}
trap cleanup ERR
+if [[ -z "$(docker image ls -q osixia/openldap:1.3.0)" ]]; then
+ echo >&2 "Pulling docker image for ldap server"
+ docker pull osixia/openldap:1.3.0
+fi
+
ldapctr=ldap-${RANDOM}
echo >&2 "Starting ldap server in docker container ${ldapctr}"
docker run --rm --detach \
"http://0.0.0.0:9999/": {}
Login:
PAM: true
+ # Without this magic PAMDefaultEmailDomain, inserted users would
+ # prevent subsequent database/reset from working (see
+ # database_controller.rb).
+ PAMDefaultEmailDomain: example.com
SystemLogs:
LogLevel: debug
EOF
osixia/openldap:1.3.0 \
bash -c "for f in \$(seq 1 5); do if ldapadd -H '${ldapurl}' -D 'cn=${adminuser},dc=example,dc=org' -w '${adminpassword}' -f /add_example_user.ldif; then exit 0; else sleep 2; fi; done; echo 'failed to add user entry'; exit 1"
+echo >&2 "Building arvados controller binary to run in container"
+go build -o "${tmpdir}" ../../../cmd/arvados-server
+
ctrlctr=ctrl-${RANDOM}
echo >&2 "Starting arvados controller in docker container ${ctrlctr}"
docker run --detach --rm --name=${ctrlctr} \
-p 9999 \
-v "${tmpdir}/pam_ldap.conf":/etc/pam_ldap.conf:ro \
- -v "${GOPATH:-${HOME}/go}/bin/arvados-server":/bin/arvados-server:ro \
+ -v "${tmpdir}/arvados-server":/bin/arvados-server:ro \
-v "${tmpdir}/zzzzz.yml":/etc/arvados/config.yml:ro \
-v $(realpath "${PWD}/../../.."):/arvados:ro \
debian:10 \
echo >&2
echo >&2 "Arvados controller is up at http://${ctrlhostport}"
+check_contains() {
+ resp="${1}"
+ str="${2}"
+ if ! echo "${resp}" | fgrep -q "${str}"; then
+ echo >&2 "${resp}"
+ echo >&2 "FAIL: expected in response, but not found: ${str@Q}"
+ return 1
+ fi
+}
+
echo >&2 "Testing authentication failure"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug | grep "Authentication failure"
+resp="$(curl -s --include -d username=foo -d password=nosecret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 401"
+check_contains "${resp}" '{"errors":["PAM: Authentication failure (with username \"foo\" and password)"]}'
+
echo >&2 "Testing authentication success"
-curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug | fgrep '{"token":"v2/zzzzz-gj3su-'
+resp="$(curl -s --include -d username=foo -d password=secret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)"
+check_contains "${resp}" "HTTP/1.1 200"
+check_contains "${resp}" '"api_token":"'
+check_contains "${resp}" '"scopes":["all"]'
+check_contains "${resp}" '"uuid":"zzzzz-gj3su-'
cleanup