lib/controller/router/router_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package router
   6
   7 import (
   8         "bytes"
   9         "encoding/json"
  10         "io"
  11         "net/http"
  12         "net/http/httptest"
  13         "net/url"
  14         "os"
  15         "strings"
  16         "testing"
  17         "time"
  18
  19         "git.arvados.org/arvados.git/lib/controller/rpc"
  20         "git.arvados.org/arvados.git/sdk/go/arvados"
  21         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  22         "git.arvados.org/arvados.git/sdk/go/auth"
  23         "github.com/gorilla/mux"
  24         check "gopkg.in/check.v1"
  25 )
  26
  27 // Gocheck boilerplate
  28 func Test(t *testing.T) {
  29         check.TestingT(t)
  30 }
  31
  32 var _ = check.Suite(&RouterSuite{})
  33
  34 type RouterSuite struct {
  35         rtr  *router
  36         stub arvadostest.APIStub
  37 }
  38
  39 func (s *RouterSuite) SetUpTest(c *check.C) {
  40         s.stub = arvadostest.APIStub{}
  41         s.rtr = &router{
  42                 mux:     mux.NewRouter(),
  43                 backend: &s.stub,
  44                 config: Config{
  45                         ContainerWebServicesURL: arvados.URL{Host: "*.containers.zzzzz.example.com"},
  46                 },
  47         }
  48         s.rtr.addRoutes()
  49 }
  50
  51 func (s *RouterSuite) TestOptions(c *check.C) {
  52         token := arvadostest.ActiveToken
  53         for _, trial := range []struct {
  54                 comment         string // unparsed -- only used to help match test failures to trials
  55                 method          string
  56                 path            string
  57                 header          http.Header
  58                 body            string
  59                 unauthenticated bool
  60                 shouldStatus    int // zero value means 200
  61                 shouldCall      string
  62                 withOptions     interface{}
  63                 checkOptions    func(interface{}) // if non-nil, call instead of checking withOptions
  64         }{
  65                 {
  66                         method:      "GET",
  67                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  68                         shouldCall:  "CollectionGet",
  69                         withOptions: arvados.GetOptions{UUID: arvadostest.FooCollection},
  70                 },
  71                 {
  72                         method:      "PUT",
  73                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  74                         shouldCall:  "CollectionUpdate",
  75                         withOptions: arvados.UpdateOptions{UUID: arvadostest.FooCollection},
  76                 },
  77                 {
  78                         method:      "PATCH",
  79                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  80                         shouldCall:  "CollectionUpdate",
  81                         withOptions: arvados.UpdateOptions{UUID: arvadostest.FooCollection},
  82                 },
  83                 {
  84                         method:      "DELETE",
  85                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection,
  86                         shouldCall:  "CollectionDelete",
  87                         withOptions: arvados.DeleteOptions{UUID: arvadostest.FooCollection},
  88                 },
  89                 {
  90                         method:      "POST",
  91                         path:        "/arvados/v1/collections",
  92                         shouldCall:  "CollectionCreate",
  93                         withOptions: arvados.CreateOptions{},
  94                 },
  95                 {
  96                         method:      "GET",
  97                         path:        "/arvados/v1/collections",
  98                         shouldCall:  "CollectionList",
  99                         withOptions: arvados.ListOptions{Limit: -1},
 100                 },
 101                 {
 102                         method:      "GET",
 103                         path:        "/arvados/v1/api_client_authorizations",
 104                         shouldCall:  "APIClientAuthorizationList",
 105                         withOptions: arvados.ListOptions{Limit: -1},
 106                 },
 107                 {
 108                         method:      "GET",
 109                         path:        "/arvados/v1/collections?limit=123&offset=456&include_trash=true&include_old_versions=1",
 110                         shouldCall:  "CollectionList",
 111                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 112                 },
 113                 {
 114                         method:      "POST",
 115                         path:        "/arvados/v1/collections?limit=123&_method=GET",
 116                         body:        `{"offset":456,"include_trash":true,"include_old_versions":true}`,
 117                         shouldCall:  "CollectionList",
 118                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 119                 },
 120                 {
 121                         method:      "POST",
 122                         path:        "/arvados/v1/collections?limit=123",
 123                         body:        `{"offset":456,"include_trash":true,"include_old_versions":true}`,
