projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
20647: Test CORS preflight request routing.
[arvados.git] / lib / controller / router / router_test.go
diff --git a/lib/controller/router/router_test.go b/lib/controller/router/router_test.go
index a42df278f43043ee7eeb4621d5ecaa2faa0cb275..a8359a440026e5eb617c35c4623b998571a277d5 100644 (file)
--- a/lib/controller/router/router_test.go
+++ b/lib/controller/router/router_test.go
@@ -16,10 +16,10 @@ import (
        "testing"
        "time"
 
-       "git.curoverse.com/arvados.git/lib/controller/rpc"
-       "git.curoverse.com/arvados.git/sdk/go/arvados"
-       "git.curoverse.com/arvados.git/sdk/go/arvadostest"
-       "github.com/julienschmidt/httprouter"
+       "git.arvados.org/arvados.git/lib/controller/rpc"
+       "git.arvados.org/arvados.git/sdk/go/arvados"
+       "git.arvados.org/arvados.git/sdk/go/arvadostest"
+       "github.com/gorilla/mux"
        check "gopkg.in/check.v1"
 )
 
@@ -38,8 +38,8 @@ type RouterSuite struct {
 func (s *RouterSuite) SetUpTest(c *check.C) {
        s.stub = arvadostest.APIStub{}
        s.rtr = &router{
-               mux: httprouter.New(),
-               fed: &s.stub,
+               mux:     mux.NewRouter(),
+               backend: &s.stub,
        }
        s.rtr.addRoutes()
 }
@@ -47,13 +47,15 @@ func (s *RouterSuite) SetUpTest(c *check.C) {
 func (s *RouterSuite) TestOptions(c *check.C) {
        token := arvadostest.ActiveToken
        for _, trial := range []struct {
-               method       string
-               path         string
-               header       http.Header
-               body         string
-               shouldStatus int // zero value means 200
-               shouldCall   string
-               withOptions  interface{}
+               comment         string // unparsed -- only used to help match test failures to trials
+               method          string
+               path            string
+               header          http.Header
+               body            string
+               unauthenticated bool
+               shouldStatus    int // zero value means 200
+               shouldCall      string
+               withOptions     interface{}
        }{
                {
                        method:      "GET",
@@ -91,6 +93,12 @@ func (s *RouterSuite) TestOptions(c *check.C) {
                        shouldCall:  "CollectionList",
                        withOptions: arvados.ListOptions{Limit: -1},
                },
+               {
+                       method:      "GET",
+                       path:        "/arvados/v1/api_client_authorizations",
+                       shouldCall:  "APIClientAuthorizationList",
+                       withOptions: arvados.ListOptions{Limit: -1},
+               },
                {
                        method:      "GET",
                        path:        "/arvados/v1/collections?limit=123&offset=456&include_trash=true&include_old_versions=1",
@@ -104,6 +112,14 @@ func (s *RouterSuite) TestOptions(c *check.C) {
                        shouldCall:  "CollectionList",
                        withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
                },
+               {
+                       method:      "POST",
+                       path:        "/arvados/v1/collections?limit=123",
+                       body:        `{"offset":456,"include_trash":true,"include_old_versions":true}`,
+                       header:      http.Header{"X-Http-Method-Override": {"GET"}, "Content-Type": {"application/json"}},
+                       shouldCall:  "CollectionList",
+                       withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
+               },
                {
                        method:      "POST",
                        path:        "/arvados/v1/collections?limit=123",
@@ -112,6 +128,38 @@ func (s *RouterSuite) TestOptions(c *check.C) {
                        shouldCall:  "CollectionList",
                        withOptions: arvados.ListOptions{Limit: 123, Offset: 456, IncludeTrash: true, IncludeOldVersions: true},
                },
+               {
+                       comment:     "form-encoded expression filter in query string",
+                       method:      "GET",
+                       path:        "/arvados/v1/collections?filters=[%22(foo<bar)%22]",
+                       shouldCall:  "CollectionList",
+                       withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
+               },
+               {
+                       comment:     "form-encoded expression filter in POST body",
+                       method:      "POST",
+                       path:        "/arvados/v1/collections",
+                       body:        "filters=[\"(foo<bar)\"]&_method=GET",
+                       header:      http.Header{"Content-Type": {"application/x-www-form-urlencoded"}},
+                       shouldCall:  "CollectionList",
+                       withOptions: arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"(foo<bar)", "=", true}}},
+               },
+               {
+                       comment:     "json-encoded expression filter in POST body",
+                       method:      "POST",
+                       path:        "/arvados/v1/collections?_method=GET",
