1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
7 class ContainerAuthTest < ActionDispatch::IntegrationTest
10 test "container token validate, Queued" do
11 get "/arvados/v1/containers/current", {
13 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:container_runtime_token).token}/#{containers(:runtime_token).uuid}"}
14 # Container is Queued, token cannot be used
18 test "container token validate, Running, regular auth" do
19 get "/arvados/v1/containers/current", {
21 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:running_container_auth).token}/#{containers(:running).uuid}"}
22 # Container is Running, token can be used
23 assert_response :success
24 assert_equal containers(:running).uuid, json_response['uuid']
27 test "container token validate, Locked, runtime_token" do
28 post "/arvados/v1/containers/#{containers(:runtime_token).uuid}/lock", {
30 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:dispatch1).token}"}
31 get "/arvados/v1/containers/current", {
33 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:container_runtime_token).token}/#{containers(:runtime_token).uuid}"}
34 # Container is Running, token can be used
35 assert_response :success
36 assert_equal containers(:runtime_token).uuid, json_response['uuid']
39 test "container token validate, Running, without optional portion" do
40 get "/arvados/v1/containers/current", {
42 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:running_container_auth).token}"}
43 # Container is Running, token can be used
44 assert_response :success
45 assert_equal containers(:running).uuid, json_response['uuid']
48 test "container token validate, Locked, runtime_token, without optional portion" do
49 post "/arvados/v1/containers/#{containers(:runtime_token).uuid}/lock", {
51 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:dispatch1).token}"}
52 get "/arvados/v1/containers/current", {
54 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:container_runtime_token).token}"}
55 # runtime_token without container uuid won't return 'current'
59 test "container token validate, wrong container uuid" do
60 post "/arvados/v1/containers/#{containers(:runtime_token).uuid}/lock", {
62 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:dispatch1).token}"}
63 get "/arvados/v1/containers/current", {
65 }, {'HTTP_AUTHORIZATION' => "Bearer #{api_client_authorizations(:container_runtime_token).token}/#{containers(:running).uuid}"}
66 # Container uuid mismatch, token can't be used