projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
21617: Accept bogus tokens at endpoints that do not require auth.
[arvados.git] / lib / controller / integration_test.go
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index 44be17c77ffb1d99e4fbeafcbe2a01dd30a82b60..45f35a6d2e937b5285fe49308329f9752ed7163b 100644 (file)
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -11,6 +11,7 @@ import (
        "encoding/json"
        "fmt"
        "io"
+       "io/fs"
        "io/ioutil"
        "math"
        "net"
@@ -27,6 +28,7 @@ import (
        "git.arvados.org/arvados.git/sdk/go/arvadostest"
        "git.arvados.org/arvados.git/sdk/go/ctxlog"
        "git.arvados.org/arvados.git/sdk/go/httpserver"
+       "git.arvados.org/arvados.git/sdk/go/keepclient"
        check "gopkg.in/check.v1"
 )
 
@@ -71,6 +73,20 @@ func (s *IntegrationSuite) SetUpSuite(c *check.C) {
       Insecure: true
     SystemLogs:
       Format: text
+    API:
+      MaxConcurrentRequests: 128
+    Containers:
+      CloudVMs:
+        Enable: true
+        Driver: loopback
+        BootProbeCommand: "rm -f /var/lock/crunch-run-broken"
+        ProbeInterval: 1s
+        PollInterval: 5s
+        SyncInterval: 10s
+        TimeoutIdle: 1s
+        TimeoutBooting: 2s
+      RuntimeEngine: singularity
+      CrunchRunArgumentsList: ["--broken-node-hook", "true"]
     RemoteClusters:
       z1111:
         Host: ` + hostport["z1111"] + `
@@ -152,6 +168,20 @@ func (s *IntegrationSuite) TestDefaultStorageClassesOnCollections(c *check.C) {
        c.Assert(coll.StorageClassesDesired, check.DeepEquals, kc.DefaultStorageClasses)
 }
 
+func (s *IntegrationSuite) createTestCollectionManifest(c *check.C, ac *arvados.Client, kc *keepclient.KeepClient, content string) string {
+       fs, err := (&arvados.Collection{}).FileSystem(ac, kc)
+       c.Assert(err, check.IsNil)
+       f, err := fs.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
+       c.Assert(err, check.IsNil)
+       _, err = io.WriteString(f, content)
+       c.Assert(err, check.IsNil)
+       err = f.Close()
+       c.Assert(err, check.IsNil)
+       mtxt, err := fs.MarshalManifest(".")
+       c.Assert(err, check.IsNil)
+       return mtxt
+}
+
 func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
        conn1 := s.super.Conn("z1111")
        rootctx1, _, _ := s.super.RootClients("z1111")
@@ -160,34 +190,70 @@ func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
 
        // Create the collection to find its PDH (but don't save it
        // anywhere yet)
-       var coll1 arvados.Collection
-       fs1, err := coll1.FileSystem(ac1, kc1)
-       c.Assert(err, check.IsNil)
-       f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
-       c.Assert(err, check.IsNil)
-       _, err = io.WriteString(f, "IntegrationSuite.TestGetCollectionByPDH")
-       c.Assert(err, check.IsNil)
-       err = f.Close()
-       c.Assert(err, check.IsNil)
-       mtxt, err := fs1.MarshalManifest(".")
-       c.Assert(err, check.IsNil)
+       mtxt := s.createTestCollectionManifest(c, ac1, kc1, c.TestName())
        pdh := arvados.PortableDataHash(mtxt)
 
        // Looking up the PDH before saving returns 404 if cycle
        // detection is working.
-       _, err = conn1.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
+       _, err := conn1.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
        c.Assert(err, check.ErrorMatches, `.*404 Not Found.*`)
 
        // Save the collection on cluster z1111.
-       coll1, err = conn1.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
+       _, err = conn1.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
                "manifest_text": mtxt,
        }})
        c.Assert(err, check.IsNil)
 
