X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/34173202861e94dee58ccd5b189983918813d870..20abd5d545f9f1102bcd28ee4cab7a2453e28cb4:/services/api/test/functional/arvados/v1/collections_controller_test.rb diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb index 65dfca5e1f..54ffe66f17 100644 --- a/services/api/test/functional/arvados/v1/collections_controller_test.rb +++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb @@ -2,21 +2,19 @@ require 'test_helper' class Arvados::V1::CollectionsControllerTest < ActionController::TestCase - setup do - # Unless otherwise specified in the test, we want normal/secure behavior. - permit_unsigned_manifests false - end - - teardown do - # Reset to secure behavior after each test. - permit_unsigned_manifests false - end - def permit_unsigned_manifests isok=true # Set security model for the life of a test. Rails.configuration.permit_create_collection_with_unsigned_manifest = isok end + def assert_signed_manifest manifest_text, label='' + assert_not_nil manifest_text, "#{label} manifest_text was nil" + manifest_text.scan(/ [[:xdigit:]]{32}\S*/) do |tok| + assert_match(/\+A[[:xdigit:]]+@[[:xdigit:]]{8}\b/, tok, + "Locator in #{label} manifest_text was not signed") + end + end + test "should get index" do authorize_with :active get :index @@ -26,31 +24,16 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase "basic Collections index included manifest_text") end - test "can get non-database fields via index select" do - authorize_with :active - get(:index, filters: [["uuid", "=", collections(:foo_file).uuid]], - select: %w(uuid owner_uuid files)) - assert_response :success - assert_equal(1, json_response["items"].andand.size, - "wrong number of items returned for index") - assert_equal([[".", "foo", 3]], json_response["items"].first["files"], - "wrong file list in index result") - end - - test "can select only non-database fields for index" do + test "collections.get returns signed locators" do + permit_unsigned_manifests authorize_with :active - get(:index, select: %w(data_size files)) + get :show, {id: collections(:foo_file).uuid} assert_response :success - assert(json_response["items"].andand.any?, "no items found in index") - json_response["items"].each do |coll| - assert_equal(coll["data_size"], - coll["files"].inject(0) { |size, fspec| size + fspec.last }, - "mismatch between data size and file list") - end + assert_signed_manifest json_response['manifest_text'], 'foo_file' end test "index with manifest_text selected returns signed locators" do - columns = %w(uuid owner_uuid data_size files manifest_text) + columns = %w(uuid owner_uuid manifest_text) authorize_with :active get :index, select: columns assert_response :success @@ -59,13 +42,7 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase json_response["items"].each do |coll| assert_equal(columns, columns & coll.keys, "Collections index did not respect selected columns") - loc_regexp = / [[:xdigit:]]{32}\+\d+\S+/ - pos = 0 - while match = loc_regexp.match(coll["manifest_text"], pos) - assert_match(/\+A[[:xdigit:]]+@[[:xdigit:]]{8}\b/, match.to_s, - "Locator in manifest_text was not signed") - pos = match.end(0) - end + assert_signed_manifest coll['manifest_text'], coll['uuid'] end end @@ -91,6 +68,18 @@ class Arvados::V1::CollectionsControllerTest < ActionController::TestCase assert_equal unique_uuids.count, resp['items'].count end + test "items.count == items_available with filters" do + authorize_with :active + get :index, { + limit: 100, + filters: [['uuid','=',collections(:foo_file).uuid]] + } + assert_response :success + assert_equal 1, assigns(:objects).length + assert_equal 1, json_response['items_available'] + assert_equal 1, json_response['items'].count + end + test "get index with limit=2 offset=99999" do # Assume there are not that many test fixtures. authorize_with :active @@ -127,41 +116,43 @@ EOS assert_response :success assert_nil assigns(:objects) - get :show, { - id: test_collection[:portable_data_hash] - } - assert_response :success - assert_not_nil assigns(:object) - resp = JSON.parse(@response.body) - assert_equal test_collection[:portable_data_hash], resp['portable_data_hash'] + response_collection = assigns(:object) + + stored_collection = Collection.select([:uuid, :portable_data_hash, :manifest_text]). + where(portable_data_hash: response_collection['portable_data_hash']).first + + assert_equal test_collection[:portable_data_hash], stored_collection['portable_data_hash'] # The manifest in the response will have had permission hints added. # Remove any permission hints in the response before comparing it to the source. - stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') + stripped_manifest = stored_collection['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') assert_equal test_collection[:manifest_text], stripped_manifest - assert_equal 9, resp['data_size'] - assert_equal [['.', 'foo.txt', 0], - ['.', 'bar.txt', 6], - ['./baz', 'bar.txt', 3]], resp['files'] + + # TBD: create action should add permission signatures to manifest_text in the response, + # and we need to check those permission signatures here. end - test "list of files is correct for empty manifest" do - authorize_with :active - test_collection = { - manifest_text: "", - portable_data_hash: "d41d8cd98f00b204e9800998ecf8427e+0" - } - post :create, { - collection: test_collection - } - assert_response :success + [:admin, :active].each do |user| + test "#{user} can get collection using portable data hash" do + authorize_with user - get :show, { - id: "d41d8cd98f00b204e9800998ecf8427e+0" - } - assert_response :success - resp = JSON.parse(@response.body) - assert_equal [], resp['files'] + foo_collection = collections(:foo_file) + + # Get foo_file using its portable data hash + get :show, { + id: foo_collection[:portable_data_hash] + } + assert_response :success + assert_not_nil assigns(:object) + resp = assigns(:object) + assert_equal foo_collection[:portable_data_hash], resp['portable_data_hash'] + assert_signed_manifest resp['manifest_text'] + + # The manifest in the response will have had permission hints added. + # Remove any permission hints in the response before comparing it to the source. + stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '') + assert_equal foo_collection[:manifest_text], stripped_manifest + end end test "create with owner_uuid set to owned group" do @@ -193,6 +184,31 @@ EOS } } assert_response 422 + response_errors = json_response['errors'] + assert_not_nil response_errors, 'Expected error in response' + assert(response_errors.first.include?('duplicate key'), + "Expected 'duplicate key' error in #{response_errors.first}") + end + + [false, true].each do |unsigned| + test "create with duplicate name, ensure_unique_name, unsigned=#{unsigned}" do + permit_unsigned_manifests unsigned + authorize_with :active + manifest_text = ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:0:foo.txt\n" + if !unsigned + manifest_text = Collection.sign_manifest manifest_text, api_token(:active) + end + post :create, { + collection: { + owner_uuid: users(:active).uuid, + manifest_text: manifest_text, + name: "owned_by_active" + }, + ensure_unique_name: true + } + assert_response :success + assert_equal 'owned_by_active (2)', json_response['name'] + end end test "create with owner_uuid set to group i can_manage" do @@ -329,14 +345,15 @@ EOS end test "search collections with 'any' operator" do + expect_pdh = collections(:docker_image).portable_data_hash authorize_with :active get :index, { - where: { any: ['contains', '7f9102c395f4ffc5e3'] } + where: { any: ['contains', expect_pdh[5..25]] } } assert_response :success - found = assigns(:objects).collect(&:portable_data_hash) - assert_equal 2, found.count - assert_equal true, !!found.index('1f4b0bc7583c2a7f9102c395f4ffc5e3+45') + found = assigns(:objects) + assert_equal 1, found.count + assert_equal expect_pdh, found.first.portable_data_hash end [false, true].each do |permit_unsigned| @@ -385,7 +402,6 @@ EOS assert_not_nil assigns(:object) resp = JSON.parse(@response.body) assert_equal manifest_uuid, resp['portable_data_hash'] - assert_equal 48, resp['data_size'] # All of the locators in the output must be signed. resp['manifest_text'].lines.each do |entry| m = /([[:xdigit:]]{32}\+\S+)/.match(entry) @@ -433,7 +449,6 @@ EOS assert_not_nil assigns(:object) resp = JSON.parse(@response.body) assert_equal manifest_uuid, resp['portable_data_hash'] - assert_equal 48, resp['data_size'] # All of the locators in the output must be signed. resp['manifest_text'].lines.each do |entry| m = /([[:xdigit:]]{32}\+\S+)/.match(entry) @@ -522,7 +537,6 @@ EOS assert_not_nil assigns(:object) resp = JSON.parse(@response.body) assert_equal manifest_uuid, resp['portable_data_hash'] - assert_equal 48, resp['data_size'] # The manifest in the response will have had permission hints added. # Remove any permission hints in the response before comparing it to the source. @@ -561,7 +575,6 @@ EOS assert_not_nil assigns(:object) resp = JSON.parse(@response.body) assert_equal manifest_uuid, resp['portable_data_hash'] - assert_equal 48, resp['data_size'] # All of the locators in the output must be signed. # Each line is of the form "path locator locator ... 