projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
16625: Merge branch 'master' into 16625-add-azure-managed-image-support
[arvados.git] / lib / controller / integration_test.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package controller
6
7 import (
8         "bytes"
9         "context"
10         "encoding/json"
11         "io"
12         "math"
13         "net"
14         "net/http"
15         "net/url"
16         "os"
17         "path/filepath"
18
19         "git.arvados.org/arvados.git/lib/boot"
20         "git.arvados.org/arvados.git/lib/config"
21         "git.arvados.org/arvados.git/lib/controller/rpc"
22         "git.arvados.org/arvados.git/lib/service"
23         "git.arvados.org/arvados.git/sdk/go/arvados"
24         "git.arvados.org/arvados.git/sdk/go/arvadosclient"
25         "git.arvados.org/arvados.git/sdk/go/auth"
26         "git.arvados.org/arvados.git/sdk/go/ctxlog"
27         "git.arvados.org/arvados.git/sdk/go/keepclient"
28         check "gopkg.in/check.v1"
29 )
30
31 var _ = check.Suite(&IntegrationSuite{})
32
33 type testCluster struct {
34         super         boot.Supervisor
35         config        arvados.Config
36         controllerURL *url.URL
37 }
38
39 type IntegrationSuite struct {
40         testClusters map[string]*testCluster
41 }
42
43 func (s *IntegrationSuite) SetUpSuite(c *check.C) {
44         if forceLegacyAPI14 {
45                 c.Skip("heavy integration tests don't run with forceLegacyAPI14")
46                 return
47         }
48
49         cwd, _ := os.Getwd()
50         s.testClusters = map[string]*testCluster{
51                 "z1111": nil,
52                 "z2222": nil,
53                 "z3333": nil,
54         }
55         hostport := map[string]string{}
56         for id := range s.testClusters {
57                 hostport[id] = func() string {
58                         // TODO: Instead of expecting random ports on
59                         // 127.0.0.11, 22, 33 to be race-safe, try
60                         // different 127.x.y.z until finding one that
61                         // isn't in use.
62                         ln, err := net.Listen("tcp", ":0")
63                         c.Assert(err, check.IsNil)
64                         ln.Close()
65                         _, port, err := net.SplitHostPort(ln.Addr().String())
66                         c.Assert(err, check.IsNil)
67                         return "127.0.0." + id[3:] + ":" + port
68                 }()
69         }
70         for id := range s.testClusters {
71                 yaml := `Clusters:
72   ` + id + `:
73     Services:
74       Controller:
75         ExternalURL: https://` + hostport[id] + `
76     TLS:
77       Insecure: true
78     Login:
79       LoginCluster: z1111
80     SystemLogs:
81       Format: text
82     RemoteClusters:
83       z1111:
84         Host: ` + hostport["z1111"] + `
85         Scheme: https
86         Insecure: true
87         Proxy: true
88         ActivateUsers: true
89 `
90                 if id != "z2222" {
91                         yaml += `      z2222:
92         Host: ` + hostport["z2222"] + `
93         Scheme: https
94         Insecure: true
95         Proxy: true
96         ActivateUsers: true
97 `
98                 }
99                 if id != "z3333" {
100                         yaml += `      z3333:
101         Host: ` + hostport["z3333"] + `
102         Scheme: https
103         Insecure: true
104         Proxy: true
105         ActivateUsers: true
106 `
107                 }
108
109                 loader := config.NewLoader(bytes.NewBufferString(yaml), ctxlog.TestLogger(c))
110                 loader.Path = "-"
111                 loader.SkipLegacy = true
112                 loader.SkipAPICalls = true
113                 cfg, err := loader.Load()
114                 c.Assert(err, check.IsNil)
115                 s.testClusters[id] = &testCluster{
116                         super: boot.Supervisor{
117                                 SourcePath:           filepath.Join(cwd, "..", ".."),
118                                 ClusterType:          "test",
119                                 ListenHost:           "127.0.0." + id[3:],
120                                 ControllerAddr:       ":0",
121                                 OwnTemporaryDatabase: true,
122                                 Stderr:               &service.LogPrefixer{Writer: ctxlog.LogWriter(c.Log), Prefix: []byte("[" + id + "] ")},
123                         },
124                         config: *cfg,
125                 }
126                 s.testClusters[id].super.Start(context.Background(), &s.testClusters[id].config, "-")
127         }
128         for _, tc := range s.testClusters {
129                 au, ok := tc.super.WaitReady()
130                 c.Assert(ok, check.Equals, true)
131                 u := url.URL(*au)
132                 tc.controllerURL = &u
133         }
134 }
135
136 func (s *IntegrationSuite) TearDownSuite(c *check.C) {
137         for _, c := range s.testClusters {
138                 c.super.Stop()