 124                         header:      http.Header{"X-Http-Method-Override": {"GET"}, "Content-Type": {"application/json"}},
 125                         shouldCall:  "CollectionList",
 126                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 127                 },
 128                 {
 129                         method:      "POST",
 130                         path:        "/arvados/v1/collections?limit=123",
 131                         body:        "offset=456&include_trash=true&include_old_versions=1&_method=GET",
 132                         header:      http.Header{"Content-Type": {"application/x-www-form-urlencoded"}},
 133                         shouldCall:  "CollectionList",
 134                         withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
 135                 },
 136                 {
 137                         comment:     "form-encoded expression filter in query string",
 138                         method:      "GET",
 139                         path:        "/arvados/v1/collections?filters=[%22(foo<bar)%22]",
 140                         shouldCall:  "CollectionList",
 141                         withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
 142                 },
 143                 {
 144                         comment:     "form-encoded expression filter in POST body",
 145                         method:      "POST",
 146                         path:        "/arvados/v1/collections",
 147                         body:        "filters=[\"(foo<bar)\"]&_method=GET",
 148                         header:      http.Header{"Content-Type": {"application/x-www-form-urlencoded"}},
 149                         shouldCall:  "CollectionList",
 150                         withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
 151                 },
 152                 {
 153                         comment:     "json-encoded expression filter in POST body",
 154                         method:      "POST",
 155                         path:        "/arvados/v1/collections?_method=GET",
 156                         body:        `{"filters":["(foo<bar)",["bar","=","baz"]],"limit":2}`,
 157                         header:      http.Header{"Content-Type": {"application/json"}},
 158                         shouldCall:  "CollectionList",
 159                         withOptions: arvados.ListOptions{Limit: 2, Filters: []arvados.Filter{{"(foo<bar)", "=", true}, {"bar", "=", "baz"}}},
 160                 },
 161                 {
 162                         comment:     "json-encoded select param in query string",
 163                         method:      "GET",
 164                         path:        "/arvados/v1/collections/" + arvadostest.FooCollection + "?select=[%22portable_data_hash%22]",
 165                         shouldCall:  "CollectionGet",
 166                         withOptions: arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"portable_data_hash"}},
 167                 },
 168                 {
 169                         method:       "PATCH",
 170                         path:         "/arvados/v1/collections",
 171                         shouldStatus: http.StatusMethodNotAllowed,
 172                 },
 173                 {
 174                         method:       "PUT",
 175                         path:         "/arvados/v1/collections",
 176                         shouldStatus: http.StatusMethodNotAllowed,
 177                 },
 178                 {
 179                         method:       "DELETE",
 180                         path:         "/arvados/v1/collections",
 181                         shouldStatus: http.StatusMethodNotAllowed,
 182                 },
 183                 {
 184                         comment:    "container log webdav GET root",
 185                         method:     "GET",
 186                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 187                         shouldCall: "ContainerRequestLog",
 188                         withOptions: arvados.ContainerLogOptions{
 189                                 UUID: arvadostest.CompletedContainerRequestUUID,
 190                                 WebDAVOptions: arvados.WebDAVOptions{
 191                                         Method: "GET",
 192                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 193                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 194                 },
 195                 {
 196                         comment:    "container log webdav GET root without trailing slash",
 197                         method:     "GET",
 198                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
 199                         shouldCall: "ContainerRequestLog",
 200                         withOptions: arvados.ContainerLogOptions{
 201                                 UUID: arvadostest.CompletedContainerRequestUUID,
 202                                 WebDAVOptions: arvados.WebDAVOptions{
 203                                         Method: "GET",
 204                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 205                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 206                 },
 207                 {
 208                         comment:    "container log webdav OPTIONS root",
 209                         method:     "OPTIONS",
