X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/47585fc714a92d26e008f2fe9a46357f5ad9070d..dc021c3b57dcdebe464c148d55f9990a74e8246b:/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
index 35e5e4257a..cb637c2fda 100644
--- a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
+++ b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb
@@ -1,40 +1,56 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class Arvados::V1::VirtualMachinesController < ApplicationController
-  skip_before_filter :find_object_by_uuid, :only => :get_all_logins
-  skip_before_filter :render_404_if_no_object, :only => :get_all_logins
-  before_filter(:admin_required,
+  skip_before_action :find_object_by_uuid, :only => :get_all_logins
+  skip_before_action :render_404_if_no_object, :only => :get_all_logins
+  before_action(:admin_required,
                 :only => [:logins, :get_all_logins])
 
+  # Get all login permissons (user uuid, login account, SSH key) for a
+  # single VM
   def logins
-    get_all_logins
+    render_logins_for VirtualMachine.where(uuid: @object.uuid)
   end
 
+  # Get all login permissons for all VMs
   def get_all_logins
+    render_logins_for VirtualMachine
+  end
+
+  protected
+
+  def render_logins_for vm_query
+    @response = []
+    @vms = vm_query.eager_load :login_permissions
     @users = {}
-    User.includes(:authorized_keys).all.each do |u|
+    User.eager_load(:authorized_keys).
+      where('users.uuid in (?)',
+            @vms.map { |vm| vm.login_permissions.map(&:tail_uuid) }.flatten.uniq).
+      each do |u|
       @users[u.uuid] = u
     end
-    @response = []
-    @vms = VirtualMachine.includes(:login_permissions)
-    if @object
-      @vms = @vms.where('uuid=?', @object.uuid)
-    else
-      @vms = @vms.all
-    end
     @vms.each do |vm|
       vm.login_permissions.each do |perm|
         user_uuid = perm.tail_uuid
-        @users[user_uuid].andand.authorized_keys.andand.each do |ak|
-          username = perm.properties.andand['username']
-          if username
-            @response << {
-              username: username,
-              hostname: vm.hostname,
-              public_key: ak.public_key,
-              user_uuid: user_uuid,
-              virtual_machine_uuid: vm.uuid,
-              authorized_key_uuid: ak.uuid
-            }
-          end
+        next if not @users[user_uuid]
+        next if perm.properties['username'].blank?
+        aks = @users[user_uuid].authorized_keys
+        if aks.empty?
+          # We'll emit one entry, with no public key.
+          aks = [nil]
+        end
+        aks.each do |ak|
+          @response << {
+            username: perm.properties['username'],
+            hostname: vm.hostname,
+            groups: (perm.properties['groups'].to_a rescue []),
+            public_key: ak ? ak.public_key : nil,
+            user_uuid: user_uuid,
+            virtual_machine_uuid: vm.uuid,
+            authorized_key_uuid: ak ? ak.uuid : nil,
+          }
         end
       end
     end