[ARVADOS] updated: 2.1.0-893-g0698f0ee6
Git user
git at public.arvados.org
Mon Jun 14 21:32:07 UTC 2021
Summary of changes:
services/keep-web/handler_test.go | 219 ++++++++++++++++++++++++++++++++++----
services/keep-web/server_test.go | 4 +-
2 files changed, 201 insertions(+), 22 deletions(-)
via 0698f0ee6f2748016688b81e7bd53c8efa200648 (commit)
from fb343cbbf8157315ec1a34a547beb0f2ddd5314c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 0698f0ee6f2748016688b81e7bd53c8efa200648
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Mon Jun 14 17:30:59 2021 -0400
17464: Permission/logging testing WIP
The upload tests are messing up the other tests by changing the
contents of the collection, still need to fix it.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/keep-web/handler_test.go b/services/keep-web/handler_test.go
index 94fbb71ff..ad674e4d1 100644
--- a/services/keep-web/handler_test.go
+++ b/services/keep-web/handler_test.go
@@ -9,6 +9,7 @@ import (
"context"
"fmt"
"html"
+ "io"
"io/ioutil"
"net/http"
"net/http/httptest"
@@ -1174,27 +1175,6 @@ func (s *IntegrationSuite) TestCacheWriteCollectionSamePDH(c *check.C) {
checkWithID(colls[0].UUID, http.StatusOK)
}
-// func (s *IntegrationSuite) TestUploadDownloadLogging(c *check.C) {
-// u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
-// req := &http.Request{
-// Method: "GET",
-// Host: u.Host,
-// URL: u,
-// RequestURI: u.RequestURI(),
-// Header: http.Header{
-// "Authorization": {"Bearer " + arvadostest.ActiveToken},
-// },
-// }
-
-// var logbuf bytes.Buffer
-// logger := logrus.New()
-// logger.Out = &logbuf
-// req = req.WithContext(ctxlog.Context(context.Background(), logger))
-// s.doReq(req)
-
-// c.Check(logbuf.String(), check.Matches, `Download file*`)
-// }
-
func copyHeader(h http.Header) http.Header {
hc := http.Header{}
for k, v := range h {
@@ -1202,3 +1182,200 @@ func copyHeader(h http.Header) http.Header {
}
return hc
}
+
+func (s *IntegrationSuite) TestDownloadLogging(c *check.C) {
+ h := handler{Config: newConfig(s.ArvConfig)}
+ u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
+ req := &http.Request{
+ Method: "GET",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.ActiveToken},
+ },
+ }
+
+ var logbuf bytes.Buffer
+ logger := logrus.New()
+ logger.Out = &logbuf
+ resp := httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+}
+
+func (s *IntegrationSuite) TestUploadLogging(c *check.C) {
+ defer func() {
+ client := s.testServer.Config.Client
+ client.RequestAndDecode(nil, "POST", "database/reset", nil, nil)
+ }()
+
+ h := handler{Config: newConfig(s.ArvConfig)}
+ u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/bar")
+ req := &http.Request{
+ Method: "PUT",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.ActiveToken},
+ },
+ Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
+ }
+
+ var logbuf bytes.Buffer
+ logger := logrus.New()
+ logger.Out = &logbuf
+ resp := httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+}
+
+func (s *IntegrationSuite) TestDownloadPermission(c *check.C) {
+ config := newConfig(s.ArvConfig)
+ h := handler{Config: config}
+ u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
+
+ for _, adminperm := range []bool{true, false} {
+ for _, userperm := range []bool{true, false} {
+
+ config.cluster.Collections.KeepWebPermission.Admin.Download = adminperm
+ config.cluster.Collections.KeepWebPermission.User.Download = userperm
+
+ // Test admin permission
+ req := &http.Request{
+ Method: "GET",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.AdminToken},
+ },
+ }
+
+ var logbuf bytes.Buffer
+ logger := logrus.New()
+ logger.Out = &logbuf
+ resp := httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ if adminperm {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusOK)
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+ } else {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
+ c.Check(logbuf.String(), check.Equals, "")
+ }
+
+ // Test user permission
+ req = &http.Request{
+ Method: "GET",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.ActiveToken},
+ },
+ }
+
+ logbuf = bytes.Buffer{}
+ logger = logrus.New()
