package localdb
import (
- "context"
"io/fs"
"path/filepath"
"regexp"
"strings"
"time"
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadosclient"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/keepclient"
check "gopkg.in/check.v1"
)
func (s *CollectionSuite) TestCollectionCreateAndUpdateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
c.Log(c.TestName()+" ", tt.name)
// Create with properties
- coll, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
+ coll, err := s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
"properties": tt.props,
}
// Create, then update with properties
- coll, err = s.localdb.CollectionCreate(ctx, arvados.CreateOptions{})
+ coll, err = s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{})
c.Assert(err, check.IsNil)
- coll, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ coll, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: coll.UUID,
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
}
func (s *CollectionSuite) TestCollectionReplaceFiles(c *check.C) {
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.AdminToken}})
- foo, err := s.localdb.railsProxy.CollectionCreate(ctx, arvados.CreateOptions{
+ adminctx := ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.AdminToken)
+ foo, err := s.localdb.railsProxy.CollectionCreate(adminctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"owner_uuid": arvadostest.ActiveUserUUID,
"manifest_text": ". acbd18db4cc2f85cedef654fccc4a4d8+3 0:3:foo.txt\n",
}})
c.Assert(err, check.IsNil)
- s.localdb.signCollection(ctx, &foo)
- foobarbaz, err := s.localdb.railsProxy.CollectionCreate(ctx, arvados.CreateOptions{
+ s.localdb.signCollection(adminctx, &foo)
+ foobarbaz, err := s.localdb.railsProxy.CollectionCreate(adminctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"owner_uuid": arvadostest.ActiveUserUUID,
"manifest_text": "./foo/bar 73feffa4b7f6bb68e44cf984c85f6e88+3 0:3:baz.txt\n",
}})
c.Assert(err, check.IsNil)
- s.localdb.signCollection(ctx, &foobarbaz)
- wazqux, err := s.localdb.railsProxy.CollectionCreate(ctx, arvados.CreateOptions{
+ s.localdb.signCollection(adminctx, &foobarbaz)
+ wazqux, err := s.localdb.railsProxy.CollectionCreate(adminctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"owner_uuid": arvadostest.ActiveUserUUID,
"manifest_text": "./waz d85b1213473c2fd7c2045020a6b9c62b+3 0:3:qux.txt\n",
}})
c.Assert(err, check.IsNil)
- s.localdb.signCollection(ctx, &wazqux)
-
- ctx = auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
+ s.localdb.signCollection(adminctx, &wazqux)
// Create using content from existing collections
- dst, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
+ dst, err := s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{
ReplaceFiles: map[string]string{
"/f": foo.PortableDataHash + "/foo.txt",
"/b": foobarbaz.PortableDataHash + "/foo/bar",
s.expectFiles(c, dst, "f", "b/baz.txt", "q/waz/qux.txt", "w/qux.txt")
// Delete a file and a directory
- dst, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ dst, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: dst.UUID,
ReplaceFiles: map[string]string{
"/f": "",
s.expectFiles(c, dst, "b/baz.txt", "q/", "w/qux.txt")
// Move and copy content within collection
- dst, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ dst, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: dst.UUID,
ReplaceFiles: map[string]string{
// Note splicing content to /b/corge.txt but
s.expectFiles(c, dst, "b/corge.txt", "q/", "w/qux.txt", "quux/corge.txt")
// Remove everything except one file
- dst, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ dst, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: dst.UUID,
ReplaceFiles: map[string]string{
"/": "",
s.expectFiles(c, dst, "b/corge.txt")
// Copy entire collection to root
- dstcopy, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
+ dstcopy, err := s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{
ReplaceFiles: map[string]string{
"/": dst.PortableDataHash,
}})
{"/bad": "bad/b"},
{"/bad": dst.UUID + "/b"},
} {
- _, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ _, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: dst.UUID,
ReplaceFiles: badrepl,
})
}
// Check conflicting replace_files and manifest_text
- _, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ _, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: dst.UUID,
ReplaceFiles: map[string]string{"/": ""},
Attrs: map[string]interface{}{
