[ARVADOS] updated: 1.3.0-1733-g11c049366

Git user git at public.curoverse.com
Thu Oct 10 21:56:17 UTC 2019


Summary of changes:
 sdk/python/arvados/commands/federation_migrate.py | 19 +++++++--------
 sdk/python/tests/fed-migrate/check.py             | 28 ++++++++++++++++++-----
 sdk/python/tests/fed-migrate/create_users.py      | 28 +++++++++++++----------
 3 files changed, 48 insertions(+), 27 deletions(-)

       via  11c04936604d20f70775b016455847b9141b1a38 (commit)
      from  8e39d9869af9d7d59356d71875ab9eb5073dce01 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 11c04936604d20f70775b016455847b9141b1a38
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Thu Oct 10 17:55:32 2019 -0400

    15531: Don't activate new user if old user is not active
    
    Fix Python 2.7
    
    Fix check.py
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/sdk/python/arvados/commands/federation_migrate.py b/sdk/python/arvados/commands/federation_migrate.py
index e533a642c..885d6fda0 100755
--- a/sdk/python/arvados/commands/federation_migrate.py
+++ b/sdk/python/arvados/commands/federation_migrate.py
@@ -21,6 +21,7 @@ import argparse
 import hmac
 import urllib.parse
 import os
+import hashlib
 from arvados._version import __version__
 
 EMAIL=0
@@ -236,9 +237,16 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
         print("(%s) Could not create API token for %s: %s" % (email, new_user_uuid, e))
         return None
 
+    try:
+        olduser = migratearv.users().get(uuid=old_user_uuid).execute()
+    except arvados.errors.ApiError as e:
+        if e.resp.status != 404:
+            print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
+        return None
+
     salted = 'v2/' + newtok["uuid"] + '/' + hmac.new(newtok["api_token"].encode(),
                                                      msg=migratecluster.encode(),
-                                                     digestmod='sha1').hexdigest()
+                                                     digestmod=hashlib.sha1).hexdigest()
     try:
         ru = urllib.parse.urlparse(migratearv._rootDesc["rootUrl"])
         if not args.dry_run:
@@ -249,14 +257,7 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
         print("(%s) Error getting user info for %s from %s: %s" % (email, new_user_uuid, migratecluster, e))
         return None
 
-    try:
-        olduser = migratearv.users().get(uuid=old_user_uuid).execute()
-    except arvados.errors.ApiError as e:
-        if e.resp.status != 404:
-            print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
-        return None
-
-    if not newuser["is_active"]:
+    if not newuser["is_active"] and olduser["is_active"]:
         print("(%s) Activating user %s on %s" % (email, new_user_uuid, migratecluster))
         try:
             if not args.dry_run:
diff --git a/sdk/python/tests/fed-migrate/check.py b/sdk/python/tests/fed-migrate/check.py
index 3927954ce..8f494be2f 100644
--- a/sdk/python/tests/fed-migrate/check.py
+++ b/sdk/python/tests/fed-migrate/check.py
@@ -10,11 +10,11 @@ apiC = arvados.api(host=j["arvados_api_hosts"][2], token=j["superuser_tokens"][2
 
 users = apiA.users().list().execute()
 
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
 
 by_username = {}
 
-for i in range(1, 9):
+for i in range(1, 10):
     found = False
     for u in users["items"]:
         if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i):
@@ -22,10 +22,17 @@ for i in range(1, 9):
             by_username[u["username"]] = u["uuid"]
     assert found
 
+found = False
+for u in users["items"]:
+    if (u["username"] == "case9" and u["email"] == "case9 at test" and
+        u["uuid"] == by_username[u["username"]] and u["is_active"] is False):
+        found = True
+assert found
+
 users = apiB.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
 
-for i in range(2, 9):
+for i in range(2, 10):
     found = False
     for u in users["items"]:
         if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
@@ -33,13 +40,22 @@ for i in range(2, 9):
     assert found
 
 users = apiC.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 8
 
-for i in range(2, 9):
+for i in (2, 4, 6, 7, 8):
     found = False
     for u in users["items"]:
         if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
             found = True
     assert found
 