 210                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 211                         shouldCall: "ContainerRequestLog",
 212                         withOptions: arvados.ContainerLogOptions{
 213                                 UUID: arvadostest.CompletedContainerRequestUUID,
 214                                 WebDAVOptions: arvados.WebDAVOptions{
 215                                         Method: "OPTIONS",
 216                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 217                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 218                 },
 219                 {
 220                         comment:    "container log webdav OPTIONS root without trailing slash",
 221                         method:     "OPTIONS",
 222                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID,
 223                         shouldCall: "ContainerRequestLog",
 224                         withOptions: arvados.ContainerLogOptions{
 225                                 UUID: arvadostest.CompletedContainerRequestUUID,
 226                                 WebDAVOptions: arvados.WebDAVOptions{
 227                                         Method: "OPTIONS",
 228                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 229                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 230                 },
 231                 {
 232                         comment:         "container log webdav OPTIONS for CORS",
 233                         unauthenticated: true,
 234                         method:          "OPTIONS",
 235                         path:            "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 236                         header:          http.Header{"Access-Control-Request-Method": {"POST"}},
 237                         shouldCall:      "ContainerRequestLog",
 238                         withOptions: arvados.ContainerLogOptions{
 239                                 UUID: arvadostest.CompletedContainerRequestUUID,
 240                                 WebDAVOptions: arvados.WebDAVOptions{
 241                                         Method: "OPTIONS",
 242                                         Header: http.Header{
 243                                                 "Access-Control-Request-Method": {"POST"},
 244                                         },
 245                                         Path: "/" + arvadostest.CompletedContainerUUID + "/"}},
 246                 },
 247                 {
 248                         comment:    "container log webdav PROPFIND root",
 249                         method:     "PROPFIND",
 250                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
 251                         shouldCall: "ContainerRequestLog",
 252                         withOptions: arvados.ContainerLogOptions{
 253                                 UUID: arvadostest.CompletedContainerRequestUUID,
 254                                 WebDAVOptions: arvados.WebDAVOptions{
 255                                         Method: "PROPFIND",
 256                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 257                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 258                 },
 259                 {
 260                         comment:    "container log webdav PROPFIND root without trailing slash",
 261                         method:     "PROPFIND",
 262                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
 263                         shouldCall: "ContainerRequestLog",
 264                         withOptions: arvados.ContainerLogOptions{
 265                                 UUID: arvadostest.CompletedContainerRequestUUID,
 266                                 WebDAVOptions: arvados.WebDAVOptions{
 267                                         Method: "PROPFIND",
 268                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 269                                         Path:   "/" + arvadostest.CompletedContainerUUID}},
 270                 },
 271                 {
 272                         comment:    "container log webdav no_forward=true",
 273                         method:     "GET",
 274                         path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/?no_forward=true",
 275                         shouldCall: "ContainerRequestLog",
 276                         withOptions: arvados.ContainerLogOptions{
 277                                 UUID:      arvadostest.CompletedContainerRequestUUID,
 278                                 NoForward: true,
 279                                 WebDAVOptions: arvados.WebDAVOptions{
 280                                         Method: "GET",
 281                                         Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
 282                                         Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
 283                 },
 284                 {
 285                         comment:      "/logX does not route to ContainerRequestLog",
 286                         method:       "GET",
 287                         path:         "/arvados/v1/containers/" + arvadostest.CompletedContainerRequestUUID + "/logX",
 288                         shouldStatus: http.StatusNotFound,
 289                         shouldCall:   "",
 290                 },
 291                 {
