[ARVADOS] created: 2.1.0-1838-g3c18a9d8e
Git user
git at public.arvados.org
Fri Jan 21 21:35:07 UTC 2022
at 3c18a9d8e2ebb6483413085ce6e0eb2fa382f06f (commit)
commit 3c18a9d8e2ebb6483413085ce6e0eb2fa382f06f
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Fri Jan 21 17:27:36 2022 -0300
17583: Forwards ApiClientAuthorization list requests to LoginCluster.
Also, honor the bypass_federation parameter.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 298c693b4..d3819f626 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -741,6 +741,9 @@ func (conn *Conn) APIClientAuthorizationCreate(ctx context.Context, options arva
}
func (conn *Conn) APIClientAuthorizationUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.APIClientAuthorization, error) {
+ if options.BypassFederation {
+ return conn.local.APIClientAuthorizationUpdate(ctx, options)
+ }
return conn.chooseBackend(options.UUID).APIClientAuthorizationUpdate(ctx, options)
}
@@ -749,7 +752,10 @@ func (conn *Conn) APIClientAuthorizationDelete(ctx context.Context, options arva
}
func (conn *Conn) APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
- return conn.local.APIClientAuthorizationList(ctx, options)
+ if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.BypassFederation {
+ return conn.chooseBackend(conn.cluster.Login.LoginCluster).APIClientAuthorizationList(ctx, options)
+ }
+ return conn.generated_APIClientAuthorizationList(ctx, options)
}
func (conn *Conn) APIClientAuthorizationGet(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) {
diff --git a/lib/controller/federation/generate.go b/lib/controller/federation/generate.go
index b49e138ce..8af613156 100644
--- a/lib/controller/federation/generate.go
+++ b/lib/controller/federation/generate.go
@@ -53,7 +53,7 @@ func main() {
defer out.Close()
out.Write(regexp.MustCompile(`(?ms)^.*package .*?import.*?\n\)\n`).Find(buf))
io.WriteString(out, "//\n// -- this file is auto-generated -- do not edit -- edit list.go and run \"go generate\" instead --\n//\n\n")
- for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link"} {
+ for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link", "APIClientAuthorization"} {
_, err := out.Write(bytes.ReplaceAll(orig, []byte("Collection"), []byte(t)))
if err != nil {
panic(err)
diff --git a/lib/controller/federation/generated.go b/lib/controller/federation/generated.go
index e8a5a08ff..66f36161d 100755
--- a/lib/controller/federation/generated.go
+++ b/lib/controller/federation/generated.go
@@ -262,3 +262,44 @@ func (conn *Conn) generated_LinkList(ctx context.Context, options arvados.ListOp
}
return merged, err
}
+
+func (conn *Conn) generated_APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
+ var mtx sync.Mutex
+ var merged arvados.APIClientAuthorizationList
+ var needSort atomic.Value
+ needSort.Store(false)
+ err := conn.splitListRequest(ctx, options, func(ctx context.Context, _ string, backend arvados.API, options arvados.ListOptions) ([]string, error) {
+ options.ForwardedFor = conn.cluster.ClusterID + "-" + options.ForwardedFor
+ cl, err := backend.APIClientAuthorizationList(ctx, options)
+ if err != nil {
+ return nil, err
+ }
+ mtx.Lock()
+ defer mtx.Unlock()
+ if len(merged.Items) == 0 {
+ merged = cl
+ } else if len(cl.Items) > 0 {
+ merged.Items = append(merged.Items, cl.Items...)
+ needSort.Store(true)
+ }
+ uuids := make([]string, 0, len(cl.Items))
+ for _, item := range cl.Items {
+ uuids = append(uuids, item.UUID)
+ }
+ return uuids, nil
+ })
+ if needSort.Load().(bool) {
+ // Apply the default/implied order, "modified_at desc"
+ sort.Slice(merged.Items, func(i, j int) bool {
+ mi, mj := merged.Items[i].ModifiedAt, merged.Items[j].ModifiedAt
+ return mj.Before(mi)
+ })
+ }
+ if merged.Items == nil {
+ // Return empty results as [], not null
+ // (https://github.com/golang/go/issues/27589 might be
+ // a better solution in the future)
+ merged.Items = []arvados.APIClientAuthorization{}
+ }
+ return merged, err
+}
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index ca2a419c7..9f5d12598 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -690,6 +690,7 @@ func (s *IntegrationSuite) TestFederatedApiClientAuthHandling(c *check.C) {
},
)
c.Assert(err, check.IsNil)
+ c.Assert(resp.APIClientID, check.Not(check.Equals), 0)
newTok := resp.TokenV2()
c.Assert(newTok, check.Not(check.Equals), "")
commit 434244494013a1e9d0cf56a7398fcd49fb75aaf1
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date: Fri Jan 21 17:15:21 2022 -0300
17583: Expands test to expose one pending bug.
ApiClientAuthorization LIST requests are not being forwarded on LoginCluster
federations.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index b7bda3dd1..ca2a419c7 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -704,6 +704,14 @@ func (s *IntegrationSuite) TestFederatedApiClientAuthHandling(c *check.C) {
)
c.Assert(err, check.IsNil)
c.Assert(curUser.UUID, check.Equals, user.UUID)
+
+ // Request the ApiClientAuthorization list using the new token
+ _, userClient, _ := s.testClusters["z3333"].ClientsWithToken(newTok)
+ var acaLst arvados.APIClientAuthorizationList
+ err = userClient.RequestAndDecode(
+ &acaLst, "GET", "arvados/v1/api_client_authorizations", nil, nil,
+ )
+ c.Assert(err, check.IsNil)
}
// Test for bug #18076
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list