[ARVADOS] updated: 1.3.0-3107-g02ebaa22b
Git user
git at public.arvados.org
Wed Sep 9 23:06:34 UTC 2020
Summary of changes:
.../app/controllers/work_units_controller.rb | 3 +
.../app/views/users/_virtual_machines.html.erb | 2 +-
.../app/views/virtual_machines/webshell.html.erb | 42 ++++--
apps/workbench/config/initializers/assets.rb | 2 +-
.../assets/javascripts}/webshell/shell_in_a_box.js | 52 +++----
.../assets/stylesheets}/webshell/styles.css | 38 ++---
.../test/integration/anonymous_access_test.rb | 2 +-
apps/workbench/test/integration/work_units_test.rb | 19 +++
build/run-tests.sh | 11 +-
doc/install/arvbox.html.textile.liquid | 20 ++-
.../install-dispatch-cloud.html.textile.liquid | 3 +
.../install-shell-server.html.textile.liquid | 50 ++++---
doc/install/install-webshell.html.textile.liquid | 11 +-
...quid => arvados-cwl-runner.html.textile.liquid} | 34 ++++-
.../vm-login-with-webshell.html.textile.liquid | 2 +-
.../getting_started/workbench.html.textile.liquid | 12 +-
doc/user/index.html.textile.liquid | 2 +-
docker/jobs/Dockerfile | 6 +-
lib/boot/seed.go | 4 +
lib/boot/supervisor.go | 4 +
lib/cloud/azure/azure.go | 4 +-
lib/cloud/azure/azure_test.go | 4 +-
lib/cloud/cloudtest/tester.go | 6 +-
lib/cloud/ec2/ec2.go | 8 +-
lib/cloud/ec2/ec2_test.go | 8 +-
lib/config/cmd.go | 3 +-
lib/config/config.default.yml | 10 ++
lib/config/export.go | 3 +-
lib/config/generated_config.go | 10 ++
lib/controller/federation/conn.go | 36 ++++-
lib/controller/handler_test.go | 4 +-
lib/controller/integration_test.go | 156 ++++++++++++++++++++-
lib/controller/localdb/login_testuser.go | 63 ++++++++-
lib/controller/localdb/login_testuser_test.go | 9 ++
lib/controller/rpc/conn.go | 9 +-
lib/controller/semaphore.go | 3 +-
lib/crunchrun/copier.go | 3 +-
lib/crunchrun/crunchrun.go | 37 +++--
lib/dispatchcloud/dispatcher_test.go | 6 +
lib/dispatchcloud/driver.go | 5 +-
lib/dispatchcloud/scheduler/run_queue.go | 43 +++---
lib/dispatchcloud/scheduler/run_queue_test.go | 41 +++---
lib/dispatchcloud/test/queue.go | 6 +-
lib/dispatchcloud/test/stub_driver.go | 40 ++----
lib/dispatchcloud/worker/pool.go | 154 +++++++++++++-------
lib/dispatchcloud/worker/pool_test.go | 40 ++++++
lib/dispatchcloud/worker/verify.go | 6 +-
lib/dispatchcloud/worker/worker.go | 16 +++
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.0.yml | 6 +
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.1.yml | 6 +
sdk/cwl/arvados_cwl/arv-cwl-schema-v1.2.yml | 6 +
sdk/cwl/arvados_cwl/arvworkflow.py | 35 +++--
sdk/cwl/arvados_cwl/executor.py | 3 +-
sdk/cwl/fpm-info.sh | 5 +-
.../collection_per_tool_packed.cwl | 8 +-
sdk/cwl/tests/test_submit.py | 4 +-
...{expect_packed.cwl => expect_upload_packed.cwl} | 8 +-
sdk/go/arvados/blob_signature.go | 3 +-
sdk/go/arvados/config.go | 39 +++---
