[ARVADOS] updated: 1.3.0-1880-g98e4a92f0
Git user
git at public.curoverse.com
Mon Nov 18 18:50:57 UTC 2019
Summary of changes:
.../app/views/layouts/application.html.erb | 2 +-
build/run-build-packages.sh | 1 -
build/run-library.sh | 9 +-
build/run-tests.sh | 54 +-
doc/_config.yml | 1 +
doc/_includes/_wb2_vocabulary_example.liquid | 27 +
doc/admin/activation.html.textile.liquid | 29 +-
doc/admin/migrating-providers.html.textile.liquid | 4 +-
doc/admin/reassign-ownership.html.textile.liquid | 2 +-
doc/admin/troubleshooting.html.textile.liquid | 2 +-
.../workbench2-vocabulary.html.textile.liquid | 51 +
doc/api/methods/users.html.textile.liquid | 2 +-
.../install-workbench2-app.html.textile.liquid | 4 +
go.mod | 65 ++
go.sum | 256 +++++
lib/config/config.default.yml | 23 +-
lib/config/deprecated.go | 108 +-
lib/config/deprecated_test.go | 37 +
lib/config/export.go | 5 +-
lib/config/generated_config.go | 23 +-
lib/controller/federation/conn.go | 33 +-
lib/controller/federation/list_test.go | 4 +-
lib/controller/federation/login_test.go | 32 +
lib/controller/handler.go | 1 +
lib/controller/handler_test.go | 11 +-
lib/controller/localdb/conn.go | 43 +
lib/controller/localdb/login.go | 275 +++++
lib/controller/localdb/login_test.go | 450 ++++++++
lib/controller/railsproxy/railsproxy.go | 13 +-
lib/controller/router/response.go | 13 +-
lib/controller/router/router.go | 9 +-
lib/controller/rpc/conn.go | 62 +-
lib/controller/rpc/conn_test.go | 13 +-
sdk/go/arvados/api.go | 9 +
sdk/go/arvados/client.go | 44 +-
sdk/go/arvados/config.go | 11 +-
sdk/go/arvados/login.go | 26 +
sdk/go/arvadostest/api.go | 9 +
sdk/go/arvadostest/proxy.go | 72 ++
.../arvados/client/api/client/BaseApiClient.java | 4 +-
.../api/client/factory/OkHttpClientFactory.java | 82 +-
.../org/arvados/client/facade/ArvadosFacade.java | 12 +
.../client/factory/OkHttpClientFactoryTest.java | 4 +-
.../api/app/controllers/database_controller.rb | 2 +-
.../app/controllers/user_sessions_controller.rb | 17 +-
services/api/app/models/api_client.rb | 21 +
services/api/app/models/user.rb | 2 -
services/api/config/application.rb | 5 +
services/api/config/arvados_config.rb | 5 +-
.../functional/user_sessions_controller_test.rb | 19 +
services/api/test/unit/api_client_test.rb | 26 +-
.../dockercleaner/arvados-docker-cleaner.service | 1 -
services/keep-balance/balance.go | 230 ++--
services/keep-balance/balance_test.go | 185 +--
services/keep-web/handler_test.go | 7 +-
services/keep-web/server_test.go | 8 +-
services/keepstore/mounts_test.go | 10 +-
tools/arvbox/lib/arvbox/docker/go-setup.sh | 22 +-
vendor/.gitignore | 3 -
vendor/vendor.json | 1185 --------------------
60 files changed, 2084 insertions(+), 1601 deletions(-)
create mode 100644 doc/_includes/_wb2_vocabulary_example.liquid
create mode 100644 doc/admin/workbench2-vocabulary.html.textile.liquid
create mode 100644 go.mod
create mode 100644 go.sum
create mode 100644 lib/controller/federation/login_test.go
create mode 100644 lib/controller/localdb/conn.go
create mode 100644 lib/controller/localdb/login.go
create mode 100644 lib/controller/localdb/login_test.go
create mode 100644 sdk/go/arvados/login.go
create mode 100644 sdk/go/arvadostest/proxy.go
delete mode 100644 vendor/.gitignore
delete mode 100644 vendor/vendor.json
via 98e4a92f007533b2924604e4f83da9a6d15e0ef3 (commit)
via 8b43f32b2c11d45f951bf4ff1bffab03d391ff41 (commit)
via ea42eaf1e8776704de1ef75d01259d33dcabaef3 (commit)
