Merge branch '15795-sys-root-token'

refs #15795

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 651eacf6264fe36b860476cd85b6025798a72659..77fc0a45afb32ff7ea93595a4b97ff66cd128f63 100644 (file)
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -111,6 +111,7 @@ class ApiClientAuthorization < ArvadosModel
   def self.check_system_root_token token
     if token == Rails.configuration.SystemRootToken
       return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
+                                        uuid: uuid_prefix+"-gj3su-000000000000000",
                                         api_token: token,
                                         api_client: ApiClient.new(is_trusted: true, url_prefix: ""))
     else

diff --git a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
index 38938c4695ebf1b42102ceb0f7b9da2f4d516f2b..c2c71ca540121b3415bd93badb54f5456c71c11a 100644 (file)
--- a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
@@ -181,6 +181,15 @@ class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::Tes
                  api_client_authorizations(:active).api_token)
   end
 
+  test "get current token using SystemRootToken" do
+    Rails.configuration.SystemRootToken = "xyzzy-systemroottoken"
+    authorize_with_token Rails.configuration.SystemRootToken
+    get :current
+    assert_response :success
+    assert_equal(Rails.configuration.SystemRootToken, json_response['api_token'])
+    assert_not_empty(json_response['uuid'])
+  end
+
   test "get current token, no auth" do
     get :current
     assert_response 401

diff --git a/services/api/test/integration/container_dispatch_test.rb b/services/api/test/integration/container_dispatch_test.rb
new file mode 100644 (file)
index 0000000..61e01da
--- /dev/null
+++ b/services/api/test/integration/container_dispatch_test.rb
@@ -0,0 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'test_helper'
+
+class ContainerDispatchTest < ActionDispatch::IntegrationTest
+  test "lock container with SystemRootToken" do
+    Rails.configuration.SystemRootToken = "xyzzy-SystemRootToken"
+    authheaders = {'HTTP_AUTHORIZATION' => "Bearer "+Rails.configuration.SystemRootToken}
+    get("/arvados/v1/api_client_authorizations/current",
+        headers: authheaders)
+    assert_response 200
+    #assert_not_empty json_response['uuid']
+
+    system_auth_uuid = json_response['uuid']
+    post("/arvados/v1/containers/#{containers(:queued).uuid}/lock",
+         headers: authheaders)
+    assert_response 200
+    assert_equal system_auth_uuid, Container.find_by_uuid(containers(:queued).uuid).locked_by_uuid
+
+    get("/arvados/v1/containers",
+        params: {filters: SafeJSON.dump([['locked_by_uuid', '=', system_auth_uuid]])},
+        headers: authheaders)
+    assert_response 200
+    assert_equal containers(:queued).uuid, json_response['items'][0]['uuid']
+    assert_equal system_auth_uuid, json_response['items'][0]['locked_by_uuid']
+
+    post("/arvados/v1/containers/#{containers(:queued).uuid}/unlock",
+         headers: authheaders)
+    assert_response 200
+  end
+end