sdk/go/arvados/keep_service.go | 2 +-
sdk/go/arvadosclient/arvadosclient.go | 12 +-
sdk/go/blockdigest/blockdigest.go | 2 +-
sdk/go/keepclient/root_sorter.go | 5 +-
sdk/go/keepclient/support.go | 15 +-
sdk/python/setup.py | 2 +-
.../api/app/models/api_client_authorization.rb | 18 ++-
services/api/app/models/database_seeds.rb | 1 +
services/api/lib/current_api_client.rb | 10 ++
services/api/script/get_anonymous_user_token.rb | 48 ++++---
services/api/test/fixtures/api_clients.yml | 7 +
services/api/test/fixtures/workflows.yml | 25 ++++
.../api_client_authorizations_api_test.rb | 46 ++++--
services/api/test/integration/remote_user_test.rb | 30 +++-
.../api/test/integration/user_sessions_test.rb | 55 +++++++-
services/arv-git-httpd/auth_handler_test.go | 2 +-
services/arv-git-httpd/git_handler_test.go | 2 +-
services/arv-git-httpd/integration_test.go | 2 +-
services/fuse/arvados_fuse/fusedir.py | 15 +-
services/fuse/arvados_fuse/unmount.py | 1 +
services/keep-web/s3.go | 41 ++++--
services/keep-web/s3_test.go | 42 +++++-
services/keepproxy/keepproxy_test.go | 2 +-
services/keepstore/proxy_remote_test.go | 2 +-
services/login-sync/bin/arvados-login-sync | 101 ++++++++++---
services/login-sync/test/test_add_user.rb | 13 +-
services/ws/service_test.go | 2 +-
tools/arvbox/bin/arvbox | 46 ++++--
tools/arvbox/lib/arvbox/docker/Dockerfile.base | 4 +-
tools/arvbox/lib/arvbox/docker/Dockerfile.demo | 10 +-
tools/arvbox/lib/arvbox/docker/Dockerfile.dev | 1 -
tools/arvbox/lib/arvbox/docker/api-setup.sh | 5 -
tools/arvbox/lib/arvbox/docker/cluster-config.sh | 31 ++--
tools/arvbox/lib/arvbox/docker/common.sh | 3 +-
tools/arvbox/lib/arvbox/docker/edit_users.py | 70 +++++++++
tools/arvbox/lib/arvbox/docker/service/nginx/run | 45 ++++++
.../lib/arvbox/docker/service/ready/run-service | 3 +-
tools/arvbox/lib/arvbox/docker/service/sso/run | 1 -
.../lib/arvbox/docker/service/sso/run-service | 88 ------------
.../service/{sso => webshell}/log/main/.gitstub | 0
.../docker/service/{sso => webshell}/log/run | 0
.../arvbox/lib/arvbox/docker/service/webshell/run | 43 ++++++
.../lib/arvbox/docker/service/webshell/run-service | 13 ++
102 files changed, 1442 insertions(+), 599 deletions(-)
rename apps/workbench/{public => lib/assets/javascripts}/webshell/shell_in_a_box.js (99%)
rename apps/workbench/{public => lib/assets/stylesheets}/webshell/styles.css (93%)
copy doc/sdk/python/{arvados-fuse.html.textile.liquid => arvados-cwl-runner.html.textile.liquid} (59%)
copy sdk/cwl/tests/wf/{expect_packed.cwl => expect_upload_packed.cwl} (93%)
create mode 100755 tools/arvbox/lib/arvbox/docker/edit_users.py
delete mode 120000 tools/arvbox/lib/arvbox/docker/service/sso/run
delete mode 100755 tools/arvbox/lib/arvbox/docker/service/sso/run-service
rename tools/arvbox/lib/arvbox/docker/service/{sso => webshell}/log/main/.gitstub (100%)
