X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c29fc69a571bc2e4a4e450a09d94adbb305633bd..2024ca087c3b9c99ebb792011b60fecdf1486467:/sdk/python/arvados/api.py

diff --git a/sdk/python/arvados/api.py b/sdk/python/arvados/api.py
index 8a71b90c0d..1db694f762 100644
--- a/sdk/python/arvados/api.py
+++ b/sdk/python/arvados/api.py
@@ -4,6 +4,7 @@ import logging
 import os
 import re
 import types
+import hashlib
 
 import apiclient
 import apiclient.discovery
@@ -12,9 +13,13 @@ import config
 import errors
 import util
 
-services = {}
+_logger = logging.getLogger('arvados.api')
+conncache = {}
+
+class CredentialsFromToken(object):
+    def __init__(self, api_token):
+        self.api_token = api_token
 
-class CredentialsFromEnv(object):
     @staticmethod
     def http_request(self, uri, **kwargs):
         from httplib import BadStatusLine
@@ -24,7 +29,7 @@ class CredentialsFromEnv(object):
         if config.get("ARVADOS_EXTERNAL_CLIENT", "") == "true":
             kwargs['headers']['X-External-Client'] = '1'
 
-        kwargs['headers']['Authorization'] = 'OAuth2 %s' % config.get('ARVADOS_API_TOKEN', 'ARVADOS_API_TOKEN_not_set')
+        kwargs['headers']['Authorization'] = 'OAuth2 %s' % self.arvados_api_token
         try:
             return self.orig_http_request(uri, **kwargs)
         except BadStatusLine:
@@ -36,6 +41,7 @@ class CredentialsFromEnv(object):
             # risky.
             return self.orig_http_request(uri, **kwargs)
     def authorize(self, http):
+        http.arvados_api_token = self.api_token
         http.orig_http_request = http.request
         http.request = types.MethodType(self.http_request, http)
         return http
@@ -69,57 +75,85 @@ def http_cache(data_type):
         path = None
     return path
 
-def api(version=None, cache=True, **kwargs):
+def api(version=None, cache=True, host=None, token=None, insecure=False, **kwargs):
     """Return an apiclient Resources object for an Arvados instance.
 
     Arguments:
     * version: A string naming the version of the Arvados API to use (for
       example, 'v1').
-    * cache: If True (default), return an existing resources object, or use
-      a cached discovery document to build one.
+    * cache: If True (default), return an existing Resources object if
+      one already exists with the same endpoint and credentials. If
+      False, create a new one, and do not keep it in the cache (i.e.,
+      do not return it from subsequent api(cache=True) calls with
+      matching endpoint and credentials).
+    * host: The Arvados API server host (and optional :port) to connect to.
+    * token: The authentication token to send with each API call.
+    * insecure: If True, ignore SSL certificate validation errors.
 
     Additional keyword arguments will be passed directly to
-    `apiclient.discovery.build`.  If the `discoveryServiceUrl` or `http`
-    keyword arguments are missing, this function will set default values for
-    them, based on the current Arvados configuration settings."""
-    if config.get('ARVADOS_DEBUG'):
-        logging.basicConfig(level=logging.DEBUG)
-
-    if not cache or not services.get(version):
-        if not version:
-            version = 'v1'
-            logging.info("Using default API version. " +
-                         "Call arvados.api('%s') instead." %
-                         version)
-
-        if 'discoveryServiceUrl' not in kwargs:
-            api_host = config.get('ARVADOS_API_HOST')
-            if not api_host:
-                raise ValueError(
-                    "No discoveryServiceUrl or ARVADOS_API_HOST set.")
-            kwargs['discoveryServiceUrl'] = (
-                'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' %
-                (api_host,))
-
-        if 'http' not in kwargs:
-            http_kwargs = {}
-            # Prefer system's CA certificates (if available) over httplib2's.
-            certs_path = '/etc/ssl/certs/ca-certificates.crt'
-            if os.path.exists(certs_path):
-                http_kwargs['ca_certs'] = certs_path
-            if cache:
-                http_kwargs['cache'] = http_cache('discovery')
-            if (config.get('ARVADOS_API_HOST_INSECURE', '').lower() in
-                  ('yes', 'true', '1')):
-                http_kwargs['disable_ssl_certificate_validation'] = True
-            kwargs['http'] = httplib2.Http(**http_kwargs)
-
-        kwargs['http'] = CredentialsFromEnv().authorize(kwargs['http'])
-        services[version] = apiclient.discovery.build('arvados', version,
-                                                      **kwargs)
-        kwargs['http'].cache = None
-    return services[version]
-
-def uncache_api(version):
-    if version in services:
-        del services[version]
+    `apiclient.discovery.build` if a new Resource object is created.
+    If the `discoveryServiceUrl` or `http` keyword arguments are
+    missing, this function will set default values for them, based on
+    the current Arvados configuration settings.
+
+    """
+
+    if not version:
+        version = 'v1'
+        logging.info("Using default API version. " +
+                     "Call arvados.api('%s') instead." %
+                     version)
+    if host and token:
+        apiinsecure = insecure
+    elif not host and not token:
+        # Load from user configuration or environment
+        for x in ['ARVADOS_API_HOST', 'ARVADOS_API_TOKEN']:
+            if x not in config.settings():
+                raise Exception("%s is not set. Aborting." % x)
+        host = config.get('ARVADOS_API_HOST')
+        token = config.get('ARVADOS_API_TOKEN')
+        apiinsecure = (config.get('ARVADOS_API_HOST_INSECURE', '').lower() in
+                       ('yes', 'true', '1'))
+    else:
+        # Caller provided one but not the other
+        if not host:
+            raise Exception("token argument provided, but host missing.")
+        else:
+            raise Exception("host argument provided, but token missing.")
+
+    if cache:
+        connprofile = hashlib.sha1(' '.join([
+            version, host, token, ('y' if apiinsecure else 'n')
+        ])).hexdigest()
+        svc = conncache.get(connprofile)
+        if svc:
+            return svc
+
+    if 'http' not in kwargs:
+        http_kwargs = {}
+        # Prefer system's CA certificates (if available) over httplib2's.
+        certs_path = '/etc/ssl/certs/ca-certificates.crt'
+        if os.path.exists(certs_path):
+            http_kwargs['ca_certs'] = certs_path
+        if cache:
+            http_kwargs['cache'] = http_cache('discovery')
+        if apiinsecure:
+            http_kwargs['disable_ssl_certificate_validation'] = True
+        kwargs['http'] = httplib2.Http(**http_kwargs)
+
+    credentials = CredentialsFromToken(api_token=token)
+    kwargs['http'] = credentials.authorize(kwargs['http'])
+
+    if 'discoveryServiceUrl' not in kwargs:
+        kwargs['discoveryServiceUrl'] = (
+            'https://%s/discovery/v1/apis/{api}/{apiVersion}/rest' % (host,))
+
+    svc = apiclient.discovery.build('arvados', version, **kwargs)
+    kwargs['http'].cache = None
+    if cache:
+        conncache[connprofile] = svc
+    return svc
+
+def unload_connection_cache():
+    for connprofile in conncache:
+        del conncache[connprofile]