[ARVADOS] updated: 1.3.0-3024-g1617202c3
Git user
git at public.arvados.org
Wed Aug 26 18:19:40 UTC 2020
Summary of changes:
build/run-tests.sh | 11 ++-
doc/install/arvbox.html.textile.liquid | 9 +--
lib/controller/localdb/login_testuser.go | 63 +++++++++++++++-
lib/controller/localdb/login_testuser_test.go | 9 +++
services/api/lib/current_api_client.rb | 2 +-
services/api/test/fixtures/api_clients.yml | 4 +-
tools/arvbox/bin/arvbox | 15 +---
tools/arvbox/lib/arvbox/docker/Dockerfile.demo | 6 --
tools/arvbox/lib/arvbox/docker/Dockerfile.dev | 1 -
tools/arvbox/lib/arvbox/docker/api-setup.sh | 5 --
tools/arvbox/lib/arvbox/docker/cluster-config.sh | 20 +++--
tools/arvbox/lib/arvbox/docker/common.sh | 1 -
.../lib/arvbox/docker/service/ready/run-service | 3 +-
.../arvbox/docker/service/sso/log/main/.gitstub | 0
tools/arvbox/lib/arvbox/docker/service/sso/log/run | 1 -
tools/arvbox/lib/arvbox/docker/service/sso/run | 1 -
.../lib/arvbox/docker/service/sso/run-service | 88 ----------------------
17 files changed, 93 insertions(+), 146 deletions(-)
delete mode 100644 tools/arvbox/lib/arvbox/docker/service/sso/log/main/.gitstub
delete mode 120000 tools/arvbox/lib/arvbox/docker/service/sso/log/run
delete mode 120000 tools/arvbox/lib/arvbox/docker/service/sso/run
delete mode 100755 tools/arvbox/lib/arvbox/docker/service/sso/run-service
discards ab767ee94ac40e31d67e1eee8ad0f79fe38ca7ed (commit)
discards 91c73953fc86cc7a900937e1ab048421052b03f3 (commit)
via 1617202c337078fb94ea19893c73061983be94ad (commit)
via 3e975aa25c141ccd3f08335906d96d9ff7035bf2 (commit)
via 81ff58f4addd05346161a9b44648d1ab31e027bc (commit)
via 5c4b585cd03d6fba1779113f7cba6b34e0c526b7 (commit)
via f9e6c9f5e30cbf0fc3d6f9981b6e3673d603f3e1 (commit)
via 505c8fa50631201e289cc55230d46fdf52fa2055 (commit)
via b4091adb7ac1a85de6ae1f18895e9d8f9da5d441 (commit)
via 47833c68da26e2dd1fd65784cb56a352503dbcb9 (commit)
via 4de0821a28d54153c6046655d4a2d8f57da7e005 (commit)
via 09f4d9f7fd5fc0518aa7d614c7f061c0b8f7d5a4 (commit)
via 2fc9d1ac9dbb3557541c449820f4bba4cd4b7313 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (ab767ee94ac40e31d67e1eee8ad0f79fe38ca7ed)
\
N -- N -- N (1617202c337078fb94ea19893c73061983be94ad)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 1617202c337078fb94ea19893c73061983be94ad
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Wed Aug 26 14:16:50 2020 -0400
16613: Tweak system_root_token_api_client record
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 953047005..cfdae0bdd 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -193,7 +193,7 @@ module CurrentApiClient
$system_root_token_api_client = check_cache $system_root_token_api_client do
act_as_system_user do
ActiveRecord::Base.transaction do
- ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "SystemRootToken")
+ ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "", name: "SystemRootToken")
end
end
end
diff --git a/services/api/test/fixtures/api_clients.yml b/services/api/test/fixtures/api_clients.yml
index f0ef7d691..9965718f9 100644
--- a/services/api/test/fixtures/api_clients.yml
+++ b/services/api/test/fixtures/api_clients.yml
@@ -18,9 +18,9 @@ untrusted:
url_prefix: https://untrusted.local/
is_trusted: false
-system_root:
+system_root_token_api_client:
uuid: zzzzz-ozdt8-pbw7foaks3qjyej
owner_uuid: zzzzz-tpzed-000000000000000
name: SystemRootToken
- url_prefix: SystemRootToken
+ url_prefix: ""
is_trusted: true
commit 3e975aa25c141ccd3f08335906d96d9ff7035bf2
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Tue Aug 25 16:03:38 2020 -0400
16613: Create special-purpose ApiClient record for SystemRootToken
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index a4d49c35c..c31f09782 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -113,7 +113,7 @@ class ApiClientAuthorization < ArvadosModel
return ApiClientAuthorization.new(user: User.find_by_uuid(system_user_uuid),
uuid: Rails.configuration.ClusterID+"-gj3su-000000000000000",