rename tools/arvbox/lib/arvbox/docker/service/{sso => webshell}/log/run (100%)
create mode 100755 tools/arvbox/lib/arvbox/docker/service/webshell/run
create mode 100755 tools/arvbox/lib/arvbox/docker/service/webshell/run-service
via 02ebaa22b0b481d6b8525b3571e2b112769de4a2 (commit)
via 3160fe4ab72efd37b87b2acb560c739314173027 (commit)
via 274ca75e0b5277d6d591b45e29b1a2c9185bed5a (commit)
via 1771152da97200b038378666457d18679f4c8cd7 (commit)
via 49a89ce984eb69ef4316882e91dec652dc353e39 (commit)
via 3ee2186cb06b822f113696ccb24a78b79269d318 (commit)
via 47aa52f1b343c93e09908b69d40bf8b389e8b15c (commit)
via 472fff42d6105a4457deeb1579e9d14caffc82dc (commit)
via 8bad7194a84fd1973f9b19d68db3dd56cbca3162 (commit)
via 21dc468b7c86996d05f019650d2b7b3e472c5ed5 (commit)
via 0f3db3d5f1bc976f38f6eed05c236ece79b7f876 (commit)
via 51d7a5b2a23074a130aa6dd74cbaf5f335920769 (commit)
via 36e3b4021e376e74806df16816bd3f207ff37ecb (commit)
via 5c5ac412b722025d1af37f81bea60a4b503ce6aa (commit)
via 64d38dcbfb53c240a99523e250ad576788954a56 (commit)
via 8f8329e7d99e9d1c0e753fb26bf4dc1e76828017 (commit)
via 513865a8e58b8adf28c17f12093053cdb62cfa71 (commit)
via 0036a0a5755f6c0fb5c7747c7d4442c0972b696c (commit)
via a5b73a1a47bed348098dc116950a01b77c04c208 (commit)
via 72beb46ad804361a8ae012b1bc4475480912d8a8 (commit)
via 6ed2e2c51fe463bfcf1b484d764af5bf47d416ad (commit)
via 201812edc08fc1fd11cc6635e2224adad2b913f5 (commit)
via b1a9b18e4bd1691294b60a90c595bccd29725ca7 (commit)
via a528347f7edc85282c3f618fbae4030e9f9da226 (commit)
via 3241db378301b3d507e928776d5e3e511c38a998 (commit)
via 71c57454fc3adf2d63db8b3cb1d0e8ecdff5c93f (commit)
via 16919ef3f156ee7cc99fa78af3701f1d8a66ec25 (commit)
via c1bd1ee9ed5c36a3af524178e876a9b2255ab5f0 (commit)
via fbd40a96ea616d8042db23371083ebf80684825f (commit)
via ac4599592d265dc5a922ec8f468d46cfe7de52e2 (commit)
via a730ff3281e2a4eff04240e6233c9c13ac8fdbfb (commit)
via b30659d514ce281209fa7b99863413832fa8d44b (commit)
via b6462cf67d9c3a0d9eb6d2d6997b2a88ece8ad6c (commit)
via 98db65de63c9e2acfeae6636ccc619171635bda0 (commit)
via 8a17791b5f16b785eeaff86051dbcce84699ceac (commit)
via b35dfa1f2b6c2fe57b7bc8a6e107425ed4e44f2a (commit)
via 09ff850dc6e3e8f10d7d96adfc02674222f7aa9a (commit)
via 76182f26191190c405077106becdde149c0ad7c5 (commit)
via b521d2c5254e439e23cd750f86d55eadffb3e4b9 (commit)
via 64eac5879fe80f9ad52665421962740390a14eee (commit)
via bcee68ee657af1591d1ae0624e2d12029b0b92d5 (commit)
via 0b38c1d85c04e15ec45dcaaf63882c01dd3f91d7 (commit)
via cf0dfaa4494d591bb34c2fa23589061f4d89d0aa (commit)
via 201e2b7e3965aebc87de3139d31b8f14a312ec6f (commit)
via 0ff4ed45a7ab1730118eadfb92ddea7d332f0328 (commit)
via 4355586821d71fed6a3fe95fea69f548797f77d8 (commit)
via 509a6d6764aae8b8bbe5b32c21c8f64a49d02ad3 (commit)