 292                         comment:         "container http proxy no_forward=true",
 293                         unauthenticated: true,
 294                         method:          "POST",
 295                         path:            "/foo/bar",
 296                         header: http.Header{
 297                                 "Cookie":               {"arvados_api_token=" + auth.EncodeTokenCookie([]byte(arvadostest.ActiveToken))},
 298                                 "Host":                 {arvadostest.RunningContainerUUID + "-12345.containers.zzzzz.example.com"},
 299                                 "X-Arvados-No-Forward": {"1"},
 300                                 "X-Example-Header":     {"preserved header value"},
 301                         },
 302                         shouldCall: "ContainerHTTPProxy",
 303                         checkOptions: func(gotOptions interface{}) {
 304                                 opts, _ := gotOptions.(arvados.ContainerHTTPProxyOptions)
 305                                 if !c.Check(opts, check.NotNil) {
 306                                         return
 307                                 }
 308                                 c.Check(opts.Request.Method, check.Equals, "POST")
 309                                 c.Check(opts.Request.URL.Path, check.Equals, "/foo/bar")
 310                                 c.Check(opts.Request.Host, check.Equals, arvadostest.RunningContainerUUID+"-12345.containers.zzzzz.example.com")
 311                                 c.Check(opts.Request.Header, check.DeepEquals, http.Header{
 312                                         "Cookie":           {"arvados_api_token=" + auth.EncodeTokenCookie([]byte(arvadostest.ActiveToken))},
 313                                         "X-Example-Header": {"preserved header value"},
 314                                 })
 315                                 opts.Request = nil
 316                                 c.Check(opts, check.DeepEquals, arvados.ContainerHTTPProxyOptions{
 317                                         Target:    arvadostest.RunningContainerUUID + "-12345",
 318                                         NoForward: true,
 319                                 })
 320                         },
 321                 },
 322         } {
 323                 // Reset calls captured in previous trial
 324                 s.stub = arvadostest.APIStub{}
 325
 326                 c.Logf("trial: %+v", trial)
 327                 comment := check.Commentf("trial comment: %s", trial.comment)
 328
 329                 _, rr := doRequest(c, s.rtr, token, trial.method, trial.path, !trial.unauthenticated, trial.header, bytes.NewBufferString(trial.body), nil)
 330                 if trial.shouldStatus == 0 {
 331                         c.Check(rr.Code, check.Equals, http.StatusOK, comment)
 332                 } else {
 333                         c.Check(rr.Code, check.Equals, trial.shouldStatus, comment)
 334                 }
 335                 calls := s.stub.Calls(nil)
 336                 if trial.shouldCall == "" {
 337                         c.Check(calls, check.HasLen, 0, comment)
 338                         continue
 339                 }
 340                 if !c.Check(calls, check.HasLen, 1, comment) {
 341                         continue
 342                 }
 343                 c.Check(calls[0].Method, isMethodNamed, trial.shouldCall, comment)
 344                 if trial.checkOptions != nil {
 345                         trial.checkOptions(calls[0].Options)
 346                 } else {
 347                         c.Check(calls[0].Options, check.DeepEquals, trial.withOptions, comment)
 348                 }
 349         }
 350 }
 351
 352 var _ = check.Suite(&RouterIntegrationSuite{})
 353
 354 type RouterIntegrationSuite struct {
 355         rtr *router
 356 }
 357
 358 func (s *RouterIntegrationSuite) SetUpTest(c *check.C) {
 359         cluster := &arvados.Cluster{}
 360         cluster.TLS.Insecure = true
 361         arvadostest.SetServiceURL(&cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST"))
 362         arvadostest.SetServiceURL(&cluster.Services.ContainerWebServices, "https://*.containers.zzzzz.example.com")
 363         url, _ := url.Parse("https://" + os.Getenv("ARVADOS_TEST_API_HOST"))
 364         s.rtr = New(rpc.NewConn("zzzzz", url, true, rpc.PassthroughTokenProvider), Config{})
 365 }
 366
 367 func (s *RouterIntegrationSuite) TearDownSuite(c *check.C) {
 368         err := arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil)
 369         c.Check(err, check.IsNil)
 370 }
 371
 372 func (s *RouterIntegrationSuite) TestCollectionResponses(c *check.C) {
 373         token := arvadostest.ActiveTokenV2
 374
 375         // Check "get collection" response has "kind" key
 376         jresp := map[string]interface{}{}
 377         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"include_trash":true}`), jresp)
 378         c.Check(rr.Code, check.Equals, http.StatusOK)
 379         c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
 380         c.Check(jresp["kind"], check.Equals, "arvados#collectionList")
 381         c.Check(jresp["items"].([]interface{})[0].(map[string]interface{})["kind"], check.Equals, "arvados#collection")
 382
 383         // Check items in list response have a "kind" key regardless
 384         // of whether a uuid/pdh is selected.