139         }
140 }
141
142 func (s *IntegrationSuite) conn(clusterID string) *rpc.Conn {
143         return rpc.NewConn(clusterID, s.testClusters[clusterID].controllerURL, true, rpc.PassthroughTokenProvider)
144 }
145
146 func (s *IntegrationSuite) clientsWithToken(clusterID string, token string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
147         cl := s.testClusters[clusterID].config.Clusters[clusterID]
148         ctx := auth.NewContext(context.Background(), auth.NewCredentials(token))
149         ac, err := arvados.NewClientFromConfig(&cl)
150         if err != nil {
151                 panic(err)
152         }
153         ac.AuthToken = token
154         arv, err := arvadosclient.New(ac)
155         if err != nil {
156                 panic(err)
157         }
158         kc := keepclient.New(arv)
159         return ctx, ac, kc
160 }
161
162 func (s *IntegrationSuite) userClients(rootctx context.Context, c *check.C, conn *rpc.Conn, clusterID string, activate bool) (context.Context, *arvados.Client, *keepclient.KeepClient) {
163         login, err := conn.UserSessionCreate(rootctx, rpc.UserSessionCreateOptions{
164                 ReturnTo: ",https://example.com",
165                 AuthInfo: rpc.UserSessionAuthInfo{
166                         Email:     "user@example.com",
167                         FirstName: "Example",
168                         LastName:  "User",
169                         Username:  "example",
170                 },
171         })
172         c.Assert(err, check.IsNil)
173         redirURL, err := url.Parse(login.RedirectLocation)
174         c.Assert(err, check.IsNil)
175         userToken := redirURL.Query().Get("api_token")
176         c.Logf("user token: %q", userToken)
177         ctx, ac, kc := s.clientsWithToken(clusterID, userToken)
178         user, err := conn.UserGetCurrent(ctx, arvados.GetOptions{})
179         c.Assert(err, check.IsNil)
180         _, err = conn.UserSetup(rootctx, arvados.UserSetupOptions{UUID: user.UUID})
181         c.Assert(err, check.IsNil)
182         if activate {
183                 _, err = conn.UserActivate(rootctx, arvados.UserActivateOptions{UUID: user.UUID})
184                 c.Assert(err, check.IsNil)
185                 user, err = conn.UserGetCurrent(ctx, arvados.GetOptions{})
186                 c.Assert(err, check.IsNil)
187                 c.Logf("user UUID: %q", user.UUID)
188                 if !user.IsActive {
189                         c.Fatalf("failed to activate user -- %#v", user)
190                 }
191         }
192         return ctx, ac, kc
193 }
194
195 func (s *IntegrationSuite) rootClients(clusterID string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
196         return s.clientsWithToken(clusterID, s.testClusters[clusterID].config.Clusters[clusterID].SystemRootToken)
197 }
198
199 func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
200         conn1 := s.conn("z1111")
201         rootctx1, _, _ := s.rootClients("z1111")
202         conn3 := s.conn("z3333")
203         userctx1, ac1, kc1 := s.userClients(rootctx1, c, conn1, "z1111", true)
204
205         // Create the collection to find its PDH (but don't save it
206         // anywhere yet)
207         var coll1 arvados.Collection
208         fs1, err := coll1.FileSystem(ac1, kc1)
209         c.Assert(err, check.IsNil)
210         f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
211         c.Assert(err, check.IsNil)
212         _, err = io.WriteString(f, "IntegrationSuite.TestGetCollectionByPDH")
213         c.Assert(err, check.IsNil)
214         err = f.Close()
215         c.Assert(err, check.IsNil)
216         mtxt, err := fs1.MarshalManifest(".")
217         c.Assert(err, check.IsNil)
218         pdh := arvados.PortableDataHash(mtxt)
219
220         // Looking up the PDH before saving returns 404 if cycle
221         // detection is working.
222         _, err = conn1.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
223         c.Assert(err, check.ErrorMatches, `.*404 Not Found.*`)
224
225         // Save the collection on cluster z1111.
226         coll1, err = conn1.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
227                 "manifest_text": mtxt,
228         }})
229         c.Assert(err, check.IsNil)
230
231         // Retrieve the collection from cluster z3333.
232         coll, err := conn3.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
233         c.Check(err, check.IsNil)
234         c.Check(coll.PortableDataHash, check.Equals, pdh)
235 }
236
237 // Get a token from the login cluster (z1111), use it to submit a
238 // container request on z2222.
239 func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) {
240         conn1 := s.conn("z1111")
241         rootctx1, _, _ := s.rootClients("z1111")
242         _, ac1, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
243
244         // Use ac2 to get the discovery doc with a blank token, so the
245         // SDK doesn't magically pass the z1111 token to z2222 before
246         // we're ready to start our test.
