[arvados] updated: 2.7.0-5355-ge42bf8fbe6
git repository hosting
git at public.arvados.org
Fri Nov 17 16:18:15 UTC 2023
Summary of changes:
lib/controller/federation/conn.go | 4 ++++
lib/controller/localdb/container_gateway.go | 2 +-
lib/controller/rpc/conn.go | 14 ++++++++++++++
sdk/go/arvados/api.go | 2 ++
sdk/go/arvados/client.go | 1 +
sdk/go/arvados/user.go | 4 ++--
sdk/go/arvadostest/api.go | 4 ++++
.../api/app/controllers/arvados/v1/schema_controller.rb | 2 +-
services/keep-balance/balance.go | 2 +-
services/keep-web/handler.go | 2 +-
services/keepproxy/keepproxy.go | 2 +-
11 files changed, 32 insertions(+), 7 deletions(-)
via e42bf8fbe66f822066e13c08b346005a52e1aa4a (commit)
via b2fe9103a8f42d393fdbb838106fa4d28ea9a25f (commit)
from 4658a55dc90567b87f484578c91f4f04db9623ab (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit e42bf8fbe66f822066e13c08b346005a52e1aa4a
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Nov 17 11:16:24 2023 -0500
20831: Make the IsAdmin and IsInvited pointers so they are nullable
Required to correctly handle both where the API does or does not
return the is_admin and is_invited fields when updating from remote
user records.
Also added DiscoveryDocument to arvados.API
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 0b6a630fae..376f55b7b3 100644
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -349,7 +349,7 @@ func (conn *Conn) ContainerSSH(ctx context.Context, opts arvados.ContainerSSHOpt
return sshconn, err
}
ctxRoot := auth.NewContext(ctx, &auth.Credentials{Tokens: []string{conn.cluster.SystemRootToken}})
- if !user.IsAdmin || !conn.cluster.Containers.ShellAccess.Admin {
+ if !*user.IsAdmin || !conn.cluster.Containers.ShellAccess.Admin {
if !conn.cluster.Containers.ShellAccess.User {
return sshconn, httpserver.ErrorWithStatus(errors.New("shell access is disabled in config"), http.StatusServiceUnavailable)
}
diff --git a/sdk/go/arvados/user.go b/sdk/go/arvados/user.go
index 2fb061e7fb..8dd71f2b72 100644
--- a/sdk/go/arvados/user.go
+++ b/sdk/go/arvados/user.go
@@ -11,14 +11,14 @@ type User struct {
UUID string `json:"uuid"`
Etag string `json:"etag"`
IsActive bool `json:"is_active"`
- IsAdmin bool `json:"is_admin"`
+ IsAdmin *bool `json:"is_admin,omitempty"`
Username string `json:"username"`
Email string `json:"email"`
FullName string `json:"full_name"`
FirstName string `json:"first_name"`
LastName string `json:"last_name"`
IdentityURL string `json:"identity_url"`
- IsInvited bool `json:"is_invited"`
+ IsInvited *bool `json:"is_invited,omitempty"`
OwnerUUID string `json:"owner_uuid"`
CreatedAt time.Time `json:"created_at"`
ModifiedAt time.Time `json:"modified_at"`
diff --git a/sdk/go/arvadostest/api.go b/sdk/go/arvadostest/api.go
index 4e214414d7..b5f8e962dc 100644
--- a/sdk/go/arvadostest/api.go
+++ b/sdk/go/arvadostest/api.go
@@ -40,6 +40,10 @@ func (as *APIStub) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error
as.appendCall(ctx, as.VocabularyGet, nil)
return arvados.Vocabulary{}, as.Error
}
+func (as *APIStub) DiscoveryDocument(ctx context.Context) (arvados.DiscoveryDocument, error) {
+ as.appendCall(ctx, as.DiscoveryDocument, nil)
+ return arvados.DiscoveryDocument{}, as.Error
+}
func (as *APIStub) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) {
as.appendCall(ctx, as.Login, options)
return arvados.LoginResponse{}, as.Error
diff --git a/services/api/app/controllers/arvados/v1/schema_controller.rb b/services/api/app/controllers/arvados/v1/schema_controller.rb