via aae18e1164b31dc835e41784263d25b79893a6b3 (commit)
via 1cecaf33d7f4220b4def80410b909f1f60641365 (commit)
via 83ff3cf356298f677e91d50a04b36e4dab0d6da0 (commit)
via a8ea767dfa430504d71610513e9f31c0e73dcfda (commit)
via fa8e7a738b2dae08057b35ac9a06f7be904b804a (commit)
via 983669a566b89e56640638d85f40a77ce38a42b0 (commit)
via 0102502bf61d9e8556186ee45848c6fdcabf7f93 (commit)
via d97c9ecca25f449ad928963f6257a01a8bbbf1e7 (commit)
via 73eb047a9a1eb83d10c84cc959fdd049b7fd5fab (commit)
via 3b9af4b0f7eb42115f57189f657b12a0ae2e3a8c (commit)
via 89e13889a23cb154244a5d6f8f8fb919e386b51d (commit)
via acb8ea09b9d699bb5c955a5279a0aca2e0906c39 (commit)
via ca6544470298ca1586b7de5ead8c5ff4894443fe (commit)
via c38a28a51ba3fbe3fe58e72a5e16c27f79c89719 (commit)
via 4e03c16ce84982605e8f5b2a56dd19ab0a11980c (commit)
via c00d9e1595d07e6941bb2fbfb8b4e57c3c4ba856 (commit)
via 7e23ed42b6e4eab1dd5e39ece5b0830b740bab1e (commit)
via d0dd092c8b1410f9fbe3bf5a5d39a576a6ab8fda (commit)
via 7716328e40d57599776a703c7113788990aba708 (commit)
via 05077735f59ec3027c365aeeb270ddc78727ce14 (commit)
via 9294e4624a4ee682256db95e371a4429a2313b1e (commit)
via bf51a7513e3c82f9f6e662597bb9db217463af9c (commit)
via f00aabd51e64355ca9f6001bd0f87fd162812915 (commit)
via e9bfb6900e3340bfcdcea691466cd849ca7d9ffc (commit)
via 4971e4c02df33e279e123330167d02d0b6041e81 (commit)
via e15084830d760c30712cf6044ffb3448abf349fa (commit)
via 1dee1aad0573bf3a54d536c8dd3693a352cf0cbe (commit)
via e4f24472e880dc06649bf98b8fd573ecd52f1d4d (commit)
via 2c584384d1ba67f53b416ffbf30b8a693c4050e9 (commit)
via 522d525a4dcbf11a22d14ea78a0c362272533c34 (commit)
via b30dca66a056bc6ee627bab5956dd8884a0e74aa (commit)
via 8f8a266743b7f0b729cf0178e2613fff7d0a9f80 (commit)
via f2fe9d6849278c11a841d74a26003df1e34b2802 (commit)
via 66b6b6f08f445e56ec299882e8e90b52f4af39e0 (commit)
via ae562784e8d8d8bd501c0bd373739d0a2da8fc9f (commit)
via 2630ff073bc55441db7c7cedab9b55528e265def (commit)
via 514fb685c9d835441e0911d9b9499952b6787095 (commit)
via 8e6c0553ed9c44221dd40408d43d9ce426e89533 (commit)
via deaf1d8f2f694b09562eddac055ccebba5a98517 (commit)
via 0e077171d332434bf727a018691165a6b0621b68 (commit)
from 82d733300a8dd1859b9cd06f3989a2fe30c43887 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 98e4a92f007533b2924604e4f83da9a6d15e0ef3
Merge: 8b43f32b2 aae18e116
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Nov 18 12:26:41 2019 -0500
Merge branch 'master' into 15577-ownership-transfer
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --cc doc/_config.yml
index d034604f9,404d2f6c6..76c967ac4
--- a/doc/_config.yml
+++ b/doc/_config.yml
@@@ -179,8 -175,10 +179,9 @@@ navbar
- admin/controlling-container-reuse.html.textile.liquid
- admin/logs-table-management.html.textile.liquid
- Other:
- - admin/troubleshooting.html.textile.liquid
- install/migrate-docker19.html.textile.liquid
- admin/upgrade-crunch2.html.textile.liquid
+ - admin/workbench2-vocabulary.html.textile.liquid
installguide:
- Overview:
- install/index.html.textile.liquid
diff --cc lib/config/config.default.yml
index d9dc66468,81c36b9bf..6dcf2dbf3
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@@ -509,9 -511,15 +511,15 @@@ Clusters
GoogleClientID: ""
GoogleClientSecret: ""
+ # Allow users to log in to existing accounts using any verified
+ # email address listed by their Google account. If true, the
+ # Google People API must be enabled in order for Google login to
+ # work. If false, only the primary email address will be used.
