3 abort 'Error: Ruby >= 1.9.3 required.' if RUBY_VERSION < '1.9.3'
7 log = Logger.new STDERR
8 log.progname = $0.split('/').last
10 opts = Trollop::options do
12 banner "Usage: #{log.progname} " +
13 "{user_uuid_or_email} {user_and_repo_name} {vm_uuid}"
19 Create a new user with the given email address if an existing user \
22 opt :openid_prefix, <<-eos, default: 'https://www.google.com/accounts/o8/id'
23 If creating a new user record, require authentication from an OpenID \
24 with this OpenID prefix *and* a matching email address in order to \
28 Continue even if sanity checks raise flags: the given user is already \
29 active, the given repository already exists, etc.
31 opt :n, 'Do not change anything, just probe'
34 log.level = (ENV['DEBUG'] || opts.debug) ? Logger::DEBUG : Logger::WARN
37 Trollop::die "required arguments are missing"
39 user_arg, user_repo_name, vm_uuid = ARGV
42 arv = Arvados.new(api_version: 'v1')
44 # Look up the given user by uuid or, failing that, email address.
46 arv.user.get(uuid: user_arg)
47 rescue Arvados::TransactionFailedError
48 found = arv.user.list(where: {email: ARGV[0]})[:items]
49 if found.count == 0 and opts.create
50 if !opts.force and !user_arg.match(/\w\@\w+\.\w+/)
51 abort "About to create new user, but #{user_arg.inspect} " +
52 "does not look like an email address. Stop."
55 log.info "-n flag given. Stop before creating new user record."
58 new_user = arv.user.create(user: {email: user_arg})
59 log.info { "created user: " + new_user[:uuid] }
60 login_perm_props = {identity_url_prefix: opts.openid_prefix }
61 oid_login_perm = arv.link.create(link: {
62 link_class: 'permission',
66 head_kind: 'arvados#user',
67 head_uuid: new_user[:uuid],
68 properties: login_perm_props
70 log.info { "openid login permission: " + oid_login_perm[:uuid] }
74 abort "Found #{found.count} users " +
75 "with uuid or email #{user_arg.inspect}. Stop."
79 log.info { "user uuid: " + user[:uuid] }
81 # Look up the given virtual machine just to make sure it really exists.
83 vm = arv.virtual_machine.get(uuid: vm_uuid)
85 abort "Could not look up virtual machine with uuid #{vm_uuid.inspect}. Stop."
87 log.info { "vm uuid: " + vm[:uuid] }
89 # Look up the "all users" group (we expect uuid *-*-fffffffffffffff).
90 group = arv.group.list(where: {name: 'All users'})[:items].select do |g|
94 abort "Could not look up the 'all users' group with uuid '*-*-fffffffffffffff'. Stop."
96 log.info { "\"all users\" group uuid: " + group[:uuid] }
98 # Look for signs the user has already been activated / set up.
101 log.warn "User's is_active flag is already set."
105 # Look for existing repository access (perhaps using a different
106 # repository/user name).
107 repo_perms = arv.link.list(where: {
108 tail_uuid: user[:uuid],
109 head_kind: 'arvados#repository',
110 link_class: 'permission',
111 name: 'can_write'})[:items]
113 log.warn "User already has repository access " +
114 repo_perms.collect { |p| p[:uuid] }.inspect + "."
118 # Check for an existing repository with the same name we're about to
120 repo = arv.repository.list(where: {name: user_repo_name})[:items].first
122 log.warn "Repository already exists with name #{user_repo_name.inspect}: " +
128 log.info "-n flag given. Done."
132 if need_force and not opts.force
133 abort "This does not seem to be a new user[name], and -f was not given. Stop."
136 # Everything seems to be in order. Create a repository (if needed) and
139 repo ||= arv.repository.create(repository: {name: user_repo_name})
140 log.info { "repo uuid: " + repo[:uuid] }
142 repo_perm = arv.link.create(link: {
143 tail_kind: 'arvados#user',
144 tail_uuid: user[:uuid],
145 head_kind: 'arvados#repository',
146 head_uuid: repo[:uuid],
147 link_class: 'permission',
149 log.info { "repo permission: " + repo_perm[:uuid] }
151 login_perm = arv.link.create(link: {
152 tail_kind: 'arvados#user',
153 tail_uuid: user[:uuid],
154 head_kind: 'arvados#virtualMachine',
155 head_uuid: vm[:uuid],
156 link_class: 'permission',
158 properties: {username: user_repo_name}})
159 log.info { "login permission: " + login_perm[:uuid] }
161 group_perm = arv.link.create(link: {
162 tail_kind: 'arvados#user',
163 tail_uuid: user[:uuid],
164 head_kind: 'arvados#group',
165 head_uuid: group[:uuid],
166 link_class: 'permission',
168 log.info { "group permission: " + group_perm[:uuid] }