[ARVADOS] updated: 1.3.0-1915-g3d5e30397

Git user git at public.curoverse.com
Tue Nov 26 15:58:44 UTC 2019 

Summary of changes:
 .../api/app/models/api_client_authorization.rb     |  1 +
 .../api_client_authorizations_controller_test.rb   |  9 ++++++
 .../test/integration/container_dispatch_test.rb    | 33 ++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 services/api/test/integration/container_dispatch_test.rb

       via  3d5e303970a342dd80a617058852a0dab686cfd0 (commit)
      from  a789502c40006646e3929246cf79f50bc89c0e54 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 3d5e303970a342dd80a617058852a0dab686cfd0
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Tue Nov 26 10:54:48 2019 -0500

    15795: Ensure dispatcher can use SystemRootToken to lock containers.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 2da316a91..f9e4e943b 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -111,6 +111,7 @@ class ApiClientAuthorization < ArvadosModel
   def self.check_system_root_token token
     if token == Rails.configuration.SystemRootToken
       return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
+                                        uuid: uuid_prefix+"-gj3su-000000000000000",
                                         api_token: token,
                                         api_client: ApiClient.new(is_trusted: true, url_prefix: ""))
     else
diff --git a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
index 38938c469..c2c71ca54 100644
--- a/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/api_client_authorizations_controller_test.rb
@@ -181,6 +181,15 @@ class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::Tes
                  api_client_authorizations(:active).api_token)
   end
 
+  test "get current token using SystemRootToken" do
+    Rails.configuration.SystemRootToken = "xyzzy-systemroottoken"
+    authorize_with_token Rails.configuration.SystemRootToken
+    get :current
+    assert_response :success
+    assert_equal(Rails.configuration.SystemRootToken, json_response['api_token'])
+    assert_not_empty(json_response['uuid'])
+  end
+
   test "get current token, no auth" do
     get :current
     assert_response 401
diff --git a/services/api/test/integration/container_dispatch_test.rb b/services/api/test/integration/container_dispatch_test.rb
new file mode 100644
index 000000000..61e01da64
--- /dev/null
+++ b/services/api/test/integration/container_dispatch_test.rb
@@ -0,0 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'test_helper'
+
+class ContainerDispatchTest < ActionDispatch::IntegrationTest
+  test "lock container with SystemRootToken" do
+    Rails.configuration.SystemRootToken = "xyzzy-SystemRootToken"
+    authheaders = {'HTTP_AUTHORIZATION' => "Bearer "+Rails.configuration.SystemRootToken}
+    get("/arvados/v1/api_client_authorizations/current",
+        headers: authheaders)
+    assert_response 200
+    #assert_not_empty json_response['uuid']
+
+    system_auth_uuid = json_response['uuid']
+    post("/arvados/v1/containers/#{containers(:queued).uuid}/lock",
+         headers: authheaders)
+    assert_response 200
+    assert_equal system_auth_uuid, Container.find_by_uuid(containers(:queued).uuid).locked_by_uuid
+
+    get("/arvados/v1/containers",
+        params: {filters: SafeJSON.dump([['locked_by_uuid', '=', system_auth_uuid]])},
+        headers: authheaders)
+    assert_response 200
+    assert_equal containers(:queued).uuid, json_response['items'][0]['uuid']
+    assert_equal system_auth_uuid, json_response['items'][0]['locked_by_uuid']
+
+    post("/arvados/v1/containers/#{containers(:queued).uuid}/unlock",
+         headers: authheaders)
+    assert_response 200
+  end
+end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list