lib/service/cmd_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: Apache-2.0
   4
   5 // package service provides a cmd.Handler that brings up a system service.
   6 package service
   7
   8 import (
   9         "bytes"
  10         "context"
  11         "crypto/tls"
  12         "fmt"
  13         "io/ioutil"
  14         "net"
  15         "net/http"
  16         "net/url"
  17         "os"
  18         "testing"
  19         "time"
  20
  21         "git.arvados.org/arvados.git/sdk/go/arvados"
  22         "git.arvados.org/arvados.git/sdk/go/ctxlog"
  23         "github.com/prometheus/client_golang/prometheus"
  24         check "gopkg.in/check.v1"
  25 )
  26
  27 func Test(t *testing.T) {
  28         check.TestingT(t)
  29 }
  30
  31 var _ = check.Suite(&Suite{})
  32
  33 type Suite struct{}
  34 type key int
  35
  36 const (
  37         contextKey key = iota
  38 )
  39
  40 func (*Suite) TestGetListenAddress(c *check.C) {
  41         // Find an available port on the testing host, so the test
  42         // cases don't get confused by "already in use" errors.
  43         listener, err := net.Listen("tcp", ":")
  44         c.Assert(err, check.IsNil)
  45         _, unusedPort, err := net.SplitHostPort(listener.Addr().String())
  46         c.Assert(err, check.IsNil)
  47         listener.Close()
  48
  49         defer os.Unsetenv("ARVADOS_SERVICE_INTERNAL_URL")
  50         for idx, trial := range []struct {
  51                 // internalURL => listenURL, both with trailing "/"
  52                 // because config loader always adds it
  53                 internalURLs     map[string]string
  54                 envVar           string
  55                 expectErrorMatch string
  56                 expectLogsMatch  string
  57                 expectListen     string
  58                 expectInternal   string
  59         }{
  60                 {
  61                         internalURLs:   map[string]string{"http://localhost:" + unusedPort + "/": ""},
  62                         expectListen:   "http://localhost:" + unusedPort + "/",
  63                         expectInternal: "http://localhost:" + unusedPort + "/",
  64                 },
  65                 { // implicit port 80 in InternalURLs
  66                         internalURLs:     map[string]string{"http://localhost/": ""},
  67                         expectErrorMatch: `.*:80: bind: permission denied`,
  68                 },
  69                 { // implicit port 443 in InternalURLs
  70                         internalURLs:   map[string]string{"https://host.example/": "http://localhost:" + unusedPort + "/"},
  71                         expectListen:   "http://localhost:" + unusedPort + "/",
  72                         expectInternal: "https://host.example/",
  73                 },
  74                 { // implicit port 443 in ListenURL
  75                         internalURLs:     map[string]string{"wss://host.example/": "wss://localhost/"},
  76                         expectErrorMatch: `.*:443: bind: permission denied`,
  77                 },
  78                 {
  79                         internalURLs:   map[string]string{"https://hostname.example/": "http://localhost:8000/"},
  80                         expectListen:   "http://localhost:8000/",
  81                         expectInternal: "https://hostname.example/",
  82                 },
  83                 {
  84                         internalURLs: map[string]string{
  85                                 "https://hostname1.example/": "http://localhost:12435/",
  86                                 "https://hostname2.example/": "http://localhost:" + unusedPort + "/",
  87                         },
  88                         envVar:         "https://hostname2.example", // note this works despite missing trailing "/"
  89                         expectListen:   "http://localhost:" + unusedPort + "/",
  90                         expectInternal: "https://hostname2.example/",
  91                 },
  92                 { // cannot listen on any of the ListenURLs
  93                         internalURLs: map[string]string{
  94                                 "https://hostname1.example/": "http://1.2.3.4:" + unusedPort + "/",
