7724: Use a scoped token in data manager tests.

author Tom Clegg <tom@curoverse.com>

Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)

committer Tom Clegg <tom@curoverse.com>

Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)
author Tom Clegg <tom@curoverse.com>
Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)
committer Tom Clegg <tom@curoverse.com>
Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)
diff --git a/sdk/go/arvadostest/fixtures.go b/sdk/go/arvadostest/fixtures.go

index d0270a6a71f79643bd4fdfbdd621b514449353f2..3256ec27a2572c0d9889ab1067dc43845075c540 100644 (file)
--- a/sdk/go/arvadostest/fixtures.go
+++ b/sdk/go/arvadostest/fixtures.go
@@ -4,7 +4,9 @@ package arvadostest
  const (
         SpectatorToken        = "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu"
         ActiveToken           = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi"
+       AdminToken            = "4axaw8zxe0qm22wa6urpp5nskcne8z88cvbupv653y1njyi05h"
         AnonymousToken        = "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi"
+       DataManagerToken      = "320mkve8qkswstz7ff61glpk3mhgghmg67wmic7elw4z41pke1"
         FooCollection         = "zzzzz-4zz18-fy296fx3hot09f7"
         NonexistentCollection = "zzzzz-4zz18-totallynotexist"
         HelloWorldCollection  = "zzzzz-4zz18-4en62shvi99lxd4"
diff --git a/sdk/python/tests/run_test_server.py b/sdk/python/tests/run_test_server.py

index d325b4eb6ecb086d15effa34bc26db3e95c9ad15..972b7f9d5172077b740e157cdb3f59b360ca824f 100644 (file)
--- a/sdk/python/tests/run_test_server.py
+++ b/sdk/python/tests/run_test_server.py
@@ -333,7 +333,7 @@ def run_keep(blob_signing_key=None, enforce_permissions=False, num_servers=2):
          keep_args['-enforce-permissions'] = 'true'
      with open(os.path.join(TEST_TMPDIR, "keep.data-manager-token-file"), "w") as f:
          keep_args['-data-manager-token-file'] = f.name
-        f.write(os.environ['ARVADOS_API_TOKEN'])
+        f.write(auth_token('data_manager'))
      keep_args['-never-delete'] = 'false'
  
      api = arvados.api(
diff --git a/services/api/test/fixtures/api_client_authorizations.yml b/services/api/test/fixtures/api_client_authorizations.yml

index 9199d178f6bcdfec3c8536d8da9f7e6b22613898..b9ea29c314792909d3fc48e3f2fdea32175bd70b 100644 (file)
--- a/services/api/test/fixtures/api_client_authorizations.yml
+++ b/services/api/test/fixtures/api_client_authorizations.yml
@@ -18,6 +18,18 @@ admin_trustedclient:
    api_token: 1a9ffdcga2o7cw8q12dndskomgs1ygli3ns9k2o9hgzgmktc78
    expires_at: 2038-01-01 00:00:00
  
+data_manager:
+  api_client: untrusted
+  user: system_user
+  api_token: 320mkve8qkswstz7ff61glpk3mhgghmg67wmic7elw4z41pke1
+  expires_at: 2038-01-01 00:00:00
+  scopes:
+    - GET /arvados/v1/collections
+    - GET /arvados/v1/keep_services
+    - GET /arvados/v1/keep_services/accessible
+    - GET /arvados/v1/users/current
+    - POST /arvados/v1/logs
+
  miniadmin:
    api_client: untrusted
    user: miniadmin
diff --git a/services/datamanager/datamanager_test.go b/services/datamanager/datamanager_test.go

index c2cb762d52b625b625634f24d385ddbf9ad4e7d8..685f94c88f3a35c33f6aa986e85701a5853e5d32 100644 (file)
--- a/services/datamanager/datamanager_test.go
+++ b/services/datamanager/datamanager_test.go
@@ -16,11 +16,6 @@ import (
         "time"
  )
  
