[ARVADOS] updated: 2.1.0-2167-gb8fbe615b

Git user git at public.arvados.org
Thu Mar 31 19:50:21 UTC 2022 

Summary of changes:
 lib/controller/integration_test.go | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

       via  b8fbe615b87f04fe7cd1e1ad277a11b62aed0db0 (commit)
      from  e7b749c937b70f388111d008eca4631787768a30 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit b8fbe615b87f04fe7cd1e1ad277a11b62aed0db0
Author: Ward Vandewege <ward at curii.com>
Date:   Thu Mar 31 15:50:07 2022 -0400

    18887: add an integration test.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index 9f5d12598..442c9a6df 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -379,6 +379,47 @@ func (s *IntegrationSuite) TestGetCollectionAsAnonymous(c *check.C) {
 	c.Check(coll.PortableDataHash, check.Equals, pdh)
 }
 
+// z3333 should forward the locally-issued anonymous user token to its login
+// cluster z1111. That is no problem because the login cluster controller will
+// map any anonymous user token to its local anonymous user.
+//
+// This needs to work because wb1 has a tendency to slap the local anonymous
+// user token on every request as a reader_token, which gets folded into the
+// request token list controller.
+//
+// Use a z1111 user token and the anonymous token from z3333 passed in as a
+// reader_token to do a request on z3333, asking for the z1111 anonymous user
+// object. The request will be forwarded to the z1111 cluster. The presence of
+// the z3333 anonymous user token should not prohibit the request from being
+// forwarded.
+func (s *IntegrationSuite) TestForwardAnonymousTokenToLoginCluster(c *check.C) {
+	conn1 := s.testClusters["z1111"].Conn()
+	s.testClusters["z3333"].Conn()
+
+	rootctx1, _, _ := s.testClusters["z1111"].RootClients()
+	_, anonac3, _ := s.testClusters["z3333"].AnonymousClients()
+
+	// Make a user connection to z3333 (using a z1111 user, because that's the login cluster)
+	_, userac1, _, _ := s.testClusters["z3333"].UserClients(rootctx1, c, conn1, "user at example.com", true)
+
+	// Get the anonymous user token for z3333
+	var anon3Auth arvados.APIClientAuthorization
+	err := anonac3.RequestAndDecode(&anon3Auth, "GET", "/arvados/v1/api_client_authorizations/current", nil, nil)
+	c.Check(err, check.IsNil)
+
+	var userList arvados.UserList
+	where := make(map[string]string)
+	where["uuid"] = "z1111-tpzed-anonymouspublic"
+	err = userac1.RequestAndDecode(&userList, "GET", "/arvados/v1/users", nil,
+		map[string]interface{}{
+			"reader_tokens": []string{anon3Auth.TokenV2()},
+			"where":         where,
+		},
+	)
+	// The local z3333 anonymous token must be allowed to be forwarded to the login cluster
+	c.Check(err, check.IsNil)
+}
+
 // Get a token from the login cluster (z1111), use it to submit a
 // container request on z2222.
 func (s *IntegrationSuite) TestCreateContainerRequestWithFedToken(c *check.C) {

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list