X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/060d38d627bd1e51dd2b3c6e7de9af6aa7d7b6f3..8a0e9c549595e114a0eadc9d6792a17fb59d0f3e:/services/api/test/functional/arvados/v1/containers_controller_test.rb

diff --git a/services/api/test/functional/arvados/v1/containers_controller_test.rb b/services/api/test/functional/arvados/v1/containers_controller_test.rb
index 5510e903a2..588c025cf7 100644
--- a/services/api/test/functional/arvados/v1/containers_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/containers_controller_test.rb
@@ -7,7 +7,7 @@ require 'test_helper'
 class Arvados::V1::ContainersControllerTest < ActionController::TestCase
   test 'create' do
     authorize_with :system_user
-    post :create, {
+    post :create, params: {
       container: {
         command: ['echo', 'hello'],
         container_image: 'test',
@@ -20,7 +20,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
   [Container::Queued, Container::Complete].each do |state|
     test "cannot get auth in #{state} state" do
       authorize_with :dispatch1
-      get :auth, id: containers(:queued).uuid
+      get :auth, params: {id: containers(:queued).uuid}
       assert_response 403
     end
   end
@@ -31,7 +31,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
     assert c.lock, show_errors(c)
 
     authorize_with :system_user
-    get :auth, id: c.uuid
+    get :auth, params: {id: c.uuid}
     assert_response 403
   end
 
@@ -39,25 +39,26 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
     authorize_with :dispatch1
     c = containers(:queued)
     assert c.lock, show_errors(c)
-    get :auth, id: c.uuid
+    get :auth, params: {id: c.uuid}
     assert_response :success
     assert_operator 32, :<, json_response['api_token'].length
     assert_equal 'arvados#apiClientAuthorization', json_response['kind']
   end
 
-  test 'no auth in container response' do
+  test 'no auth or secret_mounts in container response' do
     authorize_with :dispatch1
     c = containers(:queued)
     assert c.lock, show_errors(c)
-    get :show, id: c.uuid
+    get :show, params: {id: c.uuid}
     assert_response :success
     assert_nil json_response['auth']
+    assert_nil json_response['secret_mounts']
   end
 
   test "lock container" do
     authorize_with :dispatch1
     uuid = containers(:queued).uuid
-    post :lock, {id: uuid}
+    post :lock, params: {id: uuid}
     assert_response :success
     assert_nil json_response['mounts']
     assert_nil json_response['command']
@@ -76,7 +77,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
   test "unlock container" do
     authorize_with :dispatch1
     uuid = containers(:locked).uuid
-    post :unlock, {id: uuid}
+    post :unlock, params: {id: uuid}
     assert_response :success
     assert_nil json_response['mounts']
     assert_nil json_response['command']
@@ -95,7 +96,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
   test "unlock container locked by different dispatcher" do
     authorize_with :dispatch2
     uuid = containers(:locked).uuid
-    post :unlock, {id: uuid}
+    post :unlock, params: {id: uuid}
     assert_response 422
   end
 
@@ -106,10 +107,10 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
     [:running, :lock, 422, 'Running'],
     [:running, :unlock, 422, 'Running'],
   ].each do |fixture, action, response, state|
-    test "state transitions from #{fixture } to #{action}" do
+    test "state transitions from #{fixture} to #{action}" do
       authorize_with :dispatch1
       uuid = containers(fixture).uuid
-      post action, {id: uuid}
+      post action, params: {id: uuid}
       assert_response response
       assert_equal state, Container.where(uuid: uuid).first.state
     end
@@ -133,4 +134,30 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
     assert_response 401
   end
 
+  [
+    [true, :running_container_auth],
+    [false, :dispatch2],
+    [false, :admin],
+    [false, :active],
+  ].each do |expect_success, auth|
+    test "get secret_mounts with #{auth} token" do
+      authorize_with auth
+      get :secret_mounts, params: {id: containers(:running).uuid}
+      if expect_success
+        assert_response :success
+        assert_equal "42\n", json_response["secret_mounts"]["/secret/6x9"]["content"]
+      else
+        assert_response 403
+      end
+    end
+  end
+
+  test 'get runtime_token auth' do
+    authorize_with :dispatch2
+    c = containers(:runtime_token)
+    get :auth, params: {id: c.uuid}
+    assert_response :success
+    assert_equal "v2/#{json_response['uuid']}/#{json_response['api_token']}", api_client_authorizations(:container_runtime_token).token
+    assert_equal 'arvados#apiClientAuthorization', json_response['kind']
+  end
 end