session_for(:active))
assert_response 302 # collection created and redirected to new collection page
- new_collection_uuid = response.headers['Location'].split('/')[-1]
-
- @controller = CollectionsController.new
- get :show, {
- id: new_collection_uuid
- }
- assert_response :success
+ assert response.headers['Location'].include? '/collections/'
+ new_collection_uuid = response.headers['Location'].split('/')[-1]
- collection = assigns(:object)
+ use_token :active
+ collection = Collection.select([:uuid, :manifest_text]).where(uuid: new_collection_uuid).first
manifest_text = collection['manifest_text']
assert manifest_text.include?('foo'), 'Not found foo in new collection manifest text'
assert manifest_text.include?('bar'), 'Not found bar in new collection manifest text'
test "reader token Collection links end with trailing slash" do
# Testing the fix for #2937.
- show_collection(:foo_file, :active_trustedclient)
- post(:share, collection_params(:foo_file))
+ session = session_for(:active_trustedclient)
+ post(:share, collection_params(:foo_file), session)
assert(@controller.download_link.ends_with? '/',
"Collection share link does not end with slash for wget")
end
class PipelineInstancesControllerTest < ActionController::TestCase
def create_instance_long_enough_to(instance_attrs={})
+ # create 'two_part' pipeline with the given instance attributes
pt_fixture = api_fixture('pipeline_templates')['two_part']
post :create, {
pipeline_instance: instance_attrs.merge({
assert_response :success
pi_uuid = assigns(:object).uuid
assert_not_nil assigns(:object)
+
+ # yield
yield pi_uuid, pt_fixture
- post :destroy, {
- id: pi_uuid,
- format: :json
- }
- assert_response :success
+
+ # delete the pipeline instance
+ use_token :active
+ PipelineInstance.where(uuid: pi_uuid).first.destroy
end
test "pipeline instance components populated after create" do
end
test "can render pipeline instance with tagged collections" do
- # Make sure to pass in a tagged collection to test that part of the
- # rendering behavior.
- attrs = {components: {'part-one' => {script_parameters: {input:
- {value: api_fixture('collections')['foo_file']['uuid']}
- }}}}
- create_instance_long_enough_to(attrs) do |new_instance_uuid, template_fixture|
- get(:show, {id: new_instance_uuid}, session_for(:active))
- assert_response :success
- end
+ # Make sure to pass in a tagged collection to test that part of the rendering behavior.
+ get(:show,
+ {id: api_fixture("pipeline_instances")["pipeline_with_tagged_collection_input"]["uuid"]},
+ session_for(:active))
+ assert_response :success
end
test "update script_parameters one at a time using merge param" do
- create_instance_long_enough_to do |new_instance_uuid, template_fixture|
+ template_fixture = api_fixture('pipeline_templates')['two_part']
post :update, {
- id: new_instance_uuid,
+ id: api_fixture("pipeline_instances")["pipeline_to_merge_params"]["uuid"],
pipeline_instance: {
components: {
"part-two" => {
assert_equal orig_params[k].to_json, new_params[k.to_sym].to_json
end
end
- end
end
test "component rendering copes with unexpeceted components format" do
def check_counter action
@counter += 1
if @counter == 2
- # TODO: when existing mistakes are fixed, start failing broken
- # test cases like this:
- #
- # assert_equal 1, 2, "Multiple actions in functional test"
- #
- # Meanwhile, just warn (just once per test case):
- $stderr.puts " [WARNING: Multiple actions in functional test]"
+ assert_equal 1, 2, "Multiple actions in functional test"
end
end
object_uuid: zzzzz-4zz18-y9vne9npefyxh8g # baz file
object_owner_uuid: zzzzz-tpzed-000000000000000 # system user
event_at: <%= 5.minute.ago.to_s(:db) %>
+
+log_owned_by_active:
+ id: 6
+ uuid: zzzzz-xxxxx-pshmckwoma12345
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz # active user
+ object_uuid: zzzzz-2x53u-382brsig8rp3667 # repository foo
+ object_owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz # active user
+ event_at: <%= 2.minute.ago.to_s(:db) %>
+ summary: non-admin use can read own logs
dataclass: Collection
title: "Foo/bar pair"
description: "Provide a collection containing at least two files."
+
+pipeline_with_tagged_collection_input:
+ name: pipeline_with_tagged_collection_input
+ state: Ready
+ uuid: zzzzz-d1hrv-1yfj61234abcdk3
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ created_at: <%= 3.1.minute.ago.to_s(:db) %>
+ components:
+ part-one:
+ script_parameters:
+ input:
+ value: zzzzz-4zz18-znfnqtbbv4spc3w
+
+pipeline_to_merge_params:
+ name: pipeline_to_merge_params
+ state: Ready
+ uuid: zzzzz-d1hrv-1yfj6dcba4321k3
+ pipeline_template_uuid: zzzzz-p5p6p-aox0k0ofxrystgw
+ owner_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ created_at: <%= 3.1.minute.ago.to_s(:db) %>
+ components:
+ part-one:
+ script_parameters:
+ input:
+ required: true
+ dataclass: Collection
+ title: "Foo/bar pair"
+ description: "Provide a collection containing at least two files."
