projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch '17749-s3-prefixes'
[arvados.git]
/
services
/
api
/
app
/
controllers
/
arvados
/
v1
/
keep_disks_controller.rb
diff --git
a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
index 0da729c79b6982886a0108ab3ed15c3168f66602..b8aa09650fd872aaa001bc4c3a26ad2ee023d919 100644
(file)
--- a/
services/api/app/controllers/arvados/v1/keep_disks_controller.rb
+++ b/
services/api/app/controllers/arvados/v1/keep_disks_controller.rb
@@
-1,39
+1,45
@@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
class Arvados::V1::KeepDisksController < ApplicationController
class Arvados::V1::KeepDisksController < ApplicationController
- skip_before_filter :require_auth_scope_all, :only => :ping
+ skip_before_action :require_auth_scope, only: :ping
+ skip_before_action :render_404_if_no_object, only: :ping
def self._ping_requires_parameters
{
def self._ping_requires_parameters
{
- uuid:
false
,
- ping_secret:
true
,
- node_uuid:
false
,
- filesystem_uuid:
false
,
- service_host:
false
,
- service_port:
true
,
- service_ssl_flag:
true
+ uuid:
{required: false}
,
+ ping_secret:
{required: true}
,
+ node_uuid:
{required: false}
,
+ filesystem_uuid:
{required: false}
,
+ service_host:
{required: false}
,
+ service_port:
{required: true}
,
+ service_ssl_flag:
{required: true}
}
end
}
end
+
def ping
def ping
- if !@object
- if current_user.andand.is_admin
- @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
- @object.save!
+ params[:service_host] ||= request.env['REMOTE_ADDR']
+ if !params[:uuid] && current_user.andand.is_admin
+ # Create a new KeepDisk and ping it.
+ @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
+ @object.save!
- # In the first ping from this new filesystem_uuid, we can't
- # expect the keep node to know the ping_secret so we made sure
- # we got an admin token. Here we add ping_secret to params so
- # KeepNode.ping() understands this update is properly
- # authenticated.
- params[:ping_secret] = @object.ping_secret
- else
+ # In the first ping from this new filesystem_uuid, we can't
+ # expect the keep node to know the ping_secret so we made sure
+ # we got an admin token. Here we add ping_secret to params so
+ # the ping call below is properly authenticated.
+ params[:ping_secret] = @object.ping_secret
+ end
+ act_as_system_user do
+ if !@object.andand.ping(params)
return render_not_found "object not found"
end
return render_not_found "object not found"
end
+ # Render the :superuser view (i.e., include the ping_secret) even
+ # if !current_user.is_admin. This is safe because @object.ping's
+ # success implies the ping_secret was already known by the client.
+ send_json @object.as_api_response(:superuser)
end
end
-
- params[:service_host] ||= request.env['REMOTE_ADDR']
- if not @object.ping params
- return render_not_found "object not found"
- end
- render json: @object.as_api_response(:superuser)
end
def find_objects_for_index
end
def find_objects_for_index