+ // Check current user permissions & get System user's UUID
+ u, err := ac.CurrentUser()
+ if err != nil {
+ return fmt.Errorf("error getting the current user: %s", err)
+ }
+ if !u.IsActive || !u.IsAdmin {
+ return fmt.Errorf("current user (%s) is not an active admin user", u.UUID)
+ }
+ sysUserUUID := u.UUID[:12] + "000000000000000"
+
+ // Find/create parent group
+ var parentGroup group
+ if *parentGroupUUID == "" {
+ // UUID not provided, search for preexisting parent group
+ var gl groupList
+ err := arv.List("groups", arvadosclient.Dict{
+ "filters": [][]string{
+ {"name", "=", remoteGroupParentName},
+ {"owner_uuid", "=", sysUserUUID}},
+ }, &gl)
+ if err != nil {
+ return fmt.Errorf("error searching for parent group: %s", err)
+ }
+ if len(gl.Items) == 0 {
+ // Default parent group not existant, create one.
+ if *verbose {
+ log.Println("Default parent group not found, creating...")
+ }
+ err := arv.Create("groups", arvadosclient.Dict{
+ "group": arvadosclient.Dict{
+ "name": remoteGroupParentName,
+ "owner_uuid": sysUserUUID},
+ }, &parentGroup)
+ if err != nil {
+ return fmt.Errorf("error creating system user owned group named %q: %s", remoteGroupParentName, err)
+ }
+ } else if len(gl.Items) == 1 {
+ // Default parent group found.
+ parentGroup = gl.Items[0]
+ } else {
+ // This should never happen, as there's an unique index for
+ // (owner_uuid, name) on groups.
+ return fmt.Errorf("found %d groups owned by system user and named %q", len(gl.Items), remoteGroupParentName)
+ }
+ } else {
+ // UUID provided. Check if exists and if it's owned by system user
+ err := arv.Get("groups", *parentGroupUUID, arvadosclient.Dict{}, &parentGroup)
+ if err != nil {
+ return fmt.Errorf("error searching for parent group with UUID %q: %s", *parentGroupUUID, err)
+ }
+ if parentGroup.UUID == "" {
+ return fmt.Errorf("parent group with UUID %q not found", *parentGroupUUID)
+ }
+ if parentGroup.OwnerUUID != sysUserUUID {
+ return fmt.Errorf("parent group %q (%s) must be owned by system user", parentGroup.Name, *parentGroupUUID)
+ }
+ }
+
+ log.Printf("Group sync starting. Using %q as users id and parent group UUID %q", *userID, parentGroup.UUID)