1 require 'whitelist_update'
3 class Container < ArvadosModel
6 include CommonApiTemplate
7 include WhitelistUpdate
9 serialize :environment, Hash
10 serialize :mounts, Hash
11 serialize :runtime_constraints, Hash
12 serialize :command, Array
14 before_validation :fill_field_defaults, :if => :new_record?
15 before_validation :set_timestamps
16 validates :command, :container_image, :output_path, :cwd, :priority, :presence => true
17 validate :validate_state_change
18 validate :validate_change
19 validate :validate_lock
20 after_validation :assign_auth
21 after_save :handle_completed
23 has_many :container_requests, :foreign_key => :container_uuid, :class_name => 'ContainerRequest', :primary_key => :uuid
24 belongs_to :auth, :class_name => 'ApiClientAuthorization', :foreign_key => :auth_uuid, :primary_key => :uuid
26 api_accessible :user, extend: :common do |t|
28 t.add :container_image
40 t.add :runtime_constraints
46 # Supported states for a container
51 (Running = 'Running'),
52 (Complete = 'Complete'),
53 (Cancelled = 'Cancelled')
58 Queued => [Locked, Cancelled],
59 Locked => [Queued, Running, Cancelled],
60 Running => [Complete, Cancelled]
68 if [Queued, Locked, Running].include? self.state
69 # Update the priority of this container to the maximum priority of any of
70 # its committed container requests and save the record.
71 self.priority = ContainerRequest.
72 where(container_uuid: uuid,
73 state: ContainerRequest::Committed).
81 if self.state == Locked
82 raise AlreadyLockedError
91 if self.state == Queued
92 raise InvalidStateTransitionError
99 def self.readable_by(*users_list)
100 if users_list.select { |u| u.is_admin }.any?
103 user_uuids = users_list.map { |u| u.uuid }
104 uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
106 permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
107 joins(:container_requests).
108 where("container_requests.uuid IN #{permitted} OR "+
109 "container_requests.owner_uuid IN (:uuids)",
115 def fill_field_defaults
116 self.state ||= Queued
117 self.environment ||= {}
118 self.runtime_constraints ||= {}
124 def permission_to_create
125 current_user.andand.is_admin
128 def permission_to_update
129 current_user.andand.is_admin
133 if self.state_changed? and self.state == Running
134 self.started_at ||= db_current_time
137 if self.state_changed? and [Complete, Cancelled].include? self.state
138 self.finished_at ||= db_current_time
146 permitted.push(:owner_uuid, :command, :container_image, :cwd,
147 :environment, :mounts, :output_path, :priority,
148 :runtime_constraints)
153 permitted.push :priority
156 permitted.push :priority, :progress
157 if self.state_changed?
158 permitted.push :started_at
162 if self.state_was == Running
163 permitted.push :finished_at, :output, :log, :exit_code
169 permitted.push :finished_at, :output, :log
171 permitted.push :finished_at
175 # The state_transitions check will add an error message for this
179 check_update_whitelist permitted
183 # If the Container is already locked by someone other than the
184 # current api_client_auth, disallow all changes -- except
185 # priority, which needs to change to reflect max(priority) of
186 # relevant ContainerRequests.
187 if locked_by_uuid_was
188 if locked_by_uuid_was != Thread.current[:api_client_authorization].uuid
189 check_update_whitelist [:priority]
193 if [Locked, Running].include? self.state
194 # If the Container was already locked, locked_by_uuid must not
195 # changes. Otherwise, the current auth gets the lock.
196 need_lock = locked_by_uuid_was || Thread.current[:api_client_authorization].uuid
201 # The caller can provide a new value for locked_by_uuid, but only
202 # if it's exactly what we expect. This allows a caller to perform
203 # an update like {"state":"Unlocked","locked_by_uuid":null}.
204 if self.locked_by_uuid_changed?
205 if self.locked_by_uuid != need_lock
206 return errors.add :locked_by_uuid, "can only change to #{need_lock}"
209 self.locked_by_uuid = need_lock
213 if self.auth_uuid_changed?
214 return errors.add :auth_uuid, 'is readonly'
216 if not [Locked, Running].include? self.state
218 self.auth.andand.update_attributes(expires_at: db_current_time)
225 cr = ContainerRequest.
226 where('container_uuid=? and priority>0', self.uuid).
227 order('priority desc').
230 return errors.add :auth_uuid, "cannot be assigned because priority <= 0"
232 self.auth = ApiClientAuthorization.
233 create!(user_id: User.find_by_uuid(cr.modified_by_user_uuid).id,
238 # This container is finished so finalize any associated container requests
239 # that are associated with this container.
240 if self.state_changed? and [Complete, Cancelled].include? self.state
241 act_as_system_user do
242 # Notify container requests associated with this container
243 ContainerRequest.where(container_uuid: uuid,
244 :state => ContainerRequest::Committed).each do |cr|
245 cr.container_completed!
248 # Try to cancel any outstanding container requests made by this container.
249 ContainerRequest.where(requesting_container_uuid: uuid,
250 :state => ContainerRequest::Committed).each do |cr|