[ARVADOS] updated: 1.3.0-1733-g11c049366
Git user
git at public.curoverse.com
Thu Oct 10 21:56:17 UTC 2019
Summary of changes:
sdk/python/arvados/commands/federation_migrate.py | 19 +++++++--------
sdk/python/tests/fed-migrate/check.py | 28 ++++++++++++++++++-----
sdk/python/tests/fed-migrate/create_users.py | 28 +++++++++++++----------
3 files changed, 48 insertions(+), 27 deletions(-)
via 11c04936604d20f70775b016455847b9141b1a38 (commit)
from 8e39d9869af9d7d59356d71875ab9eb5073dce01 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 11c04936604d20f70775b016455847b9141b1a38
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date: Thu Oct 10 17:55:32 2019 -0400
15531: Don't activate new user if old user is not active
Fix Python 2.7
Fix check.py
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>
diff --git a/sdk/python/arvados/commands/federation_migrate.py b/sdk/python/arvados/commands/federation_migrate.py
index e533a642c..885d6fda0 100755
--- a/sdk/python/arvados/commands/federation_migrate.py
+++ b/sdk/python/arvados/commands/federation_migrate.py
@@ -21,6 +21,7 @@ import argparse
import hmac
import urllib.parse
import os
+import hashlib
from arvados._version import __version__
EMAIL=0
@@ -236,9 +237,16 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
print("(%s) Could not create API token for %s: %s" % (email, new_user_uuid, e))
return None
+ try:
+ olduser = migratearv.users().get(uuid=old_user_uuid).execute()
+ except arvados.errors.ApiError as e:
+ if e.resp.status != 404:
+ print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
+ return None
+
salted = 'v2/' + newtok["uuid"] + '/' + hmac.new(newtok["api_token"].encode(),
msg=migratecluster.encode(),
- digestmod='sha1').hexdigest()
+ digestmod=hashlib.sha1).hexdigest()
try:
ru = urllib.parse.urlparse(migratearv._rootDesc["rootUrl"])
if not args.dry_run:
@@ -249,14 +257,7 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
print("(%s) Error getting user info for %s from %s: %s" % (email, new_user_uuid, migratecluster, e))
return None
- try:
- olduser = migratearv.users().get(uuid=old_user_uuid).execute()
- except arvados.errors.ApiError as e:
- if e.resp.status != 404:
- print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
- return None
-
- if not newuser["is_active"]:
+ if not newuser["is_active"] and olduser["is_active"]:
print("(%s) Activating user %s on %s" % (email, new_user_uuid, migratecluster))
try:
if not args.dry_run:
diff --git a/sdk/python/tests/fed-migrate/check.py b/sdk/python/tests/fed-migrate/check.py
index 3927954ce..8f494be2f 100644
--- a/sdk/python/tests/fed-migrate/check.py
+++ b/sdk/python/tests/fed-migrate/check.py
@@ -10,11 +10,11 @@ apiC = arvados.api(host=j["arvados_api_hosts"][2], token=j["superuser_tokens"][2
users = apiA.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
by_username = {}
-for i in range(1, 9):
+for i in range(1, 10):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i):
@@ -22,10 +22,17 @@ for i in range(1, 9):
by_username[u["username"]] = u["uuid"]
assert found
+found = False
+for u in users["items"]:
+ if (u["username"] == "case9" and u["email"] == "case9 at test" and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is False):
+ found = True
+assert found
+
users = apiB.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
-for i in range(2, 9):
+for i in range(2, 10):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
@@ -33,13 +40,22 @@ for i in range(2, 9):
assert found
users = apiC.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 8
-for i in range(2, 9):
+for i in (2, 4, 6, 7, 8):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
found = True
assert found
+# cases 3, 5, 9 involve users that have never accessed cluster C so
+# there's nothing to migrate.