 385         for _, selectj := range []string{
 386                 ``,
 387                 `,"select":["portable_data_hash"]`,
 388                 `,"select":["name"]`,
 389                 `,"select":["uuid"]`,
 390         } {
 391                 jresp := map[string]interface{}{}
 392                 _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"where":{"uuid":["`+arvadostest.FooCollection+`"]}`+selectj+`}`), jresp)
 393                 c.Check(rr.Code, check.Equals, http.StatusOK)
 394                 c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
 395                 c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 396                 c.Check(jresp["kind"], check.Equals, "arvados#collectionList")
 397                 item0 := jresp["items"].([]interface{})[0].(map[string]interface{})
 398                 c.Check(item0["kind"], check.Equals, "arvados#collection")
 399                 if selectj == "" || strings.Contains(selectj, "portable_data_hash") {
 400                         c.Check(item0["portable_data_hash"], check.Equals, arvadostest.FooCollectionPDH)
 401                 } else {
 402                         c.Check(item0["portable_data_hash"], check.IsNil)
 403                 }
 404                 if selectj == "" || strings.Contains(selectj, "name") {
 405                         c.Check(item0["name"], check.FitsTypeOf, "")
 406                 } else {
 407                         c.Check(item0["name"], check.IsNil)
 408                 }
 409                 if selectj == "" || strings.Contains(selectj, "uuid") {
 410                         c.Check(item0["uuid"], check.Equals, arvadostest.FooCollection)
 411                 } else {
 412                         c.Check(item0["uuid"], check.IsNil)
 413                 }
 414         }
 415
 416         // Check "create collection" response has "kind" key
 417         jresp = map[string]interface{}{}
 418         _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}, bytes.NewBufferString(`ensure_unique_name=true`), jresp)
 419         c.Check(rr.Code, check.Equals, http.StatusOK)
 420         c.Check(jresp["uuid"], check.FitsTypeOf, "")
 421         c.Check(jresp["kind"], check.Equals, "arvados#collection")
 422 }
 423
 424 func (s *RouterIntegrationSuite) TestMaxRequestSize(c *check.C) {
 425         token := arvadostest.ActiveTokenV2
 426         for _, maxRequestSize := range []int{
 427                 // Ensure 5M limit is enforced.
 428                 5000000,
 429                 // Ensure 50M limit is enforced, and that a >25M body
 430                 // is accepted even though the default Go request size
 431                 // limit is 10M.
 432                 50000000,
 433         } {
 434                 s.rtr.config.MaxRequestSize = maxRequestSize
 435                 okstr := "a"
 436                 for len(okstr) < maxRequestSize/2 {
 437                         okstr = okstr + okstr
 438                 }
 439
 440                 hdr := http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}
 441
 442                 body := bytes.NewBufferString(url.Values{"foo_bar": {okstr}}.Encode())
 443                 _, rr := doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
 444                 c.Check(rr.Code, check.Equals, http.StatusOK)
 445
 446                 body = bytes.NewBufferString(url.Values{"foo_bar": {okstr + okstr}}.Encode())
 447                 _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
 448                 c.Check(rr.Code, check.Equals, http.StatusRequestEntityTooLarge)
 449         }
 450 }
 451
 452 func (s *RouterIntegrationSuite) TestContainerList(c *check.C) {
 453         token := arvadostest.ActiveTokenV2
 454
 455         jresp := map[string]interface{}{}
 456         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=0`, true, nil, nil, jresp)
 457         c.Check(rr.Code, check.Equals, http.StatusOK)
 458         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 459         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 460         c.Check(jresp["items"], check.NotNil)
 461         c.Check(jresp["items"], check.HasLen, 0)
 462
 463         jresp = map[string]interface{}{}
 464         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?filters=[["uuid","in",[]]]`, true, nil, nil, jresp)
 465         c.Check(rr.Code, check.Equals, http.StatusOK)
 466         c.Check(jresp["items_available"], check.Equals, float64(0))
 467         c.Check(jresp["items"], check.NotNil)
 468         c.Check(jresp["items"], check.HasLen, 0)
 469
 470         jresp = map[string]interface{}{}
 471         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=2&select=["uuid","command"]`, true, nil, nil, jresp)
