}
}
+// Get rpc connection struct initialized to communicate with the
+// specified cluster.
func (s *IntegrationSuite) conn(clusterID string) *rpc.Conn {
return rpc.NewConn(clusterID, s.testClusters[clusterID].controllerURL, true, rpc.PassthroughTokenProvider)
}
+// Return Context, Arvados.Client and keepclient structs initialized
+// to connect to the specified cluster (by clusterID) using with the supplied
+// Arvados token.
func (s *IntegrationSuite) clientsWithToken(clusterID string, token string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
cl := s.testClusters[clusterID].config.Clusters[clusterID]
ctx := auth.NewContext(context.Background(), auth.NewCredentials(token))
return ctx, ac, kc
}
+// Log in as a user called "example", get the user's API token,
+// initialize clients with the API token, set up the user and
+// optionally activate the user. Return client structs for
+// communicating with the cluster on behalf of the 'example' user.
func (s *IntegrationSuite) userClients(rootctx context.Context, c *check.C, conn *rpc.Conn, clusterID string, activate bool) (context.Context, *arvados.Client, *keepclient.KeepClient) {
login, err := conn.UserSessionCreate(rootctx, rpc.UserSessionCreateOptions{
ReturnTo: ",https://example.com",
return ctx, ac, kc
}
+// Return Context, arvados.Client and keepclient structs initialized
+// to communicate with the cluster as the system root user.
func (s *IntegrationSuite) rootClients(clusterID string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
return s.clientsWithToken(clusterID, s.testClusters[clusterID].config.Clusters[clusterID].SystemRootToken)
}
+// Return Context, arvados.Client and keepclient structs initialized
+// to communicate with the cluster as the anonymous user.
+func (s *IntegrationSuite) anonymousClients(clusterID string) (context.Context, *arvados.Client, *keepclient.KeepClient) {
+ return s.clientsWithToken(clusterID, s.testClusters[clusterID].config.Clusters[clusterID].Users.AnonymousUserToken)
+}
+
func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
conn1 := s.conn("z1111")
rootctx1, _, _ := s.rootClients("z1111")
c.Check(coll.PortableDataHash, check.Equals, pdh)
}
+func (s *IntegrationSuite) TestGetCollectionAsAnonymous(c *check.C) {
+ conn1 := s.conn("z1111")
+ conn3 := s.conn("z3333")
+ rootctx1, ac1, kc1 := s.rootClients("z1111")
+ userctx3, ac3, _ := s.anonymousClients("z3333")
+
+ // Make sure anonymous token was set
+ c.Assert(ac3.AuthToken, check.Not(check.Equals), "")
+
+ // Create the collection to find its PDH (but don't save it
+ // anywhere yet)
+ var coll1 arvados.Collection
+ fs1, err := coll1.FileSystem(ac1, kc1)
+ c.Assert(err, check.IsNil)
+ f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
+ c.Assert(err, check.IsNil)
+ _, err = io.WriteString(f, "IntegrationSuite.TestGetCollectionByPDH")
+ c.Assert(err, check.IsNil)
+ err = f.Close()
+ c.Assert(err, check.IsNil)
+ mtxt, err := fs1.MarshalManifest(".")
+ c.Assert(err, check.IsNil)
+ pdh := arvados.PortableDataHash(mtxt)
+
+ // Save the collection on cluster z1111.
+ coll1, err = conn1.CollectionCreate(rootctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
+ "manifest_text": mtxt,
+ }})
+ c.Assert(err, check.IsNil)
+
+ // Share it with the anonymous users group.
+ var outLink arvados.Link
+ err = ac1.RequestAndDecode(&outLink, "POST", "/arvados/v1/links", nil, &arvados.Link{
+ LinkClass: "permission",
+ Name: "can_read",
+ HeadUUID: coll1.UUID,
+ TailUUID: "z1111-j7d0g-anonymouspublic",
+ })
+ c.Check(err, check.IsNil)
+
+ outUser, err := ac3.CurrentUser()
+ c.Check(err, check.IsNil)
+ c.Check(outUser.UUID, check.Equals, "z3333-tpzed-anonymouspublic")
+
+ // Retrieve the collection as anonymous from cluster z3333.
