X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/44c95f99098fa6c6acbfa82d4b6cbc6015eb6e39..97be38eaf9715da04930018db29d12894813d551:/sdk/python/tests/test_keep_client.py diff --git a/sdk/python/tests/test_keep_client.py b/sdk/python/tests/test_keep_client.py index c2c4728253..27e3cf6330 100644 --- a/sdk/python/tests/test_keep_client.py +++ b/sdk/python/tests/test_keep_client.py @@ -23,6 +23,7 @@ import urllib.parse import arvados import arvados.retry +import arvados.util from . import arvados_testutil as tutil from . import keepstub from . import run_test_server @@ -129,8 +130,7 @@ class KeepTestCase(run_test_server.TestCaseWithServers): class KeepPermissionTestCase(run_test_server.TestCaseWithServers): MAIN_SERVER = {} - KEEP_SERVER = {'blob_signing_key': 'abcdefghijk0123456789', - 'enforce_permissions': True} + KEEP_SERVER = {'blob_signing': True} def test_KeepBasicRWTest(self): run_test_server.authorize_with('active') @@ -172,70 +172,6 @@ class KeepPermissionTestCase(run_test_server.TestCaseWithServers): unsigned_bar_locator) -# KeepOptionalPermission: starts Keep with --permission-key-file -# but not --enforce-permissions (i.e. generate signatures on PUT -# requests, but do not require them for GET requests) -# -# All of these requests should succeed when permissions are optional: -# * authenticated request, signed locator -# * authenticated request, unsigned locator -# * unauthenticated request, signed locator -# * unauthenticated request, unsigned locator -class KeepOptionalPermission(run_test_server.TestCaseWithServers): - MAIN_SERVER = {} - KEEP_SERVER = {'blob_signing_key': 'abcdefghijk0123456789', - 'enforce_permissions': False} - - @classmethod - def setUpClass(cls): - super(KeepOptionalPermission, cls).setUpClass() - run_test_server.authorize_with("admin") - cls.api_client = arvados.api('v1') - - def setUp(self): - super(KeepOptionalPermission, self).setUp() - self.keep_client = arvados.KeepClient(api_client=self.api_client, - proxy='', local_store='') - - def _put_foo_and_check(self): - signed_locator = self.keep_client.put('foo') - self.assertRegex( - signed_locator, - r'^acbd18db4cc2f85cedef654fccc4a4d8\+3\+A[a-f0-9]+@[a-f0-9]+$', - 'invalid locator from Keep.put("foo"): ' + signed_locator) - return signed_locator - - def test_KeepAuthenticatedSignedTest(self): - signed_locator = self._put_foo_and_check() - self.assertEqual(self.keep_client.get(signed_locator), - b'foo', - 'wrong content from Keep.get(md5("foo"))') - - def test_KeepAuthenticatedUnsignedTest(self): - signed_locator = self._put_foo_and_check() - self.assertEqual(self.keep_client.get("acbd18db4cc2f85cedef654fccc4a4d8"), - b'foo', - 'wrong content from Keep.get(md5("foo"))') - - def test_KeepUnauthenticatedSignedTest(self): - # Check that signed GET requests work even when permissions - # enforcement is off. - signed_locator = self._put_foo_and_check() - self.keep_client.api_token = '' - self.assertEqual(self.keep_client.get(signed_locator), - b'foo', - 'wrong content from Keep.get(md5("foo"))') - - def test_KeepUnauthenticatedUnsignedTest(self): - # Since --enforce-permissions is not in effect, GET requests - # need not be authenticated. - signed_locator = self._put_foo_and_check() - self.keep_client.api_token = '' - self.assertEqual(self.keep_client.get("acbd18db4cc2f85cedef654fccc4a4d8"), - b'foo', - 'wrong content from Keep.get(md5("foo"))') - - class KeepProxyTestCase(run_test_server.TestCaseWithServers): MAIN_SERVER = {} KEEP_SERVER = {} @@ -318,6 +254,48 @@ class KeepClientServiceTestCase(unittest.TestCase, tutil.ApiClientMock): self.assertEqual('100::1', service.hostname) self.assertEqual(10, service.port) + def test_insecure_disables_tls_verify(self): + api_client = self.mock_keep_services(count=1) + force_timeout = socket.timeout("timed out") + + api_client.insecure = True + with tutil.mock_keep_responses(b'foo', 200) as mock: + keep_client = arvados.KeepClient(api_client=api_client) + keep_client.get('acbd18db4cc2f85cedef654fccc4a4d8+3') + self.assertEqual( + mock.responses[0].getopt(pycurl.SSL_VERIFYPEER), + 0) + + api_client.insecure = False + with tutil.mock_keep_responses(b'foo', 