[ARVADOS] updated: 5386f6657234f3c24a4783cf63ab85016eda85b8
git at public.curoverse.com
git at public.curoverse.com
Thu Jun 18 11:36:01 EDT 2015
Summary of changes:
.../arvados/v1/virtual_machines_controller.rb | 6 +--
services/api/test/fixtures/links.yml | 43 ++++++++++++++++++++++
.../functional/arvados/v1/links_controller_test.rb | 2 +-
.../functional/arvados/v1/users_controller_test.rb | 2 +-
.../arvados/v1/virtual_machines_controller_test.rb | 43 ++++++++++++++++++++++
5 files changed, 91 insertions(+), 5 deletions(-)
via 5386f6657234f3c24a4783cf63ab85016eda85b8 (commit)
via 657235e9e2b90c837efe809fc014fe6fe0cb9b23 (commit)
via daed47277f97a1e972904b1fdcd16f8ce38a4e6a (commit)
from 970bcc6f77a7b1ff14a7ec124e3004d89b1f173a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 5386f6657234f3c24a4783cf63ab85016eda85b8
Merge: 970bcc6 657235e
Author: Brett Smith <brett at curoverse.com>
Date: Thu Jun 18 11:35:40 2015 -0400
Merge branch '6320-api-logins-include-groups-wip'
Refs #6320. Closes #6325.
commit 657235e9e2b90c837efe809fc014fe6fe0cb9b23
Author: Brett Smith <brett at curoverse.com>
Date: Tue Jun 16 09:40:58 2015 -0400
6320: API virtual machines login method include groups information.
This is necessary for the virtual machine user setup script to see the
groups information added in #6254.
This required updating a few tests that assumed the active user had no
access to testvm2.
diff --git a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
index 35e5e42..519178b 100644
--- a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
+++ b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
@@ -24,11 +24,11 @@ class Arvados::V1::VirtualMachinesController < ApplicationController
vm.login_permissions.each do |perm|
user_uuid = perm.tail_uuid
@users[user_uuid].andand.authorized_keys.andand.each do |ak|
- username = perm.properties.andand['username']
- if username
+ unless perm.properties['username'].blank?
@response << {
- username: username,
+ username: perm.properties['username'],
hostname: vm.hostname,
+ groups: (perm.properties["groups"].to_a rescue []),
public_key: ak.public_key,
user_uuid: user_uuid,
virtual_machine_uuid: vm.uuid,
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index d840098..434f9c7 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -818,6 +818,21 @@ admin_can_login_to_testvm2:
properties: {username: 'adminroot', groups: ['docker', 'admin']}
updated_at: 2014-08-06 22:11:51.242010312 Z
+active_can_login_to_testvm2:
+ uuid: zzzzz-o0j2j-rah2ya1ohx9xaev
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ created_at: 2014-08-06 22:11:51.242392533 Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2014-08-06 22:11:51.242150425 Z
+ tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+ link_class: permission
+ name: can_login
+ head_uuid: zzzzz-2x53u-382brsig8rp3065
+ # No groups.
