X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ac30c34ccfacce16cca52e155d2a0e50b0185dc3..3bbb988777079718338e3e6cb9c6c9b5399be800:/sdk/python/arvados/api.py diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py index 8a71b90c0d..c618fc3c66 100644 --- a/sdk/python/arvados/api.py +++ b/sdk/python/arvados/api.py @@ -6,15 +6,19 @@ import re import types import apiclient -import apiclient.discovery -import apiclient.errors +from apiclient import discovery as apiclient_discovery +from apiclient import errors as apiclient_errors import config import errors import util -services = {} +_logger = logging.getLogger('arvados.api') +conncache = {} + +class CredentialsFromToken(object): + def __init__(self, api_token): + self.api_token = api_token -class CredentialsFromEnv(object): @staticmethod def http_request(self, uri, **kwargs): from httplib import BadStatusLine @@ -24,7 +28,7 @@ class CredentialsFromEnv(object): if config.get("ARVADOS_EXTERNAL_CLIENT", "") == "true": kwargs['headers']['X-External-Client'] = '1' - kwargs['headers']['Authorization'] = 'OAuth2 %s' % config.get('ARVADOS_API_TOKEN', 'ARVADOS_API_TOKEN_not_set') + kwargs['headers']['Authorization'] = 'OAuth2 %s' % self.arvados_api_token try: return self.orig_http_request(uri, **kwargs) except BadStatusLine: @@ -36,13 +40,14 @@ class CredentialsFromEnv(object): # risky. return self.orig_http_request(uri, **kwargs) def authorize(self, http): + http.arvados_api_token = self.api_token http.orig_http_request = http.request http.request = types.MethodType(self.http_request, http) return http # Monkey patch discovery._cast() so objects and arrays get serialized # with json.dumps() instead of str(). -_cast_orig = apiclient.discovery._cast +_cast_orig = apiclient_discovery._cast def _cast_objects_too(value, schema_type): global _cast_orig if (type(value) != type('') and @@ -50,16 +55,16 @@ def _cast_objects_too(value, schema_type): return json.dumps(value) else: return _cast_orig(value, schema_type) -apiclient.discovery._cast = _cast_objects_too +apiclient_discovery._cast = _cast_objects_too # Convert apiclient's HttpErrors into our own API error subclass for better # error reporting. -# Reassigning apiclient.errors.HttpError is not sufficient because most of the +# Reassigning apiclient_errors.HttpError is not sufficient because most of the # apiclient submodules import the class into their own namespace. def _new_http_error(cls, *args, **kwargs): - return super(apiclient.errors.HttpError, cls).__new__( + return super(apiclient_errors.HttpError, cls).__new__( errors.ApiError, *args, **kwargs) -apiclient.errors.HttpError.__new__ = staticmethod(_new_http_error) +apiclient_errors.HttpError.__new__ = staticmethod(_new_http_error) def http_cache(data_type): path = os.environ['HOME'] + '/.cache/arvados/' + data_type @@ -69,57 +74,88 @@ def http_cache(data_type): path = None return path -def api(version=None, cache=True, **kwargs): +def api(version=None, cache=True, host=None, token=None, insecure=False, **kwargs): """Return an apiclient Resources object for an Arvados instance. Arguments: * version: A string naming the version of the Arvados API to use (for example, 'v1'). - * cache: If True (default), return an existing resources object, or use - a cached discovery document to build one. + * cache: If True (default), return an existing Resources object if + one already exists with the same endpoint and credentials. If + False, create a new one, and do not keep it in the cache (i.e., + do not return it from subsequent api(cache=True) calls with + matching endpoint and credentials). + * host: The Arvados API server host (and optional :port) to connect to. + * token: The authentication token to send with each API call. + * insecure: If True, ignore SSL certificate validation errors. Additional keyword arguments will be passed directly to - `apiclient.discovery.build`. If the `discoveryServiceUrl` or `http` - keyword arguments are missing, this function will set default values for - them, based on the current Arvados configuration settings.""" - if config.get('ARVADOS_DEBUG'): - logging.basicConfig(level=logging.DEBUG) - - if not cache or not services.get(version): - if not version: - version = 'v1' - logging.info("Using default API version. " + - "Call arvados.api('%s') instead." % - version) - - if 'discoveryServiceUrl' not in kwargs: - api_host = config.get('ARVADOS_API_HOST') - if not api_host: - raise ValueError( - "No discoveryServiceUrl or ARVADOS_API_HOST set.") - kwargs['discoveryServiceUrl'] = ( - 'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % - (api_host,)) - - if 'http' not in kwargs: - http_kwargs = {} - # Prefer system's CA certificates (if available) over httplib2's. - certs_path = '/etc/ssl/certs/ca-certificates.crt' - if os.path.exists(certs_path): - http_kwargs['ca_certs'] = certs_path - if cache: - http_kwargs['cache'] = http_cache('discovery') - if (config.get('ARVADOS_API_HOST_INSECURE', '').lower() in - ('yes', 'true', '1')): - http_kwargs['disable_ssl_certificate_validation'] = True - kwargs['http'] = httplib2.Http(**http_kwargs) - - kwargs['http'] = CredentialsFromEnv().authorize(kwargs['http']) - services[version] = apiclient.discovery.build('arvados', version, - **kwargs) - kwargs['http'].cache = None - return services[version] - -def uncache_api(version): - if version in services: - del services[version] + `apiclient_discovery.build` if a new Resource object is created. + If the `discoveryServiceUrl` or `http` keyword arguments are + missing, this function will set default values for them, based on + the current Arvados configuration settings. + + """ + + if not version: + version = 'v1' + _logger.info("Using default API version. " + + "Call arvados.api('%s') instead." % + version) + if 'discoveryServiceUrl' in kwargs: + if host: + raise ValueError("both discoveryServiceUrl and host provided") + # Here we can't use a token from environment, config file, + # etc. Those probably have nothing to do with the host + # provided by the caller. + if not token: + raise ValueError("discoveryServiceUrl provided, but token missing") + elif host and token: + pass + elif not host and not token: + # Load from user configuration or environment + for x in ['ARVADOS_API_HOST', 'ARVADOS_API_TOKEN']: + if x not in config.settings(): + raise ValueError("%s is not set. Aborting." % x) + host = config.get('ARVADOS_API_HOST') + token = config.get('ARVADOS_API_TOKEN') + insecure = config.flag_is_true('ARVADOS_API_HOST_INSECURE') + else: + # Caller provided one but not the other + if not host: + raise ValueError("token argument provided, but host missing.") + else: + raise ValueError("host argument provided, but token missing.") + + if host: + # Caller wants us to build the discoveryServiceUrl + kwargs['discoveryServiceUrl'] = ( + 'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % (host,)) + + if cache: + connprofile = (version, host, token, insecure) + svc = conncache.get(connprofile) + if svc: + return svc + + if 'http' not in kwargs: + http_kwargs = {} + # Prefer system's CA certificates (if available) over httplib2's. + certs_path = '/etc/ssl/certs/ca-certificates.crt' + if os.path.exists(certs_path): + http_kwargs['ca_certs'] = certs_path + if cache: + http_kwargs['cache'] = http_cache('discovery') + if insecure: + http_kwargs['disable_ssl_certificate_validation'] = True + kwargs['http'] = httplib2.Http(**http_kwargs) + + credentials = CredentialsFromToken(api_token=token) + kwargs['http'] = credentials.authorize(kwargs['http']) + + svc = apiclient_discovery.build('arvados', version, **kwargs) + svc.api_token = token + kwargs['http'].cache = None + if cache: + conncache[connprofile] = svc + return svc