X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/4e0eb166fd808b32c10cccc2b4014a02edcf29a6..bdc069a04fd98529f5c79c6b8a7164fb9119723d:/lib/controller/localdb/login_pam_docker_test.sh diff --git a/lib/controller/localdb/login_pam_docker_test.sh b/lib/controller/localdb/login_pam_docker_test.sh index 7fb0a303af..b8f281bc2e 100755 --- a/lib/controller/localdb/login_pam_docker_test.sh +++ b/lib/controller/localdb/login_pam_docker_test.sh @@ -37,6 +37,11 @@ cleanup() { } trap cleanup ERR +if [[ -z "$(docker image ls -q osixia/openldap:1.3.0)" ]]; then + echo >&2 "Pulling docker image for ldap server" + docker pull osixia/openldap:1.3.0 +fi + ldapctr=ldap-${RANDOM} echo >&2 "Starting ldap server in docker container ${ldapctr}" docker run --rm --detach \ @@ -83,6 +88,10 @@ Clusters: "http://0.0.0.0:9999/": {} Login: PAM: true + # Without this magic PAMDefaultEmailDomain, inserted users would + # prevent subsequent database/reset from working (see + # database_controller.rb). + PAMDefaultEmailDomain: example.com SystemLogs: LogLevel: debug EOF @@ -131,12 +140,15 @@ docker run --rm --entrypoint= \ osixia/openldap:1.3.0 \ bash -c "for f in \$(seq 1 5); do if ldapadd -H '${ldapurl}' -D 'cn=${adminuser},dc=example,dc=org' -w '${adminpassword}' -f /add_example_user.ldif; then exit 0; else sleep 2; fi; done; echo 'failed to add user entry'; exit 1" +echo >&2 "Building arvados controller binary to run in container" +go build -o "${tmpdir}" ../../../cmd/arvados-server + ctrlctr=ctrl-${RANDOM} echo >&2 "Starting arvados controller in docker container ${ctrlctr}" docker run --detach --rm --name=${ctrlctr} \ -p 9999 \ -v "${tmpdir}/pam_ldap.conf":/etc/pam_ldap.conf:ro \ - -v "${GOPATH:-${HOME}/go}/bin/arvados-server":/bin/arvados-server:ro \ + -v "${tmpdir}/arvados-server":/bin/arvados-server:ro \ -v "${tmpdir}/zzzzz.yml":/etc/arvados/config.yml:ro \ -v $(realpath "${PWD}/../../.."):/arvados:ro \ debian:10 \ @@ -156,9 +168,26 @@ done echo >&2 echo >&2 "Arvados controller is up at http://${ctrlhostport}" +check_contains() { + resp="${1}" + str="${2}" + if ! echo "${resp}" | fgrep -q "${str}"; then + echo >&2 "${resp}" + echo >&2 "FAIL: expected in response, but not found: ${str@Q}" + return 1 + fi +} + echo >&2 "Testing authentication failure" -curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=nosecret "http://${ctrlhostport}/login" | tee $debug | grep "Authentication failure" +resp="$(curl -s --include -d username=foo -d password=nosecret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)" +check_contains "${resp}" "HTTP/1.1 401" +check_contains "${resp}" '{"errors":["PAM: Authentication failure (with username \"foo\" and password)"]}' + echo >&2 "Testing authentication success" -curl -s -H "X-Http-Method-Override: GET" -d username=foo -d password=secret "http://${ctrlhostport}/login" | tee $debug | fgrep '{"token":"v2/zzzzz-gj3su-' +resp="$(curl -s --include -d username=foo -d password=secret "http://${ctrlhostport}/arvados/v1/users/authenticate" | tee $debug)" +check_contains "${resp}" "HTTP/1.1 200" +check_contains "${resp}" '"api_token":"' +check_contains "${resp}" '"scopes":["all"]' +check_contains "${resp}" '"uuid":"zzzzz-gj3su-' cleanup