via b108bdfa0f3c74239fa565a1d14db945eb4dcf18 (commit)
via bc11ee32eeb31c63a3fb99819087d2def0988789 (commit)
via a5fef23f2863cd0183ff596f4579110e2ddb3b3d (commit)
via 9e9142058cdee68ad567836799883b1aa6962bbd (commit)
via db13716484018404860275de75d278e0aaa08d8a (commit)
via 4e6985fea736b4a46537005bf853de80be1b013a (commit)
via cf16a3c479626c18e408a12c18c5a6ed547f85dc (commit)
via da85d6516630d06ae3c34b4a52dc5ddff9fd5ace (commit)
via baa1f256924655d67b704f35981e9839743fab99 (commit)
via 8991b43990aa7a77edd78f165114b93a6a207985 (commit)
via f3e3a6cc4b72120f856e14f3039b1c0c1f0326bd (commit)
via 5ce6d49b5a632b8e846fb0d794444ecd39f74fa5 (commit)
via 27566b089a00a4038fceb320175b37fcb0e77033 (commit)
via 87977ae72b8cfded3263b109caa5245fa1abd74f (commit)
via 8661ab4aa19494699915a9a9c1c492345d367855 (commit)
via bee95c1cdbc3859f47a0a95940680ebaa2a4c9a5 (commit)
via ffe94bef9cd17abb522d7fabb32326405d466a94 (commit)
via b36ffab0228e53226614f7d33e4a8e3921d0256f (commit)
via ae50c333f57298b5d4b81229476cd990aab1dad5 (commit)
via ecc2f49233c0b52820e856ba0b18e4123d99d228 (commit)
via 434dee9ff1b42d7169fbd9368263e6a0f5c40bed (commit)
via 5ce67dcb90e196227d920c52fc1a7256e39ede92 (commit)
via d3b6bdd6ef2b543c607bd7c3cdf9df5c74e90dc0 (commit)
via 83d9f52a85cd19e9821d54b3d6ec9efdff337777 (commit)
via 065aa362326aae3ec05958436053c72299bdad7d (commit)
via be28c5f528a93ee32eef4c1dc2d0872cb718b29f (commit)
via 4706c89f091563cc56a6d4f819e025850031a009 (commit)
via 43da0e7ce859cb8ed3385417a2fc97a36cc688e6 (commit)
via a46ef7496b83b2778de8db36e4948b55dddf3754 (commit)
via 92ff0d8081ad46b1c7e7c3407745d6b9cde50a1a (commit)
via ecff7e34ea7d5e8321c2821cae476355bffbc248 (commit)
via 6d827e6be83d9b3129b4bc7a812d43d2ca874174 (commit)
via d67b634b9afe9bebeaef461dfdd2edfa4e5740fd (commit)
via 5895b2710b4331109a0056275e8b046a53b5ba06 (commit)
via 1617202c337078fb94ea19893c73061983be94ad (commit)
via 3e975aa25c141ccd3f08335906d96d9ff7035bf2 (commit)
via 81ff58f4addd05346161a9b44648d1ab31e027bc (commit)
via 5c4b585cd03d6fba1779113f7cba6b34e0c526b7 (commit)
via f9e6c9f5e30cbf0fc3d6f9981b6e3673d603f3e1 (commit)
via 505c8fa50631201e289cc55230d46fdf52fa2055 (commit)
via b4091adb7ac1a85de6ae1f18895e9d8f9da5d441 (commit)
via 47833c68da26e2dd1fd65784cb56a352503dbcb9 (commit)
via 4de0821a28d54153c6046655d4a2d8f57da7e005 (commit)
via 09f4d9f7fd5fc0518aa7d614c7f061c0b8f7d5a4 (commit)
via 26519f015ebbd7e7b4ef288d4e89d877ea05c0ec (commit)
via 2fc9d1ac9dbb3557541c449820f4bba4cd4b7313 (commit)
from 5baf26bc79fa6886e43f51631befd3bcc7a5b60b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 02ebaa22b0b481d6b8525b3571e2b112769de4a2
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date: Wed Sep 9 20:05:43 2020 -0300
16736: Adds check on api client auth creation/update for expires_at.
