X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0bb53c1cbcbcb8b3be50e6ecf3fdf0bb7cbd96b5..d8861941ef704dd729252ee1592e48a082798b65:/lib/controller/handler_test.go diff --git a/lib/controller/handler_test.go b/lib/controller/handler_test.go index d34df7f2c4..c20d0e77ec 100644 --- a/lib/controller/handler_test.go +++ b/lib/controller/handler_test.go @@ -15,19 +15,19 @@ import ( "testing" "time" - "git.curoverse.com/arvados.git/sdk/go/arvados" - "git.curoverse.com/arvados.git/sdk/go/arvadostest" - "git.curoverse.com/arvados.git/sdk/go/ctxlog" - "git.curoverse.com/arvados.git/sdk/go/httpserver" + "git.arvados.org/arvados.git/sdk/go/arvados" + "git.arvados.org/arvados.git/sdk/go/arvadostest" + "git.arvados.org/arvados.git/sdk/go/ctxlog" + "git.arvados.org/arvados.git/sdk/go/httpserver" "github.com/prometheus/client_golang/prometheus" check "gopkg.in/check.v1" ) -var enableBetaController14287 bool +var forceLegacyAPI14 bool // Gocheck boilerplate func Test(t *testing.T) { - for _, enableBetaController14287 = range []bool{false, true} { + for _, forceLegacyAPI14 = range []bool{false, true} { check.TestingT(t) } } @@ -45,10 +45,9 @@ func (s *HandlerSuite) SetUpTest(c *check.C) { s.ctx, s.cancel = context.WithCancel(context.Background()) s.ctx = ctxlog.Context(s.ctx, ctxlog.New(os.Stderr, "json", "debug")) s.cluster = &arvados.Cluster{ - ClusterID: "zzzzz", - PostgreSQL: integrationTestCluster().PostgreSQL, - - EnableBetaController14287: enableBetaController14287, + ClusterID: "zzzzz", + PostgreSQL: integrationTestCluster().PostgreSQL, + ForceLegacyAPI14: forceLegacyAPI14, } s.cluster.TLS.Insecure = true arvadostest.SetServiceURL(&s.cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST")) @@ -65,21 +64,27 @@ func (s *HandlerSuite) TestConfigExport(c *check.C) { s.cluster.SystemRootToken = "secret" s.cluster.Collections.BlobSigning = true s.cluster.Collections.BlobSigningTTL = arvados.Duration(23 * time.Second) - req := httptest.NewRequest("GET", "/arvados/v1/config", nil) - resp := httptest.NewRecorder() - s.handler.ServeHTTP(resp, req) - c.Check(resp.Code, check.Equals, http.StatusOK) - c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, `*`) - c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Matches, `.*\bGET\b.*`) - c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Matches, `.+`) - var cluster arvados.Cluster - c.Log(resp.Body.String()) - err := json.Unmarshal(resp.Body.Bytes(), &cluster) - c.Check(err, check.IsNil) - c.Check(cluster.ManagementToken, check.Equals, "") - c.Check(cluster.SystemRootToken, check.Equals, "") - c.Check(cluster.Collections.BlobSigning, check.DeepEquals, true) - c.Check(cluster.Collections.BlobSigningTTL, check.Equals, arvados.Duration(23*time.Second)) + for _, method := range []string{"GET", "OPTIONS"} { + req := httptest.NewRequest(method, "/arvados/v1/config", nil) + resp := httptest.NewRecorder() + s.handler.ServeHTTP(resp, req) + c.Check(resp.Code, check.Equals, http.StatusOK) + c.Check(resp.Header().Get("Access-Control-Allow-Origin"), check.Equals, `*`) + c.Check(resp.Header().Get("Access-Control-Allow-Methods"), check.Matches, `.*\bGET\b.*`) + c.Check(resp.Header().Get("Access-Control-Allow-Headers"), check.Matches, `.+`) + if method == "OPTIONS" { + c.Check(resp.Body.String(), check.HasLen, 0) + continue + } + var cluster arvados.Cluster + c.Log(resp.Body.String()) + err := json.Unmarshal(resp.Body.Bytes(), &cluster) + c.Check(err, check.IsNil) + c.Check(cluster.ManagementToken, check.Equals, "") + c.Check(cluster.SystemRootToken, check.Equals, "") + c.Check(cluster.Collections.BlobSigning, check.DeepEquals, true) + c.Check(cluster.Collections.BlobSigningTTL, check.Equals, arvados.Duration(23*time.Second)) + } } func (s *HandlerSuite) TestProxyDiscoveryDoc(c *check.C) { @@ -159,17 +164,25 @@ func (s *HandlerSuite) TestProxyNotFound(c *check.C) { } func (s *HandlerSuite) TestProxyRedirect(c *check.C) { + s.cluster.Login.ProviderAppID = "test" + s.cluster.Login.ProviderAppSecret = "test" req := httptest.NewRequest("GET", "https://0.0.0.0:1/login?return_to=foo", nil) resp := httptest.NewRecorder() s.handler.ServeHTTP(resp, req) - c.Check(resp.Code, check.Equals, http.StatusFound) - c.Check(resp.Header().Get("Location"), check.Matches, `https://0.0.0.0:1/auth/joshid\?return_to=%2Cfoo&?`) + if !c.Check(resp.Code, check.Equals, http.StatusFound) { + c.Log(resp.Body.String()) + } + // Old "proxy entire request" code path returns an absolute + // URL. New lib/controller/federation code path returns a + // relative URL. + c.Check(resp.Header().Get("Location"), check.Matches, `(https://0.0.0.0:1)?/auth/joshid\?return_to=%2Cfoo&?`) } func (s *HandlerSuite) TestValidateV1APIToken(c *check.C) { req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil) - user, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveToken) + user, ok, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveToken) c.Assert(err, check.IsNil) + c.Check(ok, check.Equals, true) c.Check(user.Authorization.UUID, check.Equals, arvadostest.ActiveTokenUUID) c.Check(user.Authorization.APIToken, check.Equals, arvadostest.ActiveToken) c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"}) @@ -178,8 +191,9 @@ func (s *HandlerSuite) TestValidateV1APIToken(c *check.C) { func (s *HandlerSuite) TestValidateV2APIToken(c *check.C) { req := httptest.NewRequest("GET", "/arvados/v1/users/current", nil) - user, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveTokenV2) + user, ok, err := s.handler.(*Handler).validateAPItoken(req, arvadostest.ActiveTokenV2) c.Assert(err, check.IsNil) + c.Check(ok, check.Equals, true) c.Check(user.Authorization.UUID, check.Equals, arvadostest.ActiveTokenUUID) c.Check(user.Authorization.APIToken, check.Equals, arvadostest.ActiveToken) c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"}) @@ -193,8 +207,9 @@ func (s *HandlerSuite) TestCreateAPIToken(c *check.C) { c.Assert(err, check.IsNil) c.Check(auth.Scopes, check.DeepEquals, []string{"all"}) - user, err := s.handler.(*Handler).validateAPItoken(req, auth.TokenV2()) + user, ok, err := s.handler.(*Handler).validateAPItoken(req, auth.TokenV2()) c.Assert(err, check.IsNil) + c.Check(ok, check.Equals, true) c.Check(user.Authorization.UUID, check.Equals, auth.UUID) c.Check(user.Authorization.APIToken, check.Equals, auth.APIToken) c.Check(user.Authorization.Scopes, check.DeepEquals, []string{"all"})