X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/86c4b60b5f9e8ab1f20eeee1da0afce3db57ab3b..2b6837ef2b57204b7bf4fd5c4373283892999268:/services/api/app/controllers/arvados/v1/collections_controller.rb?ds=sidebyside diff --git a/services/api/app/controllers/arvados/v1/collections_controller.rb b/services/api/app/controllers/arvados/v1/collections_controller.rb index d31e59a394..44733cdfb8 100644 --- a/services/api/app/controllers/arvados/v1/collections_controller.rb +++ b/services/api/app/controllers/arvados/v1/collections_controller.rb @@ -1,66 +1,26 @@ +require "arvados/keep" + class Arvados::V1::CollectionsController < ApplicationController - def create - if !resource_attrs[:manifest_text] - return send_error("'manifest_text' attribute must be specified", - status: :unprocessable_entity) - end + def self.limit_index_columns_read + ["manifest_text"] + end - if resource_attrs[:uuid] and (loc = Locator.parse(resource_attrs[:uuid])) + def create + if resource_attrs[:uuid] and (loc = Keep::Locator.parse(resource_attrs[:uuid])) resource_attrs[:portable_data_hash] = loc.to_s resource_attrs.delete :uuid end - - # Check permissions on the collection manifest. - # If any signature cannot be verified, return 403 Permission denied. - api_token = current_api_client_authorization.andand.api_token - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - resource_attrs[:manifest_text].lines.each do |entry| - entry.split[1..-1].each do |tok| - if /^[[:digit:]]+:[[:digit:]]+:/.match tok - # This is a filename token, not a blob locator. Note that we - # keep checking tokens after this, even though manifest - # format dictates that all subsequent tokens will also be - # filenames. Safety first! - elsif Blob.verify_signature tok, signing_opts - # OK. - elsif Locator.parse(tok).andand.signature - # Signature provided, but verify_signature did not like it. - logger.warn "Invalid signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - elsif Rails.configuration.permit_create_collection_with_unsigned_manifest - # No signature provided, but we are running in insecure mode. - logger.debug "Missing signature on locator #{tok} ignored" - elsif Blob.new(tok).empty? - # No signature provided -- but no data to protect, either. - else - logger.warn "Missing signature on locator #{tok}" - raise ArvadosModel::PermissionDeniedError - end - end - end - - # Remove any permission signatures from the manifest. - munge_manifest_locators(resource_attrs[:manifest_text]) do |loc| - loc.without_signature.to_s - end - super end def find_object_by_uuid - if loc = Locator.parse(params[:id]) + if loc = Keep::Locator.parse(params[:id]) loc.strip_hints! if c = Collection.readable_by(*@read_users).where({ portable_data_hash: loc.to_s }).limit(1).first @object = { uuid: c.portable_data_hash, portable_data_hash: c.portable_data_hash, - manifest_text: c.manifest_text, - files: c.files, - data_size: c.data_size + manifest_text: c.signed_manifest_text, } end else @@ -70,33 +30,32 @@ class Arvados::V1::CollectionsController < ApplicationController end def show - sign_manifests(@object[:manifest_text]) if @object.is_a? Collection - render json: @object.as_api_response + super else - render json: @object + send_json @object end end - def index - sign_manifests(*@objects.map { |c| c[:manifest_text] }) - super - end - - def script_param_edges(visited, sp) + def find_collections(visited, sp, &b) case sp + when ArvadosModel + sp.class.columns.each do |c| + find_collections(visited, sp[c.name.to_sym], &b) if c.name != "log" + end when Hash sp.each do |k, v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when Array sp.each do |v| - script_param_edges(visited, v) + find_collections(visited, v, &b) end when String - return if sp.empty? - if loc = Locator.parse(sp) - search_edges(visited, loc.to_s, :search_up) + if m = /[a-f0-9]{32}\+\d+/.match(sp) + yield m[0], nil + elsif m = Collection.uuid_regex.match(sp) + yield nil, m[0] end end end @@ -106,7 +65,7 @@ class Arvados::V1::CollectionsController < ApplicationController return end - if loc = Locator.parse(uuid) + if loc = Keep::Locator.parse(uuid) loc.strip_hints! return if visited[loc.to_s] end @@ -115,12 +74,23 @@ class Arvados::V1::CollectionsController < ApplicationController if loc # uuid is a portable_data_hash - if c = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s).limit(1).first - visited[loc.to_s] = { - portable_data_hash: c.portable_data_hash, - files: c.files, - data_size: c.data_size - } + collections = Collection.readable_by(*@read_users).where(portable_data_hash: loc.to_s) + c = collections.limit(2).all + if c.size == 1 + visited[loc.to_s] = c[0] + elsif c.size > 1 + name = collections.limit(1).where("name <> ''").first + if name + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: "#{name.name} + #{collections.count-1} more" + } + else + visited[loc.to_s] = { + portable_data_hash: c[0].portable_data_hash, + name: loc.to_s + } + end end if direction == :search_up @@ -142,6 +112,10 @@ class Arvados::V1::CollectionsController < ApplicationController Job.readable_by(*@read_users).where(["jobs.script_parameters like ?", "%#{loc.to_s}%"]).each do |job| search_edges(visited, job.uuid, :search_down) end + + Job.readable_by(*@read_users).where(["jobs.docker_image_locator = ?", "#{loc.to_s}"]).each do |job| + search_edges(visited, job.uuid, :search_down) + end end else # uuid is a regular Arvados UUID @@ -151,7 +125,10 @@ class Arvados::V1::CollectionsController < ApplicationController visited[uuid] = job.as_api_response if direction == :search_up # Follow upstream collections referenced in the script parameters - script_param_edges(visited, job.script_parameters) + find_collections(visited, job) do |hash, uuid| + search_edges(visited, hash, :search_up) if hash + search_edges(visited, uuid, :search_up) if uuid + end elsif direction == :search_down # Follow downstream job output search_edges(visited, job.output, direction) @@ -190,54 +167,25 @@ class Arvados::V1::CollectionsController < ApplicationController def provenance visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_up) - render json: visited + search_edges(visited, @object[:portable_data_hash], :search_up) + search_edges(visited, @object[:uuid], :search_up) + send_json visited end def used_by visited = {} - search_edges(visited, @object[:uuid] || @object[:portable_data_hash], :search_down) - render json: visited - end - - def self.munge_manifest_locators(manifest) - # Given a manifest text and a block, yield each locator, - # and replace it with whatever the block returns. - manifest.andand.gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) do |word| - if loc = Locator.parse(word.strip) - " " + yield(loc) - else - " " + word - end - end + search_edges(visited, @object[:uuid], :search_down) + search_edges(visited, @object[:portable_data_hash], :search_down) + send_json visited end protected - def find_objects_for_index - # Omit manifest_text from index results unless expressly selected. - if @select.nil? - @select = model_class.api_accessible_attributes(:user).map { |attr_spec|attr_spec.first.to_s } - ["manifest_text"] + def load_limit_offset_order_params *args + if action_name == 'index' + # Omit manifest_text from index results unless expressly selected. + @select ||= model_class.selectable_attributes - ["manifest_text"] end super end - - def munge_manifest_locators(manifest, &block) - self.class.munge_manifest_locators(manifest, &block) - end - - def sign_manifests(*manifests) - if current_api_client_authorization - signing_opts = { - key: Rails.configuration.blob_signing_key, - api_token: current_api_client_authorization.api_token, - ttl: Rails.configuration.blob_signing_ttl, - } - manifests.each do |text| - munge_manifest_locators(text) do |loc| - Blob.sign_locator(loc.to_s, signing_opts) - end - end - end - end end