projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
17944: Vocabulary loading, monitoring and checking on several object types.
[arvados.git] / lib / controller / localdb / collection_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package localdb
6
7 import (
8         "context"
9         "regexp"
10         "strconv"
11         "time"
12
13         "git.arvados.org/arvados.git/lib/config"
14         "git.arvados.org/arvados.git/lib/controller/rpc"
15         "git.arvados.org/arvados.git/sdk/go/arvados"
16         "git.arvados.org/arvados.git/sdk/go/arvadostest"
17         "git.arvados.org/arvados.git/sdk/go/auth"
18         "git.arvados.org/arvados.git/sdk/go/ctxlog"
19         check "gopkg.in/check.v1"
20 )
21
22 var _ = check.Suite(&CollectionSuite{})
23
24 type CollectionSuite struct {
25         cluster  *arvados.Cluster
26         localdb  *Conn
27         railsSpy *arvadostest.Proxy
28 }
29
30 func (s *CollectionSuite) TearDownSuite(c *check.C) {
31         // Undo any changes/additions to the user database so they
32         // don't affect subsequent tests.
33         arvadostest.ResetEnv()
34         c.Check(arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil), check.IsNil)
35 }
36
37 func (s *CollectionSuite) SetUpTest(c *check.C) {
38         cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
39         c.Assert(err, check.IsNil)
40         s.cluster, err = cfg.GetCluster("")
41         c.Assert(err, check.IsNil)
42         s.localdb = NewConn(s.cluster)
43         s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
44         *s.localdb.railsProxy = *rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)
45 }
46
47 func (s *CollectionSuite) TearDownTest(c *check.C) {
48         s.railsSpy.Close()
49 }
50
51 func (s *CollectionSuite) setUpVocabulary(c *check.C, testVocabulary string) {
52         if testVocabulary == "" {
53                 testVocabulary = `{
54                         "strict_tags": false,
55                         "tags": {
56                                 "IDTAGIMPORTANCES": {
57                                         "strict": true,
58                                         "labels": [{"label": "Importance"}, {"label": "Priority"}],
59                                         "values": {
60                                                 "IDVALIMPORTANCES1": { "labels": [{"label": "Critical"}, {"label": "Urgent"}, {"label": "High"}] },
61                                                 "IDVALIMPORTANCES2": { "labels": [{"label": "Normal"}, {"label": "Moderate"}] },
62                                                 "IDVALIMPORTANCES3": { "labels": [{"label": "Low"}] }
63                                         }
64                                 }
65                         }
66                 }`
67         }
68         voc, err := arvados.NewVocabulary([]byte(testVocabulary), []string{})
69         c.Assert(err, check.IsNil)
70         c.Assert(voc.Validate(), check.IsNil)
71         s.cluster.API.VocabularyPath = "foo"
72         s.localdb.vocabularyCache = voc
73 }
74
75 func (s *CollectionSuite) TestCollectionCreateWithProperties(c *check.C) {
76         s.setUpVocabulary(c, "")
77         ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
78
79         tests := []struct {
80                 name    string
81                 props   map[string]interface{}
82                 success bool
83         }{
84                 {"Invalid prop key", map[string]interface{}{"Priority": "IDVALIMPORTANCES1"}, false},
85                 {"Invalid prop value", map[string]interface{}{"IDTAGIMPORTANCES": "high"}, false},
86                 {"Valid prop key & value", map[string]interface{}{"IDTAGIMPORTANCES": "IDVALIMPORTANCES1"}, true},
87                 {"Empty properties", map[string]interface{}{}, true},
88         }
89         for _, tt := range tests {
90                 c.Log(c.TestName()+" ", tt.name)
91
92                 coll, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
93                         Select: []string{"uuid", "properties"},
94                         Attrs: map[string]interface{}{
95                                 "properties": tt.props,
96                         }})
97                 if tt.success {
98                         c.Assert(err, check.IsNil)
99                         c.Assert(coll.Properties, check.DeepEquals, tt.props)
100                 } else {
101                         c.Assert(err, check.NotNil)
102                 }
103         }
104 }
105
106 func (s *CollectionSuite) TestCollectionUpdateWithProperties(c *check.C) {
107         s.setUpVocabulary(c, "")
108         ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
109
110         tests := []struct {
111                 name    string
112                 props   map[string]interface{}
113                 success bool
114         }{
115                 {"Invalid prop key", map[string]interface{}{"Priority": "IDVALIMPORTANCES1"}, false},
116                 {"Invalid prop value", map[string]interface{}{"IDTAGIMPORTANCES": "high"}, false},
117                 {"Valid prop key & value", map[string]interface{}{"IDTAGIMPORTANCES": "IDVALIMPORTANCES1"}, true},
118                 {"Empty properties", map[string]interface{}{}, true},
119         }
120         for _, tt := range tests {
121                 c.Log(c.TestName()+" ", tt.name)
122                 coll, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{})
123                 c.Assert(err, check.IsNil)
124                 coll, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
125                         UUID:   coll.UUID,
