+ # There's no direct way to query the scoped_token for a given virtual_machine
+ # so we need to parse the api_client_authorization list through some jq
+ {%- set cmd_query_scoped_token_url = 'VM_UUID=$(cat /tmp/vm_uuid_' ~ vm ~ ') && ' ~
+ 'arv api_client_authorization list | ' ~
+ '/usr/bin/jq -e \'.items[]| select(.scopes[] == "GET ' ~
+ '/arvados/v1/virtual_machines/\'${VM_UUID}\'/logins") | ' ~
+ '.api_token\' | head -1 | tee /tmp/scoped_token_' ~ vm ~ ' && ' ~
+ 'unset VM_UUID'
+ %}
+
+extra_shell_cron_add_login_sync_add_{{ vm }}_get_scoped_token_cmd_run:
+ cmd.run:
+ - env:
+ - ARVADOS_API_TOKEN: {{ api_token }}
+ - ARVADOS_API_HOST: {{ api_host }}
+ - ARVADOS_API_HOST_INSECURE: {{ arvados.cluster.tls.insecure | default(false) }}
+ - name: {{ cmd_query_scoped_token_url }}
+ - require:
+ - cmd: extra_shell_cron_add_login_sync_add_{{ vm }}_get_vm_uuid_cmd_run
+ - unless:
+ - test -s /tmp/scoped_token_{{ vm }}
+