# API methods to disable. Disabled methods are not listed in the
# discovery document, and respond 404 to all requests.
- # Example: ["jobs.create", "pipeline_instances.create"]
- DisabledAPIs: []
+ # Example: {"jobs.create":{}, "pipeline_instances.create": {}}
+ DisabledAPIs: {}
# Interval (seconds) between asynchronous permission view updates. Any
# permission-updating API called with the 'async' parameter schedules a an
AutoSetupNewUsers: false
AutoSetupNewUsersWithVmUUID: ""
AutoSetupNewUsersWithRepository: false
- AutoSetupUsernameBlacklist: [arvados, git, gitolite, gitolite-admin, root, syslog]
+ AutoSetupUsernameBlacklist:
+ arvados: {}
+ git: {}
+ gitolite: {}
+ gitolite-admin: {}
+ root: {}
+ syslog: {}
+ SAMPLE: {}
# When new_users_are_active is set to true, new users will be active
# immediately. This skips the "self-activate" step which enforces
AdminNotifierEmailFrom: arvados@example.com
EmailSubjectPrefix: "[ARVADOS] "
UserNotifierEmailFrom: arvados@example.com
- NewUserNotificationRecipients: []
- NewInactiveUserNotificationRecipients: []
+ NewUserNotificationRecipients: {}
+ NewInactiveUserNotificationRecipients: {}
# Set anonymous_user_token to enable anonymous user access. You can get
# the token by running "bundle exec ./script/get_anonymous_user_token.rb"
MaxDeleteBatch: 0
# Attributes to suppress in events and audit logs. Notably,
- # specifying ["manifest_text"] here typically makes the database
+ # specifying {"manifest_text": {}} here typically makes the database
# smaller and faster.
#
# Warning: Using any non-empty value here can have undesirable side
# effects for any client or component that relies on event logs.
# Use at your own risk.
- UnloggedAttributes: []
+ UnloggedAttributes: {}
SystemLogs:
# to skip the compatibility check (and display a warning message to
# that effect).
#
- # Example for sites running docker < 1.10: ["v1"]
- # Example for sites running docker >= 1.10: ["v2"]
- # Example for disabling check: []
- SupportedDockerImageFormats: ["v2"]
+ # Example for sites running docker < 1.10: {"v1": {}}
+ # Example for sites running docker >= 1.10: {"v2": {}}
+ # Example for disabling check: {}
+ SupportedDockerImageFormats:
+ "v2": {}
+ SAMPLE: {}
# Include details about job reuse decisions in the server log. This
# causes additional database queries to run, so it should not be
ComputeNodeDomain: ""
ComputeNodeNameservers:
- - 192.168.1.1
+ "192.168.1.1": {}
+ SAMPLE: {}
# Hostname to assign to a compute node when it sends a "ping" and the
# hostname in its Node record is nil.
"Containers.SLURM": false,
"Containers.StaleLockTimeout": false,
"Containers.SupportedDockerImageFormats": true,
+ "Containers.SupportedDockerImageFormats.*": true,
"Containers.UsePreemptibleInstances": true,
"EnableBetaController14287": false,
"Git": false,
# API methods to disable. Disabled methods are not listed in the
# discovery document, and respond 404 to all requests.
- # Example: ["jobs.create", "pipeline_instances.create"]
- DisabledAPIs: []
+ # Example: {"jobs.create":{}, "pipeline_instances.create": {}}
+ DisabledAPIs: {}
# Interval (seconds) between asynchronous permission view updates. Any
# permission-updating API called with the 'async' parameter schedules a an
AutoSetupNewUsers: false
AutoSetupNewUsersWithVmUUID: ""
AutoSetupNewUsersWithRepository: false
- AutoSetupUsernameBlacklist: [arvados, git, gitolite, gitolite-admin, root, syslog]
+ AutoSetupUsernameBlacklist:
+ arvados: {}
+ git: {}
+ gitolite: {}
+ gitolite-admin: {}
+ root: {}
+ syslog: {}
+ SAMPLE: {}
# When new_users_are_active is set to true, new users will be active
# immediately. This skips the "self-activate" step which enforces
AdminNotifierEmailFrom: arvados@example.com
EmailSubjectPrefix: "[ARVADOS] "
UserNotifierEmailFrom: arvados@example.com
- NewUserNotificationRecipients: []
- NewInactiveUserNotificationRecipients: []