+ logger.Out = &logbuf
+ resp = httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ if userperm {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusOK)
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File download".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+ } else {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
+ c.Check(logbuf.String(), check.Equals, "")
+ }
+ }
+ }
+}
+
+func (s *IntegrationSuite) TestUploadPermission(c *check.C) {
+ defer func() {
+ client := s.testServer.Config.Client
+ client.RequestAndDecode(nil, "POST", "database/reset", nil, nil)
+ }()
+
+ config := newConfig(s.ArvConfig)
+ h := handler{Config: config}
+ u := mustParseURL("http://" + arvadostest.FooCollection + ".keep-web.example/foo")
+
+ for _, adminperm := range []bool{true, false} {
+ for _, userperm := range []bool{true, false} {
+
+ config.cluster.Collections.KeepWebPermission.Admin.Upload = adminperm
+ config.cluster.Collections.KeepWebPermission.User.Upload = userperm
+
+ // Test admin permission
+ req := &http.Request{
+ Method: "PUT",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.AdminToken},
+ },
+ Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
+ }
+
+ var logbuf bytes.Buffer
+ logger := logrus.New()
+ logger.Out = &logbuf
+ resp := httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ if adminperm {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusCreated)
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+ } else {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
+ c.Check(logbuf.String(), check.Equals, "")
+ }
+
+ // Test user permission
+ req = &http.Request{
+ Method: "PUT",
+ Host: u.Host,
+ URL: u,
+ RequestURI: u.RequestURI(),
+ Header: http.Header{
+ "Authorization": {"Bearer " + arvadostest.ActiveToken},
+ },
+ Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
+ }
+
+ logbuf = bytes.Buffer{}
+ logger = logrus.New()
+ logger.Out = &logbuf
+ resp = httptest.NewRecorder()
+ req = req.WithContext(ctxlog.Context(context.Background(), logger))
+ h.ServeHTTP(resp, req)
+
+ if userperm {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusCreated)
+ c.Check(logbuf.String(), check.Matches, `(?ms).*msg="File upload".*`)
+ c.Check(logbuf.String(), check.Not(check.Matches), `(?ms).*level=error.*`)
+ } else {
+ c.Check(resp.Result().StatusCode, check.Equals, http.StatusForbidden)
+ c.Check(logbuf.String(), check.Equals, "")
+ }
+ }
+ }
+}
diff --git a/services/keep-web/server_test.go b/services/keep-web/server_test.go
index 5c68eb424..a65a48892 100644
--- a/services/keep-web/server_test.go
+++ b/services/keep-web/server_test.go
@@ -34,6 +34,7 @@ var _ = check.Suite(&IntegrationSuite{})
// IntegrationSuite tests need an API server and a keep-web server
type IntegrationSuite struct {
testServer *server
+ ArvConfig *arvados.Config
}
func (s *IntegrationSuite) TestNoToken(c *check.C) {
@@ -389,7 +390,7 @@ func (s *IntegrationSuite) TestMetrics(c *check.C) {
c.Check(summaries["request_duration_seconds/get/404"].SampleCount, check.Equals, "1")
c.Check(summaries["time_to_status_seconds/get/404"].SampleCount, check.Equals, "1")
c.Check(counters["arvados_keepweb_collectioncache_requests//"].Value, check.Equals, int64(2))
- c.Check(counters["arvados_keepweb_collectioncache_api_calls//"].Value, check.Equals, int64(1))
+ c.Check(counters["arvados_keepweb_collectioncache_api_calls//"].Value, check.Equals, int64(2))
c.Check(counters["arvados_keepweb_collectioncache_hits//"].Value, check.Equals, int64(1))
c.Check(counters["arvados_keepweb_collectioncache_pdh_hits//"].Value, check.Equals, int64(1))
c.Check(counters["arvados_keepweb_collectioncache_permission_hits//"].Value, check.Equals, int64(1))
@@ -446,6 +447,7 @@ func (s *IntegrationSuite) SetUpTest(c *check.C) {
cfg.cluster.ManagementToken = arvadostest.ManagementToken
cfg.cluster.SystemRootToken = arvadostest.SystemRootToken
cfg.cluster.Users.AnonymousUserToken = arvadostest.AnonymousToken
+ s.ArvConfig = arvCfg
s.testServer = &server{Config: cfg}
err = s.testServer.Start(ctxlog.TestLogger(c))
c.Assert(err, check.Equals, nil)
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list