}
func (s *CollectionSuite) TestSignatures(c *check.C) {
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
-
- resp, err := s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
+ resp, err := s.localdb.CollectionGet(s.userctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
c.Check(err, check.IsNil)
c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
s.checkSignatureExpiry(c, resp.ManifestText, time.Hour*24*7*2)
- resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"manifest_text"}})
+ resp, err = s.localdb.CollectionGet(s.userctx, arvados.GetOptions{UUID: arvadostest.FooCollection, Select: []string{"manifest_text"}})
c.Check(err, check.IsNil)
c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
- lresp, err := s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}})
+ lresp, err := s.localdb.CollectionList(s.userctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}})
c.Check(err, check.IsNil)
if c.Check(lresp.Items, check.HasLen, 1) {
c.Check(lresp.Items[0].UUID, check.Equals, arvadostest.FooCollection)
c.Check(lresp.Items[0].UnsignedManifestText, check.Equals, "")
}
- lresp, err = s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"manifest_text"}})
+ lresp, err = s.localdb.CollectionList(s.userctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"manifest_text"}})
c.Check(err, check.IsNil)
if c.Check(lresp.Items, check.HasLen, 1) {
c.Check(lresp.Items[0].ManifestText, check.Matches, `(?ms).* acbd[^ ]*\+3\+A[0-9a-f]+@[0-9a-f]+ 0:.*`)
c.Check(lresp.Items[0].UnsignedManifestText, check.Equals, "")
}
- lresp, err = s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"unsigned_manifest_text"}})
+ lresp, err = s.localdb.CollectionList(s.userctx, arvados.ListOptions{Limit: -1, Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}}, Select: []string{"unsigned_manifest_text"}})
c.Check(err, check.IsNil)
if c.Check(lresp.Items, check.HasLen, 1) {
c.Check(lresp.Items[0].ManifestText, check.Equals, "")
// early trash date causes lower signature TTL (even if
// trash_at and is_trashed fields are unselected)
- trashed, err := s.localdb.CollectionCreate(ctx, arvados.CreateOptions{
+ trashed, err := s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{
Select: []string{"uuid", "manifest_text"},
Attrs: map[string]interface{}{
"manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:foo\n",
}})
c.Assert(err, check.IsNil)
s.checkSignatureExpiry(c, trashed.ManifestText, time.Hour)
- resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: trashed.UUID})
+ resp, err = s.localdb.CollectionGet(s.userctx, arvados.GetOptions{UUID: trashed.UUID})
c.Assert(err, check.IsNil)
s.checkSignatureExpiry(c, resp.ManifestText, time.Hour)
// distant future trash date does not cause higher signature TTL
- trashed, err = s.localdb.CollectionUpdate(ctx, arvados.UpdateOptions{
+ trashed, err = s.localdb.CollectionUpdate(s.userctx, arvados.UpdateOptions{
UUID: trashed.UUID,
Attrs: map[string]interface{}{
"trash_at": time.Now().UTC().Add(time.Hour * 24 * 365),
}})
c.Assert(err, check.IsNil)
s.checkSignatureExpiry(c, trashed.ManifestText, time.Hour*24*7*2)
- resp, err = s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: trashed.UUID})
+ resp, err = s.localdb.CollectionGet(s.userctx, arvados.GetOptions{UUID: trashed.UUID})
c.Assert(err, check.IsNil)
s.checkSignatureExpiry(c, resp.ManifestText, time.Hour*24*7*2)
// Make sure groups/contents doesn't return manifest_text with
// collections (if it did, we'd need to sign it).
- gresp, err := s.localdb.GroupContents(ctx, arvados.GroupContentsOptions{
+ gresp, err := s.localdb.GroupContents(s.userctx, arvados.GroupContentsOptions{
Limit: -1,
Filters: []arvados.Filter{{"uuid", "=", arvadostest.FooCollection}},
Select: []string{"uuid", "manifest_text"},
func (s *CollectionSuite) TestSignaturesDisabled(c *check.C) {
s.localdb.cluster.Collections.BlobSigning = false
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
-
- resp, err := s.localdb.CollectionGet(ctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
+ resp, err := s.localdb.CollectionGet(s.userctx, arvados.GetOptions{UUID: arvadostest.FooCollection})
c.Check(err, check.IsNil)
c.Check(resp.ManifestText, check.Matches, `(?ms).* acbd[^ +]*\+3 0:.*`)
}
"fmt"
"time"
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
"github.com/sirupsen/logrus"
// after each container update request) corrects any inconsistent
// container priorities caused by races.
