From: Javier Bértoli <javier@netmanagers.com.ar>
Date: Fri, 14 May 2021 22:00:17 +0000 (-0300)
Subject: fix(scoped_tokens): resolved dependencies on virtual_machines
X-Git-Url: https://git.arvados.org/arvados-formula.git/commitdiff_plain/1c81e527e7a3b3a965958e33d7073135071b3ff3?ds=sidebyside

fix(scoped_tokens): resolved dependencies on virtual_machines

Also added a state to check the vm uuid exists before creating the scoped token
---

diff --git a/arvados/api/init.sls b/arvados/api/init.sls
index 24f84d0..02a98b8 100644
--- a/arvados/api/init.sls
+++ b/arvados/api/init.sls
@@ -5,4 +5,3 @@ include:
   - .package
   - ..config
   - .service
-  - .resources
diff --git a/arvados/controller/init.sls b/arvados/controller/init.sls
index 02a98b8..24f84d0 100644
--- a/arvados/controller/init.sls
+++ b/arvados/controller/init.sls
@@ -5,3 +5,4 @@ include:
   - .package
   - ..config
   - .service
+  - .resources
diff --git a/arvados/api/resources/init.sls b/arvados/controller/resources/init.sls
similarity index 100%
rename from arvados/api/resources/init.sls
rename to arvados/controller/resources/init.sls
diff --git a/arvados/api/resources/virtual_machines.sls b/arvados/controller/resources/virtual_machines.sls
similarity index 53%
rename from arvados/api/resources/virtual_machines.sls
rename to arvados/controller/resources/virtual_machines.sls
index 0bb468d..7303dac 100644
--- a/arvados/api/resources/virtual_machines.sls
+++ b/arvados/controller/resources/virtual_machines.sls
@@ -16,7 +16,7 @@ include:
   - {{ sls_config_file }}
   - ..service
 
-arvados-api-resources-virtual-machines-jq-pkg-installed:
+arvados-controller-resources-virtual-machines-jq-pkg-installed:
   pkg.installed:
     - name: jq
 
@@ -30,7 +30,7 @@ arvados-api-resources-virtual-machines-jq-pkg-installed:
   %}
 
 # Create the virtual machine record
-arvados-api-resources-virtual-machines-{{ vm }}-record-cmd-run:
+arvados-controller-resources-virtual-machines-{{ vm }}-record-cmd-run:
   cmd.run:
     - env:
       - ARVADOS_API_TOKEN: {{ api_token }}
@@ -43,34 +43,50 @@ arvados-api-resources-virtual-machines-{{ vm }}-record-cmd-run:
     - unless: |
           {{ cmd_query_vm_uuid }} | \
           /bin/grep -qE "fixme-2x53u-[a-z0-9]{15}"
+    - require:
+      - pkg: arvados-controller-package-install-pkg-installed
+      - cmd: arvados-controller-service-running-service-ready-cmd-run
 
-  # As we need the UUID generated in the previous command, we need to
-  # iterate again in order to get them
-  {% set vm_uuid = salt['cmd.shell'](cmd_query_vm_uuid) %}
-
-  {%- set scoped_token_url = '/arvados/v1/virtual_machines/' ~ vm_uuid ~ '/logins' %}
+# We need to use the UUID generated in the previous command to see if there's a
+# scoped token for it. There's no easy way to pass the value from a shellout
+# to another state, so we store it in a temp file and use that in the next
+# command. Flaky, mostly because the `unless` clause is just checking thatg
+# the file content is a token uuid :|
+arvados-controller-resources-virtual-machines-{{ vm }}-get-vm_uuid-cmd-run:
+  cmd.run:
+    - name: {{ cmd_query_vm_uuid }} | head -1 | tee /tmp/{{ vm }}
+    - require:
+      - cmd: arvados-controller-resources-virtual-machines-{{ vm }}-record-cmd-run
+    - unless:
+      - /bin/grep -qE "fixme-2x53u-[a-z0-9]{15}" /tmp/{{ vm }}
 
   # There's no direct way to query the scoped_token for a given virtual_machine
   # so we need to parse the api_client_authorization list through some jq
-  {%- set cmd_query_scoped_token_url = 'ARVADOS_API_TOKEN=' ~ api_token ~
+  {%- set cmd_query_scoped_token_url = 'VM_UUID=$(cat /tmp/' ~ vm ~ ') && ' ~
+                                       ' ARVADOS_API_TOKEN=' ~ api_token ~
                                        ' ARVADOS_API_HOST=' ~ api_host ~
                                        ' arv api_client_authorization list |' ~
-                                       ' jq -e \'.items[].scopes[] | select(. == "GET ' ~
-                                       scoped_token_url ~ '")\''
+                                       ' /usr/bin/jq -e \'.items[].scopes[] | select(. == "GET ' ~
+                                       '/arvados/v1/virtual_machines/\'${VM_UUID}\'/logins")\' && ' ~
+                                       'unset VM_UUID'
   %}
+
 # Create the VM scoped tokens
-arvados-api-resources-virtual-machines-{{ vm }}-scoped-token-cmd-run:
+arvados-controller-resources-virtual-machines-{{ vm }}-scoped-token-cmd-run:
   cmd.run:
     - env:
       - ARVADOS_API_TOKEN: {{ api_token }}
       - ARVADOS_API_HOST: {{ api_host }}
     - name: |
+        VM_UUID=$(cat /tmp/{{ vm }}) &&
         arv --format=uuid \
           api_client_authorization \
           create \
-          --api-client-authorization '{"scopes":["GET {{ scoped_token_url }}"]}'
-    - require:
-      - pkg: arvados-api-resources-virtual-machines-jq-pkg-installed
+          --api-client-authorization '{"scopes":["GET /arvados/v1/virtual_machines/'${VM_UUID}'/logins"]}'
     - unless: {{ cmd_query_scoped_token_url }}
+    - require:
+      - pkg: arvados-controller-package-install-pkg-installed
+      - pkg: arvados-controller-resources-virtual-machines-jq-pkg-installed
+      - cmd: arvados-controller-resources-virtual-machines-{{ vm }}-get-vm_uuid-cmd-run
 
 {%- endfor %}
diff --git a/test/integration/api/controls/resources_spec.rb b/test/integration/controller/controls/resources_spec.rb
similarity index 100%
rename from test/integration/api/controls/resources_spec.rb
rename to test/integration/controller/controls/resources_spec.rb