Closed justin-ys closed 10 months ago
Your first failure seems to be on the basic tyk test. Does the command always fail?
curl "http://candig.docker.internal:3333/ga4gh/drs/v1/service-info"
curl "http://candig.docker.internal:5080/genomics/ga4gh/drs/v1/service-info" \
-H 'Authorization: Bearer <site admin token>'
(also please paste the results from the tyk log of that last command, the curl for 5080)
To streamline this sort of debugging, I added some print statements. Can you pull the branch from https://github.com/CanDIG/CanDIGv2/pull/238 on top of your stack and then give me the results from make test-integration?
The two Tyk commands are working and the Tyk-related tests now seem to pass after a rebuild and waiting a little. Here's the result of test-integration using the new branch: https://gist.github.com/jman005/b3838ba2785f9805c47697bae1738304
What are the changes in your opa submodule? Those are the next tests that are failing, and I can't tell what changes you've made.
Also your vault seems to have sealed itself; you will have to unseal it. You should be able to do so by restarting the vault-runner container.
If that doesn't fix it, I would need to see what is in your vault log and how it's failing to unseal.
Rebuilding once again seems to have fixed the vault seal. There are no changes to opa, I'm really not sure why git status is showing that. git branch
in the opa directory shows that it is on main and git stash shows no local changes. Here is the most recent log:
https://gist.github.com/jman005/b3838ba2785f9805c47697bae1738304 (I'm just using the same link and editing it by the way)
I think that maybe the paths in Opa are out of date and aren't matching what we expect in the test?
What are the values you get when you do:
## opa paths
curl -X "POST" "http://candig.docker.internal:5080/policy/v1/data/paths" \
-H 'Authorization: Bearer <site admin token>' \
-H 'Content-Type: application/json; charset=utf-8' \
-d $'{}'
My output is {"result":{"get":["/v2/discovery/?.*","/v2/authorized/?.*","/htsget/v1/variants/?.*","/htsget/v1/variants/search","/htsget/v1/variants/?.*/index","/htsget/v1/reads/?.*","/ga4gh/drs/v1/objects/?.*","/ga4gh/drs/v1/datasets/?.*","/beacon/v2/g_variants/?.*"],"post":["/htsget/v1/variants/search","/htsget/v1/variants/?.*/index","/beacon/v2/g_variants/?.*"]},"warning":{"code":"api_usage_warning","message":"'input' key missing from the request"}}
What does it say in line 83 of your test_integration.py? Mine says
payload = {"input": {"body": {"path": "/v2/discovery/", "method": "GET"}}}
Mine is response = requests.post(f"{ENV['CANDIG_ENV']['OPA_URL']}/v1/data/permissions/datasets", json=payload, headers=headers)
That looks like my line 93, not 83. There should be something about a payload that looks like what I posted.
The problem turned out to be a merge conflict. New log after the fix is at the same gist link.
UGH now I really don't know. HTSGet is acting like it thinks user2 is not a site admin, but the test_site_admin test is before that and passes just fine...
Following up...this is working for you now, correct?
Only on my branch with the new auth model, otherwise they still fail.
And the failure is that htsget can't authorize site admins, but the test_site_admin test in test_integration works fine?
Yes, that seems to be the case. (Additionally the "add sample to dataset" test also fails) Notably the site admin test fails with a 404, so it seems the problem isn't admin authentication but failing to get a certain htsget endpoint (the logs seem to indicate /genomics/htsget/v1/v1/variants/data/{obj})
There seems to be a typo in that print statement (but not the one that is the actual assertion) on line 299 of test_integration.py: it should be print(f"{ENV['CANDIG_URL']}/genomics/htsget/v1/variants/data/{obj}")
but that doesn't matter since it's not actually using that URL.
One last thing: I am noticing that the failure you have in htsget's tests happen on line 115 of the test code. That's not the current version of htsget. You also seem to be building on the old version as well. Can you make sure that your submodule of htsget is pulled to v2.1.0, sha c92359e? That is the version that is in develop of CanDIGv2.
=================================== FAILURES ===================================
______________________________ test_post_objects _______________________________
drs_objects = [{'access_methods': [{'access_id': 'candig_docker_internal_9000/testhtsget/NA18537.vcf.gz.tbi', 'type': 's3'}], 'alias...gz.tbi'], 'id': 'index', 'name': 'multisample_1.vcf.gz.tbi'}], 'created_time': '2021-09-27T18:40:00.538843', ...}, ...]
> ???
E assert 403 == 200
E + where 403 = <Response [403]>.status_code
/home/justin/Programs/CanDIGv2/lib/htsget/htsget_app/tests/test_htsget_server.py:115: AssertionError
----------------------------- Captured stdout call -----------------------------
POST NA18537.vcf.gz.tbi: {
"message": "User is not authorized to POST"
}
Git insists the submodule is on exactly that version/commit, although when I stashed it did grab some changes for some reason. However even after rebuilding without them I get the same errors.
Please add the results of the following commands:
git status
git submodule status
cat tmp/error.txt
docker ps
make test-integration