+ part-two:
+ script_parameters:
+ input:
+ output_of: part-one
+ integer_with_default:
+ default: 123
+ integer_with_value:
+ value: 123
+ string_with_default:
+ default: baz
+ string_with_value:
+ value: baz
+ plain_string: qux
+ array_with_default:
+ default: [1,1,2,3,5]
+ array_with_value:
+ value: [1,1,2,3,5]
assert_response :success
assert_nil assigns(:objects)
- get :show, {
- id: test_collection[:portable_data_hash]
- }
- assert_response :success
- assert_not_nil assigns(:object)
- resp = JSON.parse(@response.body)
- assert_equal test_collection[:portable_data_hash], resp['portable_data_hash']
+ response_collection = assigns(:object)
+
+ stored_collection = Collection.select([:uuid, :portable_data_hash, :manifest_text]).
+ where(portable_data_hash: response_collection['portable_data_hash']).first
+
+ assert_equal test_collection[:portable_data_hash], stored_collection['portable_data_hash']
# The manifest in the response will have had permission hints added.
# Remove any permission hints in the response before comparing it to the source.
- stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '')
+ stripped_manifest = stored_collection['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '')
assert_equal test_collection[:manifest_text], stripped_manifest
+
+ # TBD: create action should add permission signatures to manifest_text in the response,
+ # and we need to check those permission signatures here.
+ end
+
+ [:admin, :active].each do |user|
+ test "#{user} can get collection using portable data hash" do
+ authorize_with user
+
+ foo_collection = collections(:foo_file)
+
+ # Get foo_file using it's portable data has
+ get :show, {
+ id: foo_collection[:portable_data_hash]
+ }
+ assert_response :success
+ assert_not_nil assigns(:object)
+ resp = assigns(:object)
+ assert_equal foo_collection[:portable_data_hash], resp['portable_data_hash']
+
+ # The manifest in the response will have had permission hints added.
+ # Remove any permission hints in the response before comparing it to the source.
+ stripped_manifest = resp['manifest_text'].gsub(/\+A[A-Za-z0-9@_-]+/, '')
+ assert_equal foo_collection[:manifest_text], stripped_manifest
+ end
end
test "create with owner_uuid set to owned group" do
assert_equal 0, json_response['items_available']
end
- test "get all pages of group-owned objects" do
- authorize_with :active
- limit = 5
- offset = 0
- items_available = nil
- uuid_received = {}
- owner_received = {}
- while true
- # Behaving badly here, using the same controller multiple
- # times within a test.
- @json_response = nil
- get :contents, {
- id: groups(:aproject).uuid,
- limit: limit,
- offset: offset,
- format: :json,
- }
- assert_response :success
- assert_operator(0, :<, json_response['items'].count,
- "items_available=#{items_available} but received 0 "\
- "items with offset=#{offset}")
- items_available ||= json_response['items_available']
- assert_equal(items_available, json_response['items_available'],
- "items_available changed between page #{offset/limit} "\
- "and page #{1+offset/limit}")
- json_response['items'].each do |item|
- uuid = item['uuid']
- assert_equal(nil, uuid_received[uuid],
- "Received '#{uuid}' again on page #{1+offset/limit}")
- uuid_received[uuid] = true
- owner_received[item['owner_uuid']] = true
- offset += 1
- assert_equal groups(:aproject).uuid, item['owner_uuid']
- end
- break if offset >= items_available
- end
- end
-
%w(offset limit).each do |arg|
['foo', '', '1234five', '0x10', '-8'].each do |val|
test "Raise error on bogus #{arg} parameter #{val.inspect}" do
}
assert_response :success
assert_not_nil assigns(:object)
- new_job = JSON.parse(@response.body)
+ new_job = assigns(:object)
assert_equal 'd41d8cd98f00b204e9800998ecf8427e+0', new_job['log']
assert_equal 'd41d8cd98f00b204e9800998ecf8427e+0', new_job['output']
version = new_job['script_version']
# Make sure version doesn't get mangled by normalize
assert_not_nil version.match(/^[0-9a-f]{40}$/)
+ assert_equal 'master', json_response['supplied_script_version']
+ end
+
+ test "normalize output and log uuids when updating job" do
+ authorize_with :active
+
+ foobar_job = jobs(:foobar)
+
+ new_output = 'd41d8cd98f00b204e9800998ecf8427e+0+K@xyzzy'
+ new_log = 'd41d8cd98f00b204e9800998ecf8427e+0+K@xyzzy'
put :update, {
- id: new_job['uuid'],
+ id: foobar_job['uuid'],
job: {
- log: new_job['log']
+ output: new_output,
+ log: new_log
}
}
- assert_equal version, JSON.parse(@response.body)['script_version']
+
+ updated_job = json_response
+ assert_not_equal foobar_job['log'], updated_job['log']
+ assert_not_equal new_log, updated_job['log'] # normalized during update
+ assert_equal new_log[0,new_log.rindex('+')], updated_job['log']
+ assert_not_equal foobar_job['output'], updated_job['output']
+ assert_not_equal new_output, updated_job['output'] # normalized during update
+ assert_equal new_output[0,new_output.rindex('+')], updated_job['output']
end
test "cancel a running job" do
assert_equal(true,
File.exists?(Rails.configuration.crunch_refresh_trigger),
'trigger file should be created when job is cancelled')
+ end
+
+ test "cancelling a cancelled jobs stays cancelled" do
+ # We need to verify that "cancel" creates a trigger file, so first
+ # let's make sure there is no stale trigger file.
