X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/54d881132042e01bb87d2409382da091e3d3aff7..307cf5007269a069b8c80dc14da134ec145cd292:/services/api/app/controllers/arvados/v1/keep_disks_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
index 21a18a62e3..47018d4b10 100644
--- a/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
+++ b/services/api/app/controllers/arvados/v1/keep_disks_controller.rb
@@ -1,35 +1,50 @@
 class Arvados::V1::KeepDisksController < ApplicationController
-  skip_before_filter :login_required, :only => :ping
+  skip_before_filter :require_auth_scope, :only => :ping
 
   def self._ping_requires_parameters
     {
       uuid: false,
       ping_secret: true,
-      ec2_instance_id: false,
-      local_ipv4: false,
+      node_uuid: false,
       filesystem_uuid: false,
+      service_host: false,
       service_port: true,
       service_ssl_flag: true
     }
   end
+
   def ping
-    if !@object and params[:filesystem_uuid] and current_user and current_user.is_admin
-      if KeepDisk.where('filesystem_uuid=?', params[:filesystem_uuid]).empty?
-        @object = KeepDisk.new filesystem_uuid: params[:filesystem_uuid]
-        @object.save!
-        params[:ping_secret] = @object.ping_secret
-      else
-        raise "ping from keep_disk with existing filesystem_uuid #{params[:filesystem_uuid]} but wrong uuid #{params[:uuid]}"
+    params[:service_host] ||= request.env['REMOTE_ADDR']
+    act_as_system_user do
+      if not @object.ping params
+        return render_not_found "object not found"
       end
+      # Render the :superuser view (i.e., include the ping_secret) even
+      # if !current_user.is_admin. This is safe because @object.ping's
+      # success implies the ping_secret was already known by the client.
+      render json: @object.as_api_response(:superuser)
     end
+  end
 
-    if !@object
-      return render_not_found "object not found"
-    end
+  def find_objects_for_index
+    # all users can list all keep disks
+    @objects = model_class.where('1=1')
+    super
+  end
+
+  def find_object_by_uuid
+    @object = KeepDisk.where(uuid: (params[:id] || params[:uuid])).first
+    if !@object && current_user.andand.is_admin
+      # Create a new KeepDisk and ping it.
+      @object = KeepDisk.new(filesystem_uuid: params[:filesystem_uuid])
+      @object.save!
 
-    params.merge!(service_host:
-                  params[:local_ipv4] || request.env['REMOTE_ADDR'])
-    @object.ping params
-    show
+      # In the first ping from this new filesystem_uuid, we can't
+      # expect the keep node to know the ping_secret so we made sure
+      # we got an admin token. Here we add ping_secret to params so
+      # KeepNode.ping() understands this update is properly
+      # authenticated.
+      params[:ping_secret] = @object.ping_secret
+    end
   end
 end