+ NewUserNotificationRecipients: {}
+ NewInactiveUserNotificationRecipients: {}
# Set anonymous_user_token to enable anonymous user access. You can get
# the token by running "bundle exec ./script/get_anonymous_user_token.rb"
MaxDeleteBatch: 0
# Attributes to suppress in events and audit logs. Notably,
- # specifying ["manifest_text"] here typically makes the database
+ # specifying {"manifest_text": {}} here typically makes the database
# smaller and faster.
#
# Warning: Using any non-empty value here can have undesirable side
# effects for any client or component that relies on event logs.
# Use at your own risk.
- UnloggedAttributes: []
+ UnloggedAttributes: {}
SystemLogs:
# to skip the compatibility check (and display a warning message to
# that effect).
#
- # Example for sites running docker < 1.10: ["v1"]
- # Example for sites running docker >= 1.10: ["v2"]
- # Example for disabling check: []
- SupportedDockerImageFormats: ["v2"]
+ # Example for sites running docker < 1.10: {"v1": {}}
+ # Example for sites running docker >= 1.10: {"v2": {}}
+ # Example for disabling check: {}
+ SupportedDockerImageFormats:
+ "v2": {}
+ SAMPLE: {}
# Include details about job reuse decisions in the server log. This
# causes additional database queries to run, so it should not be
ComputeNodeDomain: ""
ComputeNodeNameservers:
- - 192.168.1.1
+ "192.168.1.1": {}
+ SAMPLE: {}
# Hostname to assign to a compute node when it sends a "ping" and the
# hostname in its Node record is nil.
API struct {
AsyncPermissionsUpdateInterval Duration
- DisabledAPIs []string
+ DisabledAPIs map[string]struct{}
MaxIndexDatabaseRead int
MaxItemsPerResponse int
MaxRequestAmplification int
AuditLogs struct {
MaxAge Duration
MaxDeleteBatch int
- UnloggedAttributes []string
+ UnloggedAttributes map[string]struct{}
}
Collections struct {
BlobSigning bool
AutoSetupNewUsers bool
AutoSetupNewUsersWithRepository bool
AutoSetupNewUsersWithVmUUID string
- AutoSetupUsernameBlacklist []string
+ AutoSetupUsernameBlacklist map[string]struct{}
EmailSubjectPrefix string
- NewInactiveUserNotificationRecipients []string
- NewUserNotificationRecipients []string
+ NewInactiveUserNotificationRecipients map[string]struct{}
+ NewUserNotificationRecipients map[string]struct{}
NewUsersAreActive bool
UserNotifierEmailFrom string
UserProfileNotificationAddress string
MinRetryPeriod Duration
ReserveExtraRAM ByteSize
StaleLockTimeout Duration
- SupportedDockerImageFormats []string
+ SupportedDockerImageFormats map[string]struct{}
UsePreemptibleInstances bool
JobsAPI struct {
DNSServerReloadCommand string
DNSServerUpdateCommand string
ComputeNodeDomain string
- ComputeNodeNameservers []string
+ ComputeNodeNameservers map[string]struct{}
AssignNodeHostname string
}
}
end
def disable_api_methods
- if Rails.configuration.API.DisabledAPIs.include?(controller_name + "." + action_name)
+ if Rails.configuration.API.DisabledAPIs[controller_name + "." + action_name]
send_error("Disabled", status: 404)
end
end
if direction == :search_up
# Search upstream for jobs where this locator is the output of some job
- if !Rails.configuration.API.DisabledAPIs.include?("jobs.list")
+ if !Rails.configuration.API.DisabledAPIs["jobs.list"]
Job.readable_by(*@read_users).where(output: loc.to_s).each do |job|
search_edges(visited, job.uuid, :search_up)
end
end
# Search downstream for jobs where this locator is in script_parameters
- if !Rails.configuration.API.DisabledAPIs.include?("jobs.list")
+ if !Rails.configuration.API.DisabledAPIs["jobs.list"]
Job.readable_by(*@read_users).where(["jobs.script_parameters like ?", "%#{loc.to_s}%"]).each do |job|
search_edges(visited, job.uuid, :search_down)
end
if direction == :search_up