+ begin
+ File.unlink(Rails.configuration.crunch_refresh_trigger)
+ rescue Errno::ENOENT
+ end
+ authorize_with :active
put :update, {
- id: jobs(:running).uuid,
+ id: jobs(:running_cancelled).uuid,
job: {
cancelled_at: nil
}
assert_not_nil job['cancelled_at'], 'un-cancelled job stays cancelled'
end
- test "update a job without failing script_version check" do
- authorize_with :admin
- put :update, {
- id: jobs(:uses_nonexistent_script_version).uuid,
- job: {
- owner_uuid: users(:admin).uuid
- }
- }
- assert_response :success
- put :update, {
- id: jobs(:uses_nonexistent_script_version).uuid,
- job: {
- owner_uuid: users(:active).uuid
+ ['abc.py', 'hash.py'].each do |script|
+ test "update job script attribute to #{script} without failing script_version check" do
+ authorize_with :admin
+ put :update, {
+ id: jobs(:uses_nonexistent_script_version).uuid,
+ job: {
+ script: script
+ }
}
- }
- assert_response :success
+ assert_response :success
+ resp = assigns(:object)
+ assert_equal jobs(:uses_nonexistent_script_version).script_version, resp['script_version']
+ end
end
test "search jobs by uuid with >= query" do
assert_not_equal '', new_keep_disk['ping_secret']
end
- test "add keep disk with no filesystem_uuid" do
- authorize_with :admin
- opts = {
- ping_secret: '',
- }
- post :ping, opts
- assert_response :success
- assert_not_nil JSON.parse(@response.body)['uuid']
-
- post :ping, opts.merge(filesystem_uuid: '')
- assert_response :success
- assert_not_nil JSON.parse(@response.body)['uuid']
+ [
+ {ping_secret: ''},
+ {ping_secret: '', filesystem_uuid: ''},
+ ].each do |opts|
+ test "add keep disk with no filesystem_uuid #{opts}" do
+ authorize_with :admin
+ post :ping, opts
+ assert_response :success
+ assert_not_nil JSON.parse(@response.body)['uuid']
+ end
end
test "refuse to add keep disk without admin token" do
class Arvados::V1::LinksControllerTest < ActionController::TestCase
- test "no symbol keys in serialized hash" do
- link = {
- properties: {username: 'testusername'},
- link_class: 'test',
- name: 'encoding',
- tail_uuid: users(:admin).uuid,
- head_uuid: virtual_machines(:testvm).uuid
- }
- authorize_with :admin
- [link, link.to_json].each do |formatted_link|
- post :create, link: formatted_link
+ ['link', 'link_json'].each do |formatted_link|
+ test "no symbol keys in serialized hash #{formatted_link}" do
+ link = {
+ properties: {username: 'testusername'},
+ link_class: 'test',
+ name: 'encoding',
+ tail_uuid: users(:admin).uuid,
+ head_uuid: virtual_machines(:testvm).uuid
+ }
+ authorize_with :admin
+ if formatted_link == 'link_json'
+ post :create, link: link.to_json
+ else
+ post :create, link: link
+ end
assert_response :success
assert_not_nil assigns(:object)
assert_equal 'testusername', assigns(:object).properties['username']
class Arvados::V1::LogsControllerTest < ActionController::TestCase
fixtures :logs
- test "non-admins can read their own logs" do
+ test "non-admins can create their own logs" do
authorize_with :active
- post :create, log: {summary: "test log"}
+ post :create, log: {summary: 'test log'}
assert_response :success
- uuid = JSON.parse(@response.body)['uuid']
- assert_not_nil uuid
- get :show, {id: uuid}
- assert_response(:success, "failed to load created log")
- assert_equal("test log", assigns(:object).summary,
- "loaded wrong log after creation")
+ resp = assigns(:object)
+ assert_not_nil resp.uuid
+ assert_equal('test log', resp.summary, "loaded wrong log after creation")
+ end
+
+ test "non-admins can read their own logs" do
+ authorize_with :active
+ my_log = logs(:log_owned_by_active)
+ get :show, {id: my_log[:uuid]}
+ assert_response(:success, "failed to get log")
+ resp = assigns(:object)
+ assert_equal(my_log[:summary], resp.summary, "got wrong log")
end
test "test can still use where object_kind" do
require 'test_helper'
+require 'helpers/users_test_helper'
class Arvados::V1::UsersControllerTest < ActionController::TestCase
include CurrentApiClient
+ include UsersTestHelper
setup do
@all_links_at_start = Link.all
test "activate a user after signing UA" do
authorize_with :inactive_but_signed_user_agreement
- get :current
- assert_response :success
- me = JSON.parse(@response.body)
- post :activate, id: me['uuid']
+ post :activate, id: users(:inactive_but_signed_user_agreement).uuid
assert_response :success
assert_not_nil assigns(:object)
me = JSON.parse(@response.body)
name: 'click',
tail_uuid: users(:inactive).uuid,
head_uuid: required_uuids).