+                       body:        `{"filters":["(foo<bar)",["bar","=","baz"]],"limit":2}`,
+                       header:      http.Header{"Content-Type": {"application/json"}},
+                       shouldCall:  "CollectionList",
+                       withOptions: arvados.ListOptions{Limit: 2, Filters: []arvados.Filter{{"(foo<bar)", "=", true}, {"bar", "=", "baz"}}},
+               },
+               {
+                       comment:     "json-encoded select param in query string",
+                       method:      "GET",
+                       path:        "/arvados/v1/collections/" + arvadostest.FooCollection + "?select=[%22portable_data_hash%22]",
+                       shouldCall:  "CollectionGet",
+                       withOptions: arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"portable_data_hash"}},
+               },
                {
                        method:       "PATCH",
                        path:         "/arvados/v1/collections",
@@ -127,25 +175,135 @@ func (s *RouterSuite) TestOptions(c *check.C) {
                        path:         "/arvados/v1/collections",
                        shouldStatus: http.StatusMethodNotAllowed,
                },
+               {
+                       comment:    "container log webdav GET root",
+                       method:     "GET",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "GET",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
+               },
+               {
+                       comment:    "container log webdav GET root without trailing slash",
+                       method:     "GET",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "GET",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID}},
+               },
+               {
+                       comment:    "container log webdav OPTIONS root",
+                       method:     "OPTIONS",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "OPTIONS",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
+               },
+               {
+                       comment:    "container log webdav OPTIONS root without trailing slash",
+                       method:     "OPTIONS",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID,
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "OPTIONS",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID}},
+               },
+               {
+                       comment:         "container log webdav OPTIONS for CORS",
+                       unauthenticated: true,
+                       method:          "OPTIONS",
+                       path:            "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
+                       header:          http.Header{"Access-Control-Request-Method": {"POST"}},
+                       shouldCall:      "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "OPTIONS",
+                                       Header: http.Header{
+                                               "Access-Control-Request-Method": {"POST"},
+                                       },
+                                       Path: "/" + arvadostest.CompletedContainerUUID + "/"}},
+               },
+               {
+                       comment:    "container log webdav PROPFIND root",
+                       method:     "PROPFIND",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "PROPFIND",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
+               },
+               {
+                       comment:    "container log webdav PROPFIND root without trailing slash",
+                       method:     "PROPFIND",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID: arvadostest.CompletedContainerRequestUUID,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "PROPFIND",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID}},
+               },
+               {
+                       comment:    "container log webdav no_forward=true",
+                       method:     "GET",
+                       path:       "/arvados/v1/container_requests/" + arvadostest.CompletedContainerRequestUUID + "/log/" + arvadostest.CompletedContainerUUID + "/?no_forward=true",
+                       shouldCall: "ContainerRequestLog",
+                       withOptions: arvados.ContainerLogOptions{
+                               UUID:      arvadostest.CompletedContainerRequestUUID,
+                               NoForward: true,
+                               WebDAVOptions: arvados.WebDAVOptions{
+                                       Method: "GET",
+                                       Header: http.Header{"Authorization": {"Bearer " + arvadostest.ActiveToken}},
+                                       Path:   "/" + arvadostest.CompletedContainerUUID + "/"}},
+               },
+               {
+                       comment:      "/logX does not route to ContainerRequestLog",
+                       method:       "GET",
+                       path:         "/arvados/v1/containers/" + arvadostest.CompletedContainerRequestUUID + "/logX",
+                       shouldStatus: http.StatusNotFound,
+                       shouldCall:   "",
+               },
        } {
                // Reset calls captured in previous trial
                s.stub = arvadostest.APIStub{}
 
