X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/85bd5f3272cfc8ba8e54f4f47ea9865d7de62779..931f77f9bff46dbba8adb0517720eb3c60b83bb3:/services/api/app/models/container_request.rb diff --git a/services/api/app/models/container_request.rb b/services/api/app/models/container_request.rb index 94e4e1f9dd..bc01b33652 100644 --- a/services/api/app/models/container_request.rb +++ b/services/api/app/models/container_request.rb @@ -5,17 +5,26 @@ require 'whitelist_update' class ContainerRequest < ArvadosModel + include ArvadosModelUpdates include HasUuid include KindAndEtag include CommonApiTemplate include WhitelistUpdate + belongs_to :container, foreign_key: :container_uuid, primary_key: :uuid + belongs_to :requesting_container, { + class_name: 'Container', + foreign_key: :requesting_container_uuid, + primary_key: :uuid, + } + serialize :properties, Hash serialize :environment, Hash serialize :mounts, Hash serialize :runtime_constraints, Hash serialize :command, Array serialize :scheduling_parameters, Hash + serialize :secret_mounts, Hash before_validation :fill_field_defaults, :if => :new_record? before_validation :validate_runtime_constraints @@ -23,8 +32,11 @@ class ContainerRequest < ArvadosModel before_validation :set_container validates :command, :container_image, :output_path, :cwd, :presence => true validates :output_ttl, numericality: { only_integer: true, greater_than_or_equal_to: 0 } + validates :priority, numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 1000 } validate :validate_state_change validate :check_update_whitelist + validate :secret_mounts_key_conflict + before_save :scrub_secret_mounts after_save :update_priority after_save :finalize_if_needed before_create :set_requesting_container_uuid @@ -76,12 +88,16 @@ class ContainerRequest < ArvadosModel :container_image, :cwd, :environment, :filters, :mounts, :output_path, :priority, :properties, :requesting_container_uuid, :runtime_constraints, :state, :container_uuid, :use_existing, - :scheduling_parameters, :output_name, :output_ttl] + :scheduling_parameters, :secret_mounts, :output_name, :output_ttl] def self.limit_index_columns_read ["mounts"] end + def logged_attributes + super.except('secret_mounts') + end + def state_transitions State_transitions end @@ -95,7 +111,9 @@ class ContainerRequest < ArvadosModel if state == Committed && Container.find_by_uuid(container_uuid).final? reload act_as_system_user do - finalize! + leave_modified_by_user_alone do + finalize! + end end end end @@ -119,9 +137,7 @@ class ContainerRequest < ArvadosModel trash_at = db_current_time + self.output_ttl end end - manifest = Collection.unscoped do - Collection.where(portable_data_hash: pdh).first.manifest_text - end + manifest = Collection.where(portable_data_hash: pdh).first.manifest_text coll = Collection.new(owner_uuid: owner_uuid, manifest_text: manifest, @@ -144,7 +160,7 @@ class ContainerRequest < ArvadosModel end def self.full_text_searchable_columns - super - ["mounts"] + super - ["mounts", "secret_mounts", "secret_mounts_md5"] end protected @@ -158,6 +174,7 @@ class ContainerRequest < ArvadosModel self.container_count_max ||= Rails.configuration.container_count_max self.scheduling_parameters ||= {} self.output_ttl ||= 0 + self.priority ||= 0 end def set_container @@ -214,7 +231,7 @@ class ContainerRequest < ArvadosModel if self.new_record? || self.state_was == Uncommitted # Allow create-and-commit in a single operation. - permitted.push *AttrsPermittedBeforeCommit + permitted.push(*AttrsPermittedBeforeCommit) end case self.state @@ -237,12 +254,13 @@ class ContainerRequest < ArvadosModel end when Final - if self.state_changed? and not current_user.andand.is_admin - self.errors.add :state, "of container request can only be set to Final by system." - end - if self.state_was == Committed - permitted.push :output_uuid, :log_uuid + # "Cancel" means setting priority=0, state=Committed + permitted.push :priority + + if current_user.andand.is_admin + permitted.push :output_uuid, :log_uuid + end end end @@ -250,19 +268,31 @@ class ContainerRequest < ArvadosModel super(permitted) end - def update_priority - if self.state_changed? or - self.priority_changed? or - self.container_uuid_changed? - act_as_system_user do - Container. - where('uuid in (?)', - [self.container_uuid_was, self.container_uuid].compact). - map(&:update_priority!) + def secret_mounts_key_conflict + secret_mounts.each do |k, v| + if mounts.has_key?(k) + errors.add(:secret_mounts, 'conflict with non-secret mounts') + return false end end end + def scrub_secret_mounts + if self.state == Final + self.secret_mounts = {} + end + end + + def update_priority + return unless state_changed? || priority_changed? || container_uuid_changed? + act_as_system_user do + Container. + where('uuid in (?)', [self.container_uuid_was, self.container_uuid].compact). + lock(true). + map(&:update_priority!) + end + end + def set_priority_zero self.update_attributes!(priority: 0) if self.state != Final end @@ -272,7 +302,10 @@ class ContainerRequest < ArvadosModel token_uuid = current_api_client_authorization.andand.uuid container = Container.where('auth_uuid=?', token_uuid).order('created_at desc').first - self.requesting_container_uuid = container.uuid if container + if container + self.requesting_container_uuid = container.uuid + self.priority = container.priority > 0 ? 1 : 0 + end true end end