class Arvados::V1::ContainersControllerTest < ActionController::TestCase
test 'create' do
authorize_with :system_user
- post :create, {
+ post :create, params: {
container: {
command: ['echo', 'hello'],
container_image: 'test',
[Container::Queued, Container::Complete].each do |state|
test "cannot get auth in #{state} state" do
authorize_with :dispatch1
- get :auth, id: containers(:queued).uuid
+ get :auth, params: {id: containers(:queued).uuid}
assert_response 403
end
end
assert c.lock, show_errors(c)
authorize_with :system_user
- get :auth, id: c.uuid
+ get :auth, params: {id: c.uuid}
assert_response 403
end
authorize_with :dispatch1
c = containers(:queued)
assert c.lock, show_errors(c)
- get :auth, id: c.uuid
+ get :auth, params: {id: c.uuid}
assert_response :success
assert_operator 32, :<, json_response['api_token'].length
assert_equal 'arvados#apiClientAuthorization', json_response['kind']
end
- test 'no auth in container response' do
+ test 'no auth or secret_mounts in container response' do
authorize_with :dispatch1
c = containers(:queued)
assert c.lock, show_errors(c)
- get :show, id: c.uuid
+ get :show, params: {id: c.uuid}
assert_response :success
assert_nil json_response['auth']
+ assert_nil json_response['secret_mounts']
end
test "lock container" do
authorize_with :dispatch1
uuid = containers(:queued).uuid
- post :lock, {id: uuid}
+ post :lock, params: {id: uuid}
assert_response :success
assert_nil json_response['mounts']
assert_nil json_response['command']
test "unlock container" do
authorize_with :dispatch1
uuid = containers(:locked).uuid
- post :unlock, {id: uuid}
+ post :unlock, params: {id: uuid}
assert_response :success
assert_nil json_response['mounts']
assert_nil json_response['command']
test "unlock container locked by different dispatcher" do
authorize_with :dispatch2
uuid = containers(:locked).uuid
- post :unlock, {id: uuid}
- assert_response 422
+ post :unlock, params: {id: uuid}
+ assert_response 403
end
[
[:running, :lock, 422, 'Running'],
[:running, :unlock, 422, 'Running'],
].each do |fixture, action, response, state|
- test "state transitions from #{fixture } to #{action}" do
+ test "state transitions from #{fixture} to #{action}" do
authorize_with :dispatch1
uuid = containers(fixture).uuid
- post action, {id: uuid}
+ post action, params: {id: uuid}
assert_response response
assert_equal state, Container.where(uuid: uuid).first.state
end
assert_response 401
end
+ [
+ [true, :running_container_auth],
+ [false, :dispatch2],
+ [false, :admin],
+ [false, :active],
+ ].each do |expect_success, auth|
+ test "get secret_mounts with #{auth} token" do
+ authorize_with auth
+ get :secret_mounts, params: {id: containers(:running).uuid}
+ if expect_success
+ assert_response :success
+ assert_equal "42\n", json_response["secret_mounts"]["/secret/6x9"]["content"]
+ else
+ assert_response 403
+ end
+ end
+ end
+
+ test 'get runtime_token auth' do
+ authorize_with :dispatch2
+ c = containers(:runtime_token)
+ get :auth, params: {id: c.uuid}
+ assert_response :success
+ assert_equal "v2/#{json_response['uuid']}/#{json_response['api_token']}", api_client_authorizations(:container_runtime_token).token
+ assert_equal 'arvados#apiClientAuthorization', json_response['kind']
+ end
end