X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/741b677dc5e85f60bc03ef130873e49ac0b75766..f676ab7f7d8d3c3862ad1121961990f51c493440:/lib/pam/docker_test.go diff --git a/lib/pam/docker_test.go b/lib/pam/docker_test.go index 5b1755496b..196cb97174 100644 --- a/lib/pam/docker_test.go +++ b/lib/pam/docker_test.go @@ -60,7 +60,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) { } s.proxysrv = &http.Server{Handler: proxy} go s.proxysrv.ServeTLS(ln, "../../services/api/tmp/self-signed.pem", "../../services/api/tmp/self-signed.key") - proxyhost := ln.Addr().String() // Build a pam module to install & configure in the docker // container. @@ -70,20 +69,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) { err = cmd.Run() c.Assert(err, check.IsNil) - // Write a PAM config file that uses our proxy as - // ARVADOS_API_HOST. - confdata := fmt.Sprintf(`Name: Arvados authentication -Default: yes -Priority: 256 -Auth-Type: Primary -Auth: - [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure -Auth-Initial: - [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure -`, proxyhost, proxyhost) - err = ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) - c.Assert(err, check.IsNil) - // Build the testclient program that will (from inside the // docker container) configure the system to use the above PAM // config, and then try authentication. @@ -103,14 +88,33 @@ func (s *DockerSuite) TearDownSuite(c *check.C) { } } +func (s *DockerSuite) SetUpTest(c *check.C) { + // Write a PAM config file that uses our proxy as + // ARVADOS_API_HOST. + proxyhost := s.proxyln.Addr().String() + confdata := fmt.Sprintf(`Name: Arvados authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure +Auth-Initial: + [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure +`, proxyhost, proxyhost) + err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) + c.Assert(err, check.IsNil) +} + func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr *bytes.Buffer, err error) { + cmd := exec.Command("docker", append([]string{ "run", "--rm", + "--hostname", "testvm2.shell", "--add-host", "zzzzz.arvadosapi.com:" + s.hostip, "-v", s.tmpdir + "/pam_arvados.so:/usr/lib/pam_arvados.so:ro", "-v", s.tmpdir + "/conffile:/usr/share/pam-configs/arvados:ro", "-v", s.tmpdir + "/testclient:/testclient:ro", - "debian:buster", + "debian:bullseye", "/testclient"}, args...)...) stdout = &bytes.Buffer{} stderr = &bytes.Buffer{} @@ -147,3 +151,23 @@ func (s *DockerSuite) TestFailure(c *check.C) { c.Check(stderr.String(), check.Matches, `(?ms).*authentication failed.*`) } } + +func (s *DockerSuite) TestDefaultHostname(c *check.C) { + confdata := fmt.Sprintf(`Name: Arvados authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug +Auth-Initial: + [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug +`, s.proxyln.Addr().String(), s.proxyln.Addr().String()) + err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) + c.Assert(err, check.IsNil) + + stdout, stderr, err := s.runTestClient(c, "try", "active", arvadostest.ActiveTokenV2) + c.Check(err, check.IsNil) + c.Logf("%s", stderr.String()) + c.Check(stdout.String(), check.Equals, "") + c.Check(stderr.String(), check.Matches, `(?ms).*authentication succeeded.*`) +}