X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/224f384d411bb1b4cccc7165c55bb64fd5c695ad..e97a5d828bdf7cb9626d72efd94d3bcf718a18c9:/services/api/test/functional/arvados/v1/containers_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/containers_controller_test.rb b/services/api/test/functional/arvados/v1/containers_controller_test.rb index cf1f5765b4..5b8ec0f638 100644 --- a/services/api/test/functional/arvados/v1/containers_controller_test.rb +++ b/services/api/test/functional/arvados/v1/containers_controller_test.rb @@ -1,9 +1,13 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + require 'test_helper' class Arvados::V1::ContainersControllerTest < ActionController::TestCase test 'create' do authorize_with :system_user - post :create, { + post :create, params: { container: { command: ['echo', 'hello'], container_image: 'test', @@ -16,7 +20,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase [Container::Queued, Container::Complete].each do |state| test "cannot get auth in #{state} state" do authorize_with :dispatch1 - get :auth, id: containers(:queued).uuid + get :auth, params: {id: containers(:queued).uuid} assert_response 403 end end @@ -27,7 +31,7 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase assert c.lock, show_errors(c) authorize_with :system_user - get :auth, id: c.uuid + get :auth, params: {id: c.uuid} assert_response 403 end @@ -35,26 +39,35 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase authorize_with :dispatch1 c = containers(:queued) assert c.lock, show_errors(c) - get :auth, id: c.uuid + get :auth, params: {id: c.uuid} assert_response :success assert_operator 32, :<, json_response['api_token'].length assert_equal 'arvados#apiClientAuthorization', json_response['kind'] end - test 'no auth in container response' do + test 'no auth or secret_mounts in container response' do authorize_with :dispatch1 c = containers(:queued) assert c.lock, show_errors(c) - get :show, id: c.uuid + get :show, params: {id: c.uuid} assert_response :success assert_nil json_response['auth'] + assert_nil json_response['secret_mounts'] end test "lock container" do authorize_with :dispatch1 uuid = containers(:queued).uuid - post :lock, {id: uuid} + post :lock, params: {id: uuid} assert_response :success + assert_nil json_response['mounts'] + assert_nil json_response['command'] + assert_not_nil json_response['auth_uuid'] + assert_not_nil json_response['locked_by_uuid'] + assert_equal containers(:queued).uuid, json_response['uuid'] + assert_equal 'Locked', json_response['state'] + assert_equal containers(:queued).priority, json_response['priority'] + container = Container.where(uuid: uuid).first assert_equal 'Locked', container.state assert_not_nil container.locked_by_uuid @@ -64,14 +77,29 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase test "unlock container" do authorize_with :dispatch1 uuid = containers(:locked).uuid - post :unlock, {id: uuid} + post :unlock, params: {id: uuid} assert_response :success + assert_nil json_response['mounts'] + assert_nil json_response['command'] + assert_nil json_response['auth_uuid'] + assert_nil json_response['locked_by_uuid'] + assert_equal containers(:locked).uuid, json_response['uuid'] + assert_equal 'Queued', json_response['state'] + assert_equal containers(:locked).priority, json_response['priority'] + container = Container.where(uuid: uuid).first assert_equal 'Queued', container.state assert_nil container.locked_by_uuid assert_nil container.auth_uuid end + test "unlock container locked by different dispatcher" do + authorize_with :dispatch2 + uuid = containers(:locked).uuid + post :unlock, params: {id: uuid} + assert_response 403 + end + [ [:queued, :lock, :success, 'Locked'], [:queued, :unlock, 422, 'Queued'], @@ -79,12 +107,57 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase [:running, :lock, 422, 'Running'], [:running, :unlock, 422, 'Running'], ].each do |fixture, action, response, state| - test "state transitions from #{fixture } to #{action}" do + test "state transitions from #{fixture} to #{action}" do authorize_with :dispatch1 uuid = containers(fixture).uuid - post action, {id: uuid} + post action, params: {id: uuid} assert_response response assert_equal state, Container.where(uuid: uuid).first.state end end + + test 'get current container for token' do + authorize_with :running_container_auth + get :current + assert_response :success + assert_equal containers(:running).uuid, json_response['uuid'] + end + + test 'no container associated with token' do + authorize_with :dispatch1 + get :current + assert_response 404 + end + + test 'try get current container, no token' do + get :current + assert_response 401 + end + + [ + [true, :running_container_auth], + [false, :dispatch2], + [false, :admin], + [false, :active], + ].each do |expect_success, auth| + test "get secret_mounts with #{auth} token" do + authorize_with auth + get :secret_mounts, params: {id: containers(:running).uuid} + if expect_success + assert_response :success + assert_equal "42\n", json_response["secret_mounts"]["/secret/6x9"]["content"] + else + assert_response 403 + end + end + end + + test 'get runtime_token auth' do + authorize_with :dispatch2 + c = containers(:runtime_token) + get :auth, params: {id: c.uuid} + assert_response :success + assert_equal "v2/#{json_response['uuid']}/#{json_response['api_token']}", api_client_authorizations(:container_runtime_token).token + assert_equal 'arvados#apiClientAuthorization', json_response['kind'] + end end