[ARVADOS] created: 1.3.0-1911-gf9b77d021

Git user git at public.curoverse.com
Sat Nov 23 02:33:43 UTC 2019


        at  f9b77d02131fc84a59ba72118dd41f34c894277f (commit)


commit f9b77d02131fc84a59ba72118dd41f34c894277f
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Fri Nov 22 21:33:25 2019 -0500

    15795: Accept SystemRootToken from configuration
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index e84a3d218..7eb47058e 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -109,7 +109,7 @@ class ApiClientAuthorization < ArvadosModel
   end
 
   def self.validate(token:, remote: nil)
-    return nil if !token
+    return nil if token.nil? or token.empty?
     remote ||= Rails.configuration.ClusterID
 
     case token[0..2]
@@ -261,6 +261,13 @@ class ApiClientAuthorization < ArvadosModel
       end
       return auth
     else
+      if token == Rails.configuration.SystemRootToken
+        # Return a bogus record, this won't get saved to the database.
+        return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
+                                          api_token: token,
+                                          api_client_id: 0)
+      end
+
       # token is not a 'v2' token
       auth = ApiClientAuthorization.
                includes(:user, :api_client).
diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index f82f6e5f3..592d0b59f 100644
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -85,7 +85,7 @@ end
 arvcfg = ConfigLoader.new
 arvcfg.declare_config "ClusterID", NonemptyString, :uuid_prefix
 arvcfg.declare_config "ManagementToken", String, :ManagementToken
-arvcfg.declare_config "SystemRootToken", String
+arvcfg.declare_config "SystemRootToken", NonemptyString
 arvcfg.declare_config "Git.Repositories", String, :git_repositories_dir
 arvcfg.declare_config "API.DisabledAPIs", Hash, :disable_api_methods, ->(cfg, k, v) { arrayToHash cfg, "API.DisabledAPIs", v }
 arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size
@@ -111,7 +111,7 @@ arvcfg.declare_config "Login.ProviderAppID", String, :sso_app_id
 arvcfg.declare_config "Login.LoginCluster", String
 arvcfg.declare_config "Login.RemoteTokenRefresh", ActiveSupport::Duration
 arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure
-arvcfg.declare_config "Services.SSO.ExternalURL", NonemptyString, :sso_provider_url
+arvcfg.declare_config "Services.SSO.ExternalURL", String, :sso_provider_url
 arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age
 arvcfg.declare_config "AuditLogs.MaxDeleteBatch", Integer, :max_audit_log_delete_batch
 arvcfg.declare_config "AuditLogs.UnloggedAttributes", Hash, :unlogged_attributes, ->(cfg, k, v) { arrayToHash cfg, "AuditLogs.UnloggedAttributes", v }
diff --git a/services/api/test/unit/api_client_authorization_test.rb b/services/api/test/unit/api_client_authorization_test.rb
index c390a02c0..591b05420 100644
--- a/services/api/test/unit/api_client_authorization_test.rb
+++ b/services/api/test/unit/api_client_authorization_test.rb
@@ -26,4 +26,12 @@ class ApiClientAuthorizationTest < ActiveSupport::TestCase
     assert_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
   end
 
+  test "accepts SystemRootToken" do
+    assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+    Rails.configuration.SystemRootToken = "xxxSystemRootTokenxxx"
+    auth = ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+    assert_equal "xxxSystemRootTokenxxx", auth.api_token
+    assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+  end
+
 end

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list