X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0dffc025de9ebc7a54596e1018a589a6f5b8a03e..d44a5c508cfa664134daad806d7be9a7cb0bd6ee:/services/api/test/functional/arvados/v1/collections_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb index e4bbd5cd25..e5b17dd965 100644 --- a/services/api/test/functional/arvados/v1/collections_controller_test.rb +++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb @@ -21,7 +21,29 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase authorize_with :active get :index assert_response :success - assert_not_nil assigns(:objects) + assert(assigns(:objects).andand.any?, "no Collections returned in index") + refute(json_response["items"].any? { |c| c.has_key?("manifest_text") }, + "basic Collections index included manifest_text") + end + + test "index with manifest_text selected returns signed locators" do + columns = %w(uuid owner_uuid manifest_text) + authorize_with :active + get :index, select: columns + assert_response :success + assert(assigns(:objects).andand.any?, + "no Collections returned for index with columns selected") + json_response["items"].each do |coll| + assert_equal(columns, columns & coll.keys, + "Collections index did not respect selected columns") + loc_regexp = / [[:xdigit:]]{32}\+\d+\S+/ + pos = 0 + while match = loc_regexp.match(coll["manifest_text"], pos) + assert_match(/\+A[[:xdigit:]]+@[[:xdigit:]]{8}\b/, match.to_s, + "Locator in manifest_text was not signed") + pos = match.end(0) + end + end end [0,1,2].each do |limit| @@ -57,9 +79,8 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase assert_equal 99999, resp['offset'] end - test "create with unsigned manifest" do - permit_unsigned_manifests - authorize_with :active + test "admin can create collection with unsigned manifest" do + authorize_with :admin test_collection = { manifest_text: <<-EOS . d41d8cd98f00b204e9800998ecf8427e+0 0:0:foo.txt @@ -68,7 +89,7 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase ./baz acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:bar.txt EOS } - test_collection[:uuid] = + test_collection[:portable_data_hash] = Digest::MD5.hexdigest(test_collection[:manifest_text]) + '+' + test_collection[:manifest_text].length.to_s @@ -83,57 +104,94 @@ EOS assert_response :success assert_nil assigns(:objects) - get :show, { - id: test_collection[:uuid] - } - assert_response :success - assert_not_nil assigns(:object) - resp = JSON.parse(@response.body) - assert_equal test_collection[:uuid], resp['uuid'] + response_collection = assigns(:object) + + stored_collection = Collection.select([:uuid, :portable_data_hash, :manifest_text]). + where(portable_data_hash: response_collection['portable_data_hash']).first + + assert_equal test_collection[:portable_data_hash], stored_collection['portable_data_hash'] # The manifest in the response will have had permission hints added. # Remove any permission hints in the response before comparing it to the source. - stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') + stripped_manifest = stored_collection['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') assert_equal test_collection[:manifest_text], stripped_manifest - assert_equal 9, resp['data_size'] - assert_equal [['.', 'foo.txt', 0], - ['.', 'bar.txt', 6], - ['./baz', 'bar.txt', 3]], resp['files'] + + # TBD: create action should add permission signatures to manifest_text in the response, + # and we need to check those permission signatures here. + end + + [:admin, :active].each do |user| + test "#{user} can get collection using portable data hash" do + authorize_with user + + foo_collection = collections(:foo_file) + + # Get foo_file using it's portable data has + get :show, { + id: foo_collection[:portable_data_hash] + } + assert_response :success + assert_not_nil assigns(:object) + resp = assigns(:object) + assert_equal foo_collection[:portable_data_hash], resp['portable_data_hash'] + + # The manifest in the response will have had permission hints added. + # Remove any permission hints in the response before comparing it to the source. + stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') + assert_equal foo_collection[:manifest_text], stripped_manifest + end end - test "list of files is correct for empty manifest" do + test "create with owner_uuid set to owned group" do + permit_unsigned_manifests authorize_with :active - test_collection = { - manifest_text: "", - uuid: "d41d8cd98f00b204e9800998ecf8427e+0" - } + manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" post :create, { - collection: test_collection + collection: { + owner_uuid: 'zzzzz-j7d0g-rew6elm53kancon', + manifest_text: manifest_text, + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47" + } } assert_response :success + resp = JSON.parse(@response.body) + assert_equal 'zzzzz-j7d0g-rew6elm53kancon', resp['owner_uuid'] + end - get :show, { - id: "d41d8cd98f00b204e9800998ecf8427e+0" + test "create fails with duplicate name" do + permit_unsigned_manifests + authorize_with :admin + manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" + post :create, { + collection: { + owner_uuid: 'zzzzz-tpzed-000000000000000', + manifest_text: manifest_text, + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47", + name: "foo_file" + } } - assert_response :success - resp = JSON.parse(@response.body) - assert_equal [], resp['files'] + assert_response 422 + response_errors = json_response['errors'] + assert_not_nil response_errors, 'Expected error in response' + assert(response_errors.first.include?('duplicate key'), + "Expected 'duplicate key' error in #{response_errors.first}") end - test "create with owner_uuid set to owned group" do + test "create succeeds with duplicate name with ensure_unique_name" do permit_unsigned_manifests authorize_with :active manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" post :create, { collection: { - owner_uuid: 'zzzzz-j7d0g-rew6elm53kancon', + owner_uuid: users(:active).uuid, manifest_text: manifest_text, - uuid: "d30fe8ae534397864cb96c544f4cf102" - } + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47", + name: "owned_by_active" + }, + ensure_unique_name: true } assert_response :success - resp = JSON.parse(@response.body) - assert_equal 'zzzzz-tpzed-000000000000000', resp['owner_uuid'] + assert_equal 'owned_by_active (2)', json_response['name'] end test "create with owner_uuid set to group i can_manage" do @@ -142,30 +200,44 @@ EOS manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" post :create, { collection: { - owner_uuid: 'zzzzz-j7d0g-8ulrifv67tve5sx', + owner_uuid: groups(:active_user_has_can_manage).uuid, manifest_text: manifest_text, - uuid: "d30fe8ae534397864cb96c544f4cf102" + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47" } } assert_response :success resp = JSON.parse(@response.body) - assert_equal 'zzzzz-tpzed-000000000000000', resp['owner_uuid'] + assert_equal groups(:active_user_has_can_manage).uuid, resp['owner_uuid'] end - test "create with owner_uuid set to group with no can_manage permission" do + test "create with owner_uuid fails on group with only can_read permission" do permit_unsigned_manifests authorize_with :active manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" post :create, { collection: { - owner_uuid: 'zzzzz-j7d0g-it30l961gq3t0oi', + owner_uuid: groups(:all_users).uuid, manifest_text: manifest_text, - uuid: "d30fe8ae534397864cb96c544f4cf102" + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47" } } assert_response 403 end + test "create with owner_uuid fails on group with no permission" do + permit_unsigned_manifests + authorize_with :active + manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" + post :create, { + collection: { + owner_uuid: groups(:public).uuid, + manifest_text: manifest_text, + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47" + } + } + assert_response 422 + end + test "admin create with owner_uuid set to group with no permission" do permit_unsigned_manifests authorize_with :admin @@ -174,7 +246,7 @@ EOS collection: { owner_uuid: 'zzzzz-j7d0g-it30l961gq3t0oi', manifest_text: manifest_text, - uuid: "d30fe8ae534397864cb96c544f4cf102" + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47" } } assert_response :success @@ -187,7 +259,7 @@ EOS collection: <<-EOS { "manifest_text":". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n",\ - "uuid":"d30fe8ae534397864cb96c544f4cf102"\ + "portable_data_hash":"d30fe8ae534397864cb96c544f4cf102+47"\ } EOS } @@ -201,7 +273,7 @@ EOS collection: <<-EOS { "manifest_text":". d41d8cd98f00b204e9800998ecf8427e 0:0:bar.txt\n",\ - "uuid":"d30fe8ae534397864cb96c544f4cf102"\ + "portable_data_hash":"d30fe8ae534397864cb96c544f4cf102+47"\ } EOS } @@ -214,13 +286,13 @@ EOS post :create, { collection: { manifest_text: ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n", - uuid: "d30fe8ae534397864cb96c544f4cf102+47+Khint+Xhint+Zhint" + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47+Khint+Xhint+Zhint" } } assert_response :success assert_not_nil assigns(:object) resp = JSON.parse(@response.body) - assert_equal "d30fe8ae534397864cb96c544f4cf102+47", resp['uuid'] + assert_equal "d30fe8ae534397864cb96c544f4cf102+47", resp['portable_data_hash'] end test "get full provenance for baz file" do @@ -261,8 +333,8 @@ EOS where: { any: ['contains', '7f9102c395f4ffc5e3'] } } assert_response :success - found = assigns(:objects).collect(&:uuid) - assert_equal 1, found.count + found = assigns(:objects).collect(&:portable_data_hash) + assert_equal 2, found.count assert_equal true, !!found.index('1f4b0bc7583c2a7f9102c395f4ffc5e3+45') end @@ -305,14 +377,13 @@ EOS post :create, { collection: { manifest_text: signed_manifest, - uuid: manifest_uuid, + portable_data_hash: manifest_uuid, } } assert_response :success assert_not_nil assigns(:object) resp = JSON.parse(@response.body) - assert_equal manifest_uuid, resp['uuid'] - assert_equal 48, resp['data_size'] + assert_equal manifest_uuid, resp['portable_data_hash'] # All of the locators in the output must be signed. resp['manifest_text'].lines.each do |entry| m = /([[:xdigit:]]{32}\+\S+)/.match(entry) @@ -353,14 +424,13 @@ EOS post :create, { collection: { manifest_text: signed_manifest, - uuid: manifest_uuid, + portable_data_hash: manifest_uuid, } } assert_response :success assert_not_nil assigns(:object) resp = JSON.parse(@response.body) - assert_equal manifest_uuid, resp['uuid'] - assert_equal 48, resp['data_size'] + assert_equal manifest_uuid, resp['portable_data_hash'] # All of the locators in the output must be signed. resp['manifest_text'].lines.each do |entry| m = /([[:xdigit:]]{32}\+\S+)/.match(entry) @@ -393,7 +463,7 @@ EOS post :create, { collection: { manifest_text: bad_manifest, - uuid: manifest_uuid + portable_data_hash: manifest_uuid } } @@ -417,7 +487,7 @@ EOS post :create, { collection: { manifest_text: signed_manifest, - uuid: manifest_uuid + portable_data_hash: manifest_uuid } } @@ -439,7 +509,7 @@ EOS test_collection = { manifest_text: manifest_text, - uuid: manifest_uuid, + portable_data_hash: manifest_uuid, } post_collection = Marshal.load(Marshal.dump(test_collection)) post :create, { @@ -448,8 +518,7 @@ EOS assert_response :success assert_not_nil assigns(:object) resp = JSON.parse(@response.body) - assert_equal manifest_uuid, resp['uuid'] - assert_equal 48, resp['data_size'] + assert_equal manifest_uuid, resp['portable_data_hash'] # The manifest in the response will have had permission hints added. # Remove any permission hints in the response before comparing it to the source. @@ -481,14 +550,13 @@ EOS post :create, { collection: { manifest_text: signed_manifest, - uuid: manifest_uuid, + portable_data_hash: manifest_uuid, } } assert_response :success assert_not_nil assigns(:object) resp = JSON.parse(@response.body) - assert_equal manifest_uuid, resp['uuid'] - assert_equal 48, resp['data_size'] + assert_equal manifest_uuid, resp['portable_data_hash'] # All of the locators in the output must be signed. # Each line is of the form "path locator locator ... 0:0:file.txt" # entry.split[1..-2] will yield just the tokens in the middle of the line @@ -509,7 +577,7 @@ EOS post :create, { collection: { manifest_text: unsigned_manifest, - uuid: manifest_uuid, + portable_data_hash: manifest_uuid, } } assert_response 403, @@ -517,4 +585,62 @@ EOS assert_empty Collection.where('uuid like ?', manifest_uuid+'%'), "Collection should not exist in database after failed create" end + + test 'List expired collection returns empty list' do + authorize_with :active + get :index, { + where: {name: 'expired_collection'}, + } + assert_response :success + found = assigns(:objects) + assert_equal 0, found.count + end + + test 'Show expired collection returns 404' do + authorize_with :active + get :show, { + id: 'zzzzz-4zz18-mto52zx1s7sn3ih', + } + assert_response 404 + end + + test 'Update expired collection returns 404' do + authorize_with :active + post :update, { + id: 'zzzzz-4zz18-mto52zx1s7sn3ih', + collection: { + name: "still expired" + } + } + assert_response 404 + end + + test 'List collection with future expiration time succeeds' do + authorize_with :active + get :index, { + where: {name: 'collection_expires_in_future'}, + } + found = assigns(:objects) + assert_equal 1, found.count + end + + + test 'Show collection with future expiration time succeeds' do + authorize_with :active + get :show, { + id: 'zzzzz-4zz18-padkqo7yb8d9i3j', + } + assert_response :success + end + + test 'Update collection with future expiration time succeeds' do + authorize_with :active + post :update, { + id: 'zzzzz-4zz18-padkqo7yb8d9i3j', + collection: { + name: "still not expired" + } + } + assert_response :success + end end