projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
16387: Test updating cache after deactivating user.
[arvados.git] / lib / controller / localdb / login_pam_docker_test.sh
diff --git a/lib/controller/localdb/login_pam_docker_test.sh b/lib/controller/localdb/login_pam_docker_test.sh
index 7fb0a303af1a5813160cd001610f456183872edc..b8f281bc2e69dfd80f3c3451b161330bbc0a2d47 100755 (executable)
--- a/lib/controller/localdb/login_pam_docker_test.sh
+++ b/lib/controller/localdb/login_pam_docker_test.sh
@@ -37,6 +37,11 @@ cleanup() {
 }
 trap cleanup ERR
 
+if [[ -z "$(docker image ls -q osixia/openldap:1.3.0)" ]]; then
+    echo >&2 "Pulling docker image for ldap server"
+    docker pull osixia/openldap:1.3.0
+fi
+
 ldapctr=ldap-${RANDOM}
 echo >&2 "Starting ldap server in docker container ${ldapctr}"
 docker run --rm --detach \
@@ -83,6 +88,10 @@ Clusters:
           "http://0.0.0.0:9999/": {}
     Login:
       PAM: true
+      # Without this magic PAMDefaultEmailDomain, inserted users would
+      # prevent subsequent database/reset from working (see
+      # database_controller.rb).
+      PAMDefaultEmailDomain: example.com
     SystemLogs:
       LogLevel: debug
 EOF
@@ -131,12 +140,15 @@ docker run --rm --entrypoint= \
        osixia/openldap:1.3.0 \
        bash -c "for f in \$(seq 1 5); do if ldapadd -H '${ldapurl}' -D 'cn=${adminuser},dc=example,dc=org' -w '${adminpassword}' -f /add_example_user.ldif; then exit 0; else sleep 2; fi; done; echo 'failed to add user entry'; exit 1"
 
+echo >&2 "Building arvados controller binary to run in container"
+go build -o "${tmpdir}" ../../../cmd/arvados-server
+
 ctrlctr=ctrl-${RANDOM}
 echo >&2 "Starting arvados controller in docker container ${ctrlctr}"
 docker run --detach --rm --name=${ctrlctr} \
        -p 9999 \
        -v "${tmpdir}/pam_ldap.conf":/etc/pam_ldap.conf:ro \
-       -v "${GOPATH:-${HOME}/go}/bin/arvados-server":/bin/arvados-server:ro \
+       -v "${tmpdir}/arvados-server":/bin/arvados-server:ro \
        -v "${tmpdir}/zzzzz.yml":/etc/arvados/config.yml:ro \
        -v $(realpath "${PWD}/../../.."):/arvados:ro \
        debian:10 \
@@ -156,9 +168,26 @@ done
 echo >&2
 echo >&2 "Arvados controller is up at http://${ctrlhostport}"
 
+check_contains() {
+    resp="${1}"
+    str="${2}"
+    if ! echo "${resp}" | fgrep -q "${str}"; then
+        echo >&2 "${resp}"
+        echo >&2 "FAIL: expected in response, but not found: ${str@Q}"
+        return 1
+    fi
+}
+
 echo >&2 "Testing authentication failure"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug | grep "Authentication failure"
+resp="$(curl -s --include -d username=foo -d password=nosecret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 401"
+check_contains "${resp}" '{"errors":["PAM: Authentication failure (with username \"foo\" and password)"]}'
+
 echo >&2 "Testing authentication success"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug | fgrep '{"token":"v2/zzzzz-gj3su-'
+resp="$(curl -s --include -d username=foo -d password=secret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 200"
+check_contains "${resp}" '"api_token":"'
+check_contains "${resp}" '"scopes":["all"]'
+check_contains "${resp}" '"uuid":"zzzzz-gj3su-'
 
 cleanup