X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a35ec27b40ce3ca0797cdcd8e0a79b2b8896af47..764da69855e222afd3ba888c34e6fe10f3578aca:/lib/pam/docker_test.go diff --git a/lib/pam/docker_test.go b/lib/pam/docker_test.go index 455d264411..fa16b313be 100644 --- a/lib/pam/docker_test.go +++ b/lib/pam/docker_test.go @@ -60,7 +60,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) { } s.proxysrv = &http.Server{Handler: proxy} go s.proxysrv.ServeTLS(ln, "../../services/api/tmp/self-signed.pem", "../../services/api/tmp/self-signed.key") - proxyhost := ln.Addr().String() // Build a pam module to install & configure in the docker // container. @@ -70,20 +69,6 @@ func (s *DockerSuite) SetUpSuite(c *check.C) { err = cmd.Run() c.Assert(err, check.IsNil) - // Write a PAM config file that uses our proxy as - // ARVADOS_API_HOST. - confdata := fmt.Sprintf(`Name: Arvados authentication -Default: yes -Priority: 256 -Auth-Type: Primary -Auth: - [success=end default=ignore] /usr/lib/security/pam_arvados.so %s testvm2.shell insecure -Auth-Initial: - [success=end default=ignore] /usr/lib/security/pam_arvados.so %s testvm2.shell insecure -`, proxyhost, proxyhost) - err = ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) - c.Assert(err, check.IsNil) - // Build the testclient program that will (from inside the // docker container) configure the system to use the above PAM // config, and then try authentication. @@ -95,15 +80,38 @@ Auth-Initial: } func (s *DockerSuite) TearDownSuite(c *check.C) { - s.proxysrv.Close() - s.proxyln.Close() + if s.proxysrv != nil { + s.proxysrv.Close() + } + if s.proxyln != nil { + s.proxyln.Close() + } +} + +func (s *DockerSuite) SetUpTest(c *check.C) { + // Write a PAM config file that uses our proxy as + // ARVADOS_API_HOST. + proxyhost := s.proxyln.Addr().String() + confdata := fmt.Sprintf(`Name: Arvados authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure +Auth-Initial: + [success=end default=ignore] /usr/lib/pam_arvados.so %s testvm2.shell insecure +`, proxyhost, proxyhost) + err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) + c.Assert(err, check.IsNil) } func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr *bytes.Buffer, err error) { + cmd := exec.Command("docker", append([]string{ "run", "--rm", + "--hostname", "testvm2.shell", "--add-host", "zzzzz.arvadosapi.com:" + s.hostip, - "-v", s.tmpdir + "/pam_arvados.so:/usr/lib/security/pam_arvados.so:ro", + "-v", s.tmpdir + "/pam_arvados.so:/usr/lib/pam_arvados.so:ro", "-v", s.tmpdir + "/conffile:/usr/share/pam-configs/arvados:ro", "-v", s.tmpdir + "/testclient:/testclient:ro", "debian:buster", @@ -119,6 +127,7 @@ func (s *DockerSuite) runTestClient(c *check.C, args ...string) (stdout, stderr func (s *DockerSuite) TestSuccess(c *check.C) { stdout, stderr, err := s.runTestClient(c, "try", "active", arvadostest.ActiveTokenV2) c.Check(err, check.IsNil) + c.Logf("%s", stderr.String()) c.Check(stdout.String(), check.Equals, "") c.Check(stderr.String(), check.Matches, `(?ms).*authentication succeeded.*`) } @@ -136,8 +145,29 @@ func (s *DockerSuite) TestFailure(c *check.C) { } { c.Logf("trial: %s", trial.label) stdout, stderr, err := s.runTestClient(c, "try", trial.username, trial.token) + c.Logf("%s", stderr.String()) c.Check(err, check.NotNil) c.Check(stdout.String(), check.Equals, "") c.Check(stderr.String(), check.Matches, `(?ms).*authentication failed.*`) } } + +func (s *DockerSuite) TestDefaultHostname(c *check.C) { + confdata := fmt.Sprintf(`Name: Arvados authentication +Default: yes +Priority: 256 +Auth-Type: Primary +Auth: + [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug +Auth-Initial: + [success=end default=ignore] /usr/lib/pam_arvados.so %s - insecure debug +`, s.proxyln.Addr().String(), s.proxyln.Addr().String()) + err := ioutil.WriteFile(s.tmpdir+"/conffile", []byte(confdata), 0755) + c.Assert(err, check.IsNil) + + stdout, stderr, err := s.runTestClient(c, "try", "active", arvadostest.ActiveTokenV2) + c.Check(err, check.IsNil) + c.Logf("%s", stderr.String()) + c.Check(stdout.String(), check.Equals, "") + c.Check(stderr.String(), check.Matches, `(?ms).*authentication succeeded.*`) +}