X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/bdd9b68e133bb3b3ef7914893ad15f311ce2de24..7aaf9f22aa646077b4b7fd961d6b731185b88137:/lib/controller/rpc/conn.go diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go index a9a638759e..640bbf1c23 100644 --- a/lib/controller/rpc/conn.go +++ b/lib/controller/rpc/conn.go @@ -26,6 +26,8 @@ import ( "git.arvados.org/arvados.git/sdk/go/httpserver" ) +const rfc3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" + type TokenProvider func(context.Context) ([]string, error) func PassthroughTokenProvider(ctx context.Context) ([]string, error) { @@ -37,7 +39,9 @@ func PassthroughTokenProvider(ctx context.Context) ([]string, error) { } type Conn struct { - SendHeader http.Header + SendHeader http.Header + RedactHostInErrors bool + clusterID string httpClient http.Client baseURL url.URL @@ -123,6 +127,20 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva delete(params, "limit") } } + + if authinfo, ok := params["auth_info"]; ok { + if tmp, ok2 := authinfo.(map[string]interface{}); ok2 { + for k, v := range tmp { + if strings.HasSuffix(k, "_at") { + // Change zero times values to nil + if v, ok3 := v.(string); ok3 && (strings.HasPrefix(v, "0001-01-01T00:00:00") || v == "") { + tmp[k] = nil + } + } + } + } + } + if len(tokens) > 1 { params["reader_tokens"] = tokens[1:] } @@ -132,7 +150,21 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva path = strings.Replace(path, "/{uuid}", "/"+uuid, 1) delete(params, "uuid") } - return aClient.RequestAndDecodeContext(ctx, dst, ep.Method, path, body, params) + err = aClient.RequestAndDecodeContext(ctx, dst, ep.Method, path, body, params) + if err != nil && conn.RedactHostInErrors { + redacted := strings.Replace(err.Error(), strings.TrimSuffix(conn.baseURL.String(), "/"), "//railsapi.internal", -1) + if strings.HasPrefix(redacted, "request failed: ") { + redacted = strings.Replace(redacted, "request failed: ", "", -1) + } + if redacted != err.Error() { + if err, ok := err.(httpStatusError); ok { + return wrapHTTPStatusError(err, redacted) + } else { + return errors.New(redacted) + } + } + } + return err } func (conn *Conn) BaseURL() url.URL { @@ -298,7 +330,11 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH // hostname or ::1 or 1::1 addr = net.JoinHostPort(addr, "https") } - netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: conn.httpClient.Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify}) + insecure := false + if tlsconf := conn.httpClient.Transport.(*http.Transport).TLSClientConfig; tlsconf != nil && tlsconf.InsecureSkipVerify { + insecure = true + } + netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: insecure}) if err != nil { err = fmt.Errorf("tls.Dial: %w", err) return @@ -343,12 +379,12 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH body, _ := ioutil.ReadAll(resp.Body) var message string var errDoc httpserver.ErrorResponse - if err := json.Unmarshal(body, &errDoc); err != nil { + if err := json.Unmarshal(body, &errDoc); err == nil { message = strings.Join(errDoc.Errors, "; ") } else { message = fmt.Sprintf("%q", body) } - err = fmt.Errorf("server did not provide a tunnel: %q (HTTP %d)", message, resp.StatusCode) + err = fmt.Errorf("server did not provide a tunnel: %s (HTTP %d)", message, resp.StatusCode) return } if strings.ToLower(resp.Header.Get("Upgrade")) != "ssh" || @@ -361,6 +397,104 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH return } +func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.CreateOptions) (arvados.ContainerRequest, error) { + ep := arvados.EndpointContainerRequestCreate + var resp arvados.ContainerRequest + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) ContainerRequestUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.ContainerRequest, error) { + ep := arvados.EndpointContainerRequestUpdate + var resp arvados.ContainerRequest + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) ContainerRequestGet(ctx context.Context, options arvados.GetOptions) (arvados.ContainerRequest, error) { + ep := arvados.EndpointContainerRequestGet + var resp arvados.ContainerRequest + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) ContainerRequestList(ctx context.Context, options arvados.ListOptions) (arvados.ContainerRequestList, error) { + ep := arvados.EndpointContainerRequestList + var resp arvados.ContainerRequestList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) ContainerRequestDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.ContainerRequest, error) { + ep := arvados.EndpointContainerRequestDelete + var resp arvados.ContainerRequest + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupCreate + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupUpdate + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupGet(ctx context.Context, options arvados.GetOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupGet + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupList(ctx context.Context, options arvados.ListOptions) (arvados.GroupList, error) { + ep := arvados.EndpointGroupList + var resp arvados.GroupList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupContents(ctx context.Context, options arvados.GroupContentsOptions) (arvados.ObjectList, error) { + ep := arvados.EndpointGroupContents + var resp arvados.ObjectList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupShared(ctx context.Context, options arvados.ListOptions) (arvados.GroupList, error) { + ep := arvados.EndpointGroupShared + var resp arvados.GroupList + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupDelete(ctx context.Context, options arvados.DeleteOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupDelete + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupTrash(ctx context.Context, options arvados.DeleteOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupTrash + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + +func (conn *Conn) GroupUntrash(ctx context.Context, options arvados.UntrashOptions) (arvados.Group, error) { + ep := arvados.EndpointGroupUntrash + var resp arvados.Group + err := conn.requestAndDecode(ctx, &resp, ep, nil, options) + return resp, err +} + func (conn *Conn) SpecimenCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Specimen, error) { ep := arvados.EndpointSpecimenCreate var resp arvados.Specimen @@ -408,12 +542,6 @@ func (conn *Conn) UserUpdate(ctx context.Context, options arvados.UpdateOptions) err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } -func (conn *Conn) UserUpdateUUID(ctx context.Context, options arvados.UpdateUUIDOptions) (arvados.User, error) { - ep := arvados.EndpointUserUpdateUUID - var resp arvados.User - err := conn.requestAndDecode(ctx, &resp, ep, nil, options) - return resp, err -} func (conn *Conn) UserMerge(ctx context.Context, options arvados.UserMergeOptions) (arvados.User, error) { ep := arvados.EndpointUserMerge var resp arvados.User @@ -477,11 +605,13 @@ func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arv } type UserSessionAuthInfo struct { - Email string `json:"email"` - AlternateEmails []string `json:"alternate_emails"` - FirstName string `json:"first_name"` - LastName string `json:"last_name"` - Username string `json:"username"` + UserUUID string `json:"user_uuid"` + Email string `json:"email"` + AlternateEmails []string `json:"alternate_emails"` + FirstName string `json:"first_name"` + LastName string `json:"last_name"` + Username string `json:"username"` + ExpiresAt time.Time `json:"expires_at"` } type UserSessionCreateOptions struct { @@ -509,3 +639,26 @@ func (conn *Conn) UserAuthenticate(ctx context.Context, options arvados.UserAuth err := conn.requestAndDecode(ctx, &resp, ep, nil, options) return resp, err } + +// httpStatusError is an error with an HTTP status code that can be +// propagated by lib/controller/router, etc. +type httpStatusError interface { + error + HTTPStatus() int +} + +// wrappedHTTPStatusError is used to augment/replace an error message +// while preserving the HTTP status code indicated by the original +// error. +type wrappedHTTPStatusError struct { + httpStatusError + message string +} + +func wrapHTTPStatusError(err httpStatusError, message string) httpStatusError { + return wrappedHTTPStatusError{err, message} +} + +func (err wrappedHTTPStatusError) Error() string { + return err.message +}