func (conn *Conn) runContainerPriorityUpdateThread(ctx context.Context) {
+ ctx = ctrlctx.NewWithToken(ctx, conn.cluster, conn.cluster.SystemRootToken)
log := ctxlog.FromContext(ctx).WithField("worker", "runContainerPriorityUpdateThread")
ticker := time.NewTicker(5 * time.Minute)
for {
package localdb
import (
- "context"
"crypto/hmac"
"crypto/sha256"
"fmt"
"git.arvados.org/arvados.git/lib/controller/router"
"git.arvados.org/arvados.git/lib/controller/rpc"
"git.arvados.org/arvados.git/lib/crunchrun"
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
"golang.org/x/crypto/ssh"
check "gopkg.in/check.v1"
func (s *ContainerGatewaySuite) SetUpTest(c *check.C) {
s.localdbSuite.SetUpTest(c)
- s.ctx = auth.NewContext(s.ctx, &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
s.ctrUUID = arvadostest.QueuedContainerUUID
ArvadosClient: ac,
}
c.Assert(s.gw.Start(), check.IsNil)
- rootctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: []string{s.cluster.SystemRootToken}})
+ rootctx := ctrlctx.NewWithToken(s.ctx, s.cluster, s.cluster.SystemRootToken)
// OK if this line fails (because state is already Running
// from a previous test case) as long as the following line
// succeeds:
c.Logf("trial %#v", trial)
s.cluster.Containers.ShellAccess.Admin = trial.configAdmin
s.cluster.Containers.ShellAccess.User = trial.configUser
- ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: []string{trial.sendToken}})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, trial.sendToken)
sshconn, err := s.localdb.ContainerSSH(ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
if trial.errorCode == 0 {
if !c.Check(err, check.IsNil) {
}
c.Logf("connecting to %s", s.gw.Address)
- sshconn, err := s.localdb.ContainerSSH(s.ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
+ sshconn, err := s.localdb.ContainerSSH(s.userctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
c.Assert(err, check.IsNil)
c.Assert(sshconn.Conn, check.NotNil)
defer sshconn.Conn.Close()
func (s *ContainerGatewaySuite) TestConnect(c *check.C) {
c.Logf("connecting to %s", s.gw.Address)
- sshconn, err := s.localdb.ContainerSSH(s.ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
+ sshconn, err := s.localdb.ContainerSSH(s.userctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
c.Assert(err, check.IsNil)
c.Assert(sshconn.Conn, check.NotNil)
defer sshconn.Conn.Close()
case <-time.After(time.Second):
c.Fail()
}
- ctr, err := s.localdb.ContainerGet(s.ctx, arvados.GetOptions{UUID: s.ctrUUID})
+ ctr, err := s.localdb.ContainerGet(s.userctx, arvados.GetOptions{UUID: s.ctrUUID})
c.Check(err, check.IsNil)
c.Check(ctr.InteractiveSessionStarted, check.Equals, true)
}
func (s *ContainerGatewaySuite) TestConnectFail(c *check.C) {
c.Log("trying with no token")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, "")
_, err := s.localdb.ContainerSSH(ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
c.Check(err, check.ErrorMatches, `.* 401 .*`)
c.Log("trying with anonymous token")
- ctx = auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.AnonymousToken}})
+ ctx = ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.AnonymousToken)
_, err = s.localdb.ContainerSSH(ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
c.Check(err, check.ErrorMatches, `.* 404 .*`)
}
func (s *ContainerGatewaySuite) TestCreateTunnel(c *check.C) {
// no AuthSecret
- conn, err := s.localdb.ContainerGatewayTunnel(s.ctx, arvados.ContainerGatewayTunnelOptions{
+ conn, err := s.localdb.ContainerGatewayTunnel(s.userctx, arvados.ContainerGatewayTunnelOptions{
UUID: s.ctrUUID,
})
c.Check(err, check.ErrorMatches, `authentication error`)
c.Check(conn.Conn, check.IsNil)
// bogus AuthSecret
- conn, err = s.localdb.ContainerGatewayTunnel(s.ctx, arvados.ContainerGatewayTunnelOptions{
+ conn, err = s.localdb.ContainerGatewayTunnel(s.userctx, arvados.ContainerGatewayTunnelOptions{
UUID: s.ctrUUID,
AuthSecret: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
})
c.Check(conn.Conn, check.IsNil)
// good AuthSecret
- conn, err = s.localdb.ContainerGatewayTunnel(s.ctx, arvados.ContainerGatewayTunnelOptions{
+ conn, err = s.localdb.ContainerGatewayTunnel(s.userctx, arvados.ContainerGatewayTunnelOptions{
UUID: s.ctrUUID,
AuthSecret: s.gw.AuthSecret,
})
}
func (s *ContainerGatewaySuite) testConnectThroughTunnel(c *check.C, expectErrorMatch string) {
- rootctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{s.cluster.SystemRootToken}})
+ rootctx := ctrlctx.NewWithToken(s.ctx, s.cluster, s.cluster.SystemRootToken)
// Until the tunnel starts up, set gateway_address to a value
// that can't work. We want to ensure the only way we can
// reach the gateway is through the tunnel.