  95                                 "https://hostname2.example/": "http://1.2.3.4:" + unusedPort + "/",
  96                         },
  97                         expectErrorMatch: "configuration does not enable the \"arvados-controller\" service on this host",
  98                 },
  99                 { // cannot listen on any of the (implied) ListenURLs
 100                         internalURLs: map[string]string{
 101                                 "https://1.2.3.4/": "",
 102                                 "https://1.2.3.5/": "",
 103                         },
 104                         expectErrorMatch: "configuration does not enable the \"arvados-controller\" service on this host",
 105                 },
 106                 { // impossible port number
 107                         internalURLs: map[string]string{
 108                                 "https://host.example/": "http://0.0.0.0:1234567",
 109                         },
 110                         expectErrorMatch: `.*:1234567: listen tcp: address 1234567: invalid port`,
 111                 },
 112                 {
 113                         // env var URL not mentioned in config = obey env var, with warning
 114                         internalURLs:    map[string]string{"https://hostname1.example/": "http://localhost:8000/"},
 115                         envVar:          "https://hostname2.example",
 116                         expectListen:    "https://hostname2.example/",
 117                         expectInternal:  "https://hostname2.example/",
 118                         expectLogsMatch: `.*\Qpossible configuration error: listening on https://hostname2.example/ (from $ARVADOS_SERVICE_INTERNAL_URL) even though configuration does not have a matching InternalURLs entry\E.*\n`,
 119                 },
 120                 {
 121                         // env var + empty config = obey env var, with warning
 122                         envVar:          "https://hostname.example",
 123                         expectListen:    "https://hostname.example/",
 124                         expectInternal:  "https://hostname.example/",
 125                         expectLogsMatch: `.*\Qpossible configuration error: listening on https://hostname.example/ (from $ARVADOS_SERVICE_INTERNAL_URL) even though configuration does not have a matching InternalURLs entry\E.*\n`,
 126                 },
 127         } {
 128                 c.Logf("trial %d %+v", idx, trial)
 129                 os.Setenv("ARVADOS_SERVICE_INTERNAL_URL", trial.envVar)
 130                 var logbuf bytes.Buffer
 131                 log := ctxlog.New(&logbuf, "text", "info")
 132                 services := arvados.Services{Controller: arvados.Service{InternalURLs: map[arvados.URL]arvados.ServiceInstance{}}}
 133                 for k, v := range trial.internalURLs {
 134                         u, err := url.Parse(k)
 135                         c.Assert(err, check.IsNil)
 136                         si := arvados.ServiceInstance{}
 137                         if v != "" {
 138                                 u, err := url.Parse(v)
 139                                 c.Assert(err, check.IsNil)
 140                                 si.ListenURL = arvados.URL(*u)
 141                         }
 142                         services.Controller.InternalURLs[arvados.URL(*u)] = si
 143                 }
 144                 listenURL, internalURL, err := getListenAddr(services, "arvados-controller", log)
 145                 if trial.expectLogsMatch != "" {
 146                         c.Check(logbuf.String(), check.Matches, trial.expectLogsMatch)
 147                 }
 148                 if trial.expectErrorMatch != "" {
 149                         c.Check(err, check.ErrorMatches, trial.expectErrorMatch)
 150                         continue
 151                 }
 152                 if !c.Check(err, check.IsNil) {
 153                         continue
 154                 }
 155                 c.Check(listenURL.String(), check.Equals, trial.expectListen)
 156                 c.Check(internalURL.String(), check.Equals, trial.expectInternal)
 157         }
 158 }
 159
 160 func (*Suite) TestCommand(c *check.C) {
 161         cf, err := ioutil.TempFile("", "cmd_test.")
