X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2ff9ca2fb06d644328896be242186d5fbc1ffd17..122e392ac6d9b36e376937f4dc2f910118b112ac:/sdk/python/test_keep_client.py diff --git a/sdk/python/test_keep_client.py b/sdk/python/test_keep_client.py index 4c886ae946..6d0470ad41 100644 --- a/sdk/python/test_keep_client.py +++ b/sdk/python/test_keep_client.py @@ -5,14 +5,35 @@ import unittest import arvados import os +import run_test_server -class KeepRWTest(unittest.TestCase): - def setUp(self): +class KeepTestCase(unittest.TestCase): + @classmethod + def setUpClass(cls): + super(KeepTestCase, cls).setUpClass() try: del os.environ['KEEP_LOCAL_STORE'] except KeyError: pass - def runTest(self): + + # Make sure these are clear, we want to talk to the Keep servers + # directly. + os.environ["ARVADOS_KEEP_PROXY"] = "" + os.environ["ARVADOS_EXTERNAL_CLIENT"] = "" + + run_test_server.run() + run_test_server.run_keep() + arvados.keep.global_client_object = None + arvados.config._settings = None + run_test_server.authorize_with("admin") + + @classmethod + def tearDownClass(cls): + super(KeepTestCase, cls).tearDownClass() + run_test_server.stop() + run_test_server.stop_keep() + + def test_KeepBasicRWTest(self): foo_locator = arvados.Keep.put('foo') self.assertEqual(foo_locator, 'acbd18db4cc2f85cedef654fccc4a4d8+3', @@ -20,3 +41,229 @@ class KeepRWTest(unittest.TestCase): self.assertEqual(arvados.Keep.get(foo_locator), 'foo', 'wrong content from Keep.get(md5("foo"))') + + def test_KeepBinaryRWTest(self): + blob_str = '\xff\xfe\xf7\x00\x01\x02' + blob_locator = arvados.Keep.put(blob_str) + self.assertEqual(blob_locator, + '7fc7c53b45e53926ba52821140fef396+6', + ('wrong locator from Keep.put():' + + blob_locator)) + self.assertEqual(arvados.Keep.get(blob_locator), + blob_str, + 'wrong content from Keep.get(md5())') + + def test_KeepLongBinaryRWTest(self): + blob_str = '\xff\xfe\xfd\xfc\x00\x01\x02\x03' + for i in range(0,23): + blob_str = blob_str + blob_str + blob_locator = arvados.Keep.put(blob_str) + self.assertEqual(blob_locator, + '84d90fc0d8175dd5dcfab04b999bc956+67108864', + ('wrong locator from Keep.put(): ' + + blob_locator)) + self.assertEqual(arvados.Keep.get(blob_locator), + blob_str, + 'wrong content from Keep.get(md5())') + + def test_KeepSingleCopyRWTest(self): + blob_str = '\xff\xfe\xfd\xfc\x00\x01\x02\x03' + blob_locator = arvados.Keep.put(blob_str, copies=1) + self.assertEqual(blob_locator, + 'c902006bc98a3eb4a3663b65ab4a6fab+8', + ('wrong locator from Keep.put(): ' + + blob_locator)) + self.assertEqual(arvados.Keep.get(blob_locator), + blob_str, + 'wrong content from Keep.get(md5())') + +class KeepPermissionTestCase(unittest.TestCase): + @classmethod + def setUpClass(cls): + try: + del os.environ['KEEP_LOCAL_STORE'] + except KeyError: + pass + + run_test_server.run() + run_test_server.run_keep(blob_signing_key='abcdefghijk0123456789', + enforce_permissions=True) + + @classmethod + def tearDownClass(cls): + run_test_server.stop() + run_test_server.stop_keep() + + def test_KeepBasicRWTest(self): + run_test_server.authorize_with('active') + foo_locator = arvados.Keep.put('foo') + self.assertRegexpMatches( + foo_locator, + r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("foo"): ' + foo_locator) + self.assertEqual(arvados.Keep.get(foo_locator), + 'foo', + 'wrong content from Keep.get(md5("foo"))') + + # With Keep permissions enabled, a GET request without a signature will fail. + bar_locator = arvados.Keep.put('bar') + self.assertRegexpMatches( + bar_locator, + r'^37b51d194a7513e45b56f6524f2d51f2\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("bar"): ' + bar_locator) + self.assertRaises(arvados.errors.NotFoundError, + arvados.Keep.get, + "37b51d194a7513e45b56f6524f2d51f2") + + # A request without an API token will also fail. + del arvados.config.settings()["ARVADOS_API_TOKEN"] + self.assertRaises(arvados.errors.NotFoundError, + arvados.Keep.get, + bar_locator) + +# KeepOptionalPermission: starts Keep with --permission-key-file +# but not --enforce-permissions (i.e. generate signatures on PUT +# requests, but do not require them for GET requests) +# +# All of these requests should succeed when permissions are optional: +# * authenticated request, signed locator +# * authenticated request, unsigned locator +# * unauthenticated request, signed locator +# * unauthenticated request, unsigned locator + +class KeepOptionalPermission(unittest.TestCase): + @classmethod + def setUpClass(cls): + try: + del os.environ['KEEP_LOCAL_STORE'] + except KeyError: + pass + run_test_server.run() + run_test_server.run_keep(blob_signing_key='abcdefghijk0123456789', + enforce_permissions=False) + + @classmethod + def tearDownClass(cls): + run_test_server.stop() + run_test_server.stop_keep() + + def test_KeepAuthenticatedSignedTest(self): + run_test_server.authorize_with('active') + signed_locator = arvados.Keep.put('foo') + self.assertRegexpMatches( + signed_locator, + r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("foo"): ' + signed_locator) + self.assertEqual(arvados.Keep.get(signed_locator), + 'foo', + 'wrong content from Keep.get(md5("foo"))') + + def test_KeepAuthenticatedUnsignedTest(self): + run_test_server.authorize_with('active') + signed_locator = arvados.Keep.put('foo') + self.assertRegexpMatches( + signed_locator, + r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("foo"): ' + signed_locator) + self.assertEqual(arvados.Keep.get("acbd18db4cc2f85cedef654fccc4a4d8"), + 'foo', + 'wrong content from Keep.get(md5("foo"))') + + def test_KeepUnauthenticatedSignedTest(self): + # Since --enforce-permissions is not in effect, GET requests + # need not be authenticated. + run_test_server.authorize_with('active') + signed_locator = arvados.Keep.put('foo') + self.assertRegexpMatches( + signed_locator, + r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("foo"): ' + signed_locator) + + del arvados.config.settings()["ARVADOS_API_TOKEN"] + self.assertEqual(arvados.Keep.get(signed_locator), + 'foo', + 'wrong content from Keep.get(md5("foo"))') + + def test_KeepUnauthenticatedUnsignedTest(self): + # Since --enforce-permissions is not in effect, GET requests + # need not be authenticated. + run_test_server.authorize_with('active') + signed_locator = arvados.Keep.put('foo') + self.assertRegexpMatches( + signed_locator, + r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', + 'invalid locator from Keep.put("foo"): ' + signed_locator) + + del arvados.config.settings()["ARVADOS_API_TOKEN"] + self.assertEqual(arvados.Keep.get("acbd18db4cc2f85cedef654fccc4a4d8"), + 'foo', + 'wrong content from Keep.get(md5("foo"))') + + +class KeepProxyTestCase(unittest.TestCase): + @classmethod + def setUpClass(cls): + super(KeepProxyTestCase, cls).setUpClass() + + try: + del os.environ['KEEP_LOCAL_STORE'] + except KeyError: + pass + + os.environ["ARVADOS_KEEP_PROXY"] = "" + os.environ["ARVADOS_EXTERNAL_CLIENT"] = "" + + run_test_server.run() + run_test_server.run_keep() + arvados.keep.global_client_object = None + arvados.config._settings = None + run_test_server.run_keep_proxy("admin") + KeepProxyTestCase.arvados_keep_proxy = arvados.config.get("ARVADOS_KEEP_PROXY") + + @classmethod + def tearDownClass(cls): + super(KeepProxyTestCase, cls).tearDownClass() + run_test_server.stop() + run_test_server.stop_keep() + run_test_server.stop_keep_proxy() + + def test_KeepProxyTest1(self): + # Will use ARVADOS_KEEP_PROXY environment variable that is set by + # run_keep_proxy() in setUpClass() + + os.environ["ARVADOS_KEEP_PROXY"] = KeepProxyTestCase.arvados_keep_proxy + os.environ["ARVADOS_EXTERNAL_CLIENT"] = "" + arvados.keep.global_client_object = None + arvados.config._settings = None + + baz_locator = arvados.Keep.put('baz') + self.assertEqual(baz_locator, + '73feffa4b7f6bb68e44cf984c85f6e88+3', + 'wrong md5 hash from Keep.put("baz"): ' + baz_locator) + self.assertEqual(arvados.Keep.get(baz_locator), + 'baz', + 'wrong content from Keep.get(md5("baz"))') + + self.assertEqual(True, arvados.Keep.global_client_object().using_proxy) + + def test_KeepProxyTest2(self): + # We don't want to use ARVADOS_KEEP_PROXY from run_keep_proxy() in + # setUpClass(), so clear it and set ARVADOS_EXTERNAL_CLIENT which will + # contact the API server. + os.environ["ARVADOS_KEEP_PROXY"] = "" + os.environ["ARVADOS_EXTERNAL_CLIENT"] = "true" + arvados.keep.global_client_object = None + arvados.config._settings = None + + # Will send X-External-Client to server and get back the proxy from + # keep_services/accessible + + baz_locator = arvados.Keep.put('baz2') + self.assertEqual(baz_locator, + '91f372a266fe2bf2823cb8ec7fda31ce+4', + 'wrong md5 hash from Keep.put("baz2"): ' + baz_locator) + self.assertEqual(arvados.Keep.get(baz_locator), + 'baz2', + 'wrong content from Keep.get(md5("baz2"))') + + self.assertEqual(True, arvados.Keep.global_client_object().using_proxy)