X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/40e3249b1f75ff1442adbc360885c80db436c50b..4b5ec8651ba83f2a79fe40708021e03c86275093:/lib/config/load_test.go diff --git a/lib/config/load_test.go b/lib/config/load_test.go index fa04c00751..3e0368cc03 100644 --- a/lib/config/load_test.go +++ b/lib/config/load_test.go @@ -15,8 +15,8 @@ import ( "strings" "testing" - "git.curoverse.com/arvados.git/sdk/go/arvados" - "git.curoverse.com/arvados.git/sdk/go/ctxlog" + "git.arvados.org/arvados.git/sdk/go/arvados" + "git.arvados.org/arvados.git/sdk/go/ctxlog" "github.com/ghodss/yaml" "github.com/sirupsen/logrus" check "gopkg.in/check.v1" @@ -46,6 +46,12 @@ func testLoader(c *check.C, configdata string, logdst io.Writer) *Loader { type LoadSuite struct{} +func (s *LoadSuite) SetUpSuite(c *check.C) { + os.Unsetenv("ARVADOS_API_HOST") + os.Unsetenv("ARVADOS_API_HOST_INSECURE") + os.Unsetenv("ARVADOS_API_TOKEN") +} + func (s *LoadSuite) TestEmpty(c *check.C) { cfg, err := testLoader(c, "", nil).Load() c.Check(cfg, check.IsNil) @@ -158,6 +164,7 @@ func (s *LoadSuite) TestSampleKeys(c *check.C) { cfg, err := testLoader(c, yaml, nil).Load() c.Assert(err, check.IsNil) cc, err := cfg.GetCluster("z1111") + c.Assert(err, check.IsNil) _, hasSample := cc.InstanceTypes["SAMPLE"] c.Check(hasSample, check.Equals, false) if strings.Contains(yaml, "Foo") { @@ -185,21 +192,43 @@ func (s *LoadSuite) TestDeprecatedOrUnknownWarning(c *check.C) { _, err := testLoader(c, ` Clusters: zzzzz: - postgresql: {} - BadKey: {} - Containers: {} + ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Collections: + BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + PostgreSQL: {} + BadKey1: {} + Containers: + RunTimeEngine: abc RemoteClusters: z2222: Host: z2222.arvadosapi.com Proxy: true - BadKey: badValue + BadKey2: badValue + Services: + KeepStore: + InternalURLs: + "http://host.example:12345": {} + # we use Keepproxy instead of Keepstore for the RendezVous test, + # to avoid the "keepstore has no volumes" warning + Keepproxy: + InternalURLs: + "http://host.example:12345": + # ideally we would reject Rendezvous here too, but + # currently we don't + RendezVous: x + ServiceS: + Keepstore: + InternalURLs: + "http://host.example:12345": {} `, &logbuf).Load() c.Assert(err, check.IsNil) + c.Log(logbuf.String()) logs := strings.Split(strings.TrimSuffix(logbuf.String(), "\n"), "\n") for _, log := range logs { - c.Check(log, check.Matches, `.*deprecated or unknown config entry:.*BadKey.*`) + c.Check(log, check.Matches, `.*deprecated or unknown config entry:.*(RunTimeEngine.*RuntimeEngine|BadKey1|BadKey2|KeepStore|ServiceS|RendezVous).*`) } - c.Check(logs, check.HasLen, 2) + c.Check(logs, check.HasLen, 6) } func (s *LoadSuite) checkSAMPLEKeys(c *check.C, path string, x interface{}) { @@ -254,6 +283,10 @@ func (s *LoadSuite) TestNoUnrecognizedKeysInDefaultConfig(c *check.C) { err = yaml.Unmarshal(buf, &loaded) c.Assert(err, check.IsNil) + c.Check(logbuf.String(), check.Matches, `(?ms).*SystemRootToken: secret token is not set.*`) + c.Check(logbuf.String(), check.Matches, `(?ms).*ManagementToken: secret token is not set.*`) + c.Check(logbuf.String(), check.Matches, `(?ms).*Collections.BlobSigningKey: secret token is not set.