X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/013efe3cfb6e53b372be1f785646e76a7965a948..3bbb988777079718338e3e6cb9c6c9b5399be800:/sdk/python/arvados/api.py

diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py
index 4413167c31..c618fc3c66 100644
--- a/sdk/python/arvados/api.py
+++ b/sdk/python/arvados/api.py
@@ -6,20 +6,29 @@ import re
 import types
 
 import apiclient
-import apiclient.discovery
+from apiclient import discovery as apiclient_discovery
+from apiclient import errors as apiclient_errors
 import config
 import errors
 import util
 
-services = {}
+_logger = logging.getLogger('arvados.api')
+conncache = {}
+
+class CredentialsFromToken(object):
+    def __init__(self, api_token):
+        self.api_token = api_token
 
-class CredentialsFromEnv(object):
     @staticmethod
     def http_request(self, uri, **kwargs):
         from httplib import BadStatusLine
         if 'headers' not in kwargs:
             kwargs['headers'] = {}
-        kwargs['headers']['Authorization'] = 'OAuth2 %s' % config.get('ARVADOS_API_TOKEN', 'ARVADOS_API_TOKEN_not_set')
+
+        if config.get("ARVADOS_EXTERNAL_CLIENT", "") == "true":
+            kwargs['headers']['X-External-Client'] = '1'
+
+        kwargs['headers']['Authorization'] = 'OAuth2 %s' % self.arvados_api_token
         try:
             return self.orig_http_request(uri, **kwargs)
         except BadStatusLine:
@@ -31,13 +40,14 @@ class CredentialsFromEnv(object):
             # risky.
             return self.orig_http_request(uri, **kwargs)
     def authorize(self, http):
+        http.arvados_api_token = self.api_token
         http.orig_http_request = http.request
         http.request = types.MethodType(self.http_request, http)
         return http
 
 # Monkey patch discovery._cast() so objects and arrays get serialized
 # with json.dumps() instead of str().
-_cast_orig = apiclient.discovery._cast
+_cast_orig = apiclient_discovery._cast
 def _cast_objects_too(value, schema_type):
     global _cast_orig
     if (type(value) != type('') and
@@ -45,7 +55,16 @@ def _cast_objects_too(value, schema_type):
         return json.dumps(value)
     else:
         return _cast_orig(value, schema_type)
-apiclient.discovery._cast = _cast_objects_too
+apiclient_discovery._cast = _cast_objects_too
+
+# Convert apiclient's HttpErrors into our own API error subclass for better
+# error reporting.
+# Reassigning apiclient_errors.HttpError is not sufficient because most of the
+# apiclient submodules import the class into their own namespace.
+def _new_http_error(cls, *args, **kwargs):
+    return super(apiclient_errors.HttpError, cls).__new__(
+        errors.ApiError, *args, **kwargs)
+apiclient_errors.HttpError.__new__ = staticmethod(_new_http_error)
 
 def http_cache(data_type):
     path = os.environ['HOME'] + '/.cache/arvados/' + data_type
@@ -55,37 +74,88 @@ def http_cache(data_type):
         path = None
     return path
 