 472         c.Check(rr.Code, check.Equals, http.StatusOK)
 473         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 474         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 475         c.Check(jresp["items"], check.HasLen, 2)
 476         item0 := jresp["items"].([]interface{})[0].(map[string]interface{})
 477         c.Check(item0["uuid"], check.HasLen, 27)
 478         c.Check(item0["command"], check.FitsTypeOf, []interface{}{})
 479         c.Check(item0["command"].([]interface{})[0], check.FitsTypeOf, "")
 480         c.Check(item0["mounts"], check.IsNil)
 481
 482         jresp = map[string]interface{}{}
 483         _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers`, true, nil, nil, jresp)
 484         c.Check(rr.Code, check.Equals, http.StatusOK)
 485         c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
 486         c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
 487         avail := int(jresp["items_available"].(float64))
 488         c.Check(jresp["items"], check.HasLen, avail)
 489         item0 = jresp["items"].([]interface{})[0].(map[string]interface{})
 490         c.Check(item0["uuid"], check.HasLen, 27)
 491         c.Check(item0["command"], check.FitsTypeOf, []interface{}{})
 492         c.Check(item0["command"].([]interface{})[0], check.FitsTypeOf, "")
 493         c.Check(item0["mounts"], check.NotNil)
 494 }
 495
 496 func (s *RouterIntegrationSuite) TestContainerLock(c *check.C) {
 497         uuid := arvadostest.QueuedContainerUUID
 498         token := arvadostest.AdminToken
 499
 500         jresp := map[string]interface{}{}
 501         _, rr := doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, jresp)
 502         c.Check(rr.Code, check.Equals, http.StatusOK)
 503         c.Check(jresp["uuid"], check.HasLen, 27)
 504         c.Check(jresp["state"], check.Equals, "Locked")
 505
 506         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, nil)
 507         c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
 508         c.Check(rr.Body.String(), check.Not(check.Matches), `.*"uuid":.*`)
 509
 510         jresp = map[string]interface{}{}
 511         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
 512         c.Check(rr.Code, check.Equals, http.StatusOK)
 513         c.Check(jresp["uuid"], check.HasLen, 27)
 514         c.Check(jresp["state"], check.Equals, "Queued")
 515         c.Check(jresp["environment"], check.IsNil)
 516
 517         jresp = map[string]interface{}{}
 518         _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
 519         c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
 520         c.Check(jresp["uuid"], check.IsNil)
 521 }
 522
 523 func (s *RouterIntegrationSuite) TestWritableBy(c *check.C) {
 524         jresp := map[string]interface{}{}
 525         _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "GET", `/arvados/v1/users/`+arvadostest.ActiveUserUUID, true, nil, nil, jresp)
 526         c.Check(rr.Code, check.Equals, http.StatusOK)
 527         c.Check(jresp["writable_by"], check.DeepEquals, []interface{}{"zzzzz-tpzed-000000000000000", "zzzzz-tpzed-xurymjxw79nv3jz", "zzzzz-j7d0g-48foin4vonvc2at"})
 528 }
 529
 530 func (s *RouterIntegrationSuite) TestFullTimestampsInResponse(c *check.C) {
 531         uuid := arvadostest.CollectionReplicationDesired2Confirmed2UUID
 532         token := arvadostest.ActiveTokenV2
 533
 534         jresp := map[string]interface{}{}
 535         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections/`+uuid, true, nil, nil, jresp)
 536         c.Check(rr.Code, check.Equals, http.StatusOK)
 537         c.Check(jresp["uuid"], check.Equals, uuid)
 538         expectNS := map[string]int{
 539                 "created_at":  596506000, // fixture says 596506247, but truncated by postgresql
 540                 "modified_at": 596338000, // fixture says 596338465, but truncated by postgresql
 541         }
 542         for key, ns := range expectNS {
 543                 mt, ok := jresp[key].(string)
 544                 c.Logf("jresp[%q] == %q", key, mt)
 545                 c.Assert(ok, check.Equals, true)
 546                 t, err := time.Parse(time.RFC3339Nano, mt)
 547                 c.Check(err, check.IsNil)
 548                 c.Check(t.Nanosecond(), check.Equals, ns)
 549         }
 550 }
 551
 552 func (s *RouterIntegrationSuite) TestSelectParam(c *check.C) {
 553         uuid := arvadostest.QueuedContainerUUID
 554         token := arvadostest.ActiveTokenV2
 555         // GET
 556         for _, sel := range [][]string{
 557                 {"uuid", "command"},
 558                 {"uuid", "command", "uuid"},
 559         } {
 560                 j, err := json.Marshal(sel)
 561                 c.Assert(err, check.IsNil)