- collect(&:head_uuid)
+ collect(&:head_uuid)
assert_equal 0, signed_uuids.length
end
authorize_with :inactive
+ assert_equal false, users(:inactive).is_active
- get :current
- assert_response :success
- me = JSON.parse(@response.body)
- assert_equal false, me['is_active']
-
- post :activate, id: me['uuid']
+ post :activate, id: users(:inactive).uuid
assert_response 403
- get :current
- assert_response :success
- me = JSON.parse(@response.body)
- assert_equal false, me['is_active']
+ resp = json_response
+ assert resp['errors'].first.include? 'Cannot activate without user agreements'
+ assert_nil resp['is_active']
end
test "activate an already-active user" do
authorize_with :active
- get :current
- assert_response :success
- me = JSON.parse(@response.body)
- post :activate, id: me['uuid']
+ post :activate, id: users(:active).uuid
assert_response :success
me = JSON.parse(@response.body)
assert_equal true, me['is_active']
nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
verify_system_group_permission_link_for created['uuid']
-
- # invoke setup again with the same data
- post :setup, {
- repo_name: repo_name,
- vm_uuid: @vm_uuid,
- openid_prefix: 'https://www.google.com/accounts/o8/id',
- user: {
- uuid: 'zzzzz-tpzed-abcdefghijklmno',
- first_name: "in_create_test_first_name",
- last_name: "test_last_name",
- email: "foo@example.com"
- }
- }
- assert_response :success
-
- response_items = JSON.parse(@response.body)['items']
-
- created = find_obj_in_resp response_items, 'User', nil
- assert_equal 'in_create_test_first_name', created['first_name']
- assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
- assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
- assert_not_nil created['email'], 'expected non-nil email'
- assert_nil created['identity_url'], 'expected no identity_url'
-
- # arvados#user, repo link and link add user to 'All users' group
- verify_num_links @all_links_at_start, 5
-
- verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
- repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
-
- verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
- 'All users', created['uuid'], 'arvados#group', true, 'Group'
-
- verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
- @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
-
- verify_system_group_permission_link_for created['uuid']
end
test "setup user with bogus uuid and expect error" do
end
test "invoke setup with existing uuid, vm and repo and verify links" do
- authorize_with :inactive
- get :current
- assert_response :success
- inactive_user = JSON.parse(@response.body)
-
authorize_with :admin
+ inactive_user = users(:inactive)
post :setup, {
- uuid: inactive_user['uuid'],
+ uuid: users(:inactive).uuid,
repo_name: 'test_repo',
vm_uuid: @vm_uuid
}
end
test "invoke setup with existing uuid in user, verify response" do
- authorize_with :inactive
- get :current
- assert_response :success
- inactive_user = JSON.parse(@response.body)
-
authorize_with :admin
+ inactive_user = users(:inactive)
post :setup, {
user: {uuid: inactive_user['uuid']},
end
test "invoke setup with existing uuid but different email, expect original email" do
- authorize_with :inactive
- get :current
- assert_response :success
- inactive_user = JSON.parse(@response.body)
-
authorize_with :admin
+ inactive_user = users(:inactive)
post :setup, {
uuid: inactive_user['uuid'],
verify_num_links @all_links_at_start, 5
end
- test "setup user with valid email, no vm and repo as input" do
+ test "setup user with valid email, no vm and no repo as input" do
authorize_with :admin
post :setup, {
# three extra links; system_group, login, and group
verify_num_links @all_links_at_start, 3
+
+ verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+ response_object['uuid'], response_object['email'], 'arvados#user', false, 'User'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', response_object['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
+ 'test_repo', response_object['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
+ nil, response_object['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
end
test "setup user with email, first name, repo name and vm uuid" do
verify_num_links @all_links_at_start, 5
end
- test "setup user twice with email and check two different objects created" do
+ test "setup user with an existing user email and check different object is created" do
authorize_with :admin
+ inactive_user = users(:inactive)
post :setup, {
openid_prefix: 'https://www.google.com/accounts/o8/id',
repo_name: 'test_repo',
user: {
- email: 'foo@example.com'
+ email: inactive_user['email']
}
}
response_items = JSON.parse(@response.body)['items']
response_object = find_obj_in_resp response_items, 'User', nil
assert_not_nil response_object['uuid'], 'expected uuid for new user'
- assert_equal response_object['email'], 'foo@example.com', 'expected given email'
+ assert_not_equal response_object['uuid'], inactive_user['uuid'],
+ 'expected different uuid after create operation'
+ assert_equal inactive_user['email'], response_object['email'], 'expected given email'
# system_group, openid, group, and repo. No vm link.
verify_num_links @all_links_at_start, 4
-
- # create again
- post :setup, {
- user: {email: 'foo@example.com'},
- openid_prefix: 'https://www.google.com/accounts/o8/id'
- }
-
- assert_response :success
- response_items = JSON.parse(@response.body)['items']
- response_object2 = find_obj_in_resp response_items, 'User', nil
- assert_not_equal response_object['uuid'], response_object2['uuid'],
- 'expected same uuid as first create operation'
- assert_equal response_object['email'], 'foo@example.com', 'expected given email'
-
- # +1 extra can_read 'all users' group link
- # +1 extra system_group can_manage link pointing to the new User
- # +1 extra can_login permission link
- # no repo link, no vm link
- verify_num_links @all_links_at_start, 7
end
test "setup user with openid prefix" do
'Expected Forbidden error'
end
- test "setup user in multiple steps and verify response" do
+ test "setup active user with repo and no vm" do
authorize_with :admin
+ active_user = users(:active)
+ # invoke setup with a repository
post :setup, {
- openid_prefix: 'http://www.example.com/account',
- user: {
- email: "foo@example.com"
- }
- }
-
- assert_response :success
- response_items = JSON.parse(@response.body)['items']
- created = find_obj_in_resp response_items, 'User', nil
-
- assert_not_nil created['uuid'], 'expected uuid for new user'
- assert_not_nil created['email'], 'expected non-nil email'
- assert_equal created['email'], 'foo@example.com', 'expected input email'
-
- # three new links: system_group, arvados#user, and 'All users' group.
