17106: Test S3 with modified v2 token issued by LoginCluster.

author Tom Clegg <tom@tomclegg.ca>

Tue, 17 Nov 2020 02:25:12 +0000 (21:25 -0500)

committer Nico Cesar <nico@nicocesar.com>

Thu, 10 Dec 2020 20:27:10 +0000 (15:27 -0500)
author Tom Clegg <tom@tomclegg.ca>
Tue, 17 Nov 2020 02:25:12 +0000 (21:25 -0500)
committer Nico Cesar <nico@nicocesar.com>
Thu, 10 Dec 2020 20:27:10 +0000 (15:27 -0500)
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go

index 03b760eaa1294058f81962597d610fd8b3fb0368..dab5caf015b03090be46e8eaf17eb371fe9f52a8 100644 (file)
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -9,6 +9,7 @@ import (
         "context"
         "database/sql"
         "encoding/json"
+       "fmt"
         "io"
         "io/ioutil"
         "math"
@@ -16,7 +17,10 @@ import (
         "net/http"
         "net/url"
         "os"
+       "os/exec"
         "path/filepath"
+       "strconv"
+       "strings"
  
         "git.arvados.org/arvados.git/lib/boot"
         "git.arvados.org/arvados.git/lib/config"
@@ -281,6 +285,83 @@ func (s *IntegrationSuite) TestGetCollectionByPDH(c *check.C) {
         c.Check(coll.PortableDataHash, check.Equals, pdh)
  }
  
+func (s *IntegrationSuite) TestS3WithFederatedToken(c *check.C) {
+       testText := "IntegrationSuite.TestS3WithFederatedToken"
+
+       conn1 := s.conn("z1111")
+       rootctx1, _, _ := s.rootClients("z1111")
+       userctx1, ac1, kc1, _ := s.userClients(rootctx1, c, conn1, "z1111", true)
+       conn3 := s.conn("z3333")
+       _, ac3, kc3 := s.clientsWithToken("z3333", ac1.AuthToken)
+
+       // Create a collection on z1111
+       var coll arvados.Collection
+       fs1, err := coll.FileSystem(ac1, kc1)
+       c.Assert(err, check.IsNil)
+       f, err := fs1.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
+       c.Assert(err, check.IsNil)
+       _, err = io.WriteString(f, testText)
+       c.Assert(err, check.IsNil)
+       err = f.Close()
+       c.Assert(err, check.IsNil)
+       mtxt, err := fs1.MarshalManifest(".")
+       c.Assert(err, check.IsNil)
+       coll1, err := conn1.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
+               "manifest_text": mtxt,
+       }})
+       c.Assert(err, check.IsNil)
+
+       // Create same collection on z3333
+       fs3, err := coll.FileSystem(ac3, kc3)
+       c.Assert(err, check.IsNil)
+       f, err = fs3.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
+       c.Assert(err, check.IsNil)
+       _, err = io.WriteString(f, testText)
+       c.Assert(err, check.IsNil)
+       err = f.Close()
+       c.Assert(err, check.IsNil)
+       mtxt, err = fs3.MarshalManifest(".")
+       c.Assert(err, check.IsNil)
+       coll3, err := conn3.CollectionCreate(userctx1, arvados.CreateOptions{Attrs: map[string]interface{}{
+               "manifest_text": mtxt,
+       }})
+       c.Assert(err, check.IsNil)
+
+       for _, trial := range []struct {
+               label string
+               conn  *rpc.Conn
+               coll  arvados.Collection
+       }{
+               {"z1111", conn1, coll1},
+               {"z3333", conn3, coll3},
+       } {
+               c.Logf("================ %s", trial.label)
+               cfgjson, err := trial.conn.ConfigGet(userctx1)
+               c.Assert(err, check.IsNil)
+               var cluster arvados.Cluster
+               err = json.Unmarshal(cfgjson, &cluster)
+               c.Assert(err, check.IsNil)
+
+               c.Logf("TokenV2 is %s", ac1.AuthToken)
+               mungedtoken := strings.Replace(ac1.AuthToken, "/", "_", -1)
+               host := cluster.Services.WebDAV.ExternalURL.Host
+               s3args := []string{
+                       "--ssl", "--no-check-certificate",
+                       "--host=" + host, "--host-bucket=" + host,
+                       "--access_key=" + mungedtoken, "--secret_key=" + mungedtoken,
+               }
+               buf, err := exec.Command("s3cmd", append(s3args, "ls", "s3://"+trial.coll.UUID)...).CombinedOutput()
+               c.Check(err, check.IsNil)
+               c.Check(string(buf), check.Matches, `.* `+fmt.Sprintf("%d", len(testText))+` +s3://`+trial.coll.UUID+`/test.txt\n`)
+
+               buf, err = exec.Command("s3cmd", append(s3args, "get", "s3://"+trial.coll.UUID+"/test.txt", c.MkDir()+"/tmpfile")...).CombinedOutput()
+               // Command fails because we don't return Etag header.
+               // c.Check(err, check.IsNil)
+               flen := strconv.Itoa(len(testText))
+               c.Check(string(buf), check.Matches, `(?ms).*`+flen+` of `+flen+`.*`)
+       }
+}
+
  func (s *IntegrationSuite) TestGetCollectionAsAnonymous(c *check.C) {
         conn1 := s.conn("z1111")
         conn3 := s.conn("z3333")
author	Tom Clegg <tom@tomclegg.ca>
	Tue, 17 Nov 2020 02:25:12 +0000 (21:25 -0500)
committer	Nico Cesar <nico@nicocesar.com>
	Thu, 10 Dec 2020 20:27:10 +0000 (15:27 -0500)