-               c.Logf("trial: %#v", trial)
-               _, rr, _ := doRequest(c, s.rtr, token, trial.method, trial.path, trial.header, bytes.NewBufferString(trial.body))
+               c.Logf("trial: %+v", trial)
+               comment := check.Commentf("trial comment: %s", trial.comment)
+
+               _, rr := doRequest(c, s.rtr, token, trial.method, trial.path, !trial.unauthenticated, trial.header, bytes.NewBufferString(trial.body), nil)
                if trial.shouldStatus == 0 {
-                       c.Check(rr.Code, check.Equals, http.StatusOK)
+                       c.Check(rr.Code, check.Equals, http.StatusOK, comment)
                } else {
-                       c.Check(rr.Code, check.Equals, trial.shouldStatus)
+                       c.Check(rr.Code, check.Equals, trial.shouldStatus, comment)
                }
                calls := s.stub.Calls(nil)
                if trial.shouldCall == "" {
-                       c.Check(calls, check.HasLen, 0)
+                       c.Check(calls, check.HasLen, 0, comment)
                } else if len(calls) != 1 {
-                       c.Check(calls, check.HasLen, 1)
+                       c.Check(calls, check.HasLen, 1, comment)
                } else {
-                       c.Check(calls[0].Method, isMethodNamed, trial.shouldCall)
-                       c.Check(calls[0].Options, check.DeepEquals, trial.withOptions)
+                       c.Check(calls[0].Method, isMethodNamed, trial.shouldCall, comment)
+                       c.Check(calls[0].Options, check.DeepEquals, trial.withOptions, comment)
                }
        }
 }
@@ -161,7 +319,7 @@ func (s *RouterIntegrationSuite) SetUpTest(c *check.C) {
        cluster.TLS.Insecure = true
        arvadostest.SetServiceURL(&cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST"))
        url, _ := url.Parse("https://" + os.Getenv("ARVADOS_TEST_API_HOST"))
-       s.rtr = New(rpc.NewConn("zzzzz", url, true, rpc.PassthroughTokenProvider))
+       s.rtr = New(rpc.NewConn("zzzzz", url, true, rpc.PassthroughTokenProvider), Config{})
 }
 
 func (s *RouterIntegrationSuite) TearDownSuite(c *check.C) {
@@ -173,7 +331,8 @@ func (s *RouterIntegrationSuite) TestCollectionResponses(c *check.C) {
        token := arvadostest.ActiveTokenV2
 
        // Check "get collection" response has "kind" key
-       _, rr, jresp := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, nil, bytes.NewBufferString(`{"include_trash":true}`))
+       jresp := map[string]interface{}{}
+       _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"include_trash":true}`), jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
        c.Check(jresp["kind"], check.Equals, "arvados#collectionList")
@@ -187,7 +346,8 @@ func (s *RouterIntegrationSuite) TestCollectionResponses(c *check.C) {
                `,"select":["name"]`,
                `,"select":["uuid"]`,
        } {
-               _, rr, jresp = doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, nil, bytes.NewBufferString(`{"where":{"uuid":["`+arvadostest.FooCollection+`"]}`+selectj+`}`))
+               jresp := map[string]interface{}{}
+               _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections`, true, nil, bytes.NewBufferString(`{"where":{"uuid":["`+arvadostest.FooCollection+`"]}`+selectj+`}`), jresp)
                c.Check(rr.Code, check.Equals, http.StatusOK)
                c.Check(jresp["items"], check.FitsTypeOf, []interface{}{})
                c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
@@ -212,29 +372,61 @@ func (s *RouterIntegrationSuite) TestCollectionResponses(c *check.C) {
        }
 
        // Check "create collection" response has "kind" key
-       _, rr, jresp = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}, bytes.NewBufferString(`ensure_unique_name=true`))
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}, bytes.NewBufferString(`ensure_unique_name=true`), jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["uuid"], check.FitsTypeOf, "")
        c.Check(jresp["kind"], check.Equals, "arvados#collection")
 }
 
+func (s *RouterIntegrationSuite) TestMaxRequestSize(c *check.C) {
+       token := arvadostest.ActiveTokenV2
+       for _, maxRequestSize := range []int{
+               // Ensure 5M limit is enforced.
+               5000000,
+               // Ensure 50M limit is enforced, and that a >25M body
+               // is accepted even though the default Go request size
+               // limit is 10M.
+               50000000,
+       } {
+               s.rtr.config.MaxRequestSize = maxRequestSize
+               okstr := "a"
+               for len(okstr) < maxRequestSize/2 {
+                       okstr = okstr + okstr
+               }
+
+               hdr := http.Header{"Content-Type": {"application/x-www-form-urlencoded"}}
+
+               body := bytes.NewBufferString(url.Values{"foo_bar": {okstr}}.Encode())
+               _, rr := doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
+               c.Check(rr.Code, check.Equals, http.StatusOK)
+
+               body = bytes.NewBufferString(url.Values{"foo_bar": {okstr + okstr}}.Encode())
+               _, rr = doRequest(c, s.rtr, token, "POST", `/arvados/v1/collections`, true, hdr, body, nil)
+               c.Check(rr.Code, check.Equals, http.StatusRequestEntityTooLarge)
+       }
+}
+
 func (s *RouterIntegrationSuite) TestContainerList(c *check.C) {
        token := arvadostest.ActiveTokenV2
 