visited[c.uuid] = c.as_api_response
- if !Rails.configuration.API.DisabledAPIs.include?("jobs.list")
+ if !Rails.configuration.API.DisabledAPIs["jobs.list"]
Job.readable_by(*@read_users).where(output: c.portable_data_hash).each do |job|
search_edges(visited, job.uuid, :search_up)
end
table_names = Hash[klasses.collect { |k| [k, k.table_name] }]
disabled_methods = Rails.configuration.API.DisabledAPIs
- avail_klasses = table_names.select{|k, t| !disabled_methods.include?(t+'.index')}
+ avail_klasses = table_names.select{|k, t| !disabled_methods[t+'.index']}
klasses = avail_klasses.keys
request_filters.each do |col, op, val|
end
end
end
- Rails.configuration.API.DisabledAPIs.each do |method|
+ Rails.configuration.API.DisabledAPIs.each do |method, _|
ctrl, action = method.split('.', 2)
discovery[:resources][ctrl][:methods].delete(action.to_sym)
end
def new_user(user)
@user = user
if not Rails.configuration.Users.NewUserNotificationRecipients.empty? then
- @recipients = Rails.configuration.Users.NewUserNotificationRecipients
+ @recipients = Rails.configuration.Users.NewUserNotificationRecipients.keys
logger.info "Sending mail to #{@recipients} about new user #{@user.uuid} (#{@user.full_name} <#{@user.email}>)"
add_to_subject = ''
def new_inactive_user(user)
@user = user
if not Rails.configuration.Users.NewInactiveUserNotificationRecipients.empty? then
- @recipients = Rails.configuration.Users.NewInactiveUserNotificationRecipients
+ @recipients = Rails.configuration.Users.NewInactiveUserNotificationRecipients.keys
logger.info "Sending mail to #{@recipients} about new user #{@user.uuid} (#{@user.full_name} <#{@user.email}>)"
mail(to: @recipients,
subject: "#{Rails.configuration.Users.EmailSubjectPrefix}New inactive user notification"
end
def logged_attributes
- attributes.except(*Rails.configuration.AuditLogs.UnloggedAttributes)
+ attributes.except(*Rails.configuration.AuditLogs.UnloggedAttributes.keys)
end
def self.full_text_searchable_columns
[c.portable_data_hash, c]
}]
+ puts "mg #{migrated_collections} #{collections}"
+
collections.map { |c|
# Check if the listed image is compatible first, if not, then try the
# migration link.
manifest = Keep::Manifest.new(c.manifest_text)
+ puts "m1 #{manifest.exact_file_count?(1)} #{manifest.files[0][1]} #{pattern}"
if manifest.exact_file_count?(1) and manifest.files[0][1] =~ pattern
c
elsif m = migrated_collections[migrations[c.portable_data_hash]]
+ puts "m2 #{manifest.exact_file_count?(1)} #{manifest.files[0][1]} #{pattern}"
manifest = Keep::Manifest.new(m.manifest_text)
if manifest.exact_file_count?(1) and manifest.files[0][1] =~ pattern
m
joins("JOIN collections ON links.head_uuid = collections.uuid").
order("links.created_at DESC")
- docker_image_formats = Rails.configuration.Containers.SupportedDockerImageFormats
+ docker_image_formats = Rails.configuration.Containers.SupportedDockerImageFormats.keys.map(&:to_s)
if (docker_image_formats.include? 'v1' and
docker_image_formats.include? 'v2') or filter_compatible_format == false
api_accessible :superuser, :extend => :user do |t|
t.add :first_ping_at
t.add :info
- t.add lambda { |x| Rails.configuration.Containers.SLURM.Managed.ComputeNodeNameservers }, :as => :nameservers
+ t.add lambda { |x| Rails.configuration.Containers.SLURM.Managed.ComputeNodeNameservers.keys }, :as => :nameservers
end
after_initialize do
quoted_name = self.class.connection.quote_string(basename)
next_username = basename
next_suffix = 1
- while Rails.configuration.Users.AutoSetupUsernameBlacklist.include?(next_username)
+ while Rails.configuration.Users.AutoSetupUsernameBlacklist[next_username]
next_suffix += 1
next_username = "%s%i" % [basename, next_suffix]