        // Retrieve the collection from cluster z3333.
-       coll, err := conn3.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
+       coll2, err := conn3.CollectionGet(userctx1, arvados.GetOptions{UUID: pdh})
        c.Check(err, check.IsNil)
-       c.Check(coll.PortableDataHash, check.Equals, pdh)
+       c.Check(coll2.PortableDataHash, check.Equals, pdh)
+}
+
+func (s *IntegrationSuite) TestFederation_Write1Read2(c *check.C) {
+       s.testFederationCollectionAccess(c, "z1111", "z2222")
+}
+
+func (s *IntegrationSuite) TestFederation_Write2Read1(c *check.C) {
+       s.testFederationCollectionAccess(c, "z2222", "z1111")
+}
+
+func (s *IntegrationSuite) TestFederation_Write2Read3(c *check.C) {
+       s.testFederationCollectionAccess(c, "z2222", "z3333")
+}
+
+func (s *IntegrationSuite) testFederationCollectionAccess(c *check.C, writeCluster, readCluster string) {
+       conn1 := s.super.Conn("z1111")
+       rootctx1, _, _ := s.super.RootClients("z1111")
+       _, ac1, _, _ := s.super.UserClients("z1111", rootctx1, c, conn1, s.oidcprovider.AuthEmail, true)
+
+       connW := s.super.Conn(writeCluster)
+       userctxW, acW, kcW := s.super.ClientsWithToken(writeCluster, ac1.AuthToken)
+       kcW.DiskCacheSize = keepclient.DiskCacheDisabled
+       connR := s.super.Conn(readCluster)
+       userctxR, acR, kcR := s.super.ClientsWithToken(readCluster, ac1.AuthToken)
+       kcR.DiskCacheSize = keepclient.DiskCacheDisabled
+
+       filedata := fmt.Sprintf("%s: write to %s, read from %s", c.TestName(), writeCluster, readCluster)
+       mtxt := s.createTestCollectionManifest(c, acW, kcW, filedata)
+       collW, err := connW.CollectionCreate(userctxW, arvados.CreateOptions{Attrs: map[string]interface{}{
+               "manifest_text": mtxt,
+       }})
+       c.Assert(err, check.IsNil)
+
+       collR, err := connR.CollectionGet(userctxR, arvados.GetOptions{UUID: collW.UUID})
+       if !c.Check(err, check.IsNil) {
+               return
+       }
+       fsR, err := collR.FileSystem(acR, kcR)
+       if !c.Check(err, check.IsNil) {
+               return
+       }
+       buf, err := fs.ReadFile(arvados.FS(fsR), "test.txt")
+       if !c.Check(err, check.IsNil) {
+               return
+       }
+       c.Check(string(buf), check.Equals, filedata)
 }
 
 // Tests bug #18004
@@ -486,6 +552,7 @@ func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) {
        req.Header.Set("Authorization", "OAuth2 "+ac2.AuthToken)
        resp, err = arvados.InsecureHTTPClient.Do(req)
        c.Assert(err, check.IsNil)
+       defer resp.Body.Close()
        err = json.NewDecoder(resp.Body).Decode(&cr)
        c.Check(err, check.IsNil)
        c.Check(cr.UUID, check.Matches, "z2222-.*")
@@ -523,8 +590,10 @@ func (s *IntegrationSuite) TestCreateContainerRequestWithBadToken(c *check.C) {
                c.Assert(err, check.IsNil)
                req.Header.Set("Content-Type", "application/json")
                resp, err := ac1.Do(req)
-               c.Assert(err, check.IsNil)
-               c.Assert(resp.StatusCode, check.Equals, tt.expectedCode)
+               if c.Check(err, check.IsNil) {
+                       c.Assert(resp.StatusCode, check.Equals, tt.expectedCode)
+                       resp.Body.Close()
+               }
        }
 }
 
@@ -592,9 +661,11 @@ func (s *IntegrationSuite) TestRequestIDHeader(c *check.C) {
                        var jresp httpserver.ErrorResponse
                        err := json.NewDecoder(resp.Body).Decode(&jresp)
                        c.Check(err, check.IsNil)
-                       c.Assert(jresp.Errors, check.HasLen, 1)
-                       c.Check(jresp.Errors[0], check.Matches, `.*\(`+respHdr+`\).*`)
+                       if c.Check(jresp.Errors, check.HasLen, 1) {
+                               c.Check(jresp.Errors[0], check.Matches, `.*\(`+respHdr+`\).*`)
+                       }
                }
+               resp.Body.Close()
        }
 }
 
@@ -951,8 +1022,8 @@ func (s *IntegrationSuite) TestSetupUserWithVM(c *check.C) {
                        "hostname": "example",
                },
                })
+       c.Assert(err, check.IsNil)
        c.Check(outVM.UUID[0:5], check.Equals, "z3333")
-       c.Check(err, check.IsNil)
 
