1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 class Arvados::V1::ContainersController < ApplicationController
6 accept_attribute_as_json :environment, Hash
7 accept_attribute_as_json :mounts, Hash
8 accept_attribute_as_json :runtime_constraints, Hash
9 accept_attribute_as_json :runtime_status, Hash
10 accept_attribute_as_json :command, Array
11 accept_attribute_as_json :scheduling_parameters, Hash
13 skip_before_action :find_object_by_uuid, only: [:current]
14 skip_before_action :render_404_if_no_object, only: [:current]
17 if @object.locked_by_uuid != Thread.current[:api_client_authorization].uuid
18 raise ArvadosModel::PermissionDeniedError.new("Not locked by your token")
20 if @object.runtime_token.nil?
21 @object = @object.auth
23 @object = ApiClientAuthorization.validate(token: @object.runtime_token)
25 raise ArvadosModel::PermissionDeniedError.new("Invalid runtime_token")
32 if (resource_attrs.keys - [:cost, :gateway_address, :output_properties, :progress, :runtime_status]).empty?
33 # If no attributes are being updated besides these, there are no
34 # cascading changes to other rows/tables, so we should just use
36 @object.reload(lock: true)
39 # Lock containers table to avoid deadlock in cascading priority
41 Container.transaction do
42 ActiveRecord::Base.connection.execute "LOCK TABLE containers IN EXCLUSIVE MODE"
48 def find_objects_for_index
50 if action_name == 'lock' || action_name == 'unlock'
51 # Avoid loading more fields than we need
52 @objects = @objects.select(:id, :uuid, :state, :priority, :auth_uuid, :locked_by_uuid, :lock_count)
53 # This gets called from within find_object_by_uuid.
54 # find_object_by_uuid stores the original value of @select in
55 # @preserve_select, edits the value of @select, calls
56 # find_objects_for_index, then restores @select from the value
57 # of @preserve_select. So if we want our updated value of
58 # @select here to stick, we have to set @preserve_select.
59 @select = @preserve_select = %w(uuid state priority auth_uuid locked_by_uuid)
60 elsif action_name == 'update_priority'
61 # We're going to reload(lock: true) in the handler, which will
62 # select all attributes, but will fail if we don't select :id
64 @objects = @objects.select(:id, :uuid)
79 # Lock containers table to avoid deadlock in cascading priority update (see #20240)
80 Container.transaction do
81 ActiveRecord::Base.connection.execute "LOCK TABLE containers IN EXCLUSIVE MODE"
82 @object.reload(lock: true)
83 @object.update_priority!
89 if Thread.current[:api_client_authorization].nil?
90 send_error("Not logged in", status: 401)
92 @object = Container.for_current_token
94 send_error("Token is not associated with a container.", status: 404)
102 c = Container.for_current_token
103 if @object && c && @object.uuid == c.uuid
104 send_json({"secret_mounts" => @object.secret_mounts})
106 send_error("Token is not associated with this container.", status: 403)