+
+func (s *IntegrationSuite) TestSetupUserWithVM(c *check.C) {
+ conn1 := s.conn("z1111")
+ conn3 := s.conn("z3333")
+ rootctx1, rootac1, _ := s.rootClients("z1111")
+
+ // Create user on LoginCluster z1111
+ _, _, _, user := s.userClients(rootctx1, c, conn1, "z1111", false)
+
+ // Make a new root token (because rootClients() uses SystemRootToken)
+ var outAuth arvados.APIClientAuthorization
+ err := rootac1.RequestAndDecode(&outAuth, "POST", "/arvados/v1/api_client_authorizations", nil, nil)
+ c.Check(err, check.IsNil)
+
+ // Make a v2 root token to communicate with z3333
+ rootctx3, rootac3, _ := s.clientsWithToken("z3333", outAuth.TokenV2())
+
+ // Create VM on z3333
+ var outVM arvados.VirtualMachine
+ err = rootac3.RequestAndDecode(&outVM, "POST", "/arvados/v1/virtual_machines", nil,
+ map[string]interface{}{"virtual_machine": map[string]interface{}{
+ "hostname": "example",
+ },
+ })
+ c.Check(outVM.UUID[0:5], check.Equals, "z3333")
+ c.Check(err, check.IsNil)
+
+ // Make sure z3333 user list is up to date
+ _, err = conn3.UserList(rootctx3, arvados.ListOptions{Limit: 1000})
+ c.Check(err, check.IsNil)
+
+ // Try to set up user on z3333 with the VM
+ _, err = conn3.UserSetup(rootctx3, arvados.UserSetupOptions{UUID: user.UUID, VMUUID: outVM.UUID})
+ c.Check(err, check.IsNil)
+
+ var outLinks arvados.LinkList
+ err = rootac3.RequestAndDecode(&outLinks, "GET", "/arvados/v1/links", nil,
+ arvados.ListOptions{
+ Limit: 1000,
+ Filters: []arvados.Filter{
+ {
+ Attr: "tail_uuid",
+ Operator: "=",
+ Operand: user.UUID,
+ },
+ {
+ Attr: "head_uuid",
+ Operator: "=",
+ Operand: outVM.UUID,
+ },
+ {
+ Attr: "name",
+ Operator: "=",
+ Operand: "can_login",
+ },
+ {
+ Attr: "link_class",
+ Operator: "=",
+ Operand: "permission",
+ }}})
+ c.Check(err, check.IsNil)
+
+ c.Check(len(outLinks.Items), check.Equals, 1)
+}
+
+func (s *IntegrationSuite) TestOIDCAccessTokenAuth(c *check.C) {
+ conn1 := s.conn("z1111")
+ rootctx1, _, _ := s.rootClients("z1111")
+ s.userClients(rootctx1, c, conn1, "z1111", true)
+
+ accesstoken := s.oidcprovider.ValidAccessToken()
+
+ for _, clusterid := range []string{"z1111", "z2222"} {
+ c.Logf("trying clusterid %s", clusterid)
+
+ conn := s.conn(clusterid)
+ ctx, ac, kc := s.clientsWithToken(clusterid, accesstoken)
+
+ var coll arvados.Collection
+
+ // Write some file data and create a collection
+ {
+ fs, err := coll.FileSystem(ac, kc)
+ c.Assert(err, check.IsNil)
+ f, err := fs.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
+ c.Assert(err, check.IsNil)
+ _, err = io.WriteString(f, "IntegrationSuite.TestOIDCAccessTokenAuth")
+ c.Assert(err, check.IsNil)
+ err = f.Close()
+ c.Assert(err, check.IsNil)
+ mtxt, err := fs.MarshalManifest(".")
+ c.Assert(err, check.IsNil)
+ coll, err = conn.CollectionCreate(ctx, arvados.CreateOptions{Attrs: map[string]interface{}{
+ "manifest_text": mtxt,
+ }})
+ c.Assert(err, check.IsNil)
+ }
+
+ // Read the collection & file data
+ {
+ user, err := conn.UserGetCurrent(ctx, arvados.GetOptions{})
+ c.Assert(err, check.IsNil)
+ c.Check(user.FullName, check.Equals, "Example User")
+ coll, err = conn.CollectionGet(ctx, arvados.GetOptions{UUID: coll.UUID})
+ c.Assert(err, check.IsNil)
+ c.Check(coll.ManifestText, check.Not(check.Equals), "")
+ fs, err := coll.FileSystem(ac, kc)
+ c.Assert(err, check.IsNil)
+ f, err := fs.Open("test.txt")
+ c.Assert(err, check.IsNil)
+ buf, err := ioutil.ReadAll(f)
+ c.Assert(err, check.IsNil)
+ c.Check(buf, check.DeepEquals, []byte("IntegrationSuite.TestOIDCAccessTokenAuth"))
+ }
+ }
+}