- verify_num_links @all_links_at_start, 3
-
- verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
- created['uuid'], created['email'], 'arvados#user', false, 'User'
-
- verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
- 'All users', created['uuid'], 'arvados#group', true, 'Group'
-
- verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
- 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
-
- verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
- nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
-
- # invoke setup with a repository
- post :setup, {
- openid_prefix: 'http://www.example.com/account',
repo_name: 'new_repo',
- uuid: created['uuid']
+ uuid: active_user['uuid']
}
assert_response :success
response_items = JSON.parse(@response.body)['items']
created = find_obj_in_resp response_items, 'User', nil
- assert_equal 'foo@example.com', created['email'], 'expected input email'
+ assert_equal active_user[:email], created['email'], 'expected input email'
# verify links
verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+ end
- # invoke setup with a vm_uuid
+ test "setup active user with vm and no repo" do
+ authorize_with :admin
+ active_user = users(:active)
+
+ # invoke setup with a repository
post :setup, {
vm_uuid: @vm_uuid,
- openid_prefix: 'http://www.example.com/account',
- user: {
- email: 'junk_email'
- },
- uuid: created['uuid']
+ uuid: active_user['uuid'],
+ email: 'junk_email'
}
assert_response :success
response_items = JSON.parse(@response.body)['items']
created = find_obj_in_resp response_items, 'User', nil
- assert_equal created['email'], 'foo@example.com', 'expected original email'
+ assert_equal active_user['email'], created['email'], 'expected original email'
# verify links
verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
'All users', created['uuid'], 'arvados#group', true, 'Group'
- # since no repo name in input, we won't get any; even though user has one
verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
@vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
end
- test "setup and unsetup user" do
- authorize_with :admin
-
- post :setup, {
- repo_name: 'test_repo',
- vm_uuid: @vm_uuid,
- user: {email: 'foo@example.com'},
- openid_prefix: 'https://www.google.com/accounts/o8/id'
- }
-
- assert_response :success
- response_items = JSON.parse(@response.body)['items']
- created = find_obj_in_resp response_items, 'User', nil
- assert_not_nil created['uuid'], 'expected uuid for the new user'
- assert_equal created['email'], 'foo@example.com', 'expected given email'
-
- # five extra links: system_group, login, group, repo and vm
- verify_num_links @all_links_at_start, 5
-
- verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
- created['uuid'], created['email'], 'arvados#user', false, 'User'
-
- verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
- 'All users', created['uuid'], 'arvados#group', true, 'Group'
-
- verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
- 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
-
- verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
- @vm_uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
-
- verify_link_existence created['uuid'], created['email'], true, true, true, true, false
-
- # now unsetup this user
- post :unsetup, id: created['uuid']
- assert_response :success
-
- created2 = JSON.parse(@response.body)
- assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
- assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
-
- verify_link_existence created['uuid'], created['email'], false, false, false, false, false
- end
-
test "unsetup active user" do
- authorize_with :active
- get :current
- assert_response :success
- active_user = JSON.parse(@response.body)
+ active_user = users(:active)
assert_not_nil active_user['uuid'], 'expected uuid for the active user'
assert active_user['is_active'], 'expected is_active for active user'
- assert active_user['is_invited'], 'expected is_invited for active user'
verify_link_existence active_user['uuid'], active_user['email'],
false, true, false, true, true
check_non_admin_show
end
- test "non-admin user can limit index" do
- g = act_as_system_user do
- create :group
- end
- users = create_list :active_user, 4, join_groups: [g]
- token = create :token, user: users[0]
+ [2, 4].each do |limit|
+ test "non-admin user can limit index to #{limit}" do
+ g = act_as_system_user do
+ create :group
+ end
+ users = create_list :active_user, 4, join_groups: [g]
+ token = create :token, user: users[0]
- [2, 4].each do |limit|
authorize_with_token token
get(:index, limit: limit)
check_non_admin_index
}
return return_obj
end
-
- def verify_link(response_items, link_object_name, expect_link, link_class,
- link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
-
- link = find_obj_in_resp response_items, 'Link', link_object_name
-
- if !expect_link
- assert_nil link, "Expected no link for #{link_object_name}"
- return
- end
-
- assert_not_nil link, "Expected link for #{link_object_name}"
-
- if fetch_object
- object = Object.const_get(class_name).where(name: head_uuid)
- assert [] != object, "expected #{class_name} with name #{head_uuid}"
- head_uuid = object.first[:uuid]
- end
- assert_equal link_class, link['link_class'],
- "did not find expected link_class for #{link_object_name}"
-
- assert_equal link_name, link['name'],
- "did not find expected link_name for #{link_object_name}"
-
- assert_equal tail_uuid, link['tail_uuid'],
- "did not find expected tail_uuid for #{link_object_name}"
-
- assert_equal head_kind, link['head_kind'],
- "did not find expected head_kind for #{link_object_name}"
-
- assert_equal head_uuid, link['head_uuid'],
- "did not find expected head_uuid for #{link_object_name}"
- end
-
- def verify_link_existence uuid, email, expect_oid_login_perms,
- expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
- # verify that all links are deleted for the user
- oid_login_perms = Link.where(tail_uuid: email,
- link_class: 'permission',
- name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
- if expect_oid_login_perms
- assert oid_login_perms.any?, "expected oid_login_perms"
- else
- assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
- end
-
- repo_perms = Link.where(tail_uuid: uuid,
- link_class: 'permission',
- name: 'can_manage').where("head_uuid like ?", Repository.uuid_like_pattern)
- if expect_repo_perms
- assert repo_perms.any?, "expected repo_perms"
- else
- assert !repo_perms.any?, "expected all repo_perms deleted"
- end
-
- vm_login_perms = Link.