0:0:file.txt" # entry.split[1..-2] will yield just the tokens in the middle of the line @@ -576,6 +589,7 @@ EOS end test 'Reject manifest with unsigned blob' do + permit_unsigned_manifests false authorize_with :active unsigned_manifest = ". 0cc175b9c0f1b6a831c399e269772661+1 0:1:a.txt\n" manifest_uuid = Digest::MD5.hexdigest(unsigned_manifest) @@ -591,4 +605,133 @@ EOS "Collection should not exist in database after failed create" end + test 'List expired collection returns empty list' do + authorize_with :active + get :index, { + where: {name: 'expired_collection'}, + } + assert_response :success + found = assigns(:objects) + assert_equal 0, found.count + end + + test 'Show expired collection returns 404' do + authorize_with :active + get :show, { + id: 'zzzzz-4zz18-mto52zx1s7sn3ih', + } + assert_response 404 + end + + test 'Update expired collection returns 404' do + authorize_with :active + post :update, { + id: 'zzzzz-4zz18-mto52zx1s7sn3ih', + collection: { + name: "still expired" + } + } + assert_response 404 + end + + test 'List collection with future expiration time succeeds' do + authorize_with :active + get :index, { + where: {name: 'collection_expires_in_future'}, + } + found = assigns(:objects) + assert_equal 1, found.count + end + + + test 'Show collection with future expiration time succeeds' do + authorize_with :active + get :show, { + id: 'zzzzz-4zz18-padkqo7yb8d9i3j', + } + assert_response :success + end + + test 'Update collection with future expiration time succeeds' do + authorize_with :active + post :update, { + id: 'zzzzz-4zz18-padkqo7yb8d9i3j', + collection: { + name: "still not expired" + } + } + assert_response :success + end + + test "get collection and verify that file_names is not included" do + authorize_with :active + get :show, {id: collections(:foo_file).uuid} + assert_response :success + assert_equal collections(:foo_file).uuid, json_response['uuid'] + assert_nil json_response['file_names'] + assert json_response['manifest_text'] + end + + [ + [2**8, :success], + [2**18, 422], + ].each do |description_size, expected_response| + test "create collection with description size #{description_size} + and expect response #{expected_response}" do + skip "(Descriptions are not part of search indexes. Skip until full-text search + is implemented, at which point replace with a search in description.)" + + authorize_with :active + + description = 'here is a collection with a very large description' + while description.length < description_size + description = description + description + end + + post :create, collection: { + manifest_text: ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:foo.txt\n", + description: description, + } + + assert_response expected_response + end + end + + [1, 5, nil].each do |ask| + test "Set replication_desired=#{ask.inspect}" do + Rails.configuration.default_collection_replication = 2 + authorize_with :active + put :update, { + id: collections(:replication_undesired_unconfirmed).uuid, + collection: { + replication_desired: ask, + }, + } + assert_response :success + assert_equal ask, json_response['replication_desired'] + end + end + + test "get collection with properties" do + authorize_with :active + get :show, {id: collections(:collection_with_one_property).uuid} + assert_response :success + assert_not_nil json_response['uuid'] + assert_equal 'value1', json_response['properties']['property1'] + end + + test "create collection with properties" do + authorize_with :active + manifest_text = ". d41d8cd98f00b204e9800998ecf8427e 0:0:foo.txt\n" + post :create, { + collection: { + manifest_text: manifest_text, + portable_data_hash: "d30fe8ae534397864cb96c544f4cf102+47", + properties: {'property_1' => 'value_1'} + } + } + assert_response :success + assert_not_nil json_response['uuid'] + assert_equal 'value_1', json_response['properties']['property_1'] + end end