+ coll, err := conn3.CollectionGet(userctx3, arvados.GetOptions{UUID: pdh})
+ c.Check(err, check.IsNil)
+ c.Check(coll.PortableDataHash, check.Equals, pdh)
+}
+
// Get a token from the login cluster (z1111), use it to submit a
// container request on z2222.
func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) {
resp, err = arvados.InsecureHTTPClient.Do(req)
if c.Check(err, check.IsNil) {
err = json.NewDecoder(resp.Body).Decode(&cr)
+ c.Check(err, check.IsNil)
c.Check(cr.UUID, check.Matches, "z2222-.*")
}
}
rootctx1, _, _ := s.rootClients("z1111")
conn1 := s.conn("z1111")
conn3 := s.conn("z3333")
+ userctx1, _, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
// Make sure LoginCluster is properly configured
for cls := range s.testClusters {
check.Commentf("incorrect LoginCluster config on cluster %q", cls))
}
// Make sure z1111 has users with NULL usernames
- lst, err := conn1.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ lst, err := conn1.UserList(rootctx1, arvados.ListOptions{
+ Limit: math.MaxInt64, // check that large limit works (see #16263)
+ })
nullUsername := false
c.Assert(err, check.IsNil)
c.Assert(len(lst.Items), check.Not(check.Equals), 0)
}
}
c.Assert(nullUsername, check.Equals, true)
+
+ user1, err := conn1.UserGetCurrent(userctx1, arvados.GetOptions{})
+ c.Assert(err, check.IsNil)
+ c.Check(user1.IsActive, check.Equals, true)
+
// Ask for the user list on z3333 using z1111's system root token
- _, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
- c.Assert(err, check.IsNil, check.Commentf("getting user list: %q", err))
-}
+ lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ c.Assert(err, check.IsNil)
+ found := false
+ for _, user := range lst.Items {
+ if user.UUID == user1.UUID {
+ c.Check(user.IsActive, check.Equals, true)
+ found = true
+ break
+ }
+ }
+ c.Check(found, check.Equals, true)
-// Test for bug #16263
-func (s *IntegrationSuite) TestListUsersWithMaxLimit(c *check.C) {
- rootctx1, _, _ := s.rootClients("z1111")
- conn3 := s.conn("z3333")
- maxLimit := int64(math.MaxInt64)
+ // Deactivate user acct on z1111
+ _, err = conn1.UserUnsetup(rootctx1, arvados.GetOptions{UUID: user1.UUID})
+ c.Assert(err, check.IsNil)
- // Make sure LoginCluster is properly configured
- for cls := range s.testClusters {
- c.Check(
- s.testClusters[cls].config.Clusters[cls].Login.LoginCluster,
- check.Equals, "z1111",
- check.Commentf("incorrect LoginCluster config on cluster %q", cls))
+ // Get user list from z3333, check the returned z1111 user is
+ // deactivated
+ lst, err = conn3.UserList(rootctx1, arvados.ListOptions{Limit: -1})
+ c.Assert(err, check.IsNil)
+ found = false
+ for _, user := range lst.Items {
+ if user.UUID == user1.UUID {
+ c.Check(user.IsActive, check.Equals, false)
+ found = true
+ break
+ }
}
+ c.Check(found, check.Equals, true)
- // Ask for the user list on z3333 using z1111's system root token and
- // limit: max int64 value.
- _, err := conn3.UserList(rootctx1, arvados.ListOptions{Limit: maxLimit})
- c.Assert(err, check.IsNil, check.Commentf("getting user list: %q", err))
+ // Deactivated user can see is_active==false via "get current
+ // user" API
+ user1, err = conn3.UserGetCurrent(userctx1, arvados.GetOptions{})
+ c.Assert(err, check.IsNil)
+ c.Check(user1.IsActive, check.Equals, false)
}
projects / arvados.git / blobdiff