 562                 jresp := map[string]interface{}{}
 563                 _, rr := doRequest(c, s.rtr, token, "GET", "/arvados/v1/containers/"+uuid+"?select="+string(j), true, nil, nil, jresp)
 564                 c.Check(rr.Code, check.Equals, http.StatusOK)
 565
 566                 c.Check(jresp["kind"], check.Equals, "arvados#container")
 567                 c.Check(jresp["uuid"], check.HasLen, 27)
 568                 c.Check(jresp["command"], check.HasLen, 2)
 569                 c.Check(jresp["mounts"], check.IsNil)
 570                 _, hasMounts := jresp["mounts"]
 571                 c.Check(hasMounts, check.Equals, false)
 572         }
 573         // POST & PUT
 574         uuid = arvadostest.FooCollection
 575         j, err := json.Marshal([]string{"uuid", "description"})
 576         c.Assert(err, check.IsNil)
 577         for _, method := range []string{"PUT", "POST"} {
 578                 desc := "Today is " + time.Now().String()
 579                 reqBody := "{\"description\":\"" + desc + "\"}"
 580                 jresp := map[string]interface{}{}
 581                 var rr *httptest.ResponseRecorder
 582                 if method == "PUT" {
 583                         _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections/"+uuid+"?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
 584                 } else {
 585                         _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
 586                 }
 587                 c.Check(rr.Code, check.Equals, http.StatusOK)
 588                 c.Check(jresp["kind"], check.Equals, "arvados#collection")
 589                 c.Check(jresp["uuid"], check.HasLen, 27)
 590                 c.Check(jresp["description"], check.Equals, desc)
 591                 c.Check(jresp["manifest_text"], check.IsNil)
 592         }
 593 }
 594
 595 func (s *RouterIntegrationSuite) TestIncluded(c *check.C) {
 596         for _, trial := range []struct {
 597                 uuid            string
 598                 expectOwnerUUID string
 599                 expectOwnerKind string
 600         }{
 601                 {
 602                         uuid:            arvadostest.ASubprojectUUID,
 603                         expectOwnerUUID: arvadostest.AProjectUUID,
 604                         expectOwnerKind: "arvados#group",
 605                 },
 606                 {
 607                         uuid:            arvadostest.AProjectUUID,
 608                         expectOwnerUUID: arvadostest.ActiveUserUUID,
 609                         expectOwnerKind: "arvados#user",
 610                 },
 611         } {
 612                 c.Logf("trial: %#v", trial)
 613                 token := arvadostest.ActiveTokenV2
 614                 jresp := map[string]interface{}{}
 615                 _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/groups/contents?include=owner_uuid&filters=[["uuid","=","`+trial.uuid+`"]]`, true, nil, nil, jresp)
 616                 c.Check(rr.Code, check.Equals, http.StatusOK)
 617
 618                 c.Assert(jresp["included"], check.FitsTypeOf, []interface{}{})
 619                 included, ok := jresp["included"].([]interface{})
 620                 c.Assert(ok, check.Equals, true)
 621                 c.Assert(included, check.HasLen, 1)
 622                 owner, ok := included[0].(map[string]interface{})
 623                 c.Assert(ok, check.Equals, true)
 624                 c.Check(owner["kind"], check.Equals, trial.expectOwnerKind)
 625                 c.Check(owner["uuid"], check.Equals, trial.expectOwnerUUID)
 626         }
 627 }
 628
 629 func (s *RouterIntegrationSuite) TestHEAD(c *check.C) {
 630         _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "HEAD", "/arvados/v1/containers/"+arvadostest.QueuedContainerUUID, true, nil, nil, nil)
 631         c.Check(rr.Code, check.Equals, http.StatusOK)
 632 }
 633
 634 func (s *RouterIntegrationSuite) TestRouteNotFound(c *check.C) {
 635         token := arvadostest.ActiveTokenV2
 636         req := (&testReq{
 637                 method: "POST",
 638                 path:   "arvados/v1/collections/" + arvadostest.FooCollection + "/error404pls",
 639                 token:  token,
 640         }).Request()
 641         rr := httptest.NewRecorder()
 642         s.rtr.ServeHTTP(rr, req)
 643         c.Check(rr.Code, check.Equals, http.StatusNotFound)
 644         c.Logf("body: %q", rr.Body.String())
 645         var j map[string]interface{}
 646         err := json.Unmarshal(rr.Body.Bytes(), &j)
 647         c.Check(err, check.IsNil)
 648         c.Logf("decoded: %v", j)
 649         c.Assert(j["errors"], check.FitsTypeOf, []interface{}{})
