1 require 'whitelist_update'
3 class Container < ArvadosModel
6 include CommonApiTemplate
7 include WhitelistUpdate
9 serialize :environment, Hash
10 serialize :mounts, Hash
11 serialize :runtime_constraints, Hash
12 serialize :command, Array
14 before_validation :fill_field_defaults, :if => :new_record?
15 before_validation :set_timestamps
16 validates :command, :container_image, :output_path, :cwd, :priority, :presence => true
17 validate :validate_state_change
18 validate :validate_change
19 validate :validate_lock
20 after_validation :assign_auth
21 after_save :handle_completed
23 has_many :container_requests, :foreign_key => :container_uuid, :class_name => 'ContainerRequest', :primary_key => :uuid
24 belongs_to :auth, :class_name => 'ApiClientAuthorization', :foreign_key => :auth_uuid, :primary_key => :uuid
26 api_accessible :user, extend: :common do |t|
28 t.add :container_image
40 t.add :runtime_constraints
46 # Supported states for a container
51 (Running = 'Running'),
52 (Complete = 'Complete'),
53 (Cancelled = 'Cancelled')
58 Queued => [Locked, Cancelled],
59 Locked => [Queued, Running, Cancelled],
60 Running => [Complete, Cancelled]
68 if [Queued, Locked, Running].include? self.state
69 # Update the priority of this container to the maximum priority of any of
70 # its committed container requests and save the record.
71 self.priority = ContainerRequest.
72 where(container_uuid: uuid,
73 state: ContainerRequest::Committed).
81 if self.state == Queued
88 def self.readable_by(*users_list)
89 if users_list.select { |u| u.is_admin }.any?
92 user_uuids = users_list.map { |u| u.uuid }
93 uuid_list = user_uuids + users_list.flat_map { |u| u.groups_i_can(:read) }
95 permitted = "(SELECT head_uuid FROM links WHERE link_class='permission' AND tail_uuid IN (:uuids))"
96 joins(:container_requests).
97 where("container_requests.uuid IN #{permitted} OR "+
98 "container_requests.owner_uuid IN (:uuids)",
104 def fill_field_defaults
105 self.state ||= Queued
106 self.environment ||= {}
107 self.runtime_constraints ||= {}
113 def permission_to_create
114 current_user.andand.is_admin
117 def permission_to_update
118 current_user.andand.is_admin
122 if self.state_changed? and self.state == Running
123 self.started_at ||= db_current_time
126 if self.state_changed? and [Complete, Cancelled].include? self.state
127 self.finished_at ||= db_current_time
135 permitted.push(:owner_uuid, :command, :container_image, :cwd,
136 :environment, :mounts, :output_path, :priority,
137 :runtime_constraints)
142 permitted.push :priority
145 permitted.push :priority, :progress
146 if self.state_changed?
147 permitted.push :started_at
151 if self.state_was == Running
152 permitted.push :finished_at, :output, :log, :exit_code
158 permitted.push :finished_at, :output, :log
160 permitted.push :finished_at
164 # The state_transitions check will add an error message for this
168 check_update_whitelist permitted
172 # If the Container is already locked by someone other than the
173 # current api_client_auth, disallow all changes -- except
174 # priority, which needs to change to reflect max(priority) of
175 # relevant ContainerRequests.
176 if locked_by_uuid_was
177 if locked_by_uuid_was != Thread.current[:api_client_authorization].uuid
178 check_update_whitelist [:priority]
182 if [Locked, Running].include? self.state
183 # If the Container was already locked, locked_by_uuid must not
184 # changes. Otherwise, the current auth gets the lock.
185 need_lock = locked_by_uuid_was || Thread.current[:api_client_authorization].uuid
190 # The caller can provide a new value for locked_by_uuid, but only
191 # if it's exactly what we expect. This allows a caller to perform
192 # an update like {"state":"Unlocked","locked_by_uuid":null}.
193 if self.locked_by_uuid_changed?
194 if self.locked_by_uuid != need_lock
195 return errors.add :locked_by_uuid, "can only change to #{need_lock}"
198 self.locked_by_uuid = need_lock
202 if self.auth_uuid_changed?
203 return errors.add :auth_uuid, 'is readonly'
205 if not [Locked, Running].include? self.state
207 self.auth.andand.update_attributes(expires_at: db_current_time)
214 cr = ContainerRequest.
215 where('container_uuid=? and priority>0', self.uuid).
216 order('priority desc').
219 return errors.add :auth_uuid, "cannot be assigned because priority <= 0"
221 self.auth = ApiClientAuthorization.
222 create!(user_id: User.find_by_uuid(cr.modified_by_user_uuid).id,
227 # This container is finished so finalize any associated container requests
228 # that are associated with this container.
229 if self.state_changed? and [Complete, Cancelled].include? self.state
230 act_as_system_user do
231 # Notify container requests associated with this container
232 ContainerRequest.where(container_uuid: uuid,
233 :state => ContainerRequest::Committed).each do |cr|
234 cr.container_completed!
237 # Try to cancel any outstanding container requests made by this container.
238 ContainerRequest.where(requesting_container_uuid: uuid,
239 :state => ContainerRequest::Committed).each do |cr|