[ARVADOS] updated: 2.1.0-19-gd22acf136

Tue Oct 20 17:56:08 UTC 2020

Summary of changes:
 lib/controller/federation/conn.go             |  8 ++++--
 lib/controller/localdb/login.go               | 16 +++++++----
 lib/controller/localdb/login_ldap.go          |  2 +-
 lib/controller/localdb/login_ldap_test.go     |  4 +--
 lib/controller/localdb/login_pam.go           |  2 +-
 lib/controller/localdb/login_pam_test.go      |  4 +--
 lib/controller/localdb/login_testuser.go      |  2 +-
 lib/controller/localdb/login_testuser_test.go |  4 +--
 lib/controller/router/response.go             | 41 +++++++++++++++------------
 9 files changed, 49 insertions(+), 34 deletions(-)

       via  d22acf136643f7324a76a7225491567956baae4c (commit)
       via  ccc98a4fb994f0e0224ce31c0a8c8d3b61969c89 (commit)
      from  504fc7b60000d154aa33fbced8f581adb69f953f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit d22acf136643f7324a76a7225491567956baae4c
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Oct 20 13:55:26 2020 -0400

    17014: Return nil instead of "" for nil output_uuid.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/lib/controller/router/response.go b/lib/controller/router/response.go
index 543e25d0c..f062da78f 100644
--- a/lib/controller/router/response.go
+++ b/lib/controller/router/response.go
@@ -106,27 +106,32 @@ func (rtr *router) sendResponse(w http.ResponseWriter, req *http.Request, resp i
 		tmp = applySelectParam(opts.Select, tmp)
 	}
 
-	// Format non-nil timestamps as rfc3339NanoFixed (by default
-	// they will have been encoded to time.RFC3339Nano, which
-	// omits trailing zeroes).
 	for k, v := range tmp {
-		if !strings.HasSuffix(k, "_at") {
-			continue
-		}
-		switch tv := v.(type) {
-		case *time.Time:
-			if tv == nil {
-				break
+		if k == "output_uuid" {
+			if tv == "" {
+				tmp[k] = nil
 			}
-			tmp[k] = tv.Format(rfc3339NanoFixed)
-		case time.Time:
-			tmp[k] = tv.Format(rfc3339NanoFixed)
-		case string:
-			t, err := time.Parse(time.RFC3339Nano, tv)
-			if err != nil {
-				break
+		}
+		if strings.HasSuffix(k, "_at") {
+			// Format non-nil timestamps as
+			// rfc3339NanoFixed (by default they will have
+			// been encoded to time.RFC3339Nano, which
+			// omits trailing zeroes).
+			switch tv := v.(type) {
+			case *time.Time:
+				if tv == nil {
+					break
+				}
+				tmp[k] = tv.Format(rfc3339NanoFixed)
+			case time.Time:
+				tmp[k] = tv.Format(rfc3339NanoFixed)
+			case string:
+				t, err := time.Parse(time.RFC3339Nano, tv)
+				if err != nil {
+					break
+				}
+				tmp[k] = t.Format(rfc3339NanoFixed)
 			}
-			tmp[k] = t.Format(rfc3339NanoFixed)
 		}
 	}
 	w.Header().Set("Content-Type", "application/json")

commit ccc98a4fb994f0e0224ce31c0a8c8d3b61969c89
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Oct 20 11:56:15 2020 -0400

    17014: Fixup federation/localdb wiring.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index d1c61116d..36b54f1cf 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -26,7 +26,7 @@ import (
 
 type Conn struct {
 	cluster *arvados.Cluster
-	local   *localdb.Conn
+	local   backend
 	remotes map[string]backend
 }
 
@@ -357,7 +357,11 @@ func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.Cr
 			// Local user, submitting to a remote cluster.
 			// Create a new (FIXME: needs to be
 			// time-limited!) token.
-			aca, err = localdb.CreateAPIClientAuthorization(ctx, conn.local, conn.cluster.SystemRootToken, rpc.UserSessionAuthInfo{UserUUID: user.UUID})
+			local, ok := conn.local.(*localdb.Conn)
+			if !ok {
+				return arvados.ContainerRequest{}, httpErrorf(http.StatusInternalServerError, "bug: local backend is a %T, not a *localdb.Conn", conn.local)
+			}
+			aca, err = local.CreateAPIClientAuthorization(ctx, conn.cluster.SystemRootToken, rpc.UserSessionAuthInfo{UserUUID: user.UUID})
 			if err != nil {
 				return arvados.ContainerRequest{}, err
 			}
diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index b14fd3b7d..61bad465f 100644
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -63,7 +63,7 @@ func chooseLoginController(cluster *arvados.Cluster, parent *Conn) loginControll
 			UsernameClaim:      cluster.Login.OpenIDConnect.UsernameClaim,
 		}
 	case wantSSO:
-		return &ssoLoginController{parent}
+		return &ssoLoginController{Parent: parent}
 	case wantPAM:
 		return &pamLoginController{Cluster: cluster, Parent: parent}
 	case wantLDAP:
@@ -89,10 +89,16 @@ func countTrue(vals ...bool) int {
 	return n
 }
 
-// Login and Logout are passed through to the wrapped railsProxy;
+// Login and Logout are passed through to the parent's railsProxy;
 // UserAuthenticate is rejected.
-type ssoLoginController struct{ *Conn }
+type ssoLoginController struct{ Parent *Conn }
 