247         _, ac2, _ := s.clientsWithToken("z2222", "")
248         var dd map[string]interface{}
249         err := ac2.RequestAndDecode(&dd, "GET", "discovery/v1/apis/arvados/v1/rest", nil, nil)
250         c.Assert(err, check.IsNil)
251
252         var (
253                 body bytes.Buffer
254                 req  *http.Request
255                 resp *http.Response
256                 u    arvados.User
257                 cr   arvados.ContainerRequest
258         )
259         json.NewEncoder(&body).Encode(map[string]interface{}{
260                 "container_request": map[string]interface{}{
261                         "command":         []string{"echo"},
262                         "container_image": "d41d8cd98f00b204e9800998ecf8427e+0",
263                         "cwd":             "/",
264                         "output_path":     "/",
265                 },
266         })
267         ac2.AuthToken = ac1.AuthToken
268
269         c.Log("...post CR with good (but not yet cached) token")
270         cr = arvados.ContainerRequest{}
271         req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
272         c.Assert(err, check.IsNil)
273         req.Header.Set("Content-Type", "application/json")
274         err = ac2.DoAndDecode(&cr, req)
275         c.Logf("err == %#v", err)
276
277         c.Log("...get user with good token")
278         u = arvados.User{}
279         req, err = http.NewRequest("GET", "https://"+ac2.APIHost+"/arvados/v1/users/current", nil)
280         c.Assert(err, check.IsNil)
281         err = ac2.DoAndDecode(&u, req)
282         c.Check(err, check.IsNil)
283         c.Check(u.UUID, check.Matches, "z1111-tpzed-.*")
284
285         c.Log("...post CR with good cached token")
286         cr = arvados.ContainerRequest{}
287         req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
288         c.Assert(err, check.IsNil)
289         req.Header.Set("Content-Type", "application/json")
290         err = ac2.DoAndDecode(&cr, req)
291         c.Check(err, check.IsNil)
292         c.Check(cr.UUID, check.Matches, "z2222-.*")
293
294         c.Log("...post with good cached token ('OAuth2 ...')")
295         cr = arvados.ContainerRequest{}
296         req, err = http.NewRequest("POST", "https://"+ac2.APIHost+"/arvados/v1/container_requests", bytes.NewReader(body.Bytes()))
297         c.Assert(err, check.IsNil)
298         req.Header.Set("Content-Type", "application/json")
299         req.Header.Set("Authorization", "OAuth2 "+ac2.AuthToken)
300         resp, err = arvados.InsecureHTTPClient.Do(req)
301         if c.Check(err, check.IsNil) {
302                 err = json.NewDecoder(resp.Body).Decode(&cr)
303                 c.Check(err, check.IsNil)
304                 c.Check(cr.UUID, check.Matches, "z2222-.*")
305         }
306 }
307
308 // Test for bug #16263
309 func (s *IntegrationSuite) TestListUsers(c *check.C) {
310         rootctx1, _, _ := s.rootClients("z1111")
311         conn1 := s.conn("z1111")
312         conn3 := s.conn("z3333")
313         userctx1, _, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
314
315         // Make sure LoginCluster is properly configured
316         for cls := range s.testClusters {
317                 c.Check(
318                         s.testClusters[cls].config.Clusters[cls].Login.LoginCluster,
319                         check.Equals, "z1111",
320                         check.Commentf("incorrect LoginCluster config on cluster %q", cls))
321         }
322         // Make sure z1111 has users with NULL usernames
323         lst, err := conn1.UserList(rootctx1, arvados.ListOptions{
324                 Limit: math.MaxInt64, // check that large limit works (see #16263)
325         })
326         nullUsername := false
327         c.Assert(err, check.IsNil)
328         c.Assert(len(lst.Items), check.Not(check.Equals), 0)
329         for _, user := range lst.Items {
330                 if user.Username == "" {
331                         nullUsername = true
332                 }
333         }
334         c.Assert(nullUsername, check.Equals, true)
335
336         user1, err := conn1.UserGetCurrent(userctx1, arvados.GetOptions{})
337         c.Assert(err, check.IsNil)
338         c.Check(user1.IsActive, check.Equals, true)
339
340         // Ask for the user list on z3333 using z1111's system root token
341         lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
342         c.Assert(err, check.IsNil)
343         found := false
344         for _, user := range lst.Items {
345                 if user.UUID == user1.UUID {
346                         c.Check(user.IsActive, check.Equals, true)
347                         found = true
348                         break
349                 }
350         }
351         c.Check(found, check.Equals, true)
352
353         // Deactivate user acct on z1111
354         _, err = conn1.UserUnsetup(rootctx1, arvados.GetOptions{UUID: user1.UUID})
355         c.Assert(err, check.IsNil)
356
357         // Get user list from z3333, check the returned z1111 user is
358         // deactivated
359         lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
360         c.Assert(err, check.IsNil)
361         found = false
362         for _, user := range lst.Items {
363                 if user.UUID == user1.UUID {
364                         c.Check(user.IsActive, check.Equals, false)
365                         found = true
366                         break
367                 }
368         }
369         c.Check(found, check.Equals, true)
370
371         // Deactivated user can see is_active==false via "get current
372         // user" API
373         user1, err = conn3.UserGetCurrent(userctx1, arvados.GetOptions{})
374         c.Assert(err, check.IsNil)
375         c.Check(user1.IsActive, check.Equals, false)
376 }