X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/98db65de63c9e2acfeae6636ccc619171635bda0..77c8223f5ddd64cff2b08d0857749644c474946f:/lib/controller/rpc/conn.go

diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index cd98b64718..3a19f4ab5a 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -5,6 +5,7 @@
 package rpc
 
 import (
+	"bufio"
 	"bytes"
 	"context"
 	"crypto/tls"
@@ -12,6 +13,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -21,8 +23,11 @@ import (
 
 	"git.arvados.org/arvados.git/sdk/go/arvados"
 	"git.arvados.org/arvados.git/sdk/go/auth"
+	"git.arvados.org/arvados.git/sdk/go/httpserver"
 )
 
+const rfc3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00"
+
 type TokenProvider func(context.Context) ([]string, error)
 
 func PassthroughTokenProvider(ctx context.Context) ([]string, error) {
@@ -120,6 +125,20 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva
 			delete(params, "limit")
 		}
 	}
+
+	if authinfo, ok := params["auth_info"]; ok {
+		if tmp, ok2 := authinfo.(map[string]interface{}); ok2 {
+			for k, v := range tmp {
+				if strings.HasSuffix(k, "_at") {
+					// Change zero times values to nil
+					if v, ok3 := v.(string); ok3 && (strings.HasPrefix(v, "0001-01-01T00:00:00") || v == "") {
+						tmp[k] = nil
+					}
+				}
+			}
+		}
+	}
+
 	if len(tokens) > 1 {
 		params["reader_tokens"] = tokens[1:]
 	}
@@ -286,6 +305,117 @@ func (conn *Conn) ContainerUnlock(ctx context.Context, options arvados.GetOption
 	return resp, err
 }
 
+// ContainerSSH returns a connection to the out-of-band SSH server for
+// a running container. If the returned error is nil, the caller is
+// responsible for closing sshconn.Conn.
+func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSHOptions) (sshconn arvados.ContainerSSHConnection, err error) {
+	addr := conn.baseURL.Host
+	if strings.Index(addr, ":") < 1 || (strings.Contains(addr, "::") && addr[0] != '[') {
+		// hostname or ::1 or 1::1
+		addr = net.JoinHostPort(addr, "https")
+	}
+	insecure := false
+	if tlsconf := conn.httpClient.Transport.(*http.Transport).TLSClientConfig; tlsconf != nil && tlsconf.InsecureSkipVerify {
+		insecure = true
+	}
+	netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: insecure})
+	if err != nil {
+		err = fmt.Errorf("tls.Dial: %w", err)
+		return
+	}
+	defer func() {
+		if err != nil {
+			netconn.Close()
+		}
+	}()
+	bufr := bufio.NewReader(netconn)
+	bufw := bufio.NewWriter(netconn)
+
+	u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerSSH.Path, "{uuid}", options.UUID, -1))
+	if err != nil {
+		err = fmt.Errorf("tls.Dial: %w", err)
+		return
+	}
+	u.RawQuery = url.Values{
+		"detach_keys":    {options.DetachKeys},
+		"login_username": {options.LoginUsername},
+	}.Encode()
+	tokens, err := conn.tokenProvider(ctx)
+	if err != nil {
+		return
+	} else if len(tokens) < 1 {
+		err = httpserver.ErrorWithStatus(errors.New("unauthorized"), http.StatusUnauthorized)
+		return
+	}
+	bufw.WriteString("GET " + u.String() + " HTTP/1.1\r\n")
+	bufw.WriteString("Authorization: Bearer " + tokens[0] + "\r\n")
+	bufw.WriteString("Host: " + u.Host + "\r\n")
+	bufw.WriteString("Upgrade: ssh\r\n")
+	bufw.WriteString("\r\n")
+	bufw.Flush()
+	resp, err := http.ReadResponse(bufr, &http.Request{Method: "GET"})
+	if err != nil {
+		err = fmt.Errorf("http.ReadResponse: %w", err)
+		return
+	}
+	if resp.StatusCode != http.StatusSwitchingProtocols {
+		defer resp.Body.Close()
+		body, _ := ioutil.ReadAll(resp.Body)
+		var message string
+		var errDoc httpserver.ErrorResponse
+		if err := json.Unmarshal(body, &errDoc); err == nil {
+			message = strings.Join(errDoc.Errors, "; ")
+		} else {
+			message = fmt.Sprintf("%q", body)
+		}
+		err = fmt.Errorf("server did not provide a tunnel: %s (HTTP %d)", message, resp.StatusCode)
+		return
+	}
+	if strings.ToLower(resp.Header.Get("Upgrade")) != "ssh" ||
+		strings.ToLower(resp.Header.Get("Connection")) != "upgrade" {
+		err = fmt.Errorf("bad response from server: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection"))
+		return
+	}
+	sshconn.Conn = netconn
+	sshconn.Bufrw = &bufio.ReadWriter{Reader: bufr, Writer: bufw}
+	return
+}
+
+func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.CreateOptions) (arvados.ContainerRequest, error) {
+	ep := arvados.EndpointContainerRequestCreate
+	var resp arvados.ContainerRequest
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
+func (conn *Conn) ContainerRequestUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.ContainerRequest, error) {
+	ep := arvados.EndpointContainerRequestUpdate
+	var resp arvados.ContainerRequest
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
+func (conn *Conn) ContainerRequestGet(ctx context.Context, options arvados.GetOptions) (arvados.ContainerRequest, error) {
+	ep := arvados.EndpointContainerRequestGet
+	var resp arvados.ContainerRequest
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
+func (conn *Conn) ContainerRequestList(ctx context.Context, options arvados.ListOptions) (arvados.ContainerRequestList, error) {
+	ep := arvados.EndpointContainerRequestList
+	var resp arvados.ContainerRequestList
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
+func (conn *Conn) ContainerRequestDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.ContainerRequest, error) {
+	ep := arvados.EndpointContainerRequestDelete
+	var resp arvados.ContainerRequest
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
 func (conn *Conn) SpecimenCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Specimen, error) {
 	ep := arvados.EndpointSpecimenCreate
 	var resp arvados.Specimen
@@ -402,11 +532,13 @@ func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arv
 }
 
 type UserSessionAuthInfo struct {
-	Email           string   `json:"email"`
-	AlternateEmails []string `json:"alternate_emails"`
-	FirstName       string   `json:"first_name"`
-	LastName        string   `json:"last_name"`
-	Username        string   `json:"username"`
+	UserUUID        string    `json:"user_uuid"`
+	Email           string    `json:"email"`
+	AlternateEmails []string  `json:"alternate_emails"`
+	FirstName       string    `json:"first_name"`
+	LastName        string    `json:"last_name"`
+	Username        string    `json:"username"`
+	ExpiresAt       time.Time `json:"expires_at"`
 }
 
 type UserSessionCreateOptions struct {