        // Make sure z3333 user list is up to date
        _, err = conn3.UserList(rootctx3, arvados.ListOptions{Limit: 1000})
@@ -1111,3 +1182,171 @@ func (s *IntegrationSuite) TestForwardRuntimeTokenToLoginCluster(c *check.C) {
        c.Check(err, check.ErrorMatches, `request failed: .* 401 Unauthorized: cannot use a locally issued token to forward a request to our login cluster \(z1111\)`)
        c.Check(err, check.Not(check.ErrorMatches), `(?ms).*127\.0\.0\.11.*`)
 }
+
+func (s *IntegrationSuite) TestRunTrivialContainer(c *check.C) {
+       outcoll, _ := s.runContainer(c, "z1111", "", map[string]interface{}{
+               "command":             []string{"sh", "-c", "touch \"/out/hello world\" /out/ohai"},
+               "container_image":     "busybox:uclibc",
+               "cwd":                 "/tmp",
+               "environment":         map[string]string{},
+               "mounts":              map[string]arvados.Mount{"/out": {Kind: "tmp", Capacity: 10000}},
+               "output_path":         "/out",
+               "runtime_constraints": arvados.RuntimeConstraints{RAM: 100000000, VCPUs: 1, KeepCacheRAM: 1 << 26},
+               "priority":            1,
+               "state":               arvados.ContainerRequestStateCommitted,
+       }, 0)
+       c.Check(outcoll.ManifestText, check.Matches, `\. d41d8.* 0:0:hello\\040world 0:0:ohai\n`)
+       c.Check(outcoll.PortableDataHash, check.Equals, "8fa5dee9231a724d7cf377c5a2f4907c+65")
+}
+
+func (s *IntegrationSuite) TestContainerInputOnDifferentCluster(c *check.C) {
+       conn := s.super.Conn("z1111")
+       rootctx, _, _ := s.super.RootClients("z1111")
+       userctx, ac, _, _ := s.super.UserClients("z1111", rootctx, c, conn, s.oidcprovider.AuthEmail, true)
+       z1coll, err := conn.CollectionCreate(userctx, arvados.CreateOptions{Attrs: map[string]interface{}{
+               "manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:ocelot\n",
+       }})
+       c.Assert(err, check.IsNil)
+
+       outcoll, logcfs := s.runContainer(c, "z2222", ac.AuthToken, map[string]interface{}{
+               "command":         []string{"ls", "/in"},
+               "container_image": "busybox:uclibc",
+               "cwd":             "/tmp",
+               "environment":     map[string]string{},
+               "mounts": map[string]arvados.Mount{
+                       "/in":  {Kind: "collection", PortableDataHash: z1coll.PortableDataHash},
+                       "/out": {Kind: "tmp", Capacity: 10000},
+               },
+               "output_path":         "/out",
+               "runtime_constraints": arvados.RuntimeConstraints{RAM: 100000000, VCPUs: 1, KeepCacheRAM: 1 << 26},
+               "priority":            1,
+               "state":               arvados.ContainerRequestStateCommitted,
+               "container_count_max": 1,
+       }, -1)
+       if outcoll.UUID == "" {
+               arvmountlog, err := fs.ReadFile(arvados.FS(logcfs), "/arv-mount.txt")
+               c.Check(err, check.IsNil)
+               c.Check(string(arvmountlog), check.Matches, `(?ms).*cannot use a locally issued token to forward a request to our login cluster \(z1111\).*`)
+               c.Skip("this use case is not supported yet")
+       }
+       stdout, err := fs.ReadFile(arvados.FS(logcfs), "/stdout.txt")
+       c.Check(err, check.IsNil)
+       c.Check(string(stdout), check.Equals, "ocelot\n")
+}
+
+func (s *IntegrationSuite) runContainer(c *check.C, clusterID string, token string, ctrSpec map[string]interface{}, expectExitCode int) (outcoll arvados.Collection, logcfs arvados.CollectionFileSystem) {
+       conn := s.super.Conn(clusterID)
+       rootctx, _, _ := s.super.RootClients(clusterID)
+       if token == "" {
+               _, ac, _, _ := s.super.UserClients(clusterID, rootctx, c, conn, s.oidcprovider.AuthEmail, true)
+               token = ac.AuthToken
+       }
+       _, ac, kc := s.super.ClientsWithToken(clusterID, token)
+
+       c.Log("[docker load]")
+       out, err := exec.Command("docker", "load", "--input", arvadostest.BusyboxDockerImage(c)).CombinedOutput()
+       c.Logf("[docker load output] %s", out)
+       c.Check(err, check.IsNil)
+
+       c.Log("[arv-keepdocker]")
+       akd := exec.Command("arv-keepdocker", "--no-resume", "busybox:uclibc")
+       akd.Env = append(os.Environ(), "ARVADOS_API_HOST="+ac.APIHost, "ARVADOS_API_HOST_INSECURE=1", "ARVADOS_API_TOKEN="+ac.AuthToken)
+       out, err = akd.CombinedOutput()
+       c.Logf("[arv-keepdocker output]\n%s", out)
+       c.Check(err, check.IsNil)
+
+       var cr arvados.ContainerRequest
+       err = ac.RequestAndDecode(&cr, "POST", "/arvados/v1/container_requests", nil, map[string]interface{}{
+               "container_request": ctrSpec,
+       })