126                         Select: []string{"uuid", "properties"},
127                         Attrs: map[string]interface{}{
128                                 "properties": tt.props,
129                         }})
130                 if tt.success {
131                         c.Assert(err, check.IsNil)
132                         c.Assert(coll.Properties, check.DeepEquals, tt.props)
133                 } else {
134                         c.Assert(err, check.NotNil)
135                 }
136         }
137 }
138
139 func (s *CollectionSuite) TestSignatures(c *check.C) {
140         ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
141
142         resp, err := s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
143         c.Check(err, check.IsNil)
144         c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
145         s.checkSignatureExpiry(c, resp.ManifestText, time.Hour*24*7*2)
146
147         resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"manifest_text"}})
148         c.Check(err, check.IsNil)
149         c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
150
151         lresp, err := s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}})
152         c.Check(err, check.IsNil)
153         if c.Check(lresp.Items, check.HasLen, 1) {
154                 c.Check(lresp.Items[0].UUID, check.Equals, arvadostest.FooCollection)
155                 c.Check(lresp.Items[0].ManifestText, check.Equals, "")
156                 c.Check(lresp.Items[0].UnsignedManifestText, check.Equals, "")
157         }
158
159         lresp, err = s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"manifest_text"}})
160         c.Check(err, check.IsNil)
161         if c.Check(lresp.Items, check.HasLen, 1) {
162                 c.Check(lresp.Items[0].ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
163                 c.Check(lresp.Items[0].UnsignedManifestText, check.Equals, "")
164         }
165
166         lresp, err = s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"unsigned_manifest_text"}})
167         c.Check(err, check.IsNil)
168         if c.Check(lresp.Items, check.HasLen, 1) {
169                 c.Check(lresp.Items[0].ManifestText, check.Equals, "")
170                 c.Check(lresp.Items[0].UnsignedManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3 0:.*`)
171         }
172
173         // early trash date causes lower signature TTL (even if
174         // trash_at and is_trashed fields are unselected)
175         trashed, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
176                 Select: []string{"uuid", "manifest_text"},
177                 Attrs: map[string]interface{}{
178                         "manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:foo\n",
179                         "trash_at":      time.Now().UTC().Add(time.Hour),
180                 }})
181         c.Assert(err, check.IsNil)
182         s.checkSignatureExpiry(c, trashed.ManifestText, time.Hour)
183         resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: trashed.UUID})
184         c.Assert(err, check.IsNil)
185         s.checkSignatureExpiry(c, resp.ManifestText, time.Hour)
186
187         // distant future trash date does not cause higher signature TTL
188         trashed, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
189                 UUID: trashed.UUID,
190                 Attrs: map[string]interface{}{
191                         "trash_at": time.Now().UTC().Add(time.Hour * 24 * 365),
192                 }})
193         c.Assert(err, check.IsNil)
194         s.checkSignatureExpiry(c, trashed.ManifestText, time.Hour*24*7*2)
195         resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: trashed.UUID})
196         c.Assert(err, check.IsNil)
197         s.checkSignatureExpiry(c, resp.ManifestText, time.Hour*24*7*2)
198
199         // Make sure groups/contents doesn't return manifest_text with
200         // collections (if it did, we'd need to sign it).
201         gresp, err := s.localdb.GroupContents(ctx, arvados.GroupContentsOptions{
202                 Limit:   -1,
203                 Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}},
204                 Select:  []string{"uuid", "manifest_text"},
205         })
206         if err != nil {
207                 c.Check(err, check.ErrorMatches, `.*Invalid attribute.*manifest_text.*`)
208         } else if c.Check(gresp.Items, check.HasLen, 1) {
209                 c.Check(gresp.Items[0].(map[string]interface{})["uuid"], check.Equals, arvadostest.FooCollection)
210                 c.Check(gresp.Items[0].(map[string]interface{})["manifest_text"], check.Equals, nil)
211         }
212 }
213
214 func (s *CollectionSuite) checkSignatureExpiry(c *check.C, manifestText string, expectedTTL time.Duration) {
215         m := regexp.MustCompile(`@([[:xdigit:]]+)`).FindStringSubmatch(manifestText)
216         c.Assert(m, check.HasLen, 2)
217         sigexp, err := strconv.ParseInt(m[1], 16, 64)
218         c.Assert(err, check.IsNil)
219         expectedExp := time.Now().Add(expectedTTL).Unix()
220         c.Check(sigexp > expectedExp-60, check.Equals, true)
221         c.Check(sigexp <= expectedExp, check.Equals, true)
222 }
223
224 func (s *CollectionSuite) TestSignaturesDisabled(c *check.C) {
225         s.localdb.cluster.Collections.BlobSigning = false
226         ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
227
228         resp, err := s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
229         c.Check(err, check.IsNil)
230         c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ +]*\+3 0:.*`)
231 }