-const (
-       ActiveUserToken = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi"
-       AdminToken      = "4axaw8zxe0qm22wa6urpp5nskcne8z88cvbupv653y1njyi05h"
-)
-
  var arv arvadosclient.ArvadosClient
  var keepClient *keepclient.KeepClient
  var keepServers []string
@@ -34,6 +29,7 @@ func SetupDataManagerTest(t *testing.T) {
         arvadostest.StartKeep(2, false)
  
         arv = makeArvadosClient()
+       arv.ApiToken = arvadostest.DataManagerToken
  
         // keep client
         keepClient = &keepclient.KeepClient{
@@ -124,7 +120,18 @@ func getFirstLocatorFromCollection(t *testing.T, uuid string) string {
         return match[1] + "+" + match[2]
  }
  
+func switchToken(t string) func() {
+       orig := arv.ApiToken
+       restore := func() {
+               arv.ApiToken = orig
+       }
+       arv.ApiToken = t
+       return restore
+}
+
  func getCollection(t *testing.T, uuid string) Dict {
+       defer switchToken(arvadostest.AdminToken)()
+
         getback := make(Dict)
         err := arv.Get("collections", uuid, nil, &getback)
         if err != nil {
@@ -138,6 +145,8 @@ func getCollection(t *testing.T, uuid string) Dict {
  }
  
  func updateCollection(t *testing.T, uuid string, paramName string, paramValue string) {
+       defer switchToken(arvadostest.AdminToken)()
+
         err := arv.Update("collections", uuid, arvadosclient.Dict{
                 "collection": arvadosclient.Dict{
                         paramName: paramValue,
@@ -152,6 +161,8 @@ func updateCollection(t *testing.T, uuid string, paramName string, paramValue st
  type Dict map[string]interface{}
  
  func deleteCollection(t *testing.T, uuid string) {
+       defer switchToken(arvadostest.AdminToken)()
+
         getback := make(Dict)
         err := arv.Delete("collections", uuid, nil, &getback)
         if err != nil {
@@ -175,7 +186,7 @@ func getBlockIndexesForServer(t *testing.T, i int) []string {
         path := keepServers[i] + "/index"
         client := http.Client{}
         req, err := http.NewRequest("GET", path, nil)
-       req.Header.Add("Authorization", "OAuth2 "+AdminToken)
+       req.Header.Add("Authorization", "OAuth2 "+arvadostest.DataManagerToken)
         req.Header.Add("Content-Type", "application/octet-stream")
         resp, err := client.Do(req)
         defer resp.Body.Close()
@@ -297,7 +308,7 @@ func backdateBlocks(t *testing.T, oldUnusedBlockLocators []string) {
  func getStatus(t *testing.T, path string) interface{} {
         client := http.Client{}
         req, err := http.NewRequest("GET", path, nil)
-       req.Header.Add("Authorization", "OAuth2 "+AdminToken)
+       req.Header.Add("Authorization", "OAuth2 "+arvadostest.DataManagerToken)
         req.Header.Add("Content-Type", "application/octet-stream")
         resp, err := client.Do(req)
         if err != nil {
@@ -504,7 +515,7 @@ func TestRunDatamanagerAsNonAdminUser(t *testing.T) {
         defer TearDownDataManagerTest(t)
         SetupDataManagerTest(t)
  
-       arv.ApiToken = ActiveUserToken
+       arv.ApiToken = arvadostest.ActiveToken
  
         err := singlerun(arv)
         if err == nil {
author	Tom Clegg <tom@curoverse.com>
	Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)
committer	Tom Clegg <tom@curoverse.com>
	Thu, 5 Nov 2015 16:33:42 +0000 (11:33 -0500)
sdk/go/arvadostest/fixtures.go		patch \| blob \| history
sdk/python/tests/run_test_server.py		patch \| blob \| history
services/api/test/fixtures/api_client_authorizations.yml		patch \| blob \| history
services/datamanager/datamanager_test.go		patch \| blob \| history