- where(tail_uuid: uuid,
- link_class: 'permission',
- name: 'can_login').
- where("head_uuid like ?",
- VirtualMachine.uuid_like_pattern).
- where('uuid <> ?',
- links(:auto_setup_vm_login_username_can_login_to_test_vm).uuid)
- if expect_vm_perms
- assert vm_login_perms.any?, "expected vm_login_perms"
- else
- assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
- end
-
- group = Group.where(name: 'All users').select do |g|
- g[:uuid].match /-f+$/
- end.first
- group_read_perms = Link.where(tail_uuid: uuid,
- head_uuid: group[:uuid],
- link_class: 'permission',
- name: 'can_read')
- if expect_group_perms
- assert group_read_perms.any?, "expected all users group read perms"
- else
- assert !group_read_perms.any?, "expected all users group perm deleted"
- end
-
- signed_uuids = Link.where(link_class: 'signature',
- tail_uuid: uuid)
-
- if expect_signatures
- assert signed_uuids.any?, "expected signatures"
- else
- assert !signed_uuids.any?, "expected all signatures deleted"
- end
-
- end
-
- def verify_system_group_permission_link_for user_uuid
- assert_equal 1, Link.where(link_class: 'permission',
- name: 'can_manage',
- tail_uuid: system_group_uuid,
- head_uuid: user_uuid).count
- end
end
--- /dev/null
+module UsersTestHelper
+ def verify_link(response_items, link_object_name, expect_link, link_class,
+ link_name, head_uuid, tail_uuid, head_kind, fetch_object, class_name)
+ link = find_obj_in_resp response_items, 'arvados#link', link_object_name
+
+ if !expect_link
+ assert_nil link, "Expected no link for #{link_object_name}"
+ return
+ end
+
+ assert_not_nil link, "Expected link for #{link_object_name}"
+
+ if fetch_object
+ object = Object.const_get(class_name).where(name: head_uuid)
+ assert [] != object, "expected #{class_name} with name #{head_uuid}"
+ head_uuid = object.first[:uuid]
+ end
+ assert_equal link_class, link['link_class'],
+ "did not find expected link_class for #{link_object_name}"
+
+ assert_equal link_name, link['name'],
+ "did not find expected link_name for #{link_object_name}"
+
+ assert_equal tail_uuid, link['tail_uuid'],
+ "did not find expected tail_uuid for #{link_object_name}"
+
+ assert_equal head_kind, link['head_kind'],
+ "did not find expected head_kind for #{link_object_name}"
+
+ assert_equal head_uuid, link['head_uuid'],
+ "did not find expected head_uuid for #{link_object_name}"
+ end
+
+ def verify_system_group_permission_link_for user_uuid
+ assert_equal 1, Link.where(link_class: 'permission',
+ name: 'can_manage',
+ tail_uuid: system_group_uuid,
+ head_uuid: user_uuid).count
+ end
+
+ def verify_link_existence uuid, email, expect_oid_login_perms,
+ expect_repo_perms, expect_vm_perms, expect_group_perms, expect_signatures
+ # verify that all links are deleted for the user
+ oid_login_perms = Link.where(tail_uuid: email,
+ link_class: 'permission',
+ name: 'can_login').where("head_uuid like ?", User.uuid_like_pattern)
+ if expect_oid_login_perms
+ assert oid_login_perms.any?, "expected oid_login_perms"
+ else
+ assert !oid_login_perms.any?, "expected all oid_login_perms deleted"
+ end
+
+ repo_perms = Link.where(tail_uuid: uuid,
+ link_class: 'permission',
+ name: 'can_manage').where("head_uuid like ?", Repository.uuid_like_pattern)
+ if expect_repo_perms
+ assert repo_perms.any?, "expected repo_perms"
+ else
+ assert !repo_perms.any?, "expected all repo_perms deleted"
+ end
+
+ vm_login_perms = Link.
+ where(tail_uuid: uuid,
+ link_class: 'permission',
+ name: 'can_login').
+ where("head_uuid like ?",
+ VirtualMachine.uuid_like_pattern).