-def api(version=None):
-    global services
-
-    if 'ARVADOS_DEBUG' in config.settings():
-        logging.basicConfig(level=logging.DEBUG)
-
-    if not services.get(version):
-        apiVersion = version
-        if not version:
-            apiVersion = 'v1'
-            logging.info("Using default API version. " +
-                         "Call arvados.api('%s') instead." %
-                         apiVersion)
-        if 'ARVADOS_API_HOST' not in config.settings():
-            raise Exception("ARVADOS_API_HOST is not set. Aborting.")
-        url = ('https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' %
-               config.get('ARVADOS_API_HOST'))
-        credentials = CredentialsFromEnv()
-
-        # Use system's CA certificates (if we find them) instead of httplib2's
-        ca_certs = '/etc/ssl/certs/ca-certificates.crt'
-        if not os.path.exists(ca_certs):
-            ca_certs = None             # use httplib2 default
-
-        http = httplib2.Http(ca_certs=ca_certs,
-                             cache=http_cache('discovery'))
-        http = credentials.authorize(http)
-        if re.match(r'(?i)^(true|1|yes)$',
-                    config.get('ARVADOS_API_HOST_INSECURE', 'no')):
-            http.disable_ssl_certificate_validation=True
-        services[version] = apiclient.discovery.build(
-            'arvados', apiVersion, http=http, discoveryServiceUrl=url)
-    return services[version]
+def api(version=None, cache=True, host=None, token=None, insecure=False, **kwargs):
+    """Return an apiclient Resources object for an Arvados instance.
+
+    Arguments:
+    * version: A string naming the version of the Arvados API to use (for
+      example, 'v1').
+    * cache: If True (default), return an existing Resources object if
+      one already exists with the same endpoint and credentials. If
+      False, create a new one, and do not keep it in the cache (i.e.,
+      do not return it from subsequent api(cache=True) calls with
+      matching endpoint and credentials).
+    * host: The Arvados API server host (and optional :port) to connect to.
+    * token: The authentication token to send with each API call.
+    * insecure: If True, ignore SSL certificate validation errors.
+
+    Additional keyword arguments will be passed directly to
+    `apiclient_discovery.build` if a new Resource object is created.
+    If the `discoveryServiceUrl` or `http` keyword arguments are
+    missing, this function will set default values for them, based on
+    the current Arvados configuration settings.
+
+    """
+
+    if not version:
+        version = 'v1'
+        _logger.info("Using default API version. " +
+                     "Call arvados.api('%s') instead." %
+                     version)
+    if 'discoveryServiceUrl' in kwargs:
+        if host:
+            raise ValueError("both discoveryServiceUrl and host provided")
+        # Here we can't use a token from environment, config file,
+        # etc. Those probably have nothing to do with the host
+        # provided by the caller.
+        if not token:
+            raise ValueError("discoveryServiceUrl provided, but token missing")
+    elif host and token:
+        pass
+    elif not host and not token:
+        # Load from user configuration or environment
+        for x in ['ARVADOS_API_HOST', 'ARVADOS_API_TOKEN']:
+            if x not in config.settings():
+                raise ValueError("%s is not set. Aborting." % x)
+        host = config.get('ARVADOS_API_HOST')
+        token = config.get('ARVADOS_API_TOKEN')
+        insecure = config.flag_is_true('ARVADOS_API_HOST_INSECURE')
+    else:
+        # Caller provided one but not the other
+        if not host:
+            raise ValueError("token argument provided, but host missing.")
+        else:
+            raise ValueError("host argument provided, but token missing.")
+
+    if host:
+        # Caller wants us to build the discoveryServiceUrl
+        kwargs['discoveryServiceUrl'] = (
+            'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % (host,))
+
+    if cache:
+        connprofile = (version, host, token, insecure)
+        svc = conncache.get(connprofile)
+        if svc:
+            return svc
+
+    if 'http' not in kwargs:
+        http_kwargs = {}
+        # Prefer system's CA certificates (if available) over httplib2's.
+        certs_path = '/etc/ssl/certs/ca-certificates.crt'
+        if os.path.exists(certs_path):
+            http_kwargs['ca_certs'] = certs_path
+        if cache:
+            http_kwargs['cache'] = http_cache('discovery')
+        if insecure:
+            http_kwargs['disable_ssl_certificate_validation'] = True
+        kwargs['http'] = httplib2.Http(**http_kwargs)
+
+    credentials = CredentialsFromToken(api_token=token)
+    kwargs['http'] = credentials.authorize(kwargs['http'])
 
+    svc = apiclient_discovery.build('arvados', version, **kwargs)
+    svc.api_token = token
+    kwargs['http'].cache = None
+    if cache:
+        conncache[connprofile] = svc
+    return svc