index e200870da5..74aa4078cb 100644
--- a/services/api/app/controllers/arvados/v1/schema_controller.rb
+++ b/services/api/app/controllers/arvados/v1/schema_controller.rb
@@ -36,7 +36,7 @@ class Arvados::V1::SchemaController < ApplicationController
# format is YYYYMMDD, must be fixed width (needs to be lexically
# sortable), updated manually, may be used by clients to
# determine availability of API server features.
- revision: "20220510",
+ revision: "20231117",
source_version: AppVersion.hash,
sourceVersion: AppVersion.hash, # source_version should be deprecated in the future
packageVersion: AppVersion.package_version,
diff --git a/services/keep-balance/balance.go b/services/keep-balance/balance.go
index e44dfeda87..0b865d7475 100644
--- a/services/keep-balance/balance.go
+++ b/services/keep-balance/balance.go
@@ -267,7 +267,7 @@ func (bal *Balancer) CheckSanityEarly(c *arvados.Client) error {
if err != nil {
return fmt.Errorf("CurrentUser(): %v", err)
}
- if !u.IsActive || !u.IsAdmin {
+ if !u.IsActive || !*u.IsAdmin {
return fmt.Errorf("current user (%s) is not an active admin user", u.UUID)
}
for _, srv := range bal.KeepServices {
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 123c4fe34d..b5e0e7e896 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -851,7 +851,7 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc
func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool {
var permitDownload bool
var permitUpload bool
- if tokenUser != nil && tokenUser.IsAdmin {
+ if tokenUser != nil && tokenUser.IsAdmin != nil && *tokenUser.IsAdmin {
permitUpload = h.Cluster.Collections.WebDAVPermission.Admin.Upload
permitDownload = h.Cluster.Collections.WebDAVPermission.Admin.Download
} else {
diff --git a/services/keepproxy/keepproxy.go b/services/keepproxy/keepproxy.go
index 2090c50686..964eaa7bdf 100644
--- a/services/keepproxy/keepproxy.go
+++ b/services/keepproxy/keepproxy.go
@@ -151,7 +151,7 @@ func (h *proxyHandler) checkAuthorizationHeader(req *http.Request) (pass bool, t
return false, "", nil
}
- if userCurrentError == nil && user.IsAdmin {
+ if userCurrentError == nil && *user.IsAdmin {
// checking userCurrentError is probably redundant,
// IsAdmin would be false anyway. But can't hurt.
if op == "read" && !h.cluster.Collections.KeepproxyPermission.Admin.Download {
commit b2fe9103a8f42d393fdbb838106fa4d28ea9a25f
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Fri Nov 17 09:37:28 2023 -0500
20831: Add DiscoveryDocument to arvados.API
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 95b50e7827..24a7b6f883 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -228,6 +228,10 @@ func (conn *Conn) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error)
return conn.chooseBackend(conn.cluster.ClusterID).VocabularyGet(ctx)
}
+func (conn *Conn) DiscoveryDocument(ctx context.Context) (arvados.DiscoveryDocument, error) {
+ return conn.chooseBackend(conn.cluster.ClusterID).DiscoveryDocument(ctx)
+}
+
func (conn *Conn) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) {
if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID {
// defer entire login procedure to designated cluster
diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index e15e4c4702..beedf3b993 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -48,6 +48,7 @@ type Conn struct {
httpClient http.Client
baseURL url.URL
tokenProvider TokenProvider
+ discoveryDocument *arvados.DiscoveryDocument
}
func NewConn(clusterID string, url *url.URL, insecure bool, tp TokenProvider) *Conn {
@@ -189,6 +190,19 @@ func (conn *Conn) VocabularyGet(ctx context.Context) (arvados.Vocabulary, error)
return resp, err
}
+func (conn *Conn) DiscoveryDocument(ctx context.Context) (arvados.DiscoveryDocument, error) {
+ if conn.discoveryDocument != nil {
+ return *conn.discoveryDocument, nil
+ }
+ var dd arvados.DiscoveryDocument
+ err := conn.requestAndDecode(ctx, &dd, arvados.EndpointDiscoveryDocument, nil, nil)
+ if err != nil {
+ return dd, err
+ }
+ conn.discoveryDocument = &dd
+ return *conn.discoveryDocument, nil
+}
+
func (conn *Conn) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) {
ep := arvados.EndpointLogin
var resp arvados.LoginResponse
diff --git a/sdk/go/arvados/api.go b/sdk/go/arvados/api.go
index f4ac1ab3c4..bff01eeda5 100644
--- a/sdk/go/arvados/api.go
+++ b/sdk/go/arvados/api.go
@@ -25,6 +25,7 @@ type APIEndpoint struct {
var (
EndpointConfigGet = APIEndpoint{"GET", "arvados/v1/config", ""}
EndpointVocabularyGet = APIEndpoint{"GET", "arvados/v1/vocabulary", ""}
+ EndpointDiscoveryDocument = APIEndpoint{"GET", "discovery/v1/apis/arvados/v1/rest", ""}
EndpointLogin = APIEndpoint{"GET", "login", ""}
EndpointLogout = APIEndpoint{"GET", "logout", ""}
EndpointAuthorizedKeyCreate = APIEndpoint{"POST", "arvados/v1/authorized_keys", "authorized_key"}
@@ -347,4 +348,5 @@ type API interface {
APIClientAuthorizationDelete(ctx context.Context, options DeleteOptions) (APIClientAuthorization, error)
APIClientAuthorizationUpdate(ctx context.Context, options UpdateOptions) (APIClientAuthorization, error)
APIClientAuthorizationGet(ctx context.Context, options GetOptions) (APIClientAuthorization, error)
+ DiscoveryDocument(ctx context.Context) (DiscoveryDocument, error)
}
diff --git a/sdk/go/arvados/client.go b/sdk/go/arvados/client.go
index d71ade8a81..735a44d24c 100644
--- a/sdk/go/arvados/client.go
+++ b/sdk/go/arvados/client.go
@@ -630,6 +630,7 @@ type DiscoveryDocument struct {
GitURL string `json:"gitUrl"`
Schemas map[string]Schema `json:"schemas"`
Resources map[string]Resource `json:"resources"`
+ Revision string `json:"revision"`
}
type Resource struct {
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list