end
# Now make a copy
$arvados_config = $arvados_config_global.deep_dup
+def arrayToHash cfg, k, v
+ val = {}
+ v.each do |k|
+ val[k.to_s] = {}
+ end
+ ConfigLoader.set_cfg cfg, k, val
+end
+
# Declare all our configuration items.
arvcfg = ConfigLoader.new
arvcfg.declare_config "ClusterID", NonemptyString, :uuid_prefix
arvcfg.declare_config "ManagementToken", String, :ManagementToken
arvcfg.declare_config "Git.Repositories", String, :git_repositories_dir
-arvcfg.declare_config "API.DisabledAPIs", Array, :disable_api_methods
+arvcfg.declare_config "API.DisabledAPIs", Hash, :disable_api_methods, method(:arrayToHash)
arvcfg.declare_config "API.MaxRequestSize", Integer, :max_request_size
arvcfg.declare_config "API.MaxIndexDatabaseRead", Integer, :max_index_database_read
arvcfg.declare_config "API.MaxItemsPerResponse", Integer, :max_items_per_response
arvcfg.declare_config "Users.AutoSetupNewUsers", Boolean, :auto_setup_new_users
arvcfg.declare_config "Users.AutoSetupNewUsersWithVmUUID", String, :auto_setup_new_users_with_vm_uuid
arvcfg.declare_config "Users.AutoSetupNewUsersWithRepository", Boolean, :auto_setup_new_users_with_repository
-arvcfg.declare_config "Users.AutoSetupUsernameBlacklist", Array, :auto_setup_name_blacklist
+arvcfg.declare_config "Users.AutoSetupUsernameBlacklist", Hash, :auto_setup_name_blacklist, method(:arrayToHash)
arvcfg.declare_config "Users.NewUsersAreActive", Boolean, :new_users_are_active
arvcfg.declare_config "Users.AutoAdminUserWithEmail", String, :auto_admin_user
arvcfg.declare_config "Users.AutoAdminFirstUser", Boolean, :auto_admin_first_user
arvcfg.declare_config "Users.AdminNotifierEmailFrom", String, :admin_notifier_email_from
arvcfg.declare_config "Users.EmailSubjectPrefix", String, :email_subject_prefix
arvcfg.declare_config "Users.UserNotifierEmailFrom", String, :user_notifier_email_from
-arvcfg.declare_config "Users.NewUserNotificationRecipients", Array, :new_user_notification_recipients
-arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Array, :new_inactive_user_notification_recipients
+arvcfg.declare_config "Users.NewUserNotificationRecipients", Hash, :new_user_notification_recipients, method(:arrayToHash)
+arvcfg.declare_config "Users.NewInactiveUserNotificationRecipients", Hash, :new_inactive_user_notification_recipients, method(:arrayToHash)
arvcfg.declare_config "Login.ProviderAppSecret", NonemptyString, :sso_app_secret
arvcfg.declare_config "Login.ProviderAppID", NonemptyString, :sso_app_id
arvcfg.declare_config "TLS.Insecure", Boolean, :sso_insecure
arvcfg.declare_config "Services.SSO.ExternalURL", NonemptyString, :sso_provider_url
arvcfg.declare_config "AuditLogs.MaxAge", ActiveSupport::Duration, :max_audit_log_age
arvcfg.declare_config "AuditLogs.MaxDeleteBatch", Integer, :max_audit_log_delete_batch
-arvcfg.declare_config "AuditLogs.UnloggedAttributes", Array, :unlogged_attributes
+arvcfg.declare_config "AuditLogs.UnloggedAttributes", Hash, :unlogged_attributes, method(:arrayToHash)
arvcfg.declare_config "SystemLogs.MaxRequestLogParamsSize", Integer, :max_request_log_params_size
arvcfg.declare_config "Collections.DefaultReplication", Integer, :default_collection_replication
arvcfg.declare_config "Collections.DefaultTrashLifetime", ActiveSupport::Duration, :default_trash_lifetime
arvcfg.declare_config "Collections.BlobSigningKey", NonemptyString, :blob_signing_key
arvcfg.declare_config "Collections.BlobSigningTTL", ActiveSupport::Duration, :blob_signature_ttl
arvcfg.declare_config "Collections.BlobSigning", Boolean, :permit_create_collection_with_unsigned_manifest, ->(cfg, k, v) { ConfigLoader.set_cfg cfg, "Collections.BlobSigning", !v }
-arvcfg.declare_config "Containers.SupportedDockerImageFormats", Array, :docker_image_formats
+arvcfg.declare_config "Containers.SupportedDockerImageFormats", Hash, :docker_image_formats, method(:arrayToHash)
