package localdb
import (
- "context"
"io/ioutil"
"net/http"
"os"
"strings"
- "git.arvados.org/arvados.git/lib/config"
- "git.arvados.org/arvados.git/lib/controller/rpc"
"git.arvados.org/arvados.git/sdk/go/arvados"
- "git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/ctxlog"
check "gopkg.in/check.v1"
)
var _ = check.Suite(&PamSuite{})
type PamSuite struct {
- cluster *arvados.Cluster
- ctrl *pamLoginController
- railsSpy *arvadostest.Proxy
+ localdbSuite
}
-func (s *PamSuite) SetUpSuite(c *check.C) {
- cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
- c.Assert(err, check.IsNil)
- s.cluster, err = cfg.GetCluster("")
- c.Assert(err, check.IsNil)
- s.cluster.Login.PAM = true
- s.cluster.Login.PAMDefaultEmailDomain = "example.com"
- s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
- s.ctrl = &pamLoginController{
- Cluster: s.cluster,
- RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider),
+func (s *PamSuite) SetUpTest(c *check.C) {
+ s.localdbSuite.SetUpTest(c)
+ s.cluster.Login.PAM.Enable = true
+ s.cluster.Login.PAM.DefaultEmailDomain = "example.com"
+ s.localdb.loginController = &pamLoginController{
+ Cluster: s.cluster,
+ Parent: s.localdb,
}
}
func (s *PamSuite) TestLoginFailure(c *check.C) {
- resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{
+ resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: "bogususername",
Password: "boguspassword",
})
// This test only runs if the ARVADOS_TEST_PAM_CREDENTIALS_FILE env
// var is set. The credentials file should contain a valid username
// and password, separated by \n.
+//
+// Depending on the host config, this test succeeds only if the test
+// credentials are for the same account being used to run tests.
func (s *PamSuite) TestLoginSuccess(c *check.C) {
testCredsFile := os.Getenv("ARVADOS_TEST_PAM_CREDENTIALS_FILE")
if testCredsFile == "" {
c.Assert(len(lines), check.Equals, 2, check.Commentf("credentials file %s should contain \"username\\npassword\"", testCredsFile))
u, p := lines[0], lines[1]
- resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{
+ resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: u,
Password: p,
})
c.Check(resp.Scopes, check.DeepEquals, []string{"all"})
authinfo := getCallbackAuthInfo(c, s.railsSpy)
- c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAMDefaultEmailDomain)
+ c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAM.DefaultEmailDomain)
c.Check(authinfo.AlternateEmails, check.DeepEquals, []string(nil))
}