
601 kc := runProxy(c, nil, false)
602 defer closeListener()
604 rtr := MakeRESTRouter(true, true, kc, 10*time.Second, arvadostest.ManagementToken)
606 req, err := http.NewRequest("GET",
607 "http://"+listener.Addr().String()+"/_health/ping",
610 req.Header.Set("Authorization", "Bearer "+arvadostest.ManagementToken)
612 resp := httptest.NewRecorder()
613 rtr.ServeHTTP(resp, req)
614 c.Check(resp.Code, Equals, 200)
615 c.Assert(strings.Contains(resp.Body.String(), `{"health":"OK"}`), Equals, true)