arvcfg.declare_config "Containers.LogReuseDecisions", Boolean, :log_reuse_decisions
arvcfg.declare_config "Containers.DefaultKeepCacheRAM", Integer, :container_default_keep_cache_ram
arvcfg.declare_config "Containers.MaxDispatchAttempts", Integer, :max_container_dispatch_attempts
arvcfg.declare_config "Containers.SLURM.Managed.DNSServerReloadCommand", String, :dns_server_reload_command
arvcfg.declare_config "Containers.SLURM.Managed.DNSServerUpdateCommand", String, :dns_server_update_command
arvcfg.declare_config "Containers.SLURM.Managed.ComputeNodeDomain", String, :compute_node_domain
-arvcfg.declare_config "Containers.SLURM.Managed.ComputeNodeNameservers", Array, :compute_node_nameservers
+arvcfg.declare_config "Containers.SLURM.Managed.ComputeNodeNameservers", Hash, :compute_node_nameservers, method(:arrayToHash)
arvcfg.declare_config "Containers.SLURM.Managed.AssignNodeHostname", String, :assign_node_hostname
arvcfg.declare_config "Containers.JobsAPI.Enable", String, :enable_legacy_jobs_api, ->(cfg, k, v) { ConfigLoader.set_cfg cfg, "Containers.JobsAPI.Enable", v.to_s }
arvcfg.declare_config "Containers.JobsAPI.CrunchJobWrapper", String, :crunch_job_wrapper
test "Container.resolve_container_image(pdh)" do
set_user_from_auth :active
[[:docker_image, 'v1'], [:docker_image_1_12, 'v2']].each do |coll, ver|
- Rails.configuration.Containers.SupportedDockerImageFormats = [ver]
+ Rails.configuration.Containers.SupportedDockerImageFormats = {ver=>{}}
pdh = collections(coll).portable_data_hash
resolved = Container.resolve_container_image(pdh)
assert_equal resolved, pdh
end
test "migrated docker image" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v2']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v2'=>{}}
add_docker19_migration_link
# Test that it returns only v2 images even though request is for v1 image.
end
test "use unmigrated docker image" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v1']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v1'=>{}}
add_docker19_migration_link
# Test that it returns only supported v1 images even though there is a
end
test "incompatible docker image v1" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v1']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v1'=>{}}
add_docker19_migration_link
# Don't return unsupported v2 image even if we ask for it directly.
end
test "incompatible docker image v2" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v2']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v2'=>{}}
# No migration link, don't return unsupported v1 image,
set_user_from_auth :active
end
test "use migrated docker image if requesting old-format image by tag" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v2']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v2'=>{}}
add_docker19_migration_link
job = Job.create!(
job_attrs(
end
test "use migrated docker image if requesting old-format image by pdh" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v2']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v2'=>{}}
add_docker19_migration_link
job = Job.create!(
job_attrs(
[:docker_image_1_12, :docker_image_1_12, :docker_image_1_12],
].each do |existing_image, request_image, expect_image|
test "if a #{existing_image} job exists, #{request_image} yields #{expect_image} after migration" do
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v1']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v1'=>{}}
if existing_image == :docker_image
oldjob = Job.create!(
end
end
- Rails.configuration.Containers.SupportedDockerImageFormats = ['v2']
+ Rails.configuration.Containers.SupportedDockerImageFormats = {'v2'=>{}}
add_docker19_migration_link
# Check that both v1 and v2 images get resolved to v2.
projects / arvados.git / commitdiff