1 require 'whitelist_update'
3 class ContainerRequest < ArvadosModel
6 include CommonApiTemplate
7 include WhitelistUpdate
9 serialize :properties, Hash
10 serialize :environment, Hash
11 serialize :mounts, Hash
12 serialize :runtime_constraints, Hash
13 serialize :command, Array
15 before_validation :fill_field_defaults, :if => :new_record?
16 before_validation :set_container
17 validates :command, :container_image, :output_path, :cwd, :presence => true
18 validate :validate_state_change
19 validate :validate_change
20 validate :validate_runtime_constraints
21 after_save :update_priority
22 after_save :finalize_if_needed
23 before_create :set_requesting_container_uuid
25 api_accessible :user, extend: :common do |t|
27 t.add :container_count
28 t.add :container_count_max
29 t.add :container_image
41 t.add :requesting_container_uuid
42 t.add :runtime_constraints
46 # Supported states for a container request
49 (Uncommitted = 'Uncommitted'),
50 (Committed = 'Committed'),
55 nil => [Uncommitted, Committed],
56 Uncommitted => [Committed],
64 def skip_uuid_read_permission_check
65 # XXX temporary until permissions are sorted out.
66 %w(modified_by_client_uuid container_uuid requesting_container_uuid)
69 def finalize_if_needed
70 if state == Committed && Container.find_by_uuid(container_uuid).final?
78 # Finalize the container request after the container has
81 update_attributes!(state: Final)
82 c = Container.find_by_uuid(container_uuid)
83 ['output', 'log'].each do |out_type|
84 pdh = c.send(out_type)
86 manifest = Collection.where(portable_data_hash: pdh).first.manifest_text
87 Collection.create!(owner_uuid: owner_uuid,
88 manifest_text: manifest,
89 portable_data_hash: pdh,
90 name: "Container #{out_type} for request #{uuid}",
93 'container_request' => uuid,
100 def fill_field_defaults
101 self.state ||= Uncommitted
102 self.environment ||= {}
103 self.runtime_constraints ||= {}
106 self.container_count_max ||= Rails.configuration.container_count_max
109 # Create a new container (or find an existing one) to satisfy this
112 c_mounts = mounts_for_container
113 c_runtime_constraints = runtime_constraints_for_container
114 c_container_image = container_image_for_container
115 c = act_as_system_user do
116 c_attrs = {command: self.command,
118 environment: self.environment,
119 output_path: self.output_path,
120 container_image: c_container_image,
122 runtime_constraints: c_runtime_constraints}
123 reusable = Container.find_reusable(c_attrs)
127 Container.create!(c_attrs)
130 self.container_uuid = c.uuid
133 # Return a runtime_constraints hash that complies with
134 # self.runtime_constraints but is suitable for saving in a container
135 # record, i.e., has specific values instead of ranges.
137 # Doing this as a step separate from other resolutions, like "git
138 # revision range to commit hash", makes sense only when there is no
139 # opportunity to reuse an existing container (e.g., container reuse
140 # is not implemented yet, or we have already found that no existing
141 # containers are suitable).
142 def runtime_constraints_for_container
144 runtime_constraints.each do |k, v|
154 # Return a mounts hash suitable for a Container, i.e., with every
155 # readonly collection UUID resolved to a PDH.
156 def mounts_for_container
158 mounts.each do |k, mount|
161 if mount['kind'] != 'collection'
164 if (uuid = mount.delete 'uuid')
166 readable_by(current_user).
168 select(:portable_data_hash).
171 raise ArvadosModel::UnresolvableContainerError.new "cannot mount collection #{uuid.inspect}: not found"
173 if mount['portable_data_hash'].nil?
174 # PDH not supplied by client
175 mount['portable_data_hash'] = c.portable_data_hash
176 elsif mount['portable_data_hash'] != c.portable_data_hash
177 # UUID and PDH supplied by client, but they don't agree
178 raise ArgumentError.new "cannot mount collection #{uuid.inspect}: current portable_data_hash #{c.portable_data_hash.inspect} does not match #{c['portable_data_hash'].inspect} in request"
185 # Return a container_image PDH suitable for a Container.
186 def container_image_for_container
187 coll = Collection.for_latest_docker_image(container_image)
189 raise ArvadosModel::UnresolvableContainerError.new "docker image #{container_image.inspect} not found"
191 return coll.portable_data_hash
195 if (container_uuid_changed? and
196 not current_user.andand.is_admin and
197 not container_uuid.nil?)
198 errors.add :container_uuid, "can only be updated to nil."
201 if state_changed? and state == Committed and container_uuid.nil?
204 if self.container_uuid != self.container_uuid_was
205 if self.container_count_changed?
206 errors.add :container_count, "cannot be updated directly."
209 self.container_count += 1
214 def validate_runtime_constraints
217 ['vcpus', 'ram'].each do |k|
218 if not (runtime_constraints.include? k and
219 runtime_constraints[k].is_a? Integer and
220 runtime_constraints[k] > 0)
221 errors.add :runtime_constraints, "#{k} must be a positive integer"
228 permitted = [:owner_uuid]
232 # Permit updating most fields
233 permitted.push :command, :container_count_max,
234 :container_image, :cwd, :description, :environment,
235 :filters, :mounts, :name, :output_path, :priority,
236 :properties, :requesting_container_uuid, :runtime_constraints,
237 :state, :container_uuid
240 if container_uuid.nil?
241 errors.add :container_uuid, "has not been resolved to a container."
245 errors.add :priority, "cannot be nil"
248 # Can update priority, container count, name and description
249 permitted.push :priority, :container_count, :container_count_max, :container_uuid, :name, :description
251 if self.state_changed?
252 # Allow create-and-commit in a single operation.
253 permitted.push :command, :container_image, :cwd, :description, :environment,
254 :filters, :mounts, :name, :output_path, :properties,
255 :requesting_container_uuid, :runtime_constraints,
256 :state, :container_uuid
260 if not current_user.andand.is_admin and not (self.name_changed? || self.description_changed?)
261 errors.add :state, "of container request can only be set to Final by system."
264 if self.state_changed? || self.name_changed? || self.description_changed?
265 permitted.push :state, :name, :description
267 errors.add :state, "does not allow updates"
271 errors.add :state, "invalid value"
274 check_update_whitelist permitted
278 if self.state_changed? or
279 self.priority_changed? or
280 self.container_uuid_changed?
281 act_as_system_user do
284 [self.container_uuid_was, self.container_uuid].compact).
285 map(&:update_priority!)
290 def set_requesting_container_uuid
291 return !new_record? if self.requesting_container_uuid # already set
293 token_uuid = current_api_client_authorization.andand.uuid
294 container = Container.where('auth_uuid=?', token_uuid).order('created_at desc').first
295 self.requesting_container_uuid = container.uuid if container