+ GoogleAlternateEmailAddresses: true
+
# The cluster ID to delegate the user database. When set,
# logins on this cluster will be redirected to the login cluster
- # (login cluster must appear in RemoteHosts with Proxy: true)
+ # (login cluster must appear in RemoteClusters with Proxy: true)
LoginCluster: ""
# How long a cached token belonging to a remote cluster will
commit 8b43f32b2c11d45f951bf4ff1bffab03d391ff41
Merge: ea42eaf1e 89e13889a
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Nov 18 12:20:58 2019 -0500
Merge branch 'master' into 15577-ownership-transfer
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
commit ea42eaf1e8776704de1ef75d01259d33dcabaef3
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Mon Nov 18 12:20:17 2019 -0500
15577: Edits based on feedback
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/doc/admin/activation.html.textile.liquid b/doc/admin/activation.html.textile.liquid
index 11e671e95..cce83c70b 100644
--- a/doc/admin/activation.html.textile.liquid
+++ b/doc/admin/activation.html.textile.liquid
@@ -10,6 +10,10 @@ Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
+{% comment %}
+TODO: Link to relevant workbench documentation when it gets written
+{% endcomment %}
+
This page describes how user accounts are created, set up and activated.
h2. Authentication
@@ -32,7 +36,7 @@ A federated user follows a slightly different flow. The client presents a token
h2. User activation
-Following authentication, a user record has been found or created.
+This section describes the different user account states.
!(full-width){{site.baseurl}}/images/user-account-states.svg!
@@ -40,28 +44,28 @@ notextile. <div class="spaced-out">
# A new user record is not set up, and not active. An inactive user cannot create or update any object, but can read Arvados objects that the user account has permission to read (such as publicly available items readable by the "anonymous" user).
# Using Workbench or the "command line":{{site.baseurl}}/install/cheat_sheet.html , the admin invokes @setup@ on the user.
-If @Users.AutoSetupNewUsers@ is true, this happens automatically during user creation, so in that case new users start at step (3).
+If "Users.AutoSetupNewUsers":config.html is true, this happens automatically during user creation, so in that case new users start at step (3).
The setup method adds the user to the "All users" group.
-If @Users.AutoSetupNewUsersWithRepository@ is true, a new git repo is created for the user.
-If @Users.AutoSetupNewUsersWithVmUUID@ is set, the user is given login permission to the specified shell node
+If "Users.AutoSetupNewUsersWithRepository":config.html is true, a new git repo is created for the user.
+If "Users.AutoSetupNewUsersWithVmUUID":config.html is set, the user is given login permission to the specified shell node
# User is set up, but still not yet active. The browser presents "user agreements":#user_agreements (if any) and then invokes the user @activate@ method on the user's behalf.
# The user @activate@ method checks that all "user agreements":#user_agreements are signed. If so, or there are no user agreements, the user is activated.
# The user is active. User has normal access to the system.
# From steps (1) and (3), an admin user can directly update the @is_active@ flag. This bypasses enforcement that user agreements are signed.
If the user was not yet set up (still in step (1)), it adds the user to the "All users", but bypasses creating default git repository and assigning default VM access.
-# An existing user can have their access revoked using @unsetup@ and "ownership reassignment.":reassign-ownership.html .
+# An existing user can have their access revoked using @unsetup@ and "ownership reassigned.":reassign-ownership.html .
Unsetup removes the user from the "All users" group and makes them inactive, preventing them from re-activating themselves.
"Ownership reassignment":reassign-ownership.html moves any objects or permission from the old user to a new user and deletes any credentials for the old user.
notextile. </div>
-User management can be performed through the web Workbench or the command line. See "user management at the CLI":{{site.baseurl}}/install/cheat_sheet.html for specific examples.
+User management can be performed through the web using Workbench or the command line. See "user management at the CLI":{{site.baseurl}}/install/cheat_sheet.html for specific examples.
h2(#user_agreements). User agreements and self-activation
-The @activate@ method of the users controller checks if the user user account is part of the "All Users" group and whether the user has "signed" all the user agreements.
+The @activate@ method of the users controller checks if the user account is part of the "All Users" group and whether the user has "signed" all the user agreements.
-User agreements are accessed through the "user_agreements API":{{site.baseurl}}/api/methods/user_agreements.html . This returns a list of collection records. This is executed as a system user, so it bypasses normal read permission checks.
+User agreements are accessed through the "user_agreements API":{{site.baseurl}}/api/methods/user_agreements.html . This returns a list of collection records.