-       _, rr, jresp := doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=0`, nil, nil)
+       jresp := map[string]interface{}{}
+       _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=0`, true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
        c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
        c.Check(jresp["items"], check.NotNil)
        c.Check(jresp["items"], check.HasLen, 0)
 
-       _, rr, jresp = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?filters=[["uuid","in",[]]]`, nil, nil)
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?filters=[["uuid","in",[]]]`, true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["items_available"], check.Equals, float64(0))
        c.Check(jresp["items"], check.NotNil)
        c.Check(jresp["items"], check.HasLen, 0)
 
-       _, rr, jresp = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=2&select=["uuid","command"]`, nil, nil)
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers?limit=2&select=["uuid","command"]`, true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
        c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
@@ -245,7 +437,8 @@ func (s *RouterIntegrationSuite) TestContainerList(c *check.C) {
        c.Check(item0["command"].([]interface{})[0], check.FitsTypeOf, "")
        c.Check(item0["mounts"], check.IsNil)
 
-       _, rr, jresp = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers`, nil, nil)
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "GET", `/arvados/v1/containers`, true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["items_available"], check.FitsTypeOf, float64(0))
        c.Check(jresp["items_available"].(float64) > 2, check.Equals, true)
@@ -261,28 +454,43 @@ func (s *RouterIntegrationSuite) TestContainerList(c *check.C) {
 func (s *RouterIntegrationSuite) TestContainerLock(c *check.C) {
        uuid := arvadostest.QueuedContainerUUID
        token := arvadostest.AdminToken
-       _, rr, jresp := doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", nil, nil)
+
+       jresp := map[string]interface{}{}
+       _, rr := doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["uuid"], check.HasLen, 27)
        c.Check(jresp["state"], check.Equals, "Locked")
-       _, rr, jresp = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", nil, nil)
+
+       _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/lock", true, nil, nil, nil)
        c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
        c.Check(rr.Body.String(), check.Not(check.Matches), `.*"uuid":.*`)
-       _, rr, jresp = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", nil, nil)
+
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["uuid"], check.HasLen, 27)
        c.Check(jresp["state"], check.Equals, "Queued")
        c.Check(jresp["environment"], check.IsNil)
-       _, rr, jresp = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", nil, nil)
+
+       jresp = map[string]interface{}{}
+       _, rr = doRequest(c, s.rtr, token, "POST", "/arvados/v1/containers/"+uuid+"/unlock", true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusUnprocessableEntity)
        c.Check(jresp["uuid"], check.IsNil)
 }
 
+func (s *RouterIntegrationSuite) TestWritableBy(c *check.C) {
+       jresp := map[string]interface{}{}
+       _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "GET", `/arvados/v1/users/`+arvadostest.ActiveUserUUID, true, nil, nil, jresp)
+       c.Check(rr.Code, check.Equals, http.StatusOK)
+       c.Check(jresp["writable_by"], check.DeepEquals, []interface{}{"zzzzz-tpzed-000000000000000", "zzzzz-tpzed-xurymjxw79nv3jz", "zzzzz-j7d0g-48foin4vonvc2at"})
+}
+
 func (s *RouterIntegrationSuite) TestFullTimestampsInResponse(c *check.C) {
        uuid := arvadostest.CollectionReplicationDesired2Confirmed2UUID
        token := arvadostest.ActiveTokenV2
 
-       _, rr, jresp := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections/`+uuid, nil, nil)
+       jresp := map[string]interface{}{}
+       _, rr := doRequest(c, s.rtr, token, "GET", `/arvados/v1/collections/`+uuid, true, nil, nil, jresp)
        c.Check(rr.Code, check.Equals, http.StatusOK)
        c.Check(jresp["uuid"], check.Equals, uuid)
        expectNS := map[string]int{
@@ -302,23 +510,49 @@ func (s *RouterIntegrationSuite) TestFullTimestampsInResponse(c *check.C) {
 func (s *RouterIntegrationSuite) TestSelectParam(c *check.C) {
        uuid := arvadostest.QueuedContainerUUID
        token := arvadostest.ActiveTokenV2
+       // GET
        for _, sel := range [][]string{
                {"uuid", "command"},
                {"uuid", "command", "uuid"},
-               {"", "command", "uuid"},
        } {
                j, err := json.Marshal(sel)
                c.Assert(err, check.IsNil)
-               _, rr, resp := doRequest(c, s.rtr, token, "GET", "/arvados/v1/containers/"+uuid+"?select="+string(j), nil, nil)
+               jresp := map[string]interface{}{}
+               _, rr := doRequest(c, s.rtr, token, "GET", "/arvados/v1/containers/"+uuid+"?select="+string(j), true, nil, nil, jresp)
                c.Check(rr.Code, check.Equals, http.StatusOK)
 