+# cases 3, 5, 9 involve users that have never accessed cluster C so
+# there's nothing to migrate.
+for i in (3, 5, 9):
+    found = False
+    for u in users["items"]:
+        if u["username"] == ("case%d" % i) and u["email"] == ("case%d at test" % i) and u["uuid"] == by_username[u["username"]]:
+            found = True
+    assert not found
+
 print("Passed checks")
diff --git a/sdk/python/tests/fed-migrate/create_users.py b/sdk/python/tests/fed-migrate/create_users.py
index 08dec5cde..cea624ec4 100644
--- a/sdk/python/tests/fed-migrate/create_users.py
+++ b/sdk/python/tests/fed-migrate/create_users.py
@@ -13,11 +13,11 @@ def maketoken(newtok):
 
 # case 1
 # user only exists on cluster A
-apiA.users().create(body={"user": {"email": "case1 at test"}}).execute()
+apiA.users().create(body={"user": {"email": "case1 at test", "is_active": True}}).execute()
 
 # case 2
 # user exists on cluster A and has remotes on B and C
-case2 = apiA.users().create(body={"user": {"email": "case2 at test"}}).execute()
+case2 = apiA.users().create(body={"user": {"email": "case2 at test", "is_active": True}}).execute()
 newtok = apiA.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case2["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtok), insecure=True).users().current().execute()
@@ -25,11 +25,11 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtok), insecure=Tr
 
 # case 3
 # user only exists on cluster B
-case3 = apiB.users().create(body={"user": {"email": "case3 at test"}}).execute()
+case3 = apiB.users().create(body={"user": {"email": "case3 at test", "is_active": True}}).execute()
 
 # case 4
 # user only exists on cluster B and has remotes on A and C
-case4 = apiB.users().create(body={"user": {"email": "case4 at test"}}).execute()
+case4 = apiB.users().create(body={"user": {"email": "case4 at test", "is_active": True}}).execute()
 newtok = apiB.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case4["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtok), insecure=True).users().current().execute()
@@ -38,18 +38,18 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtok), insecure=Tr
 
 # case 5
 # user exists on both cluster A and B
-case5 = apiA.users().create(body={"user": {"email": "case5 at test"}}).execute()
-case5 = apiB.users().create(body={"user": {"email": "case5 at test"}}).execute()
+case5 = apiA.users().create(body={"user": {"email": "case5 at test", "is_active": True}}).execute()
+case5 = apiB.users().create(body={"user": {"email": "case5 at test", "is_active": True}}).execute()
 
 # case 6
 # user exists on both cluster A and B, with remotes on A, B and C
-case6_A = apiA.users().create(body={"user": {"email": "case6 at test"}}).execute()
+case6_A = apiA.users().create(body={"user": {"email": "case6 at test", "is_active": True}}).execute()
 newtokA = apiA.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case6_A["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
 arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokA), insecure=True).users().current().execute()
 
-case6_B = apiB.users().create(body={"user": {"email": "case6 at test"}}).execute()
+case6_B = apiB.users().create(body={"user": {"email": "case6 at test", "is_active": True}}).execute()
 newtokB = apiB.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case6_B["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
@@ -57,13 +57,13 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=T
 
 # case 7
 # user exists on both cluster B and A, with remotes on A, B and C
-case7_B = apiB.users().create(body={"user": {"email": "case7 at test"}}).execute()
+case7_B = apiB.users().create(body={"user": {"email": "case7 at test", "is_active": True}}).execute()
 newtokB = apiB.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case7_B["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
 arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
 
-case7_A = apiA.users().create(body={"user": {"email": "case7 at test"}}).execute()
+case7_A = apiA.users().create(body={"user": {"email": "case7 at test", "is_active": True}}).execute()
 newtokA = apiA.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case7_A["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
@@ -71,14 +71,18 @@ arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokA), insecure=T
 
 # case 8
 # user exists on both cluster B and C, with remotes on A, B and C
-case8_B = apiB.users().create(body={"user": {"email": "case8 at test"}}).execute()
+case8_B = apiB.users().create(body={"user": {"email": "case8 at test", "is_active": True}}).execute()
 newtokB = apiB.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case8_B["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
 arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
 
-case8_C = apiC.users().create(body={"user": {"email": "case8 at test"}}).execute()
+case8_C = apiC.users().create(body={"user": {"email": "case8 at test", "is_active": True}}).execute()
 newtokC = apiC.api_client_authorizations().create(body={
     "api_client_authorization": {'owner_uuid': case8_C["uuid"]}}).execute()
 arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokC), insecure=True).users().current().execute()
 arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokC), insecure=True).users().current().execute()
+
+# case 9
+# user only exists on cluster B, but is inactive
+case9 = apiB.users().create(body={"user": {"email": "case9 at test", "is_active": False}}).execute()

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list