The user agreements that users are required to sign should be added to the @links@ table this way:
@@ -99,12 +103,13 @@ The user profile is checked by workbench after checking if user agreements need
h2(#pre-activated). Pre-setup user by email address
-You may create a user account for a user that has not yet logged in, and identify the user by email address. This will bypass
+You may create a user account for a user that has not yet logged in, and identify the user by email address.
1. As an admin, create a user object:
<pre>
-$ arv user create --user '{"email": "foo at example.com", "username": "foo"}'
+$ arv --format=uuid user create --user '{"email": "foo at example.com", "username": "foo"}'
+clsr1-tpzed-1234567890abcdf
$ arv user setup --uuid clsr1-tpzed-1234567890abcdf
</pre>
@@ -122,7 +127,7 @@ $ arv user create --user '{"uuid": "clsr2-tpzed-1234567890abcdf", "email": "foo@
h2. Auto-setup federated users from trusted clusters
-In the API server config, set @ActivateUsers: true@ for each federated cluster in @RemoteClusters@ . A federated user from one of the listed clusters which @is_active@ on the home cluster will be automatically set up and activated on this cluster.
+By setting @ActivateUsers: true@ for each federated cluster in @RemoteClusters@, a federated user from one of the listed clusters will be automatically set up and activated on this cluster. See configuration example in "Federated instance":#federated .
h2. Activation flows
@@ -144,7 +149,7 @@ Users:
# On refreshing workbench, the user is able to self-activate after signing clickthrough agreements (if any).
# Alternately, directly setting @is_active@ to true also sets up the user, but skips clickthrough agreements (because the user is already active).
-h3. Federated instance
+h3(#federated). Federated instance
Policy: users from other clusters in the federation are activated, users from outside the federation must be manually approved.
diff --git a/doc/admin/migrating-providers.html.textile.liquid b/doc/admin/migrating-providers.html.textile.liquid
index 31127ee64..6503f691b 100644
--- a/doc/admin/migrating-providers.html.textile.liquid
+++ b/doc/admin/migrating-providers.html.textile.liquid
@@ -1,7 +1,7 @@
---
layout: default
navsection: admin
-title: "Migrating account providers"
+title: "Changing login providers"
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
@@ -9,7 +9,7 @@ Copyright (C) The Arvados Authors. All rights reserved.
SPDX-License-Identifier: CC-BY-SA-3.0
{% endcomment %}
-This page describes how to enable users to use more than one provider to log into the same Arvados account. This can be used to migrate account providers, for example, from LDAP to Google. In order to do this, users must be able to log into both the "old" and "new" providers.
+This page describes how to enable users to use more than one upstream identity provider to log into the same Arvados account. This can be used to migrate account providers, for example, from LDAP to Google. In order to do this, users must be able to log into both the "old" and "new" providers.
h2. Configure multiple or alternate provider in SSO
diff --git a/doc/admin/reassign-ownership.html.textile.liquid b/doc/admin/reassign-ownership.html.textile.liquid
index 18b16f6b7..9c33e1825 100644
--- a/doc/admin/reassign-ownership.html.textile.liquid
+++ b/doc/admin/reassign-ownership.html.textile.liquid
@@ -1,7 +1,7 @@
---
layout: default
navsection: admin
-title: "Reassign ownership of a user's data to another user"
+title: "Reassign user data ownership"
...
{% comment %}
Copyright (C) The Arvados Authors. All rights reserved.
diff --git a/doc/admin/troubleshooting.html.textile.liquid b/doc/admin/troubleshooting.html.textile.liquid
index ae2070de7..3eb43c00e 100644
--- a/doc/admin/troubleshooting.html.textile.liquid
+++ b/doc/admin/troubleshooting.html.textile.liquid
@@ -1,7 +1,7 @@
---
layout: default
navsection: admin
-title: Request ids and logging
+title: Error Logging
...
{% comment %}
diff --git a/doc/api/methods/users.html.textile.liquid b/doc/api/methods/users.html.textile.liquid
index 29bd4bf4e..e297b48ac 100644
--- a/doc/api/methods/users.html.textile.liquid
+++ b/doc/api/methods/users.html.textile.liquid
@@ -137,7 +137,7 @@ table(table table-bordered table-condensed).
h3. activate
-Check that a user has is set up and has signed all the user agreements. If so, activate the user.
+Check that a user has is set up and has signed all the user agreements. If so, activate the user. Users can invoke this for themselves. See "user management":{{site.baseurl}}/admin/activation.html#user_agreements for details.
Arguments:
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list