c.Assert(err, check.IsNil)
for deadline := time.Now().Add(5 * time.Second); time.Now().Before(deadline); time.Sleep(time.Second / 2) {
- ctr, err := s.localdb.ContainerGet(s.ctx, arvados.GetOptions{UUID: s.ctrUUID})
+ ctr, err := s.localdb.ContainerGet(s.userctx, arvados.GetOptions{UUID: s.ctrUUID})
c.Assert(err, check.IsNil)
c.Check(ctr.InteractiveSessionStarted, check.Equals, false)
c.Logf("ctr.GatewayAddress == %s", ctr.GatewayAddress)
c.Log("connecting to gateway through tunnel")
arpc := rpc.NewConn("", &url.URL{Scheme: "https", Host: s.gw.ArvadosClient.APIHost}, true, rpc.PassthroughTokenProvider)
- sshconn, err := arpc.ContainerSSH(s.ctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
+ sshconn, err := arpc.ContainerSSH(s.userctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})
if expectErrorMatch != "" {
c.Check(err, check.ErrorMatches, expectErrorMatch)
return
case <-time.After(time.Second):
c.Fail()
}
- ctr, err := s.localdb.ContainerGet(s.ctx, arvados.GetOptions{UUID: s.ctrUUID})
+ ctr, err := s.localdb.ContainerGet(s.userctx, arvados.GetOptions{UUID: s.ctrUUID})
c.Check(err, check.IsNil)
c.Check(ctr.InteractiveSessionStarted, check.Equals, true)
}
package localdb
import (
- "context"
-
"git.arvados.org/arvados.git/sdk/go/arvados"
- "git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
check "gopkg.in/check.v1"
)
func (s *ContainerRequestSuite) TestCRCreateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- cnt, err := s.localdb.ContainerRequestCreate(ctx, arvados.CreateOptions{
+ cnt, err := s.localdb.ContainerRequestCreate(s.userctx, arvados.CreateOptions{
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
"command": []string{"echo", "foo"},
func (s *ContainerRequestSuite) TestCRUpdateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
}
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- cnt, err := s.localdb.ContainerRequestCreate(ctx, arvados.CreateOptions{
+ cnt, err := s.localdb.ContainerRequestCreate(s.userctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"command": []string{"echo", "foo"},
"container_image": "arvados/apitestfixture:latest",
},
})
c.Assert(err, check.IsNil)
- cnt, err = s.localdb.ContainerRequestUpdate(ctx, arvados.UpdateOptions{
+ cnt, err = s.localdb.ContainerRequestUpdate(s.userctx, arvados.UpdateOptions{
UUID: cnt.UUID,
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
package localdb
import (
- "context"
-
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
check "gopkg.in/check.v1"
)
func (s *GroupSuite) TestGroupCreateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- grp, err := s.localdb.GroupCreate(ctx, arvados.CreateOptions{
+ grp, err := s.localdb.GroupCreate(s.userctx, arvados.CreateOptions{
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
"group_class": "project",
func (s *GroupSuite) TestGroupUpdateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
}
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- grp, err := s.localdb.GroupCreate(ctx, arvados.CreateOptions{
+ grp, err := s.localdb.GroupCreate(s.userctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"group_class": "project",
},
})
c.Assert(err, check.IsNil)
- grp, err = s.localdb.GroupUpdate(ctx, arvados.UpdateOptions{
+ grp, err = s.localdb.GroupUpdate(s.userctx, arvados.UpdateOptions{
UUID: grp.UUID,
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
}
func (s *GroupSuite) TestCanWriteCanManageResponses(c *check.C) {
- ctxUser1 := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
- ctxUser2 := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.SpectatorToken}})
- ctxAdmin := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.AdminToken}})
+ ctxUser1 := ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.ActiveTokenV2)
+ ctxUser2 := ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.SpectatorToken)
+ ctxAdmin := ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.AdminToken)