*`) + logbuf.Reset() loader.logExtraKeys(loaded, supplied, "") c.Check(logbuf.String(), check.Equals, "") } @@ -262,7 +295,13 @@ func (s *LoadSuite) TestNoWarningsForDumpedConfig(c *check.C) { var logbuf bytes.Buffer logger := logrus.New() logger.Out = &logbuf - cfg, err := testLoader(c, `{"Clusters":{"zzzzz":{}}}`, &logbuf).Load() + cfg, err := testLoader(c, ` +Clusters: + zzzzz: + ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Collections: + BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`, &logbuf).Load() c.Assert(err, check.IsNil) yaml, err := yaml.Marshal(cfg) c.Assert(err, check.IsNil) @@ -272,18 +311,82 @@ func (s *LoadSuite) TestNoWarningsForDumpedConfig(c *check.C) { c.Check(logbuf.String(), check.Equals, "") } +func (s *LoadSuite) TestUnacceptableTokens(c *check.C) { + for _, trial := range []struct { + short bool + configPath string + example string + }{ + {false, "SystemRootToken", "SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa_b_c"}, + {false, "ManagementToken", "ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa b c"}, + {false, "ManagementToken", "ManagementToken: \"$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabc\""}, + {false, "Collections.BlobSigningKey", "Collections: {BlobSigningKey: \"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa⛵\"}"}, + {true, "SystemRootToken", "SystemRootToken: a_b_c"}, + {true, "ManagementToken", "ManagementToken: a b c"}, + {true, "ManagementToken", "ManagementToken: \"$abc\""}, + {true, "Collections.BlobSigningKey", "Collections: {BlobSigningKey: \"⛵\"}"}, + } { + c.Logf("trying bogus config: %s", trial.example) + _, err := testLoader(c, "Clusters:\n zzzzz:\n "+trial.example, nil).Load() + if trial.short { + c.Check(err, check.ErrorMatches, `Clusters.zzzzz.`+trial.configPath+`: unacceptable characters in token.*`) + } else { + c.Check(err, check.ErrorMatches, `Clusters.zzzzz.`+trial.configPath+`: unacceptable characters in token.*`) + } + } +} + func (s *LoadSuite) TestPostgreSQLKeyConflict(c *check.C) { _, err := testLoader(c, ` Clusters: zzzzz: - postgresql: - connection: + PostgreSQL: + Connection: DBName: dbname Host: host `, nil).Load() c.Check(err, check.ErrorMatches, `Clusters.zzzzz.PostgreSQL.Connection: multiple entries for "(dbname|host)".*`) } +func (s *LoadSuite) TestBadClusterIDs(c *check.C) { + for _, data := range []string{` +Clusters: + 123456: + ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Collections: + BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +`, ` +Clusters: + 12345: + ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Collections: + BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + RemoteClusters: + Zzzzz: + Host: Zzzzz.arvadosapi.com + Proxy: true +`, ` +Clusters: + abcde: + ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Collections: + BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa + Login: + LoginCluster: zz-zz +`, + } { + c.Log(data) + v, err := testLoader(c, data, nil).Load() + if v != nil { + c.Logf("%#v", v.Clusters) + } + c.Check(err, check.ErrorMatches, `.*cluster ID should be 5 alphanumeric characters.*`) + } +} + func (s *LoadSuite) TestBadType(c *check.C) { for _, data := range []string{` Clusters: @@ -321,7 +424,7 @@ Clusters: } func (s *LoadSuite) TestMovedKeys(c *check.C) { - s.checkEquivalent(c, `# config has old keys only + checkEquivalent(c, `# config has old keys only Clusters: zzzzz: RequestLimits: @@ -334,7 +437,7 @@ Clusters: MaxRequestAmplification: 3 MaxItemsPerResponse: 999 `) - s.checkEquivalent(c, `# config has both old and new keys; old values win + checkEquivalent(c, `# config has both old and new keys; old values win Clusters: zzzzz: RequestLimits: @@ -352,26 +455,120 @@ Clusters: `) } -func (s *LoadSuite) checkEquivalent(c *check.C, goty, expectedy string) { - got, err := testLoader(c, goty, nil).Load() +func checkEquivalent(c *check.C, goty, expectedy string) string { + var logbuf bytes.Buffer + gotldr := testLoader(c, goty, &logbuf) + expectedldr := testLoader(c, expectedy, nil) + checkEquivalentLoaders(c, gotldr, expectedldr) + return logbuf.String() +} + +func checkEqualYAML(c *check.C, got, expected interface{}) { + expectedyaml, err := yaml.Marshal(expected) c.Assert(err, check.IsNil) - expected, err := testLoader(c, expectedy, nil).Load() + gotyaml, err := yaml.Marshal(got) c.Assert(err, check.IsNil) - if !c.Check(got, check.DeepEquals, expected) { + if !bytes.Equal(gotyaml, expectedyaml) { cmd := exec.Command("diff", "-u", "--label", "expected", "--label", "got", "/dev/fd/3", "/dev/fd/4") - for _, obj := range []interface{}{expected, got} { - y, _ := yaml.Marshal(obj) + for _, y := range [][]byte{expectedyaml, gotyaml} { pr, pw, err := os.Pipe() c.Assert(err, check.IsNil) defer pr.Close() - go func() { - io.Copy(pw, bytes.NewBuffer(y)) + go func(data []byte) { + pw.Write(data) pw.Close() - }() + }(y) cmd.ExtraFiles = append(cmd.ExtraFiles, pr) } diff, err := cmd.CombinedOutput() + // diff should report differences and exit non-zero. + c.Check(err, check.NotNil) c.Log(string(diff)) - c.Check(err, check.IsNil) + c.Error("got != expected; see diff (-expected +got) above") + } +} + +func checkEquivalentLoaders(c *check.C, gotldr, expectedldr *Loader) { + got, err := gotldr.Load() + c.Assert(err, check.IsNil) + expected, err := expectedldr.Load() + c.Assert(err, check.IsNil) + checkEqualYAML(c, got, expected) +} + +func checkListKeys(path string, x interface{}) (err error) { + v := reflect.Indirect(reflect.ValueOf(x)) + switch v.Kind() { + case reflect.Map: + iter := v.MapRange() + for iter.Next() { + k := iter.Key() + if k.Kind() == reflect.String { + if err = checkListKeys(path+"."+k.String(), iter.Value().Interface()); err != nil { + return + } + } + } + return + + case reflect.Struct: + for i := 0; i < v.NumField(); i++ { + val := v.Field(i) + structField := v.Type().Field(i) + fieldname := structField.Name + endsWithList := strings.HasSuffix(fieldname, "List") + isAnArray := structField.Type.Kind() == reflect.Slice + if endsWithList != isAnArray { + if endsWithList { + err = fmt.Errorf("%s.%s ends with 'List' but field is not an array (type %v)", path, fieldname, val.Kind()) + return + } + if isAnArray && structField.Type.Elem().Kind() != reflect.Uint8 { + err = fmt.Errorf("%s.%s is an array but field name does not end in 'List' (slice of %v)", path, fieldname, structField.Type.Elem().Kind()) + return + } + } + if val.CanInterface() { + checkListKeys(path+"."+fieldname, val.Interface()) + } + } + } + return +} + +func (s *LoadSuite) TestListKeys(c *check.C) { + v1 := struct { + EndInList []string + }{[]string{"a", "b"}} + var m1 = make(map[string]interface{}) + m1["c"] = &v1 + if err := checkListKeys("", m1); err != nil { + c.Error(err) + } + + v2 := struct { + DoesNot []string + }{[]string{"a", "b"}} + var m2 = make(map[string]interface{}) + m2["c"] = &v2 + if err := checkListKeys("", m2); err == nil { + c.Errorf("Should have produced an error") + } + + v3 := struct { + EndInList string + }{"a"} + var m3 = make(map[string]interface{}) + m3["c"] = &v3 + if err := checkListKeys("", m3); err == nil { + c.Errorf("Should have produced an error") + } + + var logbuf bytes.Buffer + loader := testLoader(c, string(DefaultYAML), &logbuf) + cfg, err := loader.Load() + c.Assert(err, check.IsNil) + if err := checkListKeys("", cfg); err != nil { + c.Error(err) } }