arvadostest.SetServiceURL(&s.testHandler.Cluster.Services.RailsAPI, "https://"+os.Getenv("ARVADOS_TEST_API_HOST"))
s.testHandler.Cluster.ClusterID = "zzzzz"
s.testHandler.Cluster.SystemRootToken = arvadostest.SystemRootToken
+ s.testHandler.Cluster.API.MaxTokenLifetime = arvados.Duration(time.Hour)
+ s.testHandler.Cluster.Collections.BlobSigningTTL = arvados.Duration(336 * time.Hour) // For some reason, this was set to 0h
resp := s.testRequest(req).Result()
c.Check(resp.StatusCode, check.Equals, http.StatusOK)
// Runtime token must match zzzzz cluster
c.Check(cr.RuntimeToken, check.Matches, "v2/zzzzz-gj3su-.*")
+
// RuntimeToken must be different than the Original Token we originally did the request with.
c.Check(cr.RuntimeToken, check.Not(check.Equals), arvadostest.ActiveTokenV2)
+
+ // Runtime token should not have an expiration based on API.MaxTokenLifetime
+ req2 := httptest.NewRequest("GET", "/arvados/v1/api_client_authorizations/current", nil)
+ req2.Header.Set("Authorization", "Bearer "+cr.RuntimeToken)
+ req2.Header.Set("Content-type", "application/json")
+ resp = s.testRequest(req2).Result()
+ c.Check(resp.StatusCode, check.Equals, http.StatusOK)
+ var aca arvados.APIClientAuthorization
+ c.Check(json.NewDecoder(resp.Body).Decode(&aca), check.IsNil)
+ c.Check(aca.ExpiresAt, check.NotNil) // Time.Now()+BlobSigningTTL
+ t, _ := time.Parse(time.RFC3339Nano, aca.ExpiresAt)
+ c.Check(t.After(time.Now().Add(s.testHandler.Cluster.API.MaxTokenLifetime.Duration())), check.Equals, true)
+ c.Check(t.Before(time.Now().Add(s.testHandler.Cluster.Collections.BlobSigningTTL.Duration())), check.Equals, true)
}
func (s *FederationSuite) TestCreateRemoteContainerRequestCheckSetRuntimeToken(c *check.C) {
check_no_change_from_cancelled c
end
+ test "Container locked with non-expiring token" do
+ Rails.configuration.API.TokenMaxLifetime = 1.hour
+ set_user_from_auth :active
+ c, _ = minimal_new
+ set_user_from_auth :dispatch1
+ assert c.lock, show_errors(c)
+ refute c.auth.nil?
+ assert c.auth.expires_at.nil?
+ assert c.auth.user_id == User.find_by_uuid(users(:active).uuid).id
+ end
+
test "Container locked cancel with log" do
set_user_from_auth :active
c, _ = minimal_new