[ARVADOS] created: 1.3.0-1911-gf9b77d021
Git user
git at public.curoverse.com
Sat Nov 23 02:33:43 UTC 2019
at f9b77d02131fc84a59ba72118dd41f34c894277f (commit)
commit f9b77d02131fc84a59ba72118dd41f34c894277f
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Fri Nov 22 21:33:25 2019 -0500
15795: Accept SystemRootToken from configuration
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index e84a3d218..7eb47058e 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -109,7 +109,7 @@ class ApiClientAuthorization < ArvadosModel
end
def self.validate(token:, remote: nil)
- return nil if !token
+ return nil if token.nil? or token.empty?
remote ||= Rails.configuration.ClusterID
case token[0..2]
@@ -261,6 +261,13 @@ class ApiClientAuthorization < ArvadosModel
end
return auth
else
+ if token == Rails.configuration.SystemRootToken
+ # Return a bogus record, this won't get saved to the database.
+ return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
+ api_token: token,
+ api_client_id: 0)
+ end
+
# token is not a 'v2' token
auth = ApiClientAuthorization.
includes(:user, :api_client).
diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index f82f6e5f3..592d0b59f 100644
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -85,7 +85,7 @@ end
arvcfg = ConfigLoader.new
arvcfg.declare_config "ClusterID", NonemptyString, :uuid_prefix
arvcfg.declare_config "ManagementToken", String, :ManagementToken
-arvcfg.declare_config "SystemRootToken", String
+arvcfg.declare_config "SystemRootToken", NonemptyString
arvcfg.declare_config "Git.Repositories", String, :git_repositories_dir
arvcfg.declare_config "API.DisabledAPIs", Hash, :disable_api_methods, ->(cfg, k, v) { arrayToHash cfg, "API.DisabledAPIs", v }
arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size
@@ -111,7 +111,7 @@ arvcfg.declare_config "Login.ProviderAppID", String, :sso_app_id
arvcfg.declare_config "Login.LoginCluster", String
arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration
arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure
-arvcfg.declare_config "Services.SSO.ExternalURL", NonemptyString, :sso_provider_url
+arvcfg.declare_config "Services.SSO.ExternalURL", String, :sso_provider_url
arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age
arvcfg.declare_config "AuditLogs.MaxDeleteBatch", Integer, :max_audit_log_delete_batch
arvcfg.declare_config "AuditLogs.UnloggedAttributes", Hash, :unlogged_attributes, ->(cfg, k, v) { arrayToHash cfg, "AuditLogs.UnloggedAttributes", v }
diff --git a/services/api/test/unit/api_client_authorization_test.rb b/services/api/test/unit/api_client_authorization_test.rb
index c390a02c0..591b05420 100644
--- a/services/api/test/unit/api_client_authorization_test.rb
+++ b/services/api/test/unit/api_client_authorization_test.rb
@@ -26,4 +26,12 @@ class ApiClientAuthorizationTest < ActiveSupport::TestCase
assert_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
end
+ test "accepts SystemRootToken" do
+ assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+ Rails.configuration.SystemRootToken = "xxxSystemRootTokenxxx"
+ auth = ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+ assert_equal "xxxSystemRootTokenxxx", auth.api_token
+ assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+ end
+
end
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list