1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 require 'whitelist_update'
7 class ContainerRequest < ArvadosModel
10 include CommonApiTemplate
11 include WhitelistUpdate
13 belongs_to :container, foreign_key: :container_uuid, primary_key: :uuid
14 belongs_to :requesting_container, {
15 class_name: 'Container',
16 foreign_key: :requesting_container_uuid,
20 serialize :properties, Hash
21 serialize :environment, Hash
22 serialize :mounts, Hash
23 serialize :runtime_constraints, Hash
24 serialize :command, Array
25 serialize :scheduling_parameters, Hash
26 serialize :secret_mounts, Hash
28 before_validation :fill_field_defaults, :if => :new_record?
29 before_validation :validate_runtime_constraints
30 before_validation :validate_scheduling_parameters
31 before_validation :set_container
32 validates :command, :container_image, :output_path, :cwd, :presence => true
33 validates :output_ttl, numericality: { only_integer: true, greater_than_or_equal_to: 0 }
34 validates :priority, numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 1000 }
35 validate :validate_state_change
36 validate :check_update_whitelist
37 validate :secret_mounts_key_conflict
38 before_save :scrub_secret_mounts
39 after_save :update_priority
40 after_save :finalize_if_needed
41 before_create :set_requesting_container_uuid
42 before_destroy :set_priority_zero
44 api_accessible :user, extend: :common do |t|
46 t.add :container_count
47 t.add :container_count_max
48 t.add :container_image
64 t.add :requesting_container_uuid
65 t.add :runtime_constraints
66 t.add :scheduling_parameters
71 # Supported states for a container request
74 (Uncommitted = 'Uncommitted'),
75 (Committed = 'Committed'),
80 nil => [Uncommitted, Committed],
81 Uncommitted => [Committed],
85 AttrsPermittedAlways = [:owner_uuid, :state, :name, :description]
86 AttrsPermittedBeforeCommit = [:command, :container_count_max,
87 :container_image, :cwd, :environment, :filters, :mounts,
88 :output_path, :priority, :properties, :requesting_container_uuid,
89 :runtime_constraints, :state, :container_uuid, :use_existing,
90 :scheduling_parameters, :secret_mounts, :output_name, :output_ttl]
92 def self.limit_index_columns_read
97 super.except('secret_mounts')
100 def state_transitions
104 def skip_uuid_read_permission_check
105 # XXX temporary until permissions are sorted out.
106 %w(modified_by_client_uuid container_uuid requesting_container_uuid)
109 def finalize_if_needed
110 if state == Committed && Container.find_by_uuid(container_uuid).final?
112 act_as_system_user do
118 # Finalize the container request after the container has
119 # finished/cancelled.
123 c = Container.find_by_uuid(container_uuid)
124 ['output', 'log'].each do |out_type|
125 pdh = c.send(out_type)
127 coll_name = "Container #{out_type} for request #{uuid}"
129 if out_type == 'output'
131 coll_name = self.output_name
133 if self.output_ttl > 0
134 trash_at = db_current_time + self.output_ttl
137 manifest = Collection.where(portable_data_hash: pdh).first.manifest_text
139 coll = Collection.new(owner_uuid: owner_uuid,
140 manifest_text: manifest,
141 portable_data_hash: pdh,
147 'container_request' => uuid,
149 coll.save_with_unique_name!
150 if out_type == 'output'
156 update_attributes!(state: Final, output_uuid: out_coll, log_uuid: log_coll)
159 def self.full_text_searchable_columns
160 super - ["mounts", "secret_mounts", "secret_mounts_md5"]
165 def fill_field_defaults
166 self.state ||= Uncommitted
167 self.environment ||= {}
168 self.runtime_constraints ||= {}
171 self.container_count_max ||= Rails.configuration.container_count_max
172 self.scheduling_parameters ||= {}
173 self.output_ttl ||= 0
178 if (container_uuid_changed? and
179 not current_user.andand.is_admin and
180 not container_uuid.nil?)
181 errors.add :container_uuid, "can only be updated to nil."
184 if state_changed? and state == Committed and container_uuid.nil?
185 self.container_uuid = Container.resolve(self).uuid
187 if self.container_uuid != self.container_uuid_was
188 if self.container_count_changed?
189 errors.add :container_count, "cannot be updated directly."
192 self.container_count += 1
197 def validate_runtime_constraints
202 ['keep_cache_ram', false]].each do |k, required|
203 if !required && !runtime_constraints.include?(k)
206 v = runtime_constraints[k]
207 unless (v.is_a?(Integer) && v > 0)
208 errors.add(:runtime_constraints,
209 "[#{k}]=#{v.inspect} must be a positive integer")
215 def validate_scheduling_parameters
216 if self.state == Committed
217 if scheduling_parameters.include? 'partitions' and
218 (!scheduling_parameters['partitions'].is_a?(Array) ||
219 scheduling_parameters['partitions'].reject{|x| !x.is_a?(String)}.size !=
220 scheduling_parameters['partitions'].size)
221 errors.add :scheduling_parameters, "partitions must be an array of strings"
226 def check_update_whitelist
227 permitted = AttrsPermittedAlways.dup
229 if self.new_record? || self.state_was == Uncommitted
230 # Allow create-and-commit in a single operation.
231 permitted.push(*AttrsPermittedBeforeCommit)
236 permitted.push :priority, :container_count_max, :container_uuid
238 if self.container_uuid.nil?
239 self.errors.add :container_uuid, "has not been resolved to a container."
242 if self.priority.nil?
243 self.errors.add :priority, "cannot be nil"
246 # Allow container count to increment by 1
247 if (self.container_uuid &&
248 self.container_uuid != self.container_uuid_was &&
249 self.container_count == 1 + (self.container_count_was || 0))
250 permitted.push :container_count
254 if self.state_was == Committed
255 # "Cancel" means setting priority=0, state=Committed
256 permitted.push :priority
258 if current_user.andand.is_admin
259 permitted.push :output_uuid, :log_uuid
268 def secret_mounts_key_conflict
269 secret_mounts.each do |k, v|
270 if mounts.has_key?(k)
271 errors.add(:secret_mounts, 'conflict with non-secret mounts')
277 def scrub_secret_mounts
278 if self.state == Final
279 self.secret_mounts = {}
284 return unless state_changed? || priority_changed? || container_uuid_changed?
285 act_as_system_user do
287 where('uuid in (?)', [self.container_uuid_was, self.container_uuid].compact).
289 map(&:update_priority!)
293 def set_priority_zero
294 self.update_attributes!(priority: 0) if self.state != Final
297 def set_requesting_container_uuid
298 return !new_record? if self.requesting_container_uuid # already set
300 token_uuid = current_api_client_authorization.andand.uuid
301 container = Container.where('auth_uuid=?', token_uuid).order('created_at desc').first
303 self.requesting_container_uuid = container.uuid
304 self.priority = container.priority > 0 ? 1 : 0