+for i in (3, 5, 9):
+ found = False
+ for u in users["items"]:
+ if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
+ found = True
+ assert not found
+
print("Passed checks")
diff --git a/sdk/python/tests/fed-migrate/create_users.py b/sdk/python/tests/fed-migrate/create_users.py
index 08dec5cde..cea624ec4 100644
--- a/sdk/python/tests/fed-migrate/create_users.py
+++ b/sdk/python/tests/fed-migrate/create_users.py
@@ -13,11 +13,11 @@ def maketoken(newtok):
# case 1
# user only exists on cluster A
-apiA.users().create(body={"user": {"email": "case1 at test"}}).execute()
+apiA.users().create(body={"user": {"email": "case1 at test", "is_active": True}}).execute()
# case 2
# user exists on cluster A and has remotes on B and C
-case2 = apiA.users().create(body={"user": {"email": "case2 at test"}}).execute()
+case2 = apiA.users().create(body={"user": {"email": "case2 at test", "is_active": True}}).execute()
newtok = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case2["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtok), insecure=True).users().current().execute()
@@ -25,11 +25,11 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtok), insecure=Tr
# case 3
# user only exists on cluster B
-case3 = apiB.users().create(body={"user": {"email": "case3 at test"}}).execute()
+case3 = apiB.users().create(body={"user": {"email": "case3 at test", "is_active": True}}).execute()
# case 4
# user only exists on cluster B and has remotes on A and C
-case4 = apiB.users().create(body={"user": {"email": "case4 at test"}}).execute()
+case4 = apiB.users().create(body={"user": {"email": "case4 at test", "is_active": True}}).execute()
newtok = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case4["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtok), insecure=True).users().current().execute()
@@ -38,18 +38,18 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtok), insecure=Tr
# case 5
# user exists on both cluster A and B
-case5 = apiA.users().create(body={"user": {"email": "case5 at test"}}).execute()
-case5 = apiB.users().create(body={"user": {"email": "case5 at test"}}).execute()
+case5 = apiA.users().create(body={"user": {"email": "case5 at test", "is_active": True}}).execute()
+case5 = apiB.users().create(body={"user": {"email": "case5 at test", "is_active": True}}).execute()
# case 6
# user exists on both cluster A and B, with remotes on A, B and C
-case6_A = apiA.users().create(body={"user": {"email": "case6 at test"}}).execute()
+case6_A = apiA.users().create(body={"user": {"email": "case6 at test", "is_active": True}}).execute()
newtokA = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case6_A["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokA), insecure=True).users().current().execute()
-case6_B = apiB.users().create(body={"user": {"email": "case6 at test"}}).execute()
+case6_B = apiB.users().create(body={"user": {"email": "case6 at test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case6_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
@@ -57,13 +57,13 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=T
# case 7
# user exists on both cluster B and A, with remotes on A, B and C
-case7_B = apiB.users().create(body={"user": {"email": "case7 at test"}}).execute()
+case7_B = apiB.users().create(body={"user": {"email": "case7 at test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case7_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
-case7_A = apiA.users().create(body={"user": {"email": "case7 at test"}}).execute()
+case7_A = apiA.users().create(body={"user": {"email": "case7 at test", "is_active": True}}).execute()
newtokA = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case7_A["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
@@ -71,14 +71,18 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokA), insecure=T
# case 8
# user exists on both cluster B and C, with remotes on A, B and C
-case8_B = apiB.users().create(body={"user": {"email": "case8 at test"}}).execute()
+case8_B = apiB.users().create(body={"user": {"email": "case8 at test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case8_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
-case8_C = apiC.users().create(body={"user": {"email": "case8 at test"}}).execute()
+case8_C = apiC.users().create(body={"user": {"email": "case8 at test", "is_active": True}}).execute()
newtokC = apiC.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case8_C["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokC), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokC), insecure=True).users().current().execute()
+
+# case 9
+# user only exists on cluster B, but is inactive
+case9 = apiB.users().create(body={"user": {"email": "case9 at test", "is_active": False}}).execute()
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list