16726: Initialize anonymous user token in arvados-boot

[arvados.git] / services / api / script / get_anonymous_user_token.rb

diff --git a/services/api/script/get_anonymous_user_token.rb b/services/api/script/get_anonymous_user_token.rb
index 6964af0b63fd5db32025c16c393a4082767eb991..8775ae59594402a6231ce3169e78669fc49f2740 100755 (executable)
--- a/services/api/script/get_anonymous_user_token.rb
+++ b/services/api/script/get_anonymous_user_token.rb
@@ -1,12 +1,15 @@
 #!/usr/bin/env ruby
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
 
 # Get or Create an anonymous user token.
 # If get option is used, an existing anonymous user token is returned. If none exist, one is created.
 # If the get option is omitted, a new token is created and returned.
 
-require 'trollop'
+require 'optimist'
 
-opts = Trollop::options do
+opts = Optimist::options do
   banner ''
   banner "Usage: get_anonymous_user_token "
   banner ''
@@ -14,23 +17,50 @@ opts = Trollop::options do
 Get an existing anonymous user token. If no such token exists \
 or if this option is omitted, a new token is created and returned.
   eos
+  opt :token, "token to create (optional)", :type => :string
 end
 
 get_existing = opts[:get]
+supplied_token = opts[:token]
 
 require File.dirname(__FILE__) + '/../config/environment'
 
 include ApplicationHelper
 act_as_system_user
 
-def create_api_client_auth
-  api_client_auth = ApiClientAuthorization.
-    new(user: anonymous_user,
-        api_client_id: 0,
-        expires_at: Time.now + 100.years,
-        scopes: ['GET /'])
-  api_client_auth.save!
-  api_client_auth.reload
+def create_api_client_auth(supplied_token=nil)
+  supplied_token = Rails.configuration.Users["AnonymousUserToken"]
+
+  if supplied_token.nil? or supplied_token.empty?
+    puts "Users.AnonymousUserToken is empty.  Destroying tokens that belong to anonymous."
+    # Token is empty.  Destroy any anonymous tokens.
+    ApiClientAuthorization.where(user: anonymous_user).destroy_all
+    return nil
+  end
+
+  attr = {user: anonymous_user,
+          api_client_id: 0,
+          scopes: ['GET /']}
+
+  secret = supplied_token
+
+  if supplied_token[0..2] == 'v2/'
+    _, token_uuid, secret, optional = supplied_token.split('/')
+    if token_uuid[0..4] != Rails.configuration.ClusterID
+      # Belongs to a different cluster.
+      puts supplied_token
+      return nil
+    end
+    attr[:uuid] = token_uuid
+  end
+
+  attr[:api_token] = secret
+
+  api_client_auth = ApiClientAuthorization.where(attr).first
+  if !api_client_auth
+    api_client_auth = ApiClientAuthorization.create!(attr)
+  end
+  api_client_auth
 end
 
 if get_existing
@@ -43,8 +73,10 @@ end
 
 # either not a get or no api_client_auth was found
 if !api_client_auth
-  api_client_auth = create_api_client_auth
+  api_client_auth = create_api_client_auth(supplied_token)
 end
 
 # print it to the console
-puts api_client_auth.api_token
+if api_client_auth
+  puts "v2/#{api_client_auth.uuid}/#{api_client_auth.api_token}"
+end