X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/447e80a6adedcba754215a95a96378548bd110ff..ae92d144610446849eb568247a44f02ae985c281:/lib/config/load.go

diff --git a/lib/config/load.go b/lib/config/load.go
index c2eb555544..6099215edc 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -76,7 +76,7 @@ func (ldr *Loader) SetupFlags(flagset *flag.FlagSet) {
 		flagset.StringVar(&ldr.CrunchDispatchSlurmPath, "legacy-crunch-dispatch-slurm-config", defaultCrunchDispatchSlurmConfigPath, "Legacy crunch-dispatch-slurm configuration `file`")
 		flagset.StringVar(&ldr.WebsocketPath, "legacy-ws-config", defaultWebsocketConfigPath, "Legacy arvados-ws configuration `file`")
 		flagset.StringVar(&ldr.KeepproxyPath, "legacy-keepproxy-config", defaultKeepproxyConfigPath, "Legacy keepproxy configuration `file`")
-		flagset.StringVar(&ldr.GitHttpdPath, "legacy-git-httpd-config", defaultGitHttpdConfigPath, "Legacy arv-git-httpd configuration `file`")
+		flagset.StringVar(&ldr.GitHttpdPath, "legacy-git-httpd-config", defaultGitHttpdConfigPath, "Legacy arvados-git-httpd configuration `file`")
 		flagset.StringVar(&ldr.KeepBalancePath, "legacy-keepbalance-config", defaultKeepBalanceConfigPath, "Legacy keep-balance configuration `file`")
 		flagset.BoolVar(&ldr.SkipLegacy, "skip-legacy", false, "Don't load legacy config files")
 	}
@@ -285,6 +285,19 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 		}
 	}
 
+	// Preprocess/automate some configs
+	for id, cc := range cfg.Clusters {
+		ldr.autofillPreemptible("Clusters."+id, &cc)
+
+		if strings.Count(cc.Users.AnonymousUserToken, "/") == 3 {
+			// V2 token, strip it to just a secret
+			tmp := strings.Split(cc.Users.AnonymousUserToken, "/")
+			cc.Users.AnonymousUserToken = tmp[2]
+		}
+
+		cfg.Clusters[id] = cc
+	}
+
 	// Check for known mistakes
 	for id, cc := range cfg.Clusters {
 		for remote := range cc.RemoteClusters {
@@ -299,9 +312,10 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 		for _, err = range []error{
 			ldr.checkClusterID(fmt.Sprintf("Clusters.%s", id), id, false),
 			ldr.checkClusterID(fmt.Sprintf("Clusters.%s.Login.LoginCluster", id), cc.Login.LoginCluster, true),
-			ldr.checkToken(fmt.Sprintf("Clusters.%s.ManagementToken", id), cc.ManagementToken),
-			ldr.checkToken(fmt.Sprintf("Clusters.%s.SystemRootToken", id), cc.SystemRootToken),
-			ldr.checkToken(fmt.Sprintf("Clusters.%s.Collections.BlobSigningKey", id), cc.Collections.BlobSigningKey),
+			ldr.checkToken(fmt.Sprintf("Clusters.%s.ManagementToken", id), cc.ManagementToken, true, false),
+			ldr.checkToken(fmt.Sprintf("Clusters.%s.SystemRootToken", id), cc.SystemRootToken, true, false),
+			ldr.checkToken(fmt.Sprintf("Clusters.%s.Users.AnonymousUserToken", id), cc.Users.AnonymousUserToken, false, true),
+			ldr.checkToken(fmt.Sprintf("Clusters.%s.Collections.BlobSigningKey", id), cc.Collections.BlobSigningKey, true, false),
 			checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection),
 			ldr.checkEnum("Containers.LocalKeepLogsToContainerLog", cc.Containers.LocalKeepLogsToContainerLog, "none", "all", "errors"),
 			ldr.checkEmptyKeepstores(cc),
@@ -333,13 +347,34 @@ func (ldr *Loader) checkClusterID(label, clusterID string, emptyStringOk bool) e
 var acceptableTokenRe = regexp.MustCompile(`^[a-zA-Z0-9]+$`)
 var acceptableTokenLength = 32
 
-func (ldr *Loader) checkToken(label, token string) error {
-	if token == "" {
-		if ldr.Logger != nil {
-			ldr.Logger.Warnf("%s: secret token is not set (use %d+ random characters from a-z, A-Z, 0-9)", label, acceptableTokenLength)
+func (ldr *Loader) checkToken(label, token string, mandatory bool, acceptV2 bool) error {
+	if len(token) == 0 {
+		if !mandatory {
+			// when a token is not mandatory, the acceptable length and content is only checked if its length is non-zero
+			return nil
+		} else {
+			if ldr.Logger != nil {
+				ldr.Logger.Warnf("%s: secret token is not set (use %d+ random characters from a-z, A-Z, 0-9)", label, acceptableTokenLength)
+			}
 		}
 	} else if !acceptableTokenRe.MatchString(token) {
-		return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
+		if !acceptV2 {
+			return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
+		}
+		// Test for a proper V2 token
+		tmp := strings.SplitN(token, "/", 3)
+		if len(tmp) != 3 {
+			return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
+		}
+		if !strings.HasPrefix(token, "v2/") {
+			return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label)
+		}
+		if !acceptableTokenRe.MatchString(tmp[2]) {
+			return fmt.Errorf("%s: unacceptable characters in V2 token secret (only a-z, A-Z, 0-9 are acceptable)", label)
+		}
+		if len(tmp[2]) < acceptableTokenLength {
+			ldr.Logger.Warnf("%s: secret is too short (should be at least %d characters)", label, acceptableTokenLength)
+		}
 	} else if len(token) < acceptableTokenLength {
 		if ldr.Logger != nil {
 			ldr.Logger.Warnf("%s: token is too short (should be at least %d characters)", label, acceptableTokenLength)
@@ -502,3 +537,21 @@ func (ldr *Loader) logExtraKeys(expected, supplied map[string]interface{}, prefi
 		}
 	}
 }
+
+func (ldr *Loader) autofillPreemptible(label string, cc *arvados.Cluster) {
+	if factor := cc.Containers.PreemptiblePriceFactor; factor > 0 {
+		for name, it := range cc.InstanceTypes {
+			if !it.Preemptible {
+				it.Preemptible = true
+				it.Price = it.Price * factor
+				it.Name = name + ".preemptible"
+				if it2, exists := cc.InstanceTypes[it.Name]; exists && it2 != it {
+					ldr.Logger.Warnf("%s.InstanceTypes[%s]: already exists, so not automatically adding a preemptible variant of %s", label, it.Name, name)
+					continue
+				}
+				cc.InstanceTypes[it.Name] = it
+			}
+		}
+	}
+
+}