Merge branch '8128-crunch2-auth-api'

[arvados.git] / services / api / app / models / container_request.rb

diff --git a/services/api/app/models/container_request.rb b/services/api/app/models/container_request.rb
index 9356a70f1c1579c1cce302026d5edd4d94a5387a..6353132e908baa3d683ec0a9d320ff3a60d55804 100644 (file)
--- a/services/api/app/models/container_request.rb
+++ b/services/api/app/models/container_request.rb
@@ -1,7 +1,10 @@
+require 'whitelist_update'
+
 class ContainerRequest < ArvadosModel
   include HasUuid
   include KindAndEtag
   include CommonApiTemplate
+  include WhitelistUpdate
 
   serialize :properties, Hash
   serialize :environment, Hash
@@ -9,7 +12,12 @@ class ContainerRequest < ArvadosModel
   serialize :runtime_constraints, Hash
   serialize :command, Array
 
-  before_create :set_state_before_save
+  before_validation :fill_field_defaults, :if => :new_record?
+  before_validation :set_container
+  validates :command, :container_image, :output_path, :cwd, :presence => true
+  validate :validate_state_change
+  validate :validate_change
+  after_save :update_priority
 
   api_accessible :user, extend: :common do |t|
     t.add :command
@@ -39,10 +47,127 @@ class ContainerRequest < ArvadosModel
      (Final = 'Final'),
     ]
 
-  def set_state_before_save
+  State_transitions = {
+    nil => [Uncommitted, Committed],
+    Uncommitted => [Committed],
+    Committed => [Final]
+  }
+
+  def state_transitions
+    State_transitions
+  end
+
+  def skip_uuid_read_permission_check
+    # XXX temporary until permissions are sorted out.
+    %w(modified_by_client_uuid container_uuid requesting_container_uuid)
+  end
+
+  def container_completed!
+    # may implement retry logic here in the future.
+    self.state = ContainerRequest::Final
+    self.save!
+  end
+
+  protected
+
+  def fill_field_defaults
     self.state ||= Uncommitted
+    self.environment ||= {}
+    self.runtime_constraints ||= {}
+    self.mounts ||= {}
+    self.cwd ||= "."
+  end
+
+  # Create a new container (or find an existing one) to satisfy this
+  # request.
+  def resolve
+    # TODO: resolve symbolic git and keep references to content
+    # addresses.
+    c = act_as_system_user do
+      Container.create!(command: self.command,
+                        container_image: self.container_image,
+                        cwd: self.cwd,
+                        environment: self.environment,
+                        mounts: self.mounts,
+                        output_path: self.output_path,
+                        runtime_constraints: self.runtime_constraints)
+    end
+    self.container_uuid = c.uuid
+  end
+
+  def set_container
+    if (container_uuid_changed? and
+        not current_user.andand.is_admin and
+        not container_uuid.nil?)
+      errors.add :container_uuid, "can only be updated to nil."
+      return false
+    end
+    if state_changed? and state == Committed and container_uuid.nil?
+      resolve
+    end
   end
 
+  def validate_change
+    permitted = [:owner_uuid]
+
+    case self.state
+    when Uncommitted
+      # Permit updating most fields
+      permitted.push :command, :container_count_max,
+                     :container_image, :cwd, :description, :environment,
+                     :filters, :mounts, :name, :output_path, :priority,
+                     :properties, :requesting_container_uuid, :runtime_constraints,
+                     :state, :container_uuid
+
+    when Committed
+      if container_uuid.nil?
+        errors.add :container_uuid, "has not been resolved to a container."
+      end
+
+      if priority.nil?
+        errors.add :priority, "cannot be nil"
+      end
+
+      # Can update priority, container count.
+      permitted.push :priority, :container_count_max, :container_uuid
+
+      if self.state_changed?
+        # Allow create-and-commit in a single operation.
+        permitted.push :command, :container_image, :cwd, :description, :environment,
+                       :filters, :mounts, :name, :output_path, :properties,
+                       :requesting_container_uuid, :runtime_constraints,
+                       :state, :container_uuid
+      end
 
+    when Final
+      if not current_user.andand.is_admin
+        errors.add :state, "of container request can only be set to Final by system."
+      end
+
+      if self.state_changed?
+          permitted.push :state
+      else
+        errors.add :state, "does not allow updates"
+      end
+
+    else
+      errors.add :state, "invalid value"
+    end
+
+    check_update_whitelist permitted
+  end
+
+  def update_priority
+    if self.state_changed? or
+        self.priority_changed? or
+        self.container_uuid_changed?
+      act_as_system_user do
+        Container.
+          where('uuid in (?)',
+                [self.container_uuid_was, self.container_uuid].compact).
+          map(&:update_priority!)
+      end
+    end
+  end
 
 end