X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/76e20e694fbe708e17e57a2e0b1c36aca6e8d7d0..37301d86406cc4991c6f149f00a6a0846d1808af:/apps/workbench/app/models/arvados_api_client.rb diff --git a/apps/workbench/app/models/arvados_api_client.rb b/apps/workbench/app/models/arvados_api_client.rb index d6e385fddc..7574cf665b 100644 --- a/apps/workbench/app/models/arvados_api_client.rb +++ b/apps/workbench/app/models/arvados_api_client.rb @@ -6,36 +6,55 @@ class ArvadosApiClient end class InvalidApiResponseException < StandardError end + class AccessForbiddenException < StandardError + end - @@client_mtx = Mutex.new - @@api_client = nil @@profiling_enabled = Rails.configuration.profiling_enabled + @@discovery = nil + + # An API client object suitable for handling API requests on behalf + # of the current thread. + def self.new_or_current + # If this thread doesn't have an API client yet, *or* this model + # has been reloaded since the existing client was created, create + # a new client. Otherwise, keep using the latest client created in + # the current thread. + unless Thread.current[:arvados_api_client].andand.class == self + Thread.current[:arvados_api_client] = new + end + Thread.current[:arvados_api_client] + end + + def initialize *args + @api_client = nil + @client_mtx = Mutex.new + end def api(resources_kind, action, data=nil) profile_checkpoint - @@client_mtx.synchronize do - if not @@api_client - @@api_client = HTTPClient.new + if not @api_client + @client_mtx.synchronize do + @api_client = HTTPClient.new if Rails.configuration.arvados_insecure_https - @@api_client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE + @api_client.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE else # Use system CA certificates - @@api_client.ssl_config.add_trust_ca('/etc/ssl/certs') + @api_client.ssl_config.add_trust_ca('/etc/ssl/certs') end end end - api_token = Thread.current[:arvados_api_token] - api_token ||= '' - resources_kind = class_kind(resources_kind).pluralize if resources_kind.is_a? Class url = "#{self.arvados_v1_base}/#{resources_kind}#{action}" # Clean up /arvados/v1/../../discovery/v1 to /discovery/v1 url.sub! '/arvados/v1/../../', '/' - query = {"api_token" => api_token} + query = { + 'api_token' => Thread.current[:arvados_api_token] || '', + 'reader_tokens' => (Thread.current[:reader_tokens] || []).to_json, + } if !data.nil? data.each do |k,v| if v.is_a? String or v.nil? @@ -54,13 +73,15 @@ class ArvadosApiClient if @@profiling_enabled query["_profile"] = "true" end - + header = {"Accept" => "application/json"} - profile_checkpoint { "Prepare request #{url} #{query[:uuid]} #{query[:where]}" } - msg = @@api_client.post(url, - query, - header: header) + profile_checkpoint { "Prepare request #{url} #{query[:uuid]} #{query[:where]} #{query[:filters]}" } + msg = @client_mtx.synchronize do + @api_client.post(url, + query, + header: header) + end profile_checkpoint 'API transaction' if msg.status_code == 401 @@ -68,7 +89,7 @@ class ArvadosApiClient end json = msg.content - + begin resp = Oj.load(json, :symbol_keys => true) rescue Oj::ParseError @@ -80,7 +101,11 @@ class ArvadosApiClient if msg.status_code != 200 errors = resp[:errors] errors = errors.join("\n\n") if errors.is_a? Array - raise "#{errors} [API: #{msg.status_code}]" + if msg.status_code == 403 + raise AccessForbiddenException.new "#{errors} [API: #{msg.status_code}]" + else + raise "#{errors} [API: #{msg.status_code}]" + end end if resp[:_profile] Rails.logger.info "API client: " \ @@ -158,7 +183,7 @@ class ArvadosApiClient end def discovery - @discovery ||= api '../../discovery/v1/apis/arvados/v1/rest', '' + @@discovery ||= api '../../discovery/v1/apis/arvados/v1/rest', '' end def kind_class(kind)