[ARVADOS] updated: 2.1.0-1874-gad2851bce

Git user git at public.arvados.org
Thu Feb 10 18:53:48 UTC 2022 

Summary of changes:
 doc/admin/upgrading.html.textile.liquid          |  6 +-
 doc/install/install-keep-web.html.textile.liquid |  8 +--
 services/api/script/get_anonymous_user_token.rb  | 85 ------------------------
 3 files changed, 8 insertions(+), 91 deletions(-)
 delete mode 100755 services/api/script/get_anonymous_user_token.rb

       via  ad2851bce9be401f8feac6570b3958ce93732cfd (commit)
      from  abd8c34dc8a21ff75fda2e60d6f2be9ef5722cb3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit ad2851bce9be401f8feac6570b3958ce93732cfd
Author: Ward Vandewege <ward at curii.com>
Date:   Thu Feb 10 13:47:18 2022 -0500

    18676: remove script/get_anonymous_user_token.rb and update
           documentation.
    
    Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>

diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 2bd41829b..9ad081292 100644
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -35,10 +35,14 @@ TODO: extract this information based on git commit messages and generate changel
 <div class="releasenotes">
 </notextile>
 
-h2(#main). development main (as of 2021-11-10)
+h2(#main). development main (as of 2022-02-10)
 
 "previous: Upgrading from 2.3.0":#v2_3_0
 
+h3. Anonymous token changes
+
+The anonymous token configured in @Users.AnonymousUserToken@ must now be 50 characters or longer. This was already the suggestion in the documentation, now it is enforced. The @script/get_anonymous_user_token.rb@ script that was needed to register the anonymous user token in the database has been removed. Registration of the anonymous token is no longer necessary.
+
 h3. Preemptible instance types are used automatically, if any are configured
 
 The default behavior for selecting "preemptible instances":{{site.baseurl}}/admin/spot-instances.html has changed. If your configuration lists any instance types with @Preemptible: true@, all child (non-top-level) containers will automatically be scheduled on preemptible instances. To avoid using preemptible instances except when explicitly requested by clients, add @AlwaysUsePreemptibleInstances: false@ in the @Containers@ config section. (Previously, preemptible instance types were never used unless the configuration specified @UsePreemptibleInstances: true at . That flag has been removed.)
diff --git a/doc/install/install-keep-web.html.textile.liquid b/doc/install/install-keep-web.html.textile.liquid
index 98c316548..4942c9607 100644
--- a/doc/install/install-keep-web.html.textile.liquid
+++ b/doc/install/install-keep-web.html.textile.liquid
@@ -11,7 +11,7 @@ SPDX-License-Identifier: CC-BY-SA-3.0
 
 # "Introduction":#introduction
 # "Configure DNS":#introduction
-# "Configure anonymous user token.yml":#update-config
+# "Configure anonymous user token":#update-config
 # "Update nginx configuration":#update-nginx
 # "Install keep-web package":#install-packages
 # "Start the service":#start-service
@@ -105,15 +105,13 @@ h2. Set InternalURLs
 
 h2(#update-config). Configure anonymous user token
 
-{% assign railscmd = "bin/bundle exec ./script/get_anonymous_user_token.rb --get" %}
-{% assign railsout = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" %}
 If you intend to use Keep-web to serve public data to anonymous clients, configure it with an anonymous token.
 
-# Generate a random string (>= 50 characters long) and put it in the @config.yml@ file, in the @AnonymousUserToken@ field.
+Generate a random string (>= 50 characters long) and put it in the @config.yml@ file, in the @AnonymousUserToken@ field.
 
 <notextile>
 <pre><code>    Users:
-      AnonymousUserToken: <span class="userinput">"{{railsout}}"</span>
+      AnonymousUserToken: <span class="userinput">"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"</span>
 </code></pre>
 </notextile>
 
diff --git a/services/api/script/get_anonymous_user_token.rb b/services/api/script/get_anonymous_user_token.rb
deleted file mode 100755
index 4c3ca34f0..000000000
--- a/services/api/script/get_anonymous_user_token.rb
+++ /dev/null
@@ -1,85 +0,0 @@
-#!/usr/bin/env ruby
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-# Get or Create an anonymous user token.
-# If get option is used, an existing anonymous user token is returned. If none exist, one is created.
-# If the get option is omitted, a new token is created and returned.
-
-require 'optimist'
-
-opts = Optimist::options do
-  banner ''
-  banner "Usage: get_anonymous_user_token "
-  banner ''
-  opt :get, <<-eos
-Get an existing anonymous user token. If no such token exists \
-or if this option is omitted, a new token is created and returned.
-  eos
-  opt :token, "token to create (optional)", :type => :string
-end
-
-get_existing = opts[:get]
-supplied_token = opts[:token]
-
-require File.dirname(__FILE__) + '/../config/environment'
-
-include ApplicationHelper
-act_as_system_user
-
-def create_api_client_auth(supplied_token=nil)
-  supplied_token = Rails.configuration.Users["AnonymousUserToken"]
-
-  if supplied_token.nil? or supplied_token.empty?
-    puts "Users.AnonymousUserToken is empty.  Destroying tokens that belong to anonymous."
-    # Token is empty.  Destroy any anonymous tokens.
-    ApiClientAuthorization.where(user: anonymous_user).destroy_all
-    return nil
-  end
-
-  attr = {user: anonymous_user,
-          api_client_id: 0,
-          scopes: ['GET /']}
-
-  secret = supplied_token
-
-  if supplied_token[0..2] == 'v2/'
-    _, token_uuid, secret, optional = supplied_token.split('/')
-    if token_uuid[0..4] != Rails.configuration.ClusterID
-      # Belongs to a different cluster.
-      puts supplied_token
-      return nil
-    end
-    attr[:uuid] = token_uuid
-  end
-
-  attr[:api_token] = secret
-
-  api_client_auth = ApiClientAuthorization.where(attr).first
-  if !api_client_auth
-    # The anonymous user token should never expire but we are not allowed to
-    # set :expires_at to nil, so we set it to 1000 years in the future.
-    attr[:expires_at] = Time.now + 1000.years
-    api_client_auth = ApiClientAuthorization.create!(attr)
-  end
-  api_client_auth
-end
-
-if get_existing
-  api_client_auth = ApiClientAuthorization.
-    where('user_id=?', anonymous_user.id.to_i).
-    where('expires_at>?', Time.now).
-    select { |auth| auth.scopes == ['GET /'] }.
-    first
-end
-
-# either not a get or no api_client_auth was found
-if !api_client_auth
-  api_client_auth = create_api_client_auth(supplied_token)
-end
-
-# print it to the console
-if api_client_auth
-  puts "v2/#{api_client_auth.uuid}/#{api_client_auth.api_token}"
-end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list