- {{ sls_config_file }}
- ..service
+arvados-api-resources-virtual-machines-jq-pkg-installed:
+ pkg.installed:
+ - name: jq
+
{%- for vm, vm_params in virtual_machines.items() %}
{%- set vm_name = vm_params.name | default(vm) %}
- {%- set vm_backend = vm_params.backend | default(vm_name) %}
- {%- set vm_port = vm_params.port | default(4200) %}
+ {%- set cmd_query_vm_uuid = 'ARVADOS_API_TOKEN=' ~ api_token ~
+ ' ARVADOS_API_HOST=' ~ api_host ~
+ ' arv --short virtual_machine list' ~
+ ' --filters \'[["hostname", "=", "' ~ vm_name ~ '"]]\''
+ %}
+
+# Create the virtual machine record
arvados-api-resources-virtual-machines-{{ vm }}-record-cmd-run:
cmd.run:
- env:
create \
--virtual-machine '{"hostname":"{{ vm_name }}" }'
- unless: |
- ARVADOS_API_TOKEN={{ api_token }} \
- ARVADOS_API_HOST="{{ api_host }}" \
- arv --short \
- virtual_machine \
- list \
- --filters '[["hostname", "=", "{{ vm_name }}"]]' | \
- /bin/grep -qE "fixme-2x53u-[a-z0-9_]{15}"
+ {{ cmd_query_vm_uuid }} | \
+ /bin/grep -qE "fixme-2x53u-[a-z0-9]{15}"
+
+ # As we need the UUID generated in the previous command, we need to
+ # iterate again in order to get them
+ {% set vm_uuid = salt['cmd.shell'](cmd_query_vm_uuid) %}
+
+ {%- set scoped_token_url = '/arvados/v1/virtual_machines/' ~ vm_uuid ~ '/logins' %}
+
+ # There's no direct way to query the scoped_token for a given virtual_machine
+ # so we need to parse the api_client_authorization list through some jq
+ {%- set cmd_query_scoped_token_url = 'ARVADOS_API_TOKEN=' ~ api_token ~
+ ' ARVADOS_API_HOST=' ~ api_host ~
+ ' arv api_client_authorization list |' ~
+ ' jq -e \'.items[].scopes[] | select(. == "GET ' ~
+ scoped_token_url ~ '")\''
+ %}
+# Create the VM scoped tokens
+arvados-api-resources-virtual-machines-{{ vm }}-scoped-token-cmd-run:
+ cmd.run:
+ - env:
+ - ARVADOS_API_TOKEN: {{ api_token }}
+ - ARVADOS_API_HOST: {{ api_host }}
+ - name: |
+ arv --format=uuid \
+ api_client_authorization \
+ create \
+ --api-client-authorization '{"scopes":["GET {{ scoped_token_url }}"]}'
+ - require:
+ - pkg: arvados-api-resources-virtual-machines-jq-pkg-installed
+ - unless: {{ cmd_query_scoped_token_url }}
+
{%- endfor %}
# frozen_string_literal: true
-test_cmd = <<~TEST_CMD
+query_virtual_machines = <<~TEST_VM_CMD
su -l kitchen -c \
"ARVADOS_API_TOKEN=\\"systemroottokenmushaveatleast32characters\\" \
ARVADOS_API_HOST=\\"fixme.example.net\\" \
arv virtual_machine list --filters '[[\\"hostname\\", \\"=\\", \\"%s\\"]]'"
-TEST_CMD
+TEST_VM_CMD
+
+query_scoped_token_urls = <<~TEST_STU_CMD
+ su -l kitchen -c \
+ "ARVADOS_API_TOKEN=\\"systemroottokenmushaveatleast32characters\\" \
+ ARVADOS_API_HOST=\\"fixme.example.net\\" \
+ arv api_client_authorization list"
+TEST_STU_CMD
control 'arvados api resources' do
impact 0.5
%w[
webshell1
webshell2
+ webshell3
].each do |vm|
describe "virtual machine #{vm}" do
subject do
- command(test_cmd % vm)
+ command(query_virtual_machines % vm)
end
its('stdout') { should match(/"uuid":"fixme-2x53u-[a-z0-9_]{15}"/) }
its('stdout') { should match(/"hostname":"#{vm}"/) }
its('stderr') { should eq '' }
its('exit_status') { should eq 0 }
end
+
+ describe "scoped token for #{vm}" do
+ subject do
+ command(query_scoped_token_urls % vm)
+ end
+ its('stdout') do
+ should match(
+ %r{"GET /arvados/v1/virtual_machines/fixme-2x53u-[a-z0-9]{15}/logins"}
+ )
+ end
+ its('stderr') { should eq '' }
+ its('exit_status') { should eq 0 }
+ end
end
end