return 0
fi
. "$VENVDIR/bin/activate"
- echo 'Starting API, keepproxy, keep-web, ws, arv-git-httpd, and nginx ssl proxy...'
+ echo 'Starting API, controller, keepproxy, keep-web, arv-git-httpd, ws, and nginx ssl proxy...'
if [[ ! -d "$WORKSPACE/services/api/log" ]]; then
mkdir -p "$WORKSPACE/services/api/log"
fi
title "test $1"
timer_reset
+ result=
if which deactivate >/dev/null; then deactivate; fi
if ! . "$VENVDIR/bin/activate"
then
title "install $1"
timer_reset
+ result=
if which deactivate >/dev/null; then deactivate; fi
if [[ "$1" != "env" ]] && ! . "$VENVDIR/bin/activate"; then
result=1
return false
end
- if self.state == Running &&
+ if self.state_was == Running &&
!current_api_client_authorization.nil? &&
(current_api_client_authorization.uuid == self.auth_uuid ||
current_api_client_authorization.token == self.runtime_token)
# change priority or log.
permitted.push *final_attrs
permitted = permitted - [:log, :priority]
+ elsif !current_user.andand.is_admin
+ raise PermissionDeniedError
elsif self.locked_by_uuid && self.locked_by_uuid != current_api_client_authorization.andand.uuid
# When locked, progress fields cannot be updated by the wrong
# dispatcher, even though it has admin privileges.
assert_equal c1.runtime_status, {}
assert_equal Container::Queued, c1.state
- assert_raises ActiveRecord::RecordInvalid do
+ assert_raises ArvadosModel::PermissionDeniedError do
c1.update_attributes! runtime_status: {'error' => 'Oops!'}
end
end
end
+ [
+ [Container::Queued, {state: Container::Locked}],
+ [Container::Queued, {state: Container::Running}],
+ [Container::Queued, {state: Container::Complete}],
+ [Container::Queued, {state: Container::Cancelled}],
+ [Container::Queued, {priority: 123456789}],
+ [Container::Queued, {runtime_status: {'error' => 'oops'}}],
+ [Container::Queued, {cwd: '/'}],
+ [Container::Locked, {state: Container::Running}],
+ [Container::Locked, {state: Container::Queued}],
+ [Container::Locked, {priority: 123456789}],
+ [Container::Locked, {runtime_status: {'error' => 'oops'}}],
+ [Container::Locked, {cwd: '/'}],
+ [Container::Running, {state: Container::Complete}],
+ [Container::Running, {state: Container::Cancelled}],
+ [Container::Running, {priority: 123456789}],
+ [Container::Running, {runtime_status: {'error' => 'oops'}}],
+ [Container::Running, {cwd: '/'}],
+ [Container::Complete, {state: Container::Cancelled}],
+ [Container::Complete, {priority: 123456789}],
+ [Container::Complete, {runtime_status: {'error' => 'oops'}}],
+ [Container::Complete, {cwd: '/'}],
+ [Container::Cancelled, {cwd: '/'}],
+ ].each do |start_state, updates|
+ test "Container update #{updates.inspect} when #{start_state} forbidden for non-admin" do
+ set_user_from_auth :active
+ c, _ = minimal_new
+ if start_state != Container::Queued
+ set_user_from_auth :dispatch1
+ c.lock
+ if start_state != Container::Locked
+ c.update_attributes! state: Container::Running
+ if start_state != Container::Running
+ c.update_attributes! state: start_state
+ end
+ end
+ end
+ assert_equal c.state, start_state
+ set_user_from_auth :active
+ assert_raises(ArvadosModel::PermissionDeniedError) do
+ c.update_attributes! updates
+ end
+ end
+ end
+
test "Container only set exit code on complete" do
set_user_from_auth :active
c, _ = minimal_new
c.update_attributes! state: Container::Running
set_user_from_auth :running_to_be_deleted_container_auth
- refute c.update_attributes(output: collections(:foo_file).portable_data_hash)
+ assert_raises(ArvadosModel::PermissionDeniedError) do
+ c.update_attributes(output: collections(:foo_file).portable_data_hash)
+ end
end
test "can set trashed output on running container" do