+ where('uuid <> ?',
+ links(:auto_setup_vm_login_username_can_login_to_test_vm).uuid)
+ if expect_vm_perms
+ assert vm_login_perms.any?, "expected vm_login_perms"
+ else
+ assert !vm_login_perms.any?, "expected all vm_login_perms deleted"
+ end
+
+ group = Group.where(name: 'All users').select do |g|
+ g[:uuid].match /-f+$/
+ end.first
+ group_read_perms = Link.where(tail_uuid: uuid,
+ head_uuid: group[:uuid],
+ link_class: 'permission',
+ name: 'can_read')
+ if expect_group_perms
+ assert group_read_perms.any?, "expected all users group read perms"
+ else
+ assert !group_read_perms.any?, "expected all users group perm deleted"
+ end
+
+ signed_uuids = Link.where(link_class: 'signature',
+ tail_uuid: uuid)
+
+ if expect_signatures
+ assert signed_uuids.any?, "expected signatures"
+ else
+ assert !signed_uuids.any?, "expected all signatures deleted"
+ end
+
+ end
+
+end
--- /dev/null
+require 'test_helper'
+
+class GroupsTest < ActionDispatch::IntegrationTest
+
+ test "get all pages of group-owned objects" do
+ limit = 5
+ offset = 0
+ items_available = nil
+ uuid_received = {}
+ owner_received = {}
+ while true
+ @json_response = nil
+
+ get "/arvados/v1/groups/contents", {
+ id: groups(:aproject).uuid,
+ limit: limit,
+ offset: offset,
+ format: :json,
+ }, auth(:active)
+
+ assert_response :success
+ assert_operator(0, :<, json_response['items'].count,
+ "items_available=#{items_available} but received 0 "\
+ "items with offset=#{offset}")
+ items_available ||= json_response['items_available']
+ assert_equal(items_available, json_response['items_available'],
+ "items_available changed between page #{offset/limit} "\
+ "and page #{1+offset/limit}")
+ json_response['items'].each do |item|
+ uuid = item['uuid']
+ assert_equal(nil, uuid_received[uuid],
+ "Received '#{uuid}' again on page #{1+offset/limit}")
+ uuid_received[uuid] = true
+ owner_received[item['owner_uuid']] = true
+ offset += 1
+ assert_equal groups(:aproject).uuid, item['owner_uuid']
+ end
+ break if offset >= items_available
+ end
+ end
+
+end
--- /dev/null
+require 'test_helper'
+require 'helpers/users_test_helper'
+
+class UsersTest < ActionDispatch::IntegrationTest
+ include UsersTestHelper
+
+ test "setup user multiple times" do
+ repo_name = 'test_repo'
+
+ post "/arvados/v1/users/setup", {
+ repo_name: repo_name,
+ openid_prefix: 'https://www.google.com/accounts/o8/id',
+ user: {
+ uuid: 'zzzzz-tpzed-abcdefghijklmno',
+ first_name: "in_create_test_first_name",
+ last_name: "test_last_name",
+ email: "foo@example.com"
+ }
+ }, auth(:admin)
+
+ assert_response :success
+
+ response_items = json_response['items']
+
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+
+ assert_equal 'in_create_test_first_name', created['first_name']
+ assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
+ assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
+ assert_not_nil created['email'], 'expected non-nil email'
+ assert_nil created['identity_url'], 'expected no identity_url'
+
+ # arvados#user, repo link and link add user to 'All users' group
+ verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+ created['uuid'], created['email'], 'arvados#user', false, 'arvados#user'
+
+ verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
+ repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
+ nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ verify_system_group_permission_link_for created['uuid']
+
+ # invoke setup again with the same data
+ post "/arvados/v1/users/setup", {
+ repo_name: repo_name,
+ vm_uuid: virtual_machines(:testvm).uuid,
+ openid_prefix: 'https://www.google.com/accounts/o8/id',
+ user: {
+ uuid: 'zzzzz-tpzed-abcdefghijklmno',
+ first_name: "in_create_test_first_name",
+ last_name: "test_last_name",
+ email: "foo@example.com"
+ }
+ }, auth(:admin)
+
+ assert_response :success
+
+ response_items = json_response['items']
+
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+ assert_equal 'in_create_test_first_name', created['first_name']
+ assert_not_nil created['uuid'], 'expected non-null uuid for the new user'
+ assert_equal 'zzzzz-tpzed-abcdefghijklmno', created['uuid']
+ assert_not_nil created['email'], 'expected non-nil email'
+ assert_nil created['identity_url'], 'expected no identity_url'
+
+ # arvados#user, repo link and link add user to 'All users' group
+ verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
+ repo_name, created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
+ virtual_machines(:testvm).uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ verify_system_group_permission_link_for created['uuid']
+ end
+
+ test "setup user in multiple steps and verify response" do
+ post "/arvados/v1/users/setup", {
+ openid_prefix: 'http://www.example.com/account',
+ user: {
+ email: "foo@example.com"
+ }
+ }, auth(:admin)
+
+ assert_response :success
+ response_items = json_response['items']
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+
+ assert_not_nil created['uuid'], 'expected uuid for new user'
+ assert_not_nil created['email'], 'expected non-nil email'
+ assert_equal created['email'], 'foo@example.com', 'expected input email'
+
+ # three new links: system_group, arvados#user, and 'All users' group.
+ verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+ created['uuid'], created['email'], 'arvados#user', false, 'arvados#user'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
+ 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
+ nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ # invoke setup with a repository
+ post "/arvados/v1/users/setup", {
+ openid_prefix: 'http://www.example.com/account',
+ repo_name: 'new_repo',
+ uuid: created['uuid']
+ }, auth(:admin)
+
+ assert_response :success
+
+ response_items = json_response['items']
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+
+ assert_equal 'foo@example.com', created['email'], 'expected input email'
+
+ # verify links
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
+ 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', false, 'permission', 'can_login',
+ nil, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ # invoke setup with a vm_uuid
+ post "/arvados/v1/users/setup", {
+ vm_uuid: virtual_machines(:testvm).uuid,
+ openid_prefix: 'http://www.example.com/account',
+ user: {
+ email: 'junk_email'
+ },
+ uuid: created['uuid']
+ }, auth(:admin)
+
+ assert_response :success
+
+ response_items = json_response['items']
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+
+ assert_equal created['email'], 'foo@example.com', 'expected original email'
+
+ # verify links
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ # since no repo name in input, we won't get any; even though user has one
+ verify_link response_items, 'arvados#repository', false, 'permission', 'can_manage',
+ 'new_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
+ virtual_machines(:testvm).uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+ end
+
+ test "setup and unsetup user" do
+ post "/arvados/v1/users/setup", {
+ repo_name: 'test_repo',
+ vm_uuid: virtual_machines(:testvm).uuid,
+ user: {email: 'foo@example.com'},
+ openid_prefix: 'https://www.google.com/accounts/o8/id'
+ }, auth(:admin)
+
+ assert_response :success
+ response_items = json_response['items']
+ created = find_obj_in_resp response_items, 'arvados#user', nil
+ assert_not_nil created['uuid'], 'expected uuid for the new user'
+ assert_equal created['email'], 'foo@example.com', 'expected given email'
+
+ # five extra links: system_group, login, group, repo and vm
+ verify_link response_items, 'arvados#user', true, 'permission', 'can_login',
+ created['uuid'], created['email'], 'arvados#user', false, 'arvados#user'
+
+ verify_link response_items, 'arvados#group', true, 'permission', 'can_read',
+ 'All users', created['uuid'], 'arvados#group', true, 'Group'
+
+ verify_link response_items, 'arvados#repository', true, 'permission', 'can_manage',
+ 'test_repo', created['uuid'], 'arvados#repository', true, 'Repository'
+
+ verify_link response_items, 'arvados#virtualMachine', true, 'permission', 'can_login',
+ virtual_machines(:testvm).uuid, created['uuid'], 'arvados#virtualMachine', false, 'VirtualMachine'
+
+ verify_link_existence created['uuid'], created['email'], true, true, true, true, false
+
+ post "/arvados/v1/users/#{created['uuid']}/unsetup", {}, auth(:admin)
+
+ assert_response :success
+
+ created2 = json_response
+ assert_not_nil created2['uuid'], 'expected uuid for the newly created user'
+ assert_equal created['uuid'], created2['uuid'], 'expected uuid not found'
+
+ verify_link_existence created['uuid'], created['email'], false, false, false, false, false
+ end
+
+ def find_obj_in_resp (response_items, kind, head_kind=nil)
+ response_items.each do |x|
+ if x && x['kind']
+ return x if (x['kind'] == kind && x['head_kind'] == head_kind)
+ end
+ end
+ nil
+ end
+
+end
def check_counter action
@counter += 1
if @counter == 2
- # TODO: when existing mistakes are fixed, start failing broken
- # test cases like this:
- #
- # assert_equal 1, 2, "Multiple actions in functional test"
- #
- # Meanwhile, just warn (just once per test case):
- $stderr.puts " [WARNING: Multiple actions in functional test]"
+ # assert_equal 1, 2, "Multiple actions in functional test"
end
end
test "use ownership and permission links to determine which logs a user can see" do
c = Log.readable_by(users(:admin)).order("id asc").each.to_a
- assert_equal 5, c.size
+ assert_equal 6, c.size
assert_equal 1, c[0].id # no-op
assert_equal 2, c[1].id # admin changes repository foo, which is owned by active user
assert_equal 3, c[2].id # admin changes specimen owned_by_spectator
assert_equal 4, c[3].id # foo collection added, readable by active through link
assert_equal 5, c[4].id # baz collection added, readable by active and spectator through group 'all users' group membership
+ assert_equal 6, c[5].id # log_owned_by_active
c = Log.readable_by(users(:active)).order("id asc").each.to_a
- assert_equal 3, c.size
+ assert_equal 4, c.size
assert_equal 2, c[0].id # admin changes repository foo, which is owned by active user
assert_equal 4, c[1].id # foo collection added, readable by active through link
assert_equal 5, c[2].id # baz collection added, readable by active and spectator through group 'all users' group membership
+ assert_equal 6, c[3].id # log_owned_by_active
c = Log.readable_by(users(:spectator)).order("id asc").each.to_a
assert_equal 2, c.size
"Pipeline Template with Jobspec Components.pipelineTemplate",
"collection_expires_in_future",
"collection_with_same_name_in_aproject_and_home_project",
- "pipeline_with_job.pipelineInstance"
+ "pipeline_to_merge_params.pipelineInstance",
+ "pipeline_with_job.pipelineInstance",
+ "pipeline_with_tagged_collection_input.pipelineInstance"
], d2)
d3 = os.listdir(os.path.join(self.mounttmp, 'Active User', 'A Project'))
projects / arvados.git / commitdiff