Also, adds some more tests.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>
diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index ab6fd8000..5bf32e6ed 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -326,7 +326,10 @@ class ApiClientAuthorization < ArvadosModel
protected
def permission_to_create
- current_user.andand.is_admin or (current_user.andand.id == self.user_id)
+ current_user.andand.is_admin or
+ ((current_user.andand.id == self.user_id)) and
+ (current_api_client_authorization.andand.expires_at.nil? or
+ (self.expires_at and current_api_client_authorization.expires_at >= self.expires_at))
end
def permission_to_update
@@ -335,7 +338,6 @@ class ApiClientAuthorization < ArvadosModel
end
def log_update
-
super unless (saved_changes.keys - UNLOGGED_CHANGES).empty?
end
end
diff --git a/services/api/test/integration/user_sessions_test.rb b/services/api/test/integration/user_sessions_test.rb
index 2d5ccfe4a..6eb3f20d7 100644
--- a/services/api/test/integration/user_sessions_test.rb
+++ b/services/api/test/integration/user_sessions_test.rb
@@ -53,14 +53,14 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest
test 'existing user login' do
mock_auth_with(identity_url: "https://active-user.openid.local")
u = assigns(:user)
- assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid
+ assert_equal users(:active).uuid, u.uuid
end
test 'trusted api client token cannot create tokens with expiration dates past its own' do
exp_date = Time.now + 12.hours
mock_auth_with(identity_url: "https://active-user.openid.local")
u = assigns(:user)
- assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid
+ assert_equal users(:active).uuid, u.uuid
auth = assigns(:api_client_auth)
assert_equal auth.user_id, u.id
act_as_system_user do
@@ -83,7 +83,7 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest
test 'trusted api client expiring token cannot create tokens with no expiration' do
mock_auth_with(identity_url: "https://active-user.openid.local")
u = assigns(:user)
- assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid
+ assert_equal users(:active).uuid, u.uuid
auth = assigns(:api_client_auth)
assert_equal auth.user_id, u.id
act_as_system_user do
@@ -103,16 +103,61 @@ class UserSessionsApiTest < ActionDispatch::IntegrationTest
assert_response 403
end
+ test 'trusted api client token cannot update tokens with expiration dates past its own' do
+ exp_date = Time.now + 12.hours
+ mock_auth_with(identity_url: "https://active-user.openid.local")
+ u = assigns(:user)
+ assert_equal users(:active).uuid, u.uuid
+ auth = assigns(:api_client_auth)
+ assert_equal auth.user_id, u.id
+ act_as_system_user do
+ assert auth.update_attributes!(expires_at: exp_date)
+ assert auth.api_client.update_attributes!(is_trusted: true)
+ end
+ assert_not_nil auth.expires_at
+ put "/arvados/v1/api_client_authorizations/#{auth.uuid}",
+ params: {
+ :format => :json,
+ :api_client_authorization => {
+ :expires_at => exp_date + 1.hour
+ }
+ },
+ headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{auth.api_token}"}
+ assert_response 403
+ end
+
+ test 'trusted api client expiring token cannot update tokens with no expiration' do
+ mock_auth_with(identity_url: "https://active-user.openid.local")
+ u = assigns(:user)
+ assert_equal users(:active).uuid, u.uuid
+ auth = assigns(:api_client_auth)
+ assert_equal auth.user_id, u.id
+ act_as_system_user do
+ assert auth.update_attributes!(expires_at: Time.now + 12.hours)
+ assert auth.api_client.update_attributes!(is_trusted: true)
+ end
+ assert_not_nil auth.expires_at
+ put "/arvados/v1/api_client_authorizations/#{auth.uuid}",
+ params: {
+ :format => :json,
+ :api_client_authorization => {
+ :expires_at => nil
+ }
+ },
+ headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{auth.api_token}"}
+ assert_response 403
+ end
+
test 'user redirect_to_user_uuid' do
mock_auth_with(identity_url: "https://redirects-to-active-user.openid.local")
u = assigns(:user)
- assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid
+ assert_equal users(:active).uuid, u.uuid
end
test 'user double redirect_to_user_uuid' do
mock_auth_with(identity_url: "https://double-redirects-to-active-user.openid.local")
u = assigns(:user)
- assert_equal 'zzzzz-tpzed-xurymjxw79nv3jz', u.uuid
+ assert_equal users(:active).uuid, u.uuid
end
test 'create new user during omniauth callback' do
commit 3160fe4ab72efd37b87b2acb560c739314173027
Merge: 5baf26bc7 274ca75e0
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date: Tue Sep 8 16:47:01 2020 -0300
16736: Merge branch 'master' into 16736-expiring-tokens-limits
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list