4533: Replace enable_remote_reset config knob with check for existence of non-fixture...

diff --git a/services/api/app/controllers/database_controller.rb b/services/api/app/controllers/database_controller.rb
index 91d98e50f915b48e7c8f4ed43b6641d6015ce29a..a2e15ed1561db247521eb8b65da36cadb08f9853 100644 (file)
--- a/services/api/app/controllers/database_controller.rb
+++ b/services/api/app/controllers/database_controller.rb
@@ -5,6 +5,24 @@ class DatabaseController < ApplicationController
   def reset
     raise ArvadosModel::PermissionDeniedError unless Rails.env == 'test'
 
+    # Sanity check: If someone has actually logged in here, this might
+    # not really be a throwaway database. Client test suites should
+    # use @example.com email addresses when creating user records, so
+    # we can tell they're not valuable.
+    user_uuids = User.
+      where('email is null or email not like ?', '%@example.com').
+      collect &:uuid
+    fixture_uuids =
+      YAML::load_file(File.expand_path('../../../test/fixtures/users.yml',
+                                       __FILE__)).
+      values.collect { |u| u['uuid'] }
+    unexpected_uuids = user_uuids - fixture_uuids
+    if unexpected_uuids.any?
+      logger.error("Running in test environment, but non-fixture users exist: " +
+                   "#{unexpected_uuids}")
+      raise ArvadosModel::PermissionDeniedError
+    end
+
     require 'active_record/fixtures'
 
     # What kinds of fixtures do we have?

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index a357439165abe575cdfb60fb5cb0ec67887910b1..8b3eb21fae6cd0fc32e890633cdfd7a9c9ed7fb9 100644 (file)
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -46,7 +46,6 @@ test:
   user_profile_notification_address: arvados@example.com
   workbench_address: https://localhost:3001/
   websocket_address: ws://127.0.0.1:3333/websocket
-  enable_remote_database_reset: true
 
 common:
   uuid_prefix: <%= Digest::MD5.hexdigest(`hostname`).to_i(16).to_s(36)[0..4] %>

diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index 3537504c36c1cf20818430adcae5a5d36991e747..c3539387f3c8fc90e222c0c213384ee2d75fe292 100644 (file)
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -63,7 +63,7 @@ Server::Application.routes.draw do
     end
   end
 
-  if Rails.configuration.enable_remote_database_reset
+  if Rails.env == 'test'
     post '/database/reset', to: 'database#reset'
   end
 

diff --git a/services/api/test/fixtures/users.yml b/services/api/test/fixtures/users.yml
index ebf455aa5778b49da9f688a3e3b65d85a5751ab6..c859f39728629b9aaa1d52be7f91aadaedc00847 100644 (file)
--- a/services/api/test/fixtures/users.yml
+++ b/services/api/test/fixtures/users.yml
@@ -1,5 +1,21 @@
 # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
 
+system_user:
+  uuid: zzzzz-tpzed-000000000000000
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-11-27 06:38:21.215463000 Z
+  modified_by_client_uuid: zzzzz-ozdt8-teyxzyd8qllg11h
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-11-27 06:38:21.208036000 Z
+  email: root
+  first_name: root
+  last_name: ''
+  identity_url:
+  is_admin: true
+  prefs: {}
+  updated_at: 2014-11-27 06:38:21.207873000 Z
+  is_active: true
+
 admin:
   owner_uuid: zzzzz-tpzed-000000000000000
   uuid: zzzzz-tpzed-d9tiejq69daie8f

diff --git a/services/api/test/functional/database_controller_test.rb b/services/api/test/functional/database_controller_test.rb
index 4aab9504d197955a5beb2829fe53a2c844734a81..56662ee4373988f13a2d81c3806a5e6ea7bf40f2 100644 (file)
--- a/services/api/test/functional/database_controller_test.rb
+++ b/services/api/test/functional/database_controller_test.rb
@@ -3,37 +3,35 @@ require 'test_helper'
 class DatabaseControllerTest < ActionController::TestCase
   include CurrentApiClient
 
-  teardown do
-    restore_configuration
-    # We made configuration changes here that affect routing.
-    Rails.application.reload_routes!
-  end
-
   test "reset fails with non-admin token" do
     authorize_with :active
     post :reset
     assert_response 403
   end
 
-  test "reset fails when not in test mode" do
+  test "route not found when not in test mode" do
     authorize_with :admin
     env_was = Rails.env
+    Rails.application.reload_routes!
     begin
-      Rails.env = 'development'
-      post :reset
-      assert_response 403
+      assert_raises ActionController::RoutingError do
+        Rails.env = 'production'
+        Rails.application.reload_routes!
+        post :reset
+      end
     ensure
       Rails.env = env_was
+      Rails.application.reload_routes!
     end
   end
 
-  test "reset fails when not configured" do
-    Rails.configuration.enable_remote_database_reset = false
-    Rails.application.reload_routes!
-    authorize_with :admin
-    assert_raise ActionController::RoutingError do
-      post :reset
+  test "reset fails when a non-test-fixture user exists" do
+    act_as_system_user do
+      User.create!(uuid: 'abcde-tpzed-123451234512345', email: 'bar@example.net')
     end
+    authorize_with :admin
+    post :reset
+    assert_response 403
   end
 
   test "reset succeeds with admin token" do

diff --git a/services/api/test/integration/database_reset_test.rb b/services/api/test/integration/database_reset_test.rb
index 84f8a19a775edba9e6180b6655478a85e76a6a0a..8c77c2d7c9989ee9d70a68d4186e33cd793139f5 100644 (file)
--- a/services/api/test/integration/database_reset_test.rb
+++ b/services/api/test/integration/database_reset_test.rb
@@ -7,11 +7,16 @@ class DatabaseResetTest < ActionDispatch::IntegrationTest
     Rails.application.reload_routes!
   end
 
-  test "reset fails when not configured" do
-    Rails.configuration.enable_remote_database_reset = false
-    Rails.application.reload_routes!
-    post '/database/reset', {}, auth(:admin)
-    assert_response 404
+  test "reset fails when Rails.env != 'test'" do
+    rails_env_was = Rails.env
+    begin
+      Rails.env = 'production'
+      Rails.application.reload_routes!
+      post '/database/reset', {}, auth(:admin)
+      assert_response 404
+    ensure
+      Rails.env = rails_env_was
+    end
   end
 
   test "reset fails with non-admin token" do