api_token: token,
- api_client: ApiClient.new(is_trusted: true, url_prefix: ""))
+ api_client: system_root_token_api_client)
else
return nil
end
diff --git a/services/api/app/models/database_seeds.rb b/services/api/app/models/database_seeds.rb
index 39f491503..d7c5e04df 100644
--- a/services/api/app/models/database_seeds.rb
+++ b/services/api/app/models/database_seeds.rb
@@ -13,6 +13,7 @@ class DatabaseSeeds
anonymous_group
anonymous_group_read_permission
anonymous_user
+ system_root_token_api_client
empty_collection
refresh_permissions
refresh_trashed
diff --git a/services/api/lib/current_api_client.rb b/services/api/lib/current_api_client.rb
index 98112c858..953047005 100644
--- a/services/api/lib/current_api_client.rb
+++ b/services/api/lib/current_api_client.rb
@@ -189,6 +189,16 @@ module CurrentApiClient
end
end
+ def system_root_token_api_client
+ $system_root_token_api_client = check_cache $system_root_token_api_client do
+ act_as_system_user do
+ ActiveRecord::Base.transaction do
+ ApiClient.find_or_create_by!(is_trusted: true, url_prefix: "SystemRootToken")
+ end
+ end
+ end
+ end
+
def empty_collection_pdh
'd41d8cd98f00b204e9800998ecf8427e+0'
end
diff --git a/services/api/test/fixtures/api_clients.yml b/services/api/test/fixtures/api_clients.yml
index 7b522734a..f0ef7d691 100644
--- a/services/api/test/fixtures/api_clients.yml
+++ b/services/api/test/fixtures/api_clients.yml
@@ -17,3 +17,10 @@ untrusted:
name: Untrusted
url_prefix: https://untrusted.local/
is_trusted: false
+
+system_root:
+ uuid: zzzzz-ozdt8-pbw7foaks3qjyej
+ owner_uuid: zzzzz-tpzed-000000000000000
+ name: SystemRootToken
+ url_prefix: SystemRootToken
+ is_trusted: true
commit 81ff58f4addd05346161a9b44648d1ab31e027bc
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu Aug 20 18:10:43 2020 -0400
16613: Add test using SystemRootToken to create other tokens.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb
index b9bfd3a39..296ab8a2f 100644
--- a/services/api/test/integration/api_client_authorizations_api_test.rb
+++ b/services/api/test/integration/api_client_authorizations_api_test.rb
@@ -14,22 +14,40 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
assert_response :success
end
- test "create token for different user" do
- post "/arvados/v1/api_client_authorizations",
- params: {
- :format => :json,
- :api_client_authorization => {
- :owner_uuid => users(:spectator).uuid
- }
- },
- headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
- assert_response :success
+ [:admin_trustedclient, :SystemRootToken].each do |tk|
+ test "create token for different user using #{tk}" do
+ if tk == :SystemRootToken
+ token = "xyzzy-SystemRootToken"
+ Rails.configuration.SystemRootToken = token
+ else
+ token = api_client_authorizations(tk).api_token
+ end
+
+ post "/arvados/v1/api_client_authorizations",
+ params: {
+ :format => :json,
+ :api_client_authorization => {
+ :owner_uuid => users(:spectator).uuid
+ }
+ },
+ headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"}
+ assert_response :success
+
+ get "/arvados/v1/users/current",
+ params: {:format => :json},
+ headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{json_response['api_token']}"}
+ @json_response = nil
+ assert_equal json_response['uuid'], users(:spectator).uuid
+ end
+ end
+ test "System root token is system user" do
+ token = "xyzzy-SystemRootToken"
+ Rails.configuration.SystemRootToken = token
get "/arvados/v1/users/current",
- params: {:format => :json},
- headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{json_response['api_token']}"}
- @json_response = nil
- assert_equal users(:spectator).uuid, json_response['uuid']
+ params: {:format => :json},
+ headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"}
+ assert_equal json_response['uuid'], system_user_uuid
end
test "refuse to create token for different user if not trusted client" do
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list