From 28425a5cf55a26113bdbea53381f86b779d84bf9 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 5 Nov 2015 11:33:42 -0500 Subject: [PATCH] 7724: Use a scoped token in data manager tests. --- sdk/go/arvadostest/fixtures.go | 2 ++ sdk/python/tests/run_test_server.py | 2 +- .../fixtures/api_client_authorizations.yml | 12 +++++++++ services/datamanager/datamanager_test.go | 27 +++++++++++++------ 4 files changed, 34 insertions(+), 9 deletions(-) diff --git a/sdk/go/arvadostest/fixtures.go b/sdk/go/arvadostest/fixtures.go index d0270a6a71..3256ec27a2 100644 --- a/sdk/go/arvadostest/fixtures.go +++ b/sdk/go/arvadostest/fixtures.go @@ -4,7 +4,9 @@ package arvadostest const ( SpectatorToken = "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu" ActiveToken = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi" + AdminToken = "4axaw8zxe0qm22wa6urpp5nskcne8z88cvbupv653y1njyi05h" AnonymousToken = "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi" + DataManagerToken = "320mkve8qkswstz7ff61glpk3mhgghmg67wmic7elw4z41pke1" FooCollection = "zzzzz-4zz18-fy296fx3hot09f7" NonexistentCollection = "zzzzz-4zz18-totallynotexist" HelloWorldCollection = "zzzzz-4zz18-4en62shvi99lxd4" diff --git a/sdk/python/tests/run_test_server.py b/sdk/python/tests/run_test_server.py index d325b4eb6e..972b7f9d51 100644 --- a/sdk/python/tests/run_test_server.py +++ b/sdk/python/tests/run_test_server.py @@ -333,7 +333,7 @@ def run_keep(blob_signing_key=None, enforce_permissions=False, num_servers=2): keep_args['-enforce-permissions'] = 'true' with open(os.path.join(TEST_TMPDIR, "keep.data-manager-token-file"), "w") as f: keep_args['-data-manager-token-file'] = f.name - f.write(os.environ['ARVADOS_API_TOKEN']) + f.write(auth_token('data_manager')) keep_args['-never-delete'] = 'false' api = arvados.api( diff --git a/services/api/test/fixtures/api_client_authorizations.yml b/services/api/test/fixtures/api_client_authorizations.yml index 9199d178f6..b9ea29c314 100644 --- a/services/api/test/fixtures/api_client_authorizations.yml +++ b/services/api/test/fixtures/api_client_authorizations.yml @@ -18,6 +18,18 @@ admin_trustedclient: api_token: 1a9ffdcga2o7cw8q12dndskomgs1ygli3ns9k2o9hgzgmktc78 expires_at: 2038-01-01 00:00:00 +data_manager: + api_client: untrusted + user: system_user + api_token: 320mkve8qkswstz7ff61glpk3mhgghmg67wmic7elw4z41pke1 + expires_at: 2038-01-01 00:00:00 + scopes: + - GET /arvados/v1/collections + - GET /arvados/v1/keep_services + - GET /arvados/v1/keep_services/accessible + - GET /arvados/v1/users/current + - POST /arvados/v1/logs + miniadmin: api_client: untrusted user: miniadmin diff --git a/services/datamanager/datamanager_test.go b/services/datamanager/datamanager_test.go index c2cb762d52..685f94c88f 100644 --- a/services/datamanager/datamanager_test.go +++ b/services/datamanager/datamanager_test.go @@ -16,11 +16,6 @@ import ( "time" ) -const ( - ActiveUserToken = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi" - AdminToken = "4axaw8zxe0qm22wa6urpp5nskcne8z88cvbupv653y1njyi05h" -) - var arv arvadosclient.ArvadosClient var keepClient *keepclient.KeepClient var keepServers []string @@ -34,6 +29,7 @@ func SetupDataManagerTest(t *testing.T) { arvadostest.StartKeep(2, false) arv = makeArvadosClient() + arv.ApiToken = arvadostest.DataManagerToken // keep client keepClient = &keepclient.KeepClient{ @@ -124,7 +120,18 @@ func getFirstLocatorFromCollection(t *testing.T, uuid string) string { return match[1] + "+" + match[2] } +func switchToken(t string) func() { + orig := arv.ApiToken + restore := func() { + arv.ApiToken = orig + } + arv.ApiToken = t + return restore +} + func getCollection(t *testing.T, uuid string) Dict { + defer switchToken(arvadostest.AdminToken)() + getback := make(Dict) err := arv.Get("collections", uuid, nil, &getback) if err != nil { @@ -138,6 +145,8 @@ func getCollection(t *testing.T, uuid string) Dict { } func updateCollection(t *testing.T, uuid string, paramName string, paramValue string) { + defer switchToken(arvadostest.AdminToken)() + err := arv.Update("collections", uuid, arvadosclient.Dict{ "collection": arvadosclient.Dict{ paramName: paramValue, @@ -152,6 +161,8 @@ func updateCollection(t *testing.T, uuid string, paramName string, paramValue st type Dict map[string]interface{} func deleteCollection(t *testing.T, uuid string) { + defer switchToken(arvadostest.AdminToken)() + getback := make(Dict) err := arv.Delete("collections", uuid, nil, &getback) if err != nil { @@ -175,7 +186,7 @@ func getBlockIndexesForServer(t *testing.T, i int) []string { path := keepServers[i] + "/index" client := http.Client{} req, err := http.NewRequest("GET", path, nil) - req.Header.Add("Authorization", "OAuth2 "+AdminToken) + req.Header.Add("Authorization", "OAuth2 "+arvadostest.DataManagerToken) req.Header.Add("Content-Type", "application/octet-stream") resp, err := client.Do(req) defer resp.Body.Close() @@ -297,7 +308,7 @@ func backdateBlocks(t *testing.T, oldUnusedBlockLocators []string) { func getStatus(t *testing.T, path string) interface{} { client := http.Client{} req, err := http.NewRequest("GET", path, nil) - req.Header.Add("Authorization", "OAuth2 "+AdminToken) + req.Header.Add("Authorization", "OAuth2 "+arvadostest.DataManagerToken) req.Header.Add("Content-Type", "application/octet-stream") resp, err := client.Do(req) if err != nil { @@ -504,7 +515,7 @@ func TestRunDatamanagerAsNonAdminUser(t *testing.T) { defer TearDownDataManagerTest(t) SetupDataManagerTest(t) - arv.ApiToken = ActiveUserToken + arv.ApiToken = arvadostest.ActiveToken err := singlerun(arv) if err == nil { -- 2.30.2