X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/40798c7655139fdd96ffd67a5d66cfffe3e5091e..bd25fd95831117fe70864f1d03a9504b68c85ba8:/lib/controller/localdb/login_pam_test.go diff --git a/lib/controller/localdb/login_pam_test.go b/lib/controller/localdb/login_pam_test.go index d32aa1f246..0282b566f1 100644 --- a/lib/controller/localdb/login_pam_test.go +++ b/lib/controller/localdb/login_pam_test.go @@ -13,9 +13,11 @@ import ( "git.arvados.org/arvados.git/lib/config" "git.arvados.org/arvados.git/lib/controller/rpc" + "git.arvados.org/arvados.git/lib/ctrlctx" "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/arvadostest" "git.arvados.org/arvados.git/sdk/go/ctxlog" + "github.com/jmoiron/sqlx" check "gopkg.in/check.v1" ) @@ -25,6 +27,9 @@ type PamSuite struct { cluster *arvados.Cluster ctrl *pamLoginController railsSpy *arvadostest.Proxy + db *sqlx.DB + ctx context.Context + rollback func() error } func (s *PamSuite) SetUpSuite(c *check.C) { @@ -32,17 +37,31 @@ func (s *PamSuite) SetUpSuite(c *check.C) { c.Assert(err, check.IsNil) s.cluster, err = cfg.GetCluster("") c.Assert(err, check.IsNil) - s.cluster.Login.PAM = true - s.cluster.Login.PAMDefaultEmailDomain = "example.com" + s.cluster.Login.PAM.Enable = true + s.cluster.Login.PAM.DefaultEmailDomain = "example.com" s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI) s.ctrl = &pamLoginController{ - Cluster: s.cluster, - RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider), + Cluster: s.cluster, + Parent: &Conn{railsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)}, + } + s.db = arvadostest.DB(c, s.cluster) +} + +func (s *PamSuite) SetUpTest(c *check.C) { + tx, err := s.db.Beginx() + c.Assert(err, check.IsNil) + s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx) + s.rollback = tx.Rollback +} + +func (s *PamSuite) TearDownTest(c *check.C) { + if s.rollback != nil { + s.rollback() } } func (s *PamSuite) TestLoginFailure(c *check.C) { - resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{ + resp, err := s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{ Username: "bogususername", Password: "boguspassword", }) @@ -57,6 +76,9 @@ func (s *PamSuite) TestLoginFailure(c *check.C) { // This test only runs if the ARVADOS_TEST_PAM_CREDENTIALS_FILE env // var is set. The credentials file should contain a valid username // and password, separated by \n. +// +// Depending on the host config, this test succeeds only if the test +// credentials are for the same account being used to run tests. func (s *PamSuite) TestLoginSuccess(c *check.C) { testCredsFile := os.Getenv("ARVADOS_TEST_PAM_CREDENTIALS_FILE") if testCredsFile == "" { @@ -69,14 +91,16 @@ func (s *PamSuite) TestLoginSuccess(c *check.C) { c.Assert(len(lines), check.Equals, 2, check.Commentf("credentials file %s should contain \"username\\npassword\"", testCredsFile)) u, p := lines[0], lines[1] - resp, err := s.ctrl.UserAuthenticate(context.Background(), arvados.UserAuthenticateOptions{ + resp, err := s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{ Username: u, Password: p, }) c.Check(err, check.IsNil) - c.Check(resp.APIToken, check.Matches, `v2/zzzzz-gj3su-.*/.*`) + c.Check(resp.APIToken, check.Not(check.Equals), "") + c.Check(resp.UUID, check.Matches, `zzzzz-gj3su-.*`) + c.Check(resp.Scopes, check.DeepEquals, []string{"all"}) authinfo := getCallbackAuthInfo(c, s.railsSpy) - c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAMDefaultEmailDomain) + c.Check(authinfo.Email, check.Equals, u+"@"+s.cluster.Login.PAM.DefaultEmailDomain) c.Check(authinfo.AlternateEmails, check.DeepEquals, []string(nil)) }