[ARVADOS] updated: 1.3.0-2386-g59a972c83
Git user
git at public.arvados.org
Tue Mar 31 20:34:42 UTC 2020
Summary of changes:
lib/controller/federation/conn.go | 4 ++--
sdk/go/arvados/api.go | 8 ++++----
sdk/python/arvados/commands/federation_migrate.py | 20 ++++++++++----------
sdk/python/tests/fed-migrate/check.py | 6 +++---
.../api/app/controllers/application_controller.rb | 9 ++++++++-
.../app/controllers/arvados/v1/schema_controller.rb | 4 ++--
.../app/controllers/arvados/v1/users_controller.rb | 2 +-
7 files changed, 30 insertions(+), 23 deletions(-)
via 59a972c831bc8f7cd4e896ed8e1c71277b97f04e (commit)
from e2ed71e15de22c629b5b5e174aa351cce03ee381 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 59a972c831bc8f7cd4e896ed8e1c71277b97f04e
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Tue Mar 31 16:33:27 2020 -0400
16263: Rename no_federation -> bypass_federation
Enforce if bypass_federation is true that user is admin.
Update API revision and make federation migrate check for it.
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 05ea7769f..10e1bc5f1 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -427,7 +427,7 @@ func (conn *Conn) batchUpdateUsers(ctx context.Context,
}
func (conn *Conn) UserList(ctx context.Context, options arvados.ListOptions) (arvados.UserList, error) {
- if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.NoFederation {
+ if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.BypassFederation {
resp, err := conn.chooseBackend(id).UserList(ctx, options)
if err != nil {
return resp, err
@@ -447,7 +447,7 @@ func (conn *Conn) UserCreate(ctx context.Context, options arvados.CreateOptions)
}
func (conn *Conn) UserUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.User, error) {
- if options.NoFederation {
+ if options.BypassFederation {
return conn.local.UserUpdate(ctx, options)
}
return conn.chooseBackend(options.UUID).UserUpdate(ctx, options)
diff --git a/sdk/go/arvados/api.go b/sdk/go/arvados/api.go
index f3fdd254f..e60108335 100644
--- a/sdk/go/arvados/api.go
+++ b/sdk/go/arvados/api.go
@@ -84,7 +84,7 @@ type ListOptions struct {
Count string `json:"count"`
IncludeTrash bool `json:"include_trash"`
IncludeOldVersions bool `json:"include_old_versions"`
- NoFederation bool `json:"no_federation"`
+ BypassFederation bool `json:"bypass_federation"`
}
type CreateOptions struct {
@@ -95,9 +95,9 @@ type CreateOptions struct {
}
type UpdateOptions struct {
- UUID string `json:"uuid"`
- Attrs map[string]interface{} `json:"attrs"`
- NoFederation bool `json:"no_federation"`
+ UUID string `json:"uuid"`
+ Attrs map[string]interface{} `json:"attrs"`
+ BypassFederation bool `json:"bypass_federation"`
}
type UpdateUUIDOptions struct {
diff --git a/sdk/python/arvados/commands/federation_migrate.py b/sdk/python/arvados/commands/federation_migrate.py
index 0eaf1c03e..445775cce 100755
--- a/sdk/python/arvados/commands/federation_migrate.py
+++ b/sdk/python/arvados/commands/federation_migrate.py
@@ -66,8 +66,8 @@ def connect_clusters(args):
errors.append("Inconsistent login cluster configuration, expected '%s' on %s but was '%s'" % (loginCluster, config["ClusterID"], config["Login"]["LoginCluster"]))
continue
- if arv._rootDesc["revision"] < "20190926":
- errors.append("Arvados API server revision on cluster '%s' is too old, must be updated to at least Arvados 1.5 before running migration." % config["ClusterID"])
+ if arv._rootDesc["revision"] < "20200331":
+ errors.append("Arvados API server revision on cluster '%s' is too old, must be updated to at least Arvados 2.0.2 before running migration." % config["ClusterID"])
continue
try:
@@ -98,7 +98,7 @@ def fetch_users(clusters, loginCluster):
users = []
for c, arv in clusters.items():
print("Getting user list from %s" % c)
- ul = arvados.util.list_all(arv.users().list, no_federation=True)
+ ul = arvados.util.list_all(arv.users().list, bypass_federation=True)
for l in ul:
if l["uuid"].startswith(c):
users.append(l)
@@ -171,14 +171,14 @@ def update_username(args, email, user_uuid, username, migratecluster, migratearv
print("(%s) Updating username of %s to '%s' on %s" % (email, user_uuid, username, migratecluster))
if not args.dry_run:
try:
- conflicts = migratearv.users().list(filters=[["username", "=", username]], no_federation=True).execute()
+ conflicts = migratearv.users().list(filters=[["username", "=", username]], bypass_federation=True).execute()
if conflicts["items"]:
# There's already a user with the username, move the old user out of the way
migratearv.users().update(uuid=conflicts["items"][0]["uuid"],
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username+"migrate"}}).execute()
migratearv.users().update(uuid=user_uuid,
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username}}).execute()
except arvados.errors.ApiError as e:
print("(%s) Error updating username of %s to '%s' on %s: %s" % (email, user_uuid, username, migratecluster, e))
@@ -210,10 +210,10 @@ def choose_new_user(args, by_email, email, userhome, username, old_user_uuid, cl
