var TestHash = "aaaa09c290d0fb1ca068ffaddf22cbd0"
var TestHash2 = "aaaac516f788aec4f30932ffb6395c39"
-var blobSigningTTL = time.Duration(2*7*24) * time.Hour
+var blobSignatureTTL = time.Duration(2*7*24) * time.Hour
func (s *ServerRequiredSuite) SetUpSuite(c *C) {
arvadostest.StartAPI()
}
func setupKeepBlockCheck(c *C, enforcePermissions bool, keepServicesJSON string) {
+ setupKeepBlockCheckWithTTL(c, enforcePermissions, keepServicesJSON, blobSignatureTTL)
+}
+
+func setupKeepBlockCheckWithTTL(c *C, enforcePermissions bool, keepServicesJSON string, ttl time.Duration) {
var config apiConfig
config.APIHost = os.Getenv("ARVADOS_API_HOST")
config.APIToken = arvadostest.DataManagerToken
// setup keepclients
var err error
- kc, err = setupKeepClient(config, keepServicesJSON, blobSigningTTL)
+ kc, ttl, err = setupKeepClient(config, keepServicesJSON, ttl)
+ c.Assert(ttl, Equals, blobSignatureTTL)
c.Check(err, IsNil)
}
func (s *ServerRequiredSuite) TestBlockCheck(c *C) {
setupKeepBlockCheck(c, false, "")
allLocators := setupTestData(c)
- err := performKeepBlockCheck(kc, blobSigningTTL, "", allLocators, true)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, "", allLocators, true)
c.Check(err, IsNil)
checkNoErrorsLogged(c, "Error verifying block", "Block not found")
}
func (s *ServerRequiredSuite) TestBlockCheckWithBlobSigning(c *C) {
setupKeepBlockCheck(c, true, "")
allLocators := setupTestData(c)
- err := performKeepBlockCheck(kc, blobSigningTTL, arvadostest.BlobSigningKey, allLocators, true)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, arvadostest.BlobSigningKey, allLocators, true)
+ c.Check(err, IsNil)
+ checkNoErrorsLogged(c, "Error verifying block", "Block not found")
+}
+
+func (s *ServerRequiredSuite) TestBlockCheckWithBlobSigningAndTTLFromDiscovery(c *C) {
+ setupKeepBlockCheckWithTTL(c, true, "", 0)
+ allLocators := setupTestData(c)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, arvadostest.BlobSigningKey, allLocators, true)
c.Check(err, IsNil)
checkNoErrorsLogged(c, "Error verifying block", "Block not found")
}
allLocators := setupTestData(c)
allLocators = append(allLocators, TestHash)
allLocators = append(allLocators, TestHash2)
- err := performKeepBlockCheck(kc, blobSigningTTL, "", allLocators, true)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, "", allLocators, true)
c.Check(err, NotNil)
c.Assert(err.Error(), Equals, "Block verification failed for 2 out of 7 blocks with matching prefix.")
checkErrorLog(c, []string{TestHash, TestHash2}, "Error verifying block", "Block not found")
defer os.Remove(locatorFile)
locators, err := getBlockLocators(locatorFile, "aaa")
c.Check(err, IsNil)
- err = performKeepBlockCheck(kc, blobSigningTTL, "", locators, true)
+ err = performKeepBlockCheck(kc, blobSignatureTTL, "", locators, true)
c.Check(err, NotNil)
// Of the 7 blocks in allLocators, only two match the prefix and hence only those are checked
c.Assert(err.Error(), Equals, "Block verification failed for 2 out of 2 blocks with matching prefix.")
defer os.Remove(locatorFile)
locators, err := getBlockLocators(locatorFile, "999")
c.Check(err, IsNil)
- err = performKeepBlockCheck(kc, blobSigningTTL, "", locators, true)
+ err = performKeepBlockCheck(kc, blobSignatureTTL, "", locators, true)
c.Check(err, IsNil) // there were no matching locators in file and hence nothing was checked
}
func (s *ServerRequiredSuite) TestBlockCheck_BadSignature(c *C) {
setupKeepBlockCheck(c, true, "")
setupTestData(c)
- err := performKeepBlockCheck(kc, blobSigningTTL, "badblobsigningkey", []string{TestHash, TestHash2}, false)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, "badblobsigningkey", []string{TestHash, TestHash2}, false)
c.Assert(err.Error(), Equals, "Block verification failed for 2 out of 2 blocks with matching prefix.")
checkErrorLog(c, []string{TestHash, TestHash2}, "Error verifying block", "HTTP 403")
// verbose logging not requested
// Expect error during performKeepBlockCheck due to unreachable keepservers.
func (s *ServerRequiredSuite) TestErrorDuringKeepBlockCheck_FakeKeepservers(c *C) {
setupKeepBlockCheck(c, false, testKeepServicesJSON)
- err := performKeepBlockCheck(kc, blobSigningTTL, "", []string{TestHash, TestHash2}, true)
+ err := performKeepBlockCheck(kc, blobSignatureTTL, "", []string{TestHash, TestHash2}, true)
c.Assert(err.Error(), Equals, "Block verification failed for 2 out of 2 blocks with matching prefix.")
checkErrorLog(c, []string{TestHash, TestHash2}, "Error verifying block", "")
}