 650         c.Check(j["errors"].([]interface{})[0], check.Equals, "API endpoint not found")
 651 }
 652
 653 func (s *RouterIntegrationSuite) TestCORS(c *check.C) {
 654         token := arvadostest.ActiveTokenV2
 655         req := (&testReq{
 656                 method: "OPTIONS",
 657                 path:   "arvados/v1/collections/" + arvadostest.FooCollection,
 658                 header: http.Header{"Origin": {"https://example.com"}},
 659                 token:  token,
 660         }).Request()
 661         rr := httptest.NewRecorder()
 662         s.rtr.ServeHTTP(rr, req)
 663         c.Check(rr.Code, check.Equals, http.StatusOK)
 664         c.Check(rr.Body.String(), check.HasLen, 0)
 665         c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "*")
 666         for _, hdr := range []string{"Authorization", "Content-Type"} {
 667                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Matches, ".*"+hdr+".*")
 668         }
 669         for _, method := range []string{"GET", "HEAD", "PUT", "POST", "PATCH", "DELETE"} {
 670                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Matches, ".*"+method+".*")
 671         }
 672
 673         for _, unsafe := range []string{"login", "logout", "auth", "auth/foo", "login/?blah"} {
 674                 req := (&testReq{
 675                         method: "OPTIONS",
 676                         path:   unsafe,
 677                         header: http.Header{"Origin": {"https://example.com"}},
 678                         token:  token,
 679                 }).Request()
 680                 rr := httptest.NewRecorder()
 681                 s.rtr.ServeHTTP(rr, req)
 682                 c.Check(rr.Code, check.Equals, http.StatusOK)
 683                 c.Check(rr.Body.String(), check.HasLen, 0)
 684                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "")
 685                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Equals, "")
 686                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Equals, "")
 687
 688                 req = (&testReq{
 689                         method: "POST",
 690                         path:   unsafe,
 691                         header: http.Header{"Origin": {"https://example.com"}},
 692                         token:  token,
 693                 }).Request()
 694                 rr = httptest.NewRecorder()
 695                 s.rtr.ServeHTTP(rr, req)
 696                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Origin"), check.Equals, "")
 697                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Equals, "")
 698                 c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Equals, "")
 699         }
 700 }
 701
 702 func (s *RouterIntegrationSuite) TestComputedPermissionList(c *check.C) {
 703         token := arvadostest.AdminToken
 704
 705         jresp := map[string]interface{}{}
 706         _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/computed_permissions?filters=[["user_uuid","=","`+arvadostest.ActiveUserUUID+`"],["target_uuid","=","`+arvadostest.AProjectUUID+`"]]&select=["perm_level"]`, true, nil, nil, jresp)
 707         c.Check(rr.Code, check.Equals, http.StatusOK)
 708         c.Check(jresp["items_available"], check.IsNil)
 709         if c.Check(jresp["items"], check.HasLen, 1) {
 710                 item := jresp["items"].([]interface{})[0].(map[string]interface{})
 711                 c.Check(item, check.DeepEquals, map[string]interface{}{
 712                         "kind":       "arvados#computedPermission",
 713                         "perm_level": "can_manage",
 714                 })
 715         }
 716 }
 717
 718 func doRequest(c *check.C, rtr http.Handler, token, method, path string, auth bool, hdrs http.Header, body io.Reader, jresp map[string]interface{}) (*http.Request, *httptest.ResponseRecorder) {
 719         req := httptest.NewRequest(method, path, body)
 720         for k, v := range hdrs {
 721                 if k == "Host" && len(v) == 1 {
 722                         req.Host = v[0]
 723                 } else {
 724                         req.Header[k] = v
 725                 }
 726         }
 727         if auth {
 728                 req.Header.Set("Authorization", "Bearer "+token)
 729         }
 730         rr := httptest.NewRecorder()
 731         rtr.ServeHTTP(rr, req)
 732         respbody := rr.Body.String()
 733         if len(respbody) > 10000 {
 734                 respbody = respbody[:10000] + "[...]"
 735         }
 736         c.Logf("response body: %s", respbody)
 737         if jresp != nil {
 738                 err := json.Unmarshal(rr.Body.Bytes(), &jresp)
 739                 c.Check(err, check.IsNil)
 740         }
 741         return req, rr
 742 }