 162         c.Assert(err, check.IsNil)
 163         defer os.Remove(cf.Name())
 164         defer cf.Close()
 165         fmt.Fprintf(cf, "Clusters:\n zzzzz:\n  SystemRootToken: abcde\n  NodeProfiles: {\"*\": {\"arvados-controller\": {Listen: \":1234\"}}}")
 166
 167         healthCheck := make(chan bool, 1)
 168         ctx, cancel := context.WithCancel(context.Background())
 169         defer cancel()
 170
 171         cmd := Command(arvados.ServiceNameController, func(ctx context.Context, _ *arvados.Cluster, token string, reg *prometheus.Registry) Handler {
 172                 c.Check(ctx.Value(contextKey), check.Equals, "bar")
 173                 c.Check(token, check.Equals, "abcde")
 174                 return &testHandler{ctx: ctx, healthCheck: healthCheck}
 175         })
 176         cmd.(*command).ctx = context.WithValue(ctx, contextKey, "bar")
 177
 178         done := make(chan bool)
 179         var stdin, stdout, stderr bytes.Buffer
 180
 181         go func() {
 182                 cmd.RunCommand("arvados-controller", []string{"-config", cf.Name()}, &stdin, &stdout, &stderr)
 183                 close(done)
 184         }()
 185         select {
 186         case <-healthCheck:
 187         case <-done:
 188                 c.Error("command exited without health check")
 189         }
 190         cancel()
 191         c.Check(stdout.String(), check.Equals, "")
 192         c.Check(stderr.String(), check.Matches, `(?ms).*"msg":"CheckHealth called".*`)
 193 }
 194
 195 func (*Suite) TestTLS(c *check.C) {
 196         cwd, err := os.Getwd()
 197         c.Assert(err, check.IsNil)
 198
 199         stdin := bytes.NewBufferString(`
 200 Clusters:
 201  zzzzz:
 202   SystemRootToken: abcde
 203   Services:
 204    Controller:
 205     ExternalURL: "https://localhost:12345"
 206     InternalURLs: {"https://localhost:12345": {}}
 207   TLS:
 208    Key: file://` + cwd + `/../../services/api/tmp/self-signed.key
 209    Certificate: file://` + cwd + `/../../services/api/tmp/self-signed.pem
 210 `)
 211
 212         called := make(chan bool)
 213         cmd := Command(arvados.ServiceNameController, func(ctx context.Context, _ *arvados.Cluster, token string, reg *prometheus.Registry) Handler {
 214                 return &testHandler{handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 215                         w.Write([]byte("ok"))
 216                         close(called)
 217                 })}
 218         })
 219
 220         exited := make(chan bool)
 221         var stdout, stderr bytes.Buffer
 222         go func() {
 223                 cmd.RunCommand("arvados-controller", []string{"-config", "-"}, stdin, &stdout, &stderr)
 224                 close(exited)
 225         }()
 226         got := make(chan bool)
 227         go func() {
 228                 defer close(got)
 229                 client := &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
 230                 for range time.NewTicker(time.Millisecond).C {
 231                         resp, err := client.Get("https://localhost:12345")
 232                         if err != nil {
 233                                 c.Log(err)
 234                                 continue
 235                         }
 236                         body, err := ioutil.ReadAll(resp.Body)
 237                         c.Check(err, check.IsNil)
 238                         c.Logf("status %d, body %s", resp.StatusCode, string(body))
 239                         c.Check(resp.StatusCode, check.Equals, http.StatusOK)
 240                         break
 241                 }
 242         }()
 243         select {
 244         case <-called:
 245         case <-exited:
 246                 c.Error("command exited without calling handler")
 247         case <-time.After(time.Second):
 248                 c.Error("timed out")
 249         }
 250         select {
 251         case <-got:
 252         case <-exited:
 253                 c.Error("command exited before client received response")
 254         case <-time.After(time.Second):
 255                 c.Error("timed out")
 256         }
 257         c.Log(stderr.String())
 258 }
 259
 260 type testHandler struct {
 261         ctx         context.Context
 262         handler     http.Handler
 263         healthCheck chan bool
 264 }
 265
 266 func (th *testHandler) Done() <-chan struct{}                            { return nil }
 267 func (th *testHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { th.handler.ServeHTTP(w, r) }
 268 func (th *testHandler) CheckHealth() error {
 269         ctxlog.FromContext(th.ctx).Info("CheckHealth called")
 270         select {
 271         case th.healthCheck <- true:
 272         default:
 273         }
 274         return nil
 275 }