[ARVADOS] created: 23a37f77f36717f60884c2b8054a9670b35e611b

Git user git at public.curoverse.com
Thu Oct 13 17:22:53 EDT 2016 

        at  23a37f77f36717f60884c2b8054a9670b35e611b (commit)


commit 23a37f77f36717f60884c2b8054a9670b35e611b
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Thu Oct 13 17:22:46 2016 -0400

    10172: Allow auth_uuid to set container output.  Work in progress.

diff --git a/services/api/app/models/container.rb b/services/api/app/models/container.rb
index 3a16e30..d96af23 100644
--- a/services/api/app/models/container.rb
+++ b/services/api/app/models/container.rb
@@ -18,6 +18,7 @@ class Container < ArvadosModel
   validate :validate_state_change
   validate :validate_change
   validate :validate_lock
+  validate :validate_output
   after_validation :assign_auth
   before_save :sort_serialized_attrs
   after_save :handle_completed
@@ -213,7 +214,7 @@ class Container < ArvadosModel
       permitted.push :priority
 
     when Running
-      permitted.push :priority, :progress
+      permitted.push :priority, :progress, :output
       if self.state_changed?
         permitted.push :started_at
       end
@@ -244,8 +245,10 @@ class Container < ArvadosModel
     # current api_client_auth, disallow all changes -- except
     # priority, which needs to change to reflect max(priority) of
     # relevant ContainerRequests.
-    if locked_by_uuid_was
-      if locked_by_uuid_was != Thread.current[:api_client_authorization].uuid
+    if !locked_by_uuid_was.nil? and locked_by_uuid_was != Thread.current[:api_client_authorization].uuid
+      if auth_uuid_was == Thread.current[:api_client_authorization].uuid
+        check_update_whitelist [:priority, :output, :progress]
+      else
         check_update_whitelist [:priority]
       end
     end
@@ -269,6 +272,19 @@ class Container < ArvadosModel
     self.locked_by_uuid = need_lock
   end
 
+  def validate_output
+    if output_changed?
+      apiauth = ApiClientAuthorization.find_by_uuid(uuid: auth_uuid)
+      c = Collection.
+          readable_by(User.find_by_id(apiauth.user_id)).
+          where(portable_data_hash: self.output).
+          first
+      if !c
+        raise #ArvadosModel::UnresolvableContainerError.new "cannot mount collection #{uuid.inspect}: not found"
+      end
+    end
+  end
+
   def assign_auth
     if self.auth_uuid_changed?
       return errors.add :auth_uuid, 'is readonly'

commit b1158db281c2107b191ddd41dd6b20f32ff04940
Author: Peter Amstutz <peter.amstutz at curoverse.com>
Date:   Thu Oct 13 17:01:21 2016 -0400

    10172: Implement /containers/current endpoint to get current container for API token.

diff --git a/services/api/app/controllers/arvados/v1/containers_controller.rb b/services/api/app/controllers/arvados/v1/containers_controller.rb
index fb748e9..3495459 100644
--- a/services/api/app/controllers/arvados/v1/containers_controller.rb
+++ b/services/api/app/controllers/arvados/v1/containers_controller.rb
@@ -4,6 +4,8 @@ class Arvados::V1::ContainersController < ApplicationController
   accept_attribute_as_json :runtime_constraints, Hash
   accept_attribute_as_json :command, Array
 
+  skip_before_filter :render_404_if_no_object, only: [:current]
+
   def auth
     if @object.locked_by_uuid != Thread.current[:api_client_authorization].uuid
       raise ArvadosModel::PermissionDeniedError.new("Not locked by your token")
@@ -29,4 +31,18 @@ class Arvados::V1::ContainersController < ApplicationController
     @object.unlock
     show
   end
+
+  def current
+    if Thread.current[:api_client_authorization].nil?
+      send_error("Not logged in", status: 401)
+    else
+      c = Container.where(auth_uuid: Thread.current[:api_client_authorization].uuid).first
+      if c.nil?
+        send_error("Token is not associated with a container.", status: 404)
+      else
+        @object = c
+        show
+      end
+    end
+  end
 end
diff --git a/services/api/config/routes.rb b/services/api/config/routes.rb
index 3638c72..f283904 100644
--- a/services/api/config/routes.rb
+++ b/services/api/config/routes.rb
@@ -33,6 +33,7 @@ Server::Application.routes.draw do
         get 'auth', on: :member
         post 'lock', on: :member
         post 'unlock', on: :member
+        get 'current', on: :collection
       end
       resources :container_requests
       resources :jobs do
diff --git a/services/api/test/fixtures/api_client_authorizations.yml b/services/api/test/fixtures/api_client_authorizations.yml
index de14838..7af4f37 100644
--- a/services/api/test/fixtures/api_client_authorizations.yml
+++ b/services/api/test/fixtures/api_client_authorizations.yml
@@ -284,3 +284,10 @@ dispatch1:
   user: system_user
   api_token: kwi8oowusvbutahacwk2geulqewy5oaqmpalczfna4b6bb0hfw
   expires_at: 2038-01-01 00:00:00
+
+running_container_auth:
+  uuid: zzzzz-gj3su-077z32aux8dg2s2
+  api_client: untrusted
+  user: active
+  api_token: 3kg6k6lzmp9kj6bpkcoxie963cmvjahbt2fod9zru30k1jqdmi
+  expires_at: 2038-01-01 00:00:00
diff --git a/services/api/test/fixtures/containers.yml b/services/api/test/fixtures/containers.yml
index 29266d3..d1f4c7b 100644
--- a/services/api/test/fixtures/containers.yml
+++ b/services/api/test/fixtures/containers.yml
@@ -28,7 +28,7 @@ running:
   runtime_constraints:
     ram: 12000000000
     vcpus: 4
-  auth_uuid: zzzzz-gj3su-077z32aux8dg2s1
+  auth_uuid: zzzzz-gj3su-077z32aux8dg2s2
 
 running_older:
   uuid: zzzzz-dz642-runningcontain2
@@ -133,7 +133,7 @@ requester_container:
   runtime_constraints:
     ram: 12000000000
     vcpus: 4
-  auth_uuid: zzzzz-gj3su-077z32aux8dg2s1
+  auth_uuid: zzzzz-gj3su-077z32aux8dg2s3
 
 failed_container:
   uuid: zzzzz-dz642-failedcontainr1
diff --git a/services/api/test/functional/arvados/v1/containers_controller_test.rb b/services/api/test/functional/arvados/v1/containers_controller_test.rb
index cf1f576..d923e01 100644
--- a/services/api/test/functional/arvados/v1/containers_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/containers_controller_test.rb
@@ -87,4 +87,24 @@ class Arvados::V1::ContainersControllerTest < ActionController::TestCase
       assert_equal state, Container.where(uuid: uuid).first.state
     end
   end
+
+  test 'get current container for token' do
+    authorize_with :running_container_auth
+    c = Container.where(auth_uuid: Thread.current[:api_client_authorization].uuid).first
+    get :current
+    assert_response :success
+    assert_equal containers(:running).uuid, json_response['uuid']
+  end
+
+  test 'no container associated with token' do
+    authorize_with :dispatch1
+    get :current
+    assert_response 404
+  end
+
+  test 'try get current container, no token' do
+    get :current
+    assert_response 401
+  end
+
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list