+func (ctrl *ssoLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
+	return ctrl.Parent.railsProxy.Login(ctx, opts)
+}
+func (ctrl *ssoLoginController) Logout(ctx context.Context, opts arvados.LogoutOptions) (arvados.LogoutResponse, error) {
+	return ctrl.Parent.railsProxy.Logout(ctx, opts)
+}
 func (ctrl *ssoLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
 	return arvados.APIClientAuthorization{}, httpserver.ErrorWithStatus(errors.New("username/password authentication is not available"), http.StatusBadRequest)
 }
@@ -135,9 +141,9 @@ func noopLogout(cluster *arvados.Cluster, opts arvados.LogoutOptions) (arvados.L
 	return arvados.LogoutResponse{RedirectLocation: target}, nil
 }
 
-func CreateAPIClientAuthorization(ctx context.Context, conn *Conn, rootToken string, authinfo rpc.UserSessionAuthInfo) (resp arvados.APIClientAuthorization, err error) {
+func (conn *Conn) CreateAPIClientAuthorization(ctx context.Context, rootToken string, authinfo rpc.UserSessionAuthInfo) (resp arvados.APIClientAuthorization, err error) {
 	ctxRoot := auth.NewContext(ctx, &auth.Credentials{Tokens: []string{rootToken}})
-	newsession, err := conn.UserSessionCreate(ctxRoot, rpc.UserSessionCreateOptions{
+	newsession, err := conn.railsProxy.UserSessionCreate(ctxRoot, rpc.UserSessionCreateOptions{
 		// Send a fake ReturnTo value instead of the caller's
 		// opts.ReturnTo. We won't follow the resulting
 		// redirect target anyway.
diff --git a/lib/controller/localdb/login_ldap.go b/lib/controller/localdb/login_ldap.go
index a03082e30..49f557ae5 100644
--- a/lib/controller/localdb/login_ldap.go
+++ b/lib/controller/localdb/login_ldap.go
@@ -143,7 +143,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
 		return arvados.APIClientAuthorization{}, errors.New("authentication succeeded but ldap returned no email address")
 	}
 
-	return CreateAPIClientAuthorization(ctx, ctrl.Parent, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
+	return ctrl.Parent.CreateAPIClientAuthorization(ctx, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
 		Email:     email,
 		FirstName: attrs["givenname"],
 		LastName:  attrs["sn"],
diff --git a/lib/controller/localdb/login_ldap_test.go b/lib/controller/localdb/login_ldap_test.go
index bce1ecfcf..b8ba6b467 100644
--- a/lib/controller/localdb/login_ldap_test.go
+++ b/lib/controller/localdb/login_ldap_test.go
@@ -90,8 +90,8 @@ func (s *LDAPSuite) SetUpSuite(c *check.C) {
 	s.cluster.Login.LDAP.SearchBase = "dc=example,dc=com"
 	c.Assert(err, check.IsNil)
 	s.ctrl = &ldapLoginController{
-		Cluster:    s.cluster,
-		RailsProxy: railsproxy.NewConn(s.cluster),
+		Cluster: s.cluster,
+		Parent:  &Conn{railsProxy: railsproxy.NewConn(s.cluster)},
 	}
 	s.db = arvadostest.DB(c, s.cluster)
 }
diff --git a/lib/controller/localdb/login_pam.go b/lib/controller/localdb/login_pam.go
index 365f91981..5d116a9e8 100644
--- a/lib/controller/localdb/login_pam.go
+++ b/lib/controller/localdb/login_pam.go
@@ -87,7 +87,7 @@ func (ctrl *pamLoginController) UserAuthenticate(ctx context.Context, opts arvad
 		"user":  user,
 		"email": email,
 	}).Debug("pam authentication succeeded")
-	return CreateAPIClientAuthorization(ctx, ctrl.Parent, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
+	return ctrl.Parent.CreateAPIClientAuthorization(ctx, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
 		Username: user,
 		Email:    email,
 	})
diff --git a/lib/controller/localdb/login_pam_test.go b/lib/controller/localdb/login_pam_test.go
index e6b967c94..c5876bbfa 100644
--- a/lib/controller/localdb/login_pam_test.go
+++ b/lib/controller/localdb/login_pam_test.go
@@ -36,8 +36,8 @@ func (s *PamSuite) SetUpSuite(c *check.C) {
 	s.cluster.Login.PAM.DefaultEmailDomain = "example.com"
 	s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
 	s.ctrl = &pamLoginController{
-		Cluster:    s.cluster,
-		RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider),
+		Cluster: s.cluster,
+		Parent:  &Conn{railsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)},
 	}
 }
 
diff --git a/lib/controller/localdb/login_testuser.go b/lib/controller/localdb/login_testuser.go
index d07105623..c567a0668 100644
--- a/lib/controller/localdb/login_testuser.go
+++ b/lib/controller/localdb/login_testuser.go
@@ -45,7 +45,7 @@ func (ctrl *testLoginController) UserAuthenticate(ctx context.Context, opts arva
 				"username": username,
 				"email":    user.Email,
 			}).Debug("test authentication succeeded")
-			return CreateAPIClientAuthorization(ctx, ctrl.Parent, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
+			return ctrl.Parent.CreateAPIClientAuthorization(ctx, ctrl.Cluster.SystemRootToken, rpc.UserSessionAuthInfo{
 				Username: username,
 				Email:    user.Email,
 			})
diff --git a/lib/controller/localdb/login_testuser_test.go b/lib/controller/localdb/login_testuser_test.go
index 758908889..7a520428b 100644
--- a/lib/controller/localdb/login_testuser_test.go
+++ b/lib/controller/localdb/login_testuser_test.go
@@ -41,8 +41,8 @@ func (s *TestUserSuite) SetUpSuite(c *check.C) {
 	}
 	s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
 	s.ctrl = &testLoginController{
-		Cluster:    s.cluster,
-		RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider),
+		Cluster: s.cluster,
+		Parent:  &Conn{railsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider)},
 	}
 	s.db = arvadostest.DB(c, s.cluster)
 }

-----------------------------------------------------------------------


hooks/post-receive
-- 