200) as mock: + keep_client = arvados.KeepClient(api_client=api_client) + keep_client.get('acbd18db4cc2f85cedef654fccc4a4d8+3') + # getopt()==None here means we didn't change the + # default. If we were using real pycurl instead of a mock, + # it would return the default value 1. + self.assertEqual( + mock.responses[0].getopt(pycurl.SSL_VERIFYPEER), + None) + + def test_refresh_signature(self): + blk_digest = '6f5902ac237024bdd0c176cb93063dc4+11' + blk_sig = 'da39a3ee5e6b4b0d3255bfef95601890afd80709@53bed294' + local_loc = blk_digest+'+A'+blk_sig + remote_loc = blk_digest+'+R'+blk_sig + api_client = self.mock_keep_services(count=1) + headers = {'X-Keep-Locator':local_loc} + with tutil.mock_keep_responses('', 200, **headers): + # Check that the translated locator gets returned + keep_client = arvados.KeepClient(api_client=api_client) + self.assertEqual(local_loc, keep_client.refresh_signature(remote_loc)) + # Check that refresh_signature() uses the correct method and headers + keep_client._get_or_head = mock.MagicMock() + keep_client.refresh_signature(remote_loc) + args, kwargs = keep_client._get_or_head.call_args_list[0] + self.assertIn(remote_loc, args) + self.assertEqual("HEAD", kwargs['method']) + self.assertIn('X-Keep-Signature', kwargs['headers']) + # test_*_timeout verify that KeepClient instructs pycurl to use # the appropriate connection and read timeouts. They don't care # whether pycurl actually exhibits the expected timeout behavior @@ -369,10 +347,10 @@ class KeepClientServiceTestCase(unittest.TestCase, tutil.ApiClientMock): int(arvados.KeepClient.DEFAULT_TIMEOUT[0]*1000)) self.assertEqual( mock.responses[0].getopt(pycurl.LOW_SPEED_TIME), - int(arvados.KeepClient.DEFAULT_TIMEOUT[1])) + None) self.assertEqual( mock.responses[0].getopt(pycurl.LOW_SPEED_LIMIT), - int(arvados.KeepClient.DEFAULT_TIMEOUT[2])) + None) def test_proxy_get_timeout(self): api_client = self.mock_keep_services(service_type='proxy', count=1) @@ -403,10 +381,10 @@ class KeepClientServiceTestCase(unittest.TestCase, tutil.ApiClientMock): int(arvados.KeepClient.DEFAULT_PROXY_TIMEOUT[0]*1000)) self.assertEqual( mock.responses[0].getopt(pycurl.LOW_SPEED_TIME), - int(arvados.KeepClient.DEFAULT_PROXY_TIMEOUT[1])) + None) self.assertEqual( mock.responses[0].getopt(pycurl.LOW_SPEED_LIMIT), - int(arvados.KeepClient.DEFAULT_PROXY_TIMEOUT[2])) + None) def test_proxy_put_timeout(self): api_client = self.mock_keep_services(service_type='proxy', count=1) @@ -446,15 +424,16 @@ class KeepClientServiceTestCase(unittest.TestCase, tutil.ApiClientMock): def check_errors_from_last_retry(self, verb, exc_class): api_client = self.mock_keep_services(count=2) req_mock = tutil.mock_keep_responses( - "retry error reporting test", 500, 500, 403, 403) + "retry error reporting test", 500, 500, 500, 500, 500, 500, 502, 502) with req_mock, tutil.skip_sleep, \ self.assertRaises(exc_class) as err_check: keep_client = arvados.KeepClient(api_client=api_client) getattr(keep_client, verb)('d41d8cd98f00b204e9800998ecf8427e+0', num_retries=3) - self.assertEqual([403, 403], [ + self.assertEqual([502, 502], [ getattr(error, 'status_code', None) for error in err_check.exception.request_errors().values()]) + self.assertRegex(str(err_check.exception), r'failed to (read|write) .* after 4 attempts') def test_get_error_reflects_last_retry(self): self.check_errors_from_last_retry('get', arvados.errors.KeepReadError) @@ -517,6 +496,114 @@ class KeepClientServiceTestCase(unittest.TestCase, tutil.ApiClientMock): self.assertEqual(1, req_mock.call_count) +@tutil.skip_sleep +class KeepClientCacheTestCase(unittest.TestCase, tutil.ApiClientMock): + def setUp(self): + self.api_client = self.mock_keep_services(count=2) + self.keep_client = arvados.KeepClient(api_client=self.api_client) + self.data = b'xyzzy' + self.locator = '1271ed5ef305aadabc605b1609e24c52' + + @mock.patch('arvados.KeepClient.KeepService.get') + def test_get_request_cache(self, get_mock): + with tutil.mock_keep_responses(self.data, 200, 200): + self.keep_client.get(self.locator) + self.keep_client.get(self.locator) + # Request already cached, don't require more than one request + get_mock.assert_called_once() + + @mock.patch('arvados.KeepClient.KeepService.get') + def test_head_request_cache(self, get_mock): + with tutil.mock_keep_responses(self.data, 200, 200): + self.keep_client.head(self.locator) + self.keep_client.head(self.locator) + # Don't cache HEAD requests so that they're not confused with GET reqs + self.assertEqual(2, get_mock.call_count) + + @mock.patch('arvados.KeepClient.KeepService.get') + def test_head_and_then_get_return_different_responses(self, get_mock): + head_resp = None + get_resp = None + get_mock.side_effect = ['first response', 'second response'] + with tutil.mock_keep_responses(self.data, 200, 200): + head_resp = self.keep_client.head(self.locator) + get_resp = self.keep_client.get(self.locator) + self.assertEqual('first response', head_resp) + # First reponse was not cached because it was from a HEAD request. + self.assertNotEqual(head_resp, get_resp) + + +@tutil.skip_sleep +class KeepXRequestIdTestCase(unittest.TestCase, tutil.ApiClientMock): + def setUp(self): + self.api_client = self.mock_keep_services(count=2) + self.keep_client = arvados.KeepClient(api_client=self.api_client) + self.data = b'xyzzy' + self.locator = '1271ed5ef305aadabc605b1609e24c52' + self.test_id = arvados.util.new_request_id() + self.assertRegex(self.test_id, r'^req-[a-z0-9]{20}$') + # If we don't set request_id to None explicitly here, it will + # return : + self.api_client.request_id = None + + def test_default_to_api_client_request_id(self): + self.api_client.request_id = self.test_id + with tutil.mock_keep_responses(self.locator, 200, 200) as mock: + self.keep_client.put(self.data) + self.assertEqual(2, len(mock.responses)) + for resp in mock.responses: + self.assertProvidedRequestId(resp) + + with tutil.mock_keep_responses(self.data, 200) as mock: + self.keep_client.get(self.locator) + self.assertProvidedRequestId(mock.responses[0]) + + with tutil.mock_keep_responses(b'', 200) as mock: + self.keep_client.head(self.locator) + self.assertProvidedRequestId(mock.responses[0]) + + def test_explicit_request_id(self): + with tutil.mock_keep_responses(self.locator, 200, 200) as mock: + self.keep_client.put(self.data, request_id=self.test_id) + self.assertEqual(2, len(mock.responses)) + for resp in mock.responses: + self.assertProvidedRequestId(resp) + + with tutil.mock_keep_responses(self.data, 200) as mock: + self.keep_client.get(self.locator, request_id=self.test_id) + self.assertProvidedRequestId(mock.responses[0]) + + with tutil.mock_keep_responses(b'', 200) as mock: + self.keep_client.head(self.locator, request_id=self.test_id) + self.assertProvidedRequestId(mock.responses[0]) + + def test_automatic_request_id(self): + with tutil.mock_keep_responses(self.locator, 200, 200) as mock: + self.keep_client.put(self.data) + self.assertEqual(2, len(mock.responses)) + for resp in mock.responses: + self.assertAutomaticRequestId(resp) + + with tutil.mock_keep_responses(self.data, 200) as mock: + self.keep_client.get(self.locator) + self.assertAutomaticRequestId(mock.responses[0]) + + with tutil.mock_keep_responses(b'', 200) as mock: + self.keep_client.head(self.locator) + self.assertAutomaticRequestId(mock.responses[0]) + + def assertAutomaticRequestId(self, resp): + hdr = [x for x in resp.getopt(pycurl.HTTPHEADER) + if x.startswith('X-Request-Id: ')][0] + self.assertNotEqual(hdr, 'X-Request-Id: '+self.test_id) + self.assertRegex(hdr, r'^X-Request-Id: req-[a-z0-9]{20}$') + + def assertProvidedRequestId(self, resp): + self.assertIn('X-Request-Id: '+self.test_id, + resp.getopt(pycurl.HTTPHEADER)) + + @tutil.skip_sleep class KeepClientRendezvousTestCase(unittest.TestCase, tutil.ApiClientMock): @@ -735,7 +822,7 @@ class KeepClientTimeout(keepstub.StubKeepServers, unittest.TestCase): loc = kc.put(self.DATA, copies=1, num_retries=0) self.server.setbandwidth(0.5*self.BANDWIDTH_LOW_LIM) with self.assertTakesGreater(self.TIMEOUT_TIME): - with self.assertRaises(arvados.errors.KeepReadError) as e: + with self.assertRaises(arvados.errors.KeepReadError): kc.get(loc, num_retries=0) with self.assertTakesGreater(self.TIMEOUT_TIME): with self.assertRaises(arvados.errors.KeepWriteError): @@ -745,22 +832,25 @@ class KeepClientTimeout(keepstub.StubKeepServers, unittest.TestCase): kc = self.keepClient() loc = kc.put(self.DATA, copies=1, num_retries=0) self.server.setbandwidth(self.BANDWIDTH_LOW_LIM) - self.server.setdelays(response=self.TIMEOUT_TIME) + # Note the actual delay must be 1s longer than the low speed + # limit interval in order for curl to detect it reliably. + self.server.setdelays(response=self.TIMEOUT_TIME+1) with self.assertTakesGreater(self.TIMEOUT_TIME): - with self.assertRaises(arvados.errors.KeepReadError) as e: + with self.assertRaises(arvados.errors.KeepReadError): kc.get(loc, num_retries=0) with self.assertTakesGreater(self.TIMEOUT_TIME): with self.assertRaises(arvados.errors.KeepWriteError): kc.put(self.DATA, copies=1, num_retries=0) with self.assertTakesGreater(self.TIMEOUT_TIME): - with self.assertRaises(arvados.errors.KeepReadError) as e: - kc.head(loc, num_retries=0) + kc.head(loc, num_retries=0) def test_low_bandwidth_with_server_mid_delay_failure(self): kc = self.keepClient() loc = kc.put(self.DATA, copies=1, num_retries=0) self.server.setbandwidth(self.BANDWIDTH_LOW_LIM) - self.server.setdelays(mid_write=self.TIMEOUT_TIME, mid_read=self.TIMEOUT_TIME) + # Note the actual delay must be 1s longer than the low speed + # limit interval in order for curl to detect it reliably. + self.server.setdelays(mid_write=self.TIMEOUT_TIME+1, mid_read=self.TIMEOUT_TIME+1) with self.assertTakesGreater(self.TIMEOUT_TIME): with self.assertRaises(arvados.errors.KeepReadError) as e: kc.get(loc, num_retries=0) @@ -946,7 +1036,9 @@ class KeepClientRetryTestMixin(object): def check_exception(self, error_class=None, *args, **kwargs): if error_class is None: error_class = self.DEFAULT_EXCEPTION - self.assertRaises(error_class, self.run_method, *args, **kwargs) + with self.assertRaises(error_class) as err: + self.run_method(*args, **kwargs) + return err def test_immediate_success(self): with self.TEST_PATCHER(self.DEFAULT_EXPECT, 200): @@ -970,7 +1062,8 @@ class KeepClientRetryTestMixin(object): def test_error_after_retries_exhausted(self): with self.TEST_PATCHER(self.DEFAULT_EXPECT, 500, 500, 200): - self.check_exception(num_retries=1) + err = self.check_exception(num_retries=1) + self.assertRegex(str(err.exception), r'failed to .* after 2 attempts') def test_num_retries_instance_fallback(self): self.client_kwargs['num_retries'] = 3 @@ -1099,7 +1192,7 @@ class AvoidOverreplication(unittest.TestCase, tutil.ApiClientMock): def finished(self): return False - + def setUp(self): self.copies = 3 self.pool = arvados.KeepClient.KeepWriterThreadPool( @@ -1143,7 +1236,7 @@ class AvoidOverreplication(unittest.TestCase, tutil.ApiClientMock): self.pool.add_task(ks, None) self.pool.join() self.assertEqual(self.pool.done(), self.copies-1) - + @tutil.skip_sleep class RetryNeedsMultipleServices(unittest.TestCase, tutil.ApiClientMock): @@ -1178,3 +1271,29 @@ class RetryNeedsMultipleServices(unittest.TestCase, tutil.ApiClientMock): with self.assertRaises(arvados.errors.KeepWriteError): self.keep_client.put('foo', num_retries=1, copies=2) self.assertEqual(2, req_mock.call_count) + +class KeepClientAPIErrorTest(unittest.TestCase): + def test_api_fail(self): + class ApiMock(object): + def __getattr__(self, r): + if r == "api_token": + return "abc" + elif r == "insecure": + return False + else: + raise arvados.errors.KeepReadError() + keep_client = arvados.KeepClient(api_client=ApiMock(), + proxy='', local_store='') + + # The bug this is testing for is that if an API (not + # keepstore) exception is thrown as part of a get(), the next + # attempt to get that same block will result in a deadlock. + # This is why there are two get()s in a row. Unfortunately, + # the failure mode for this test is that the test suite + # deadlocks, there isn't a good way to avoid that without + # adding a special case that has no use except for this test. + + with self.assertRaises(arvados.errors.KeepReadError): + keep_client.get("acbd18db4cc2f85cedef654fccc4a4d8+3") + with self.assertRaises(arvados.errors.KeepReadError): + keep_client.get("acbd18db4cc2f85cedef654fccc4a4d8+3")