try:
olduser = oldhomearv.users().get(uuid=old_user_uuid).execute()
conflicts = homearv.users().list(filters=[["username", "=", username]],
- no_federation=True).execute()
+ bypass_federation=True).execute()
if conflicts["items"]:
homearv.users().update(uuid=conflicts["items"][0]["uuid"],
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username+"migrate"}}).execute()
user = homearv.users().create(body={"user": {"email": email, "username": username,
"is_active": olduser["is_active"]}}).execute()
@@ -250,7 +250,7 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
return None
try:
- findolduser = migratearv.users().list(filters=[["uuid", "=", old_user_uuid]], no_federation=True).execute()
+ findolduser = migratearv.users().list(filters=[["uuid", "=", old_user_uuid]], bypass_federation=True).execute()
if len(findolduser["items"]) == 0:
return False
if len(findolduser["items"]) == 1:
@@ -280,7 +280,7 @@ def activate_remote_user(args, email, homearv, migratearv, old_user_uuid, new_us
print("(%s) Activating user %s on %s" % (email, new_user_uuid, migratecluster))
try:
if not args.dry_run:
- migratearv.users().update(uuid=new_user_uuid, no_federation=True,
+ migratearv.users().update(uuid=new_user_uuid, bypass_federation=True,
body={"is_active": True}).execute()
except arvados.errors.ApiError as e:
print("(%s) Could not activate user %s on %s: %s" % (email, new_user_uuid, migratecluster, e))
diff --git a/sdk/python/tests/fed-migrate/check.py b/sdk/python/tests/fed-migrate/check.py
index 85d2d31f2..8165b3eba 100644
--- a/sdk/python/tests/fed-migrate/check.py
+++ b/sdk/python/tests/fed-migrate/check.py
@@ -12,7 +12,7 @@ apiC = arvados.api(host=j["arvados_api_hosts"][2], token=j["superuser_tokens"][2
### Check users on API server "A" (the LoginCluster) ###
###
-users = apiA.users().list().execute()
+users = apiA.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 11
@@ -46,7 +46,7 @@ assert found
###
### Check users on API server "B" (federation member) ###
###
-users = apiB.users().list().execute()
+users = apiB.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 11
for i in range(2, 9):
@@ -68,7 +68,7 @@ assert found
###
### Check users on API server "C" (federation member) ###
###
-users = apiC.users().list().execute()
+users = apiC.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 8
for i in (2, 4, 6, 7, 8):
diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb
index 68fa7d880..a3435d0b6 100644
--- a/services/api/app/controllers/application_controller.rb
+++ b/services/api/app/controllers/application_controller.rb
@@ -53,6 +53,7 @@ class ApplicationController < ActionController::Base
before_action :reload_object_before_update, :only => :update
before_action(:render_404_if_no_object,
except: [:index, :create] + ERROR_ACTIONS)
+ before_action :only_admin_can_bypass_federation
attr_writer :resource_attrs
@@ -139,6 +140,12 @@ class ApplicationController < ActionController::Base
render_not_found "Object not found" if !@object
end
+ def only_admin_can_bypass_federation
+ if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+ send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
+ end
+ end
+
def render_error(e)
logger.error e.inspect
if e.respond_to? :backtrace and e.backtrace
@@ -656,7 +663,7 @@ class ApplicationController < ActionController::Base
location: "query",
required: false,
},
- no_federation: {
+ bypass_federation: {
type: 'boolean',
required: false,
description: 'bypass federation behavior, list items from local instance database only'
diff --git a/services/api/app/controllers/arvados/v1/schema_controller.rb b/services/api/app/controllers/arvados/v1/schema_controller.rb
index 5c2234101..b9aba2726 100644
--- a/services/api/app/controllers/arvados/v1/schema_controller.rb
+++ b/services/api/app/controllers/arvados/v1/schema_controller.rb
@@ -33,10 +33,10 @@ class Arvados::V1::SchemaController < ApplicationController
id: "arvados:v1",
name: "arvados",
version: "v1",
- # format is YYYYMMDD, must be fixed with (needs to be linearly
+ # format is YYYYMMDD, must be fixed width (needs to be lexically
# sortable), updated manually, may be used by clients to
# determine availability of API server features.
- revision: "20200212",
+ revision: "20200331",
source_version: AppVersion.hash,
sourceVersion: AppVersion.hash, # source_version should be deprecated in the future
packageVersion: AppVersion.package_version,
diff --git a/services/api/app/controllers/arvados/v1/users_controller.rb b/services/api/app/controllers/arvados/v1/users_controller.rb
index 475f6d54a..d9ab5556f 100644
--- a/services/api/app/controllers/arvados/v1/users_controller.rb
+++ b/services/api/app/controllers/arvados/v1/users_controller.rb
@@ -251,7 +251,7 @@ class Arvados::V1::UsersController < ApplicationController
def self._update_requires_parameters
super.merge({
- no_federation: {
+ bypass_federation: {
type: 'boolean', required: false,
},
})
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list