-               c.Check(resp["kind"], check.Equals, "arvados#container")
-               c.Check(resp["uuid"], check.HasLen, 27)
-               c.Check(resp["command"], check.HasLen, 2)
-               c.Check(resp["mounts"], check.IsNil)
-               _, hasMounts := resp["mounts"]
+               c.Check(jresp["kind"], check.Equals, "arvados#container")
+               c.Check(jresp["uuid"], check.HasLen, 27)
+               c.Check(jresp["command"], check.HasLen, 2)
+               c.Check(jresp["mounts"], check.IsNil)
+               _, hasMounts := jresp["mounts"]
                c.Check(hasMounts, check.Equals, false)
        }
+       // POST & PUT
+       uuid = arvadostest.FooCollection
+       j, err := json.Marshal([]string{"uuid", "description"})
+       c.Assert(err, check.IsNil)
+       for _, method := range []string{"PUT", "POST"} {
+               desc := "Today is " + time.Now().String()
+               reqBody := "{\"description\":\"" + desc + "\"}"
+               jresp := map[string]interface{}{}
+               var rr *httptest.ResponseRecorder
+               if method == "PUT" {
+                       _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections/"+uuid+"?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
+               } else {
+                       _, rr = doRequest(c, s.rtr, token, method, "/arvados/v1/collections?select="+string(j), true, nil, bytes.NewReader([]byte(reqBody)), jresp)
+               }
+               c.Check(rr.Code, check.Equals, http.StatusOK)
+               c.Check(jresp["kind"], check.Equals, "arvados#collection")
+               c.Check(jresp["uuid"], check.HasLen, 27)
+               c.Check(jresp["description"], check.Equals, desc)
+               c.Check(jresp["manifest_text"], check.IsNil)
+       }
+}
+
+func (s *RouterIntegrationSuite) TestHEAD(c *check.C) {
+       _, rr := doRequest(c, s.rtr, arvadostest.ActiveTokenV2, "HEAD", "/arvados/v1/containers/"+arvadostest.QueuedContainerUUID, true, nil, nil, nil)
+       c.Check(rr.Code, check.Equals, http.StatusOK)
 }
 
 func (s *RouterIntegrationSuite) TestRouteNotFound(c *check.C) {
@@ -356,7 +590,7 @@ func (s *RouterIntegrationSuite) TestCORS(c *check.C) {
        for _, hdr := range []string{"Authorization", "Content-Type"} {
                c.Check(rr.Result().Header.Get("Access-Control-Allow-Headers"), check.Matches, ".*"+hdr+".*")
        }
-       for _, method := range []string{"GET", "HEAD", "PUT", "POST", "DELETE"} {
+       for _, method := range []string{"GET", "HEAD", "PUT", "POST", "PATCH", "DELETE"} {
                c.Check(rr.Result().Header.Get("Access-Control-Allow-Methods"), check.Matches, ".*"+method+".*")
        }
 
@@ -389,17 +623,24 @@ func (s *RouterIntegrationSuite) TestCORS(c *check.C) {
        }
 }
 
-func doRequest(c *check.C, rtr http.Handler, token, method, path string, hdrs http.Header, body io.Reader) (*http.Request, *httptest.ResponseRecorder, map[string]interface{}) {
+func doRequest(c *check.C, rtr http.Handler, token, method, path string, auth bool, hdrs http.Header, body io.Reader, jresp map[string]interface{}) (*http.Request, *httptest.ResponseRecorder) {
        req := httptest.NewRequest(method, path, body)
        for k, v := range hdrs {
                req.Header[k] = v
        }
-       req.Header.Set("Authorization", "Bearer "+token)
+       if auth {
+               req.Header.Set("Authorization", "Bearer "+token)
+       }
        rr := httptest.NewRecorder()
        rtr.ServeHTTP(rr, req)
-       c.Logf("response body: %s", rr.Body.String())
-       var jresp map[string]interface{}
-       err := json.Unmarshal(rr.Body.Bytes(), &jresp)
-       c.Check(err, check.IsNil)
-       return req, rr, jresp
+       respbody := rr.Body.String()
+       if len(respbody) > 10000 {
+               respbody = respbody[:10000] + "[...]"
+       }
+       c.Logf("response body: %s", respbody)
+       if jresp != nil {
+               err := json.Unmarshal(rr.Body.Bytes(), &jresp)
+               c.Check(err, check.IsNil)
+       }
+       return req, rr
 }