+       c.Assert(err, check.IsNil)
+
+       showlogs := func(collectionID string) arvados.CollectionFileSystem {
+               var logcoll arvados.Collection
+               err = ac.RequestAndDecode(&logcoll, "GET", "/arvados/v1/collections/"+collectionID, nil, nil)
+               c.Assert(err, check.IsNil)
+               cfs, err := logcoll.FileSystem(ac, kc)
+               c.Assert(err, check.IsNil)
+               fs.WalkDir(arvados.FS(cfs), "/", func(path string, d fs.DirEntry, err error) error {
+                       if d.IsDir() || strings.HasPrefix(path, "/log for container") {
+                               return nil
+                       }
+                       f, err := cfs.Open(path)
+                       c.Assert(err, check.IsNil)
+                       defer f.Close()
+                       buf, err := ioutil.ReadAll(f)
+                       c.Assert(err, check.IsNil)
+                       c.Logf("=== %s\n%s\n", path, buf)
+                       return nil
+               })
+               return cfs
+       }
+
+       checkwebdavlogs := func(cr arvados.ContainerRequest) {
+               req, err := http.NewRequest("OPTIONS", "https://"+ac.APIHost+"/arvados/v1/container_requests/"+cr.UUID+"/log/"+cr.ContainerUUID+"/", nil)
+               c.Assert(err, check.IsNil)
+               req.Header.Set("Origin", "http://example.example")
+               resp, err := ac.Do(req)
+               c.Assert(err, check.IsNil)
+               c.Check(resp.StatusCode, check.Equals, http.StatusOK)
+               // Check for duplicate headers -- must use Header[], not Header.Get()
+               c.Check(resp.Header["Access-Control-Allow-Origin"], check.DeepEquals, []string{"*"})
+       }
+
+       var ctr arvados.Container
+       var lastState arvados.ContainerState
+       var status, lastStatus arvados.ContainerStatus
+       var allStatus string
+       checkstatus := func() {
+               err := ac.RequestAndDecode(&status, "GET", "/arvados/v1/container_requests/"+cr.UUID+"/container_status", nil, nil)
+               c.Assert(err, check.IsNil)
+               if status != lastStatus {
+                       c.Logf("container status: %s, %s", status.State, status.SchedulingStatus)
+                       allStatus += fmt.Sprintf("%s, %s\n", status.State, status.SchedulingStatus)
+                       lastStatus = status
+               }
+       }
+       deadline := time.Now().Add(time.Minute)
+       for cr.State != arvados.ContainerRequestStateFinal || (lastStatus.State != arvados.ContainerStateComplete && lastStatus.State != arvados.ContainerStateCancelled) {
+               err = ac.RequestAndDecode(&cr, "GET", "/arvados/v1/container_requests/"+cr.UUID, nil, nil)
+               c.Assert(err, check.IsNil)
+               checkstatus()
+               err = ac.RequestAndDecode(&ctr, "GET", "/arvados/v1/containers/"+cr.ContainerUUID, nil, nil)
+               if err != nil {
+                       c.Logf("error getting container state: %s", err)
+               } else if ctr.State != lastState {
+                       c.Logf("container state changed to %q", ctr.State)
+                       lastState = ctr.State
+               } else {
+                       if time.Now().After(deadline) {
+                               c.Errorf("timed out, container state is %q", cr.State)
+                               if ctr.Log == "" {
+                                       c.Logf("=== NO LOG COLLECTION saved for container")
+                               } else {
+                                       showlogs(ctr.Log)
+                               }
+                               c.FailNow()
+                       }
+                       time.Sleep(time.Second / 2)
+               }
+       }
+       checkstatus()
+       c.Logf("cr.CumulativeCost == %f", cr.CumulativeCost)
+       c.Check(cr.CumulativeCost, check.Not(check.Equals), 0.0)
+       if expectExitCode >= 0 {
+               c.Check(ctr.State, check.Equals, arvados.ContainerStateComplete)
+               c.Check(ctr.ExitCode, check.Equals, expectExitCode)
+               err = ac.RequestAndDecode(&outcoll, "GET", "/arvados/v1/collections/"+cr.OutputUUID, nil, nil)
+               c.Assert(err, check.IsNil)
+               c.Check(allStatus, check.Matches, `Queued, waiting for dispatch\n`+
+                       `(Queued, waiting.*\n)*`+
+                       `(Locked, waiting for dispatch\n)?`+
+                       `(Locked, waiting for new instance to be ready\n)?`+
+                       `(Locked, preparing runtime environment\n)?`+
+                       `(Running, \n)?`+
+                       `Complete, \n`)
+       }
+       logcfs = showlogs(cr.LogUUID)
+       checkwebdavlogs(cr)
+       return outcoll, logcfs
+}