project, err := s.localdb.GroupCreate(ctxUser1, arvados.CreateOptions{
Attrs: map[string]interface{}{
"group_class": "project",
package localdb
import (
- "context"
-
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
check "gopkg.in/check.v1"
)
func (s *LinkSuite) TestLinkCreateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- lnk, err := s.localdb.LinkCreate(ctx, arvados.CreateOptions{
+ lnk, err := s.localdb.LinkCreate(s.userctx, arvados.CreateOptions{
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
"link_class": "star",
func (s *LinkSuite) TestLinkUpdateWithProperties(c *check.C) {
s.setUpVocabulary(c, "")
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
tests := []struct {
name string
}
for _, tt := range tests {
c.Log(c.TestName()+" ", tt.name)
- lnk, err := s.localdb.LinkCreate(ctx, arvados.CreateOptions{
+ lnk, err := s.localdb.LinkCreate(s.userctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"link_class": "star",
"tail_uuid": "zzzzz-j7d0g-publicfavorites",
},
})
c.Assert(err, check.IsNil)
- lnk, err = s.localdb.LinkUpdate(ctx, arvados.UpdateOptions{
+ lnk, err = s.localdb.LinkUpdate(s.userctx, arvados.UpdateOptions{
UUID: lnk.UUID,
Select: []string{"uuid", "properties"},
Attrs: map[string]interface{}{
import (
"context"
+ "errors"
"git.arvados.org/arvados.git/lib/config"
"git.arvados.org/arvados.git/lib/controller/rpc"
db *sqlx.DB
dbConnector *ctrlctx.DBConnector
tx *sqlx.Tx
+ txFinish func(*error)
+ userctx context.Context // uses ActiveUser token
localdb *Conn
railsSpy *arvadostest.Proxy
}
s.dbConnector = &ctrlctx.DBConnector{PostgreSQL: s.cluster.PostgreSQL}
s.db, err = s.dbConnector.GetDB(s.ctx)
c.Assert(err, check.IsNil)
+ s.ctx, s.txFinish = ctrlctx.New(s.ctx, s.dbConnector.GetDB)
+ s.tx, err = ctrlctx.CurrentTx(s.ctx)
+ c.Assert(err, check.IsNil)
s.localdb = NewConn(s.ctx, s.cluster, s.dbConnector.GetDB)
s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
*s.localdb.railsProxy = *rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)
-
- s.tx, err = s.db.Beginx()
- c.Assert(err, check.IsNil)
- s.ctx = ctrlctx.NewWithTransaction(s.ctx, s.tx)
+ s.userctx = ctrlctx.NewWithToken(s.ctx, s.cluster, arvadostest.ActiveTokenV2)
}
+var errRollbackAfterTest = errors.New("rollback after test")
+
func (s *localdbSuite) TearDownTest(c *check.C) {
if s.tx != nil {
s.tx.Rollback()
}
+ if s.txFinish != nil {
+ s.txFinish(&errRollbackAfterTest)
+ }
if s.railsSpy != nil {
s.railsSpy.Close()
}
package localdb
import (
- "context"
"database/sql"
"time"
- "git.arvados.org/arvados.git/lib/controller/api"
- "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
- "github.com/jmoiron/sqlx"
check "gopkg.in/check.v1"
)
s.localdb.activeUsersLock.Lock()
s.localdb.activeUsersReset = starttime
s.localdb.activeUsersLock.Unlock()
- wrap := api.ComposeWrappers(
- ctrlctx.WrapCallsInTransactions(func(ctx context.Context) (*sqlx.DB, error) { return s.db, nil }),
- ctrlctx.WrapCallsWithAuth(s.cluster))
- collectionCreate := wrap(func(ctx context.Context, opts interface{}) (interface{}, error) {
- return s.localdb.CollectionCreate(ctx, opts.(arvados.CreateOptions))
- })
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{arvadostest.ActiveTokenV2}})
for i := 0; i < 2; i++ {
logthreshold := time.Now()
- _, err := collectionCreate(ctx, arvados.CreateOptions{
+ _, err := s.localdb.CollectionCreate(s.userctx, arvados.CreateOptions{
Attrs: map[string]interface{}{
"name": "test collection",
},
})
c.Assert(err, check.IsNil)
var uuid string
- err = s.db.QueryRowContext(ctx, `select uuid from logs where object_uuid = $1 and event_at > $2`, arvadostest.ActiveUserUUID, logthreshold.UTC()).Scan(&uuid)
+ err = s.db.QueryRowContext(s.ctx, `select uuid from logs where object_uuid = $1 and event_at > $2`, arvadostest.ActiveUserUUID, logthreshold.UTC()).Scan(&uuid)
if i == 0 {
