21126: Add doc comment to AllowTrashWhenReadOnly config.

[arvados.git] / services / login-sync / bin / arvados-login-sync

diff --git a/services/login-sync/bin/arvados-login-sync b/services/login-sync/bin/arvados-login-sync
index 1a825c90f99077062702cb783a05d977de9fe087..cbe8520a002620e0a1520a1fde08552e6a183a3e 100755 (executable)
--- a/services/login-sync/bin/arvados-login-sync
+++ b/services/login-sync/bin/arvados-login-sync
@@ -65,10 +65,16 @@ begin
   arv = Arvados.new({ :suppress_ssl_warnings => false })
   logincluster_host = ENV['ARVADOS_API_HOST']
   logincluster_name = arv.cluster_config['Login']['LoginCluster'] or ''
+
   # Requiring the fuse group was previous hardcoded behavior
-  minimum_groups = arv.cluster_config['Login']['SyncRequiredGroups'] || ['fuse']
+  minimum_groups = arv.cluster_config['Users']['SyncRequiredGroups'] || ['fuse']
+  ignored_groups = arv.cluster_config['Users']['SyncIgnoredGroups'] || []
+  (minimum_groups & ignored_groups).each do |group_name|
+    STDERR.puts "WARNING: #{group_name} is listed in both SyncRequiredGroups and SyncIgnoredGroups. It will be ignored."
+  end
+
   actions.each_pair do |key, default|
-    actions[key] = arv.cluster_config['Login'].fetch(key.to_s, default)
+    actions[key] = arv.cluster_config['Users'].fetch(key.to_s, default)
   end
 
   if logincluster_name != '' and logincluster_name != arv.cluster_config['ClusterID']
@@ -185,9 +191,10 @@ begin
     end
 
     if actions[:SyncUserGroups]
-      have_groups = current_user_groups[username]
+      have_groups = current_user_groups[username] - ignored_groups
       want_groups = l[:groups] || []
       want_groups |= minimum_groups
+      want_groups -= ignored_groups
       want_groups &= all_groups
 
       (want_groups - have_groups).each do |addgroup|