+ properties: {username: 'active'}
+ updated_at: 2014-08-06 22:11:51.242010312 Z
+
spectator_login_link_for_testvm2_without_username:
uuid: zzzzz-o0j2j-aem0eilie1jigh9
owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
diff --git a/services/api/test/functional/arvados/v1/links_controller_test.rb b/services/api/test/functional/arvados/v1/links_controller_test.rb
index 9bf1b0b..1345701 100644
--- a/services/api/test/functional/arvados/v1/links_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/links_controller_test.rb
@@ -122,7 +122,7 @@ class Arvados::V1::LinksControllerTest < ActionController::TestCase
link_class: 'test',
name: 'stuff',
head_uuid: users(:active).uuid,
- tail_uuid: virtual_machines(:testvm2).uuid
+ tail_uuid: authorized_keys(:admin).uuid,
}
authorize_with :active
post :create, link: link
diff --git a/services/api/test/functional/arvados/v1/users_controller_test.rb b/services/api/test/functional/arvados/v1/users_controller_test.rb
index bf27d73..e87068c 100644
--- a/services/api/test/functional/arvados/v1/users_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/users_controller_test.rb
@@ -584,7 +584,7 @@ class Arvados::V1::UsersControllerTest < ActionController::TestCase
assert active_user['is_active'], 'expected is_active for active user'
verify_link_existence active_user['uuid'], active_user['email'],
- false, true, false, true, true
+ false, true, true, true, true
authorize_with :admin
diff --git a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
index d52a581..8ca2a94 100644
--- a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
@@ -23,6 +23,20 @@ class Arvados::V1::VirtualMachinesControllerTest < ActionController::TestCase
assert_equal(perm.properties["username"], admin_login["username"])
end
+ test "groups propagated from permission" do
+ get_logins_for(:testvm2)
+ admin_login = find_login(:admin)
+ perm = links(:admin_can_login_to_testvm2)
+ assert_equal(perm.properties["groups"], admin_login["groups"])
+ end
+
+ test "groups is an empty list by default" do
+ get_logins_for(:testvm2)
+ active_login = find_login(:active)
+ perm = links(:active_can_login_to_testvm2)
+ assert_equal([], active_login["groups"])
+ end
+
test "logins without usernames not listed" do
get_logins_for(:testvm2)
assert_response :success
commit daed47277f97a1e972904b1fdcd16f8ce38a4e6a
Author: Brett Smith <brett at curoverse.com>
Date: Tue Jun 16 09:18:32 2015 -0400
6320: Add tests for API virtual machines login method.
diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 42ecad3..d840098 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -803,6 +803,34 @@ auto_setup_vm_login_username_can_login_to_test_vm:
properties: {username: 'auto_setup_vm_login'}
updated_at: 2014-08-06 22:11:51.242010312 Z
+admin_can_login_to_testvm2:
+ uuid: zzzzz-o0j2j-peek9mecohgh3ai
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ created_at: 2014-08-06 22:11:51.242392533 Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2014-08-06 22:11:51.242150425 Z
+ tail_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ link_class: permission
+ name: can_login
+ head_uuid: zzzzz-2x53u-382brsig8rp3065
+ # username is not obviously related to other user data.
+ properties: {username: 'adminroot', groups: ['docker', 'admin']}
+ updated_at: 2014-08-06 22:11:51.242010312 Z
+
+spectator_login_link_for_testvm2_without_username:
+ uuid: zzzzz-o0j2j-aem0eilie1jigh9
+ owner_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ created_at: 2014-08-06 22:11:51.242392533 Z
+ modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+ modified_by_user_uuid: zzzzz-tpzed-d9tiejq69daie8f
+ modified_at: 2014-08-06 22:11:51.242150425 Z
+ tail_uuid: zzzzz-tpzed-l1s2piq4t4mps8r
+ link_class: permission
+ name: can_login
+ head_uuid: zzzzz-2x53u-382brsig8rp3065
+ updated_at: 2014-08-06 22:11:51.242010312 Z
+
user_foo_can_read_sharing_group:
uuid: zzzzz-o0j2j-gdpvwvpj9kjs5in
owner_uuid: zzzzz-tpzed-000000000000000
diff --git a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
index fd7431d..d52a581 100644
--- a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb
@@ -1,4 +1,33 @@
require 'test_helper'
class Arvados::V1::VirtualMachinesControllerTest < ActionController::TestCase
+ def get_logins_for(vm_sym)
+ authorize_with :admin
+ get(:logins, id: virtual_machines(vm_sym).uuid)
+ end
+
+ def find_login(sshkey_sym)
+ assert_response :success
+ want_key = authorized_keys(sshkey_sym).public_key
+ logins = json_response["items"].select do |login|
+ login["public_key"] == want_key
+ end
+ assert_equal(1, logins.size, "failed to find #{sshkey_sym} login")
+ logins.first
+ end
+
+ test "username propagated from permission" do
+ get_logins_for(:testvm2)
+ admin_login = find_login(:admin)
+ perm = links(:admin_can_login_to_testvm2)
+ assert_equal(perm.properties["username"], admin_login["username"])
+ end
+
+ test "logins without usernames not listed" do
+ get_logins_for(:testvm2)
+ assert_response :success
+ spectator_uuid = users(:spectator).uuid
+ assert_empty(json_response.
+ select { |login| login["user_uuid"] == spectator_uuid })
+ end
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list