require 'logger'
require 'trollop'
log = Logger.new STDERR
-log.level = ENV['DEBUG'] ? Logger::DEBUG : Logger::WARN
log.progname = $0.split('/').last
opts = Trollop::options do
banner "Usage: #{log.progname} " +
"{user_uuid_or_email} {user_and_repo_name} {vm_uuid}"
banner ''
+ opt :debug, <<-eos
+Show debug messages.
+ eos
+ opt :create, <<-eos
+Create a new user with the given email address if an existing user \
+is not found.
+ eos
+ opt :openid_prefix, <<-eos, default: 'https://www.google.com/accounts/o8/id'
+If creating a new user record, require authentication from an OpenID \
+with this OpenID prefix *and* a matching email address in order to \
+claim the account.
+ eos
opt :force, <<-eos
Continue even if sanity checks raise flags: the given user is already \
active, the given repository already exists, etc.
eos
opt :n, 'Do not change anything, just probe'
end
+
+log.level = (ENV['DEBUG'] || opts.debug) ? Logger::DEBUG : Logger::WARN
if ARGV.count != 3
- abort "Usage: #{$0} user_uuid_or_email user_and_repo_name vm_uuid"
+ Trollop::die "required arguments are missing"
end
user_arg, user_repo_name, vm_uuid = ARGV
require 'arvados'
-arv = Arvados.new
+arv = Arvados.new(api_version: 'v1')
# Look up the given user by uuid or, failing that, email address.
user = begin
arv.user.get(uuid: user_arg)
rescue Arvados::TransactionFailedError
found = arv.user.list(where: {email: ARGV[0]})[:items]
+ if found.count == 0 and opts.create
+ if !opts.force and !user_arg.match(/\w\@\w+\.\w+/)
+ abort "About to create new user, but #{user_arg.inspect} " +
+ "does not look like an email address. Stop."
+ end
+ if opts.n
+ log.info "-n flag given. Stop before creating new user record."
+ exit 0
+ end
+ new_user = arv.user.create(user: {email: user_arg})
+ log.info { "created user: " + new_user[:uuid] }
+ login_perm_props = {identity_url_prefix: opts.openid_prefix }
+ oid_login_perm = arv.link.create(link: {
+ link_class: 'permission',
+ name: 'can_login',
+ tail_kind: 'email',
+ tail_uuid: user_arg,
+ head_kind: 'arvados#user',
+ head_uuid: new_user[:uuid],
+ properties: login_perm_props
+ })
+ log.info { "openid login permission: " + oid_login_perm[:uuid] }
+ found = [new_user]
+ end
if found.count != 1
abort "Found #{found.count} users " +
"with uuid or email #{user_arg.inspect}. Stop."
end
log.info { "vm uuid: " + vm[:uuid] }
-# Look up the "all users" group (we expect uuid *-*-fffffffffffffff).
+# Look up the "All users" group (we expect uuid *-*-fffffffffffffff).
group = arv.group.list(where: {name: 'All users'})[:items].select do |g|
g[:uuid].match /-f+$/
end.first
if not group
- abort "Could not look up virtual machine with uuid #{vm_uuid.inspect}. Stop."
+ abort "Could not look up the 'All users' group with uuid '*-*-fffffffffffffff'. Stop."
end
-log.info { "\"all users\" group uuid: " + group[:uuid] }
+log.info { "\"All users\" group uuid: " + group[:uuid] }
# Look for signs the user has already been activated / set up.
end
if need_force and not opts.force
- abort "This does not seem to be a new user, and -f was not given. Stop."
+ abort "This does not seem to be a new user[name], and -f was not given. Stop."
end
# Everything seems to be in order. Create a repository (if needed) and
login_perm = arv.link.create(link: {
tail_kind: 'arvados#user',
tail_uuid: user[:uuid],
- head_kind: 'arvados#virtual_machine',
+ head_kind: 'arvados#virtualMachine',
head_uuid: vm[:uuid],
link_class: 'permission',
name: 'can_login',
link_class: 'permission',
name: 'can_read'})
log.info { "group permission: " + group_perm[:uuid] }
-
-user[:is_active] = true
-user.save
-
-log.info { "user saved with is_active=true" }