c.Check(err, check.IsNil)
c.Check(uuid, check.HasLen, 27)
"net/http"
"git.arvados.org/arvados.git/lib/controller/railsproxy"
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
- "git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/ctxlog"
"github.com/bradleypeabody/godap"
check "gopkg.in/check.v1"
c.Check(resp.UUID, check.Matches, `zzzzz-gj3su-.*`)
c.Check(resp.Scopes, check.DeepEquals, []string{"all"})
- ctx := auth.NewContext(s.ctx, &auth.Credentials{Tokens: []string{"v2/" + resp.UUID + "/" + resp.APIToken}})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, "v2/"+resp.UUID+"/"+resp.APIToken)
user, err := railsproxy.NewConn(s.cluster).UserGetCurrent(ctx, arvados.GetOptions{})
c.Check(err, check.IsNil)
c.Check(user.Email, check.Equals, "goodusername@example.com")
cleanup()
defer cleanup()
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{accessToken}})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, accessToken)
// Check behavior on 5xx/network errors (don't cache) vs 4xx
// (do cache)
s.fakeProvider.AccessTokenPayload = map[string]interface{}{"scope": "openid profile foobar"}
accessToken = s.fakeProvider.ValidAccessToken()
- ctx = auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{accessToken}})
+ ctx = ctrlctx.NewWithToken(s.ctx, s.cluster, accessToken)
mac = hmac.New(sha256.New, []byte(s.cluster.SystemRootToken))
io.WriteString(mac, accessToken)
// Try using the returned Arvados token.
c.Logf("trying an API call with new token %q", token)
- ctx := auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{token}})
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, token)
cl, err := s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1})
c.Check(cl.ItemsAvailable, check.Not(check.Equals), 0)
c.Check(cl.Items, check.Not(check.HasLen), 0)
// Might as well check that bogus tokens aren't accepted.
badtoken := token + "plussomeboguschars"
c.Logf("trying an API call with mangled token %q", badtoken)
- ctx = auth.NewContext(context.Background(), &auth.Credentials{Tokens: []string{badtoken}})
+ ctx = ctrlctx.NewWithToken(s.ctx, s.cluster, badtoken)
cl, err = s.localdb.CollectionList(ctx, arvados.ListOptions{Limit: -1})
c.Check(cl.Items, check.HasLen, 0)
c.Check(err, check.NotNil)
import (
"database/sql"
+ "git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/auth"
check "gopkg.in/check.v1"
)
{"v2/some-fake-uuid/thisdoesntexistasatoken", "", false},
} {
c.Logf("=== %#v", trial)
- ctx := auth.NewContext(s.ctx, &auth.Credentials{
- Tokens: []string{trial.requestToken},
- })
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, trial.requestToken)
var tokenUUID string
var err error
}
}
+// NewWithToken returns a context with the provided auth token.
+//
+// The incoming context must come from WrapCallsInTransactions or
+// NewWithTransaction.
+//
+// Used for attaching system auth to background threads.
+//
+// Also useful for tests, where context doesn't necessarily come from
+// a router that uses WrapCallsWithAuth.
+//
+// The returned context comes with its own token lookup cache, so
+// NewWithToken is not appropriate to use in a per-request code path.
+func NewWithToken(ctx context.Context, cluster *arvados.Cluster, token string) context.Context {
+ ctx = auth.NewContext(ctx, &auth.Credentials{Tokens: []string{token}})
+ return context.WithValue(ctx, contextKeyAuth, &authcontext{
+ authcache: &authcache{},
+ cluster: cluster,
+ tokens: []string{token},
+ })
+}
+
// CurrentAuth returns the arvados.User whose privileges should be
// used in the given context, and the arvados.APIClientAuthorization
// the caller presented in order to authenticate the current request.
// commit or rollback the transaction, if any.
//
// func example(ctx context.Context) (err error) {
-// ctx, finishtx := New(ctx, dber)
+// ctx, finishtx := New(ctx, getdb)
// defer finishtx(&err)
// // ...
// tx, err := CurrentTx(ctx)