import hmac
import urllib.parse
import os
+import hashlib
from arvados._version import __version__
EMAIL=0
print("(%s) Could not create API token for %s: %s" % (email, new_user_uuid, e))
return None
+ try:
+ olduser = migratearv.users().get(uuid=old_user_uuid).execute()
+ except arvados.errors.ApiError as e:
+ if e.resp.status != 404:
+ print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
+ return None
+
salted = 'v2/' + newtok["uuid"] + '/' + hmac.new(newtok["api_token"].encode(),
msg=migratecluster.encode(),
- digestmod='sha1').hexdigest()
+ digestmod=hashlib.sha1).hexdigest()
try:
ru = urllib.parse.urlparse(migratearv._rootDesc["rootUrl"])
if not args.dry_run:
print("(%s) Error getting user info for %s from %s: %s" % (email, new_user_uuid, migratecluster, e))
return None
- try:
- olduser = migratearv.users().get(uuid=old_user_uuid).execute()
- except arvados.errors.ApiError as e:
- if e.resp.status != 404:
- print("(%s) Could not retrieve user %s from %s, user may have already been migrated: %s" % (email, old_user_uuid, migratecluster, e))
- return None
-
- if not newuser["is_active"]:
+ if not newuser["is_active"] and olduser["is_active"]:
print("(%s) Activating user %s on %s" % (email, new_user_uuid, migratecluster))
try:
if not args.dry_run:
users = apiA.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
by_username = {}
-for i in range(1, 9):
+for i in range(1, 10):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i):
by_username[u["username"]] = u["uuid"]
assert found
+found = False
+for u in users["items"]:
+ if (u["username"] == "case9" and u["email"] == "case9@test" and
+ u["uuid"] == by_username[u["username"]] and u["is_active"] is False):
+ found = True
+assert found
+
users = apiB.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 11
-for i in range(2, 9):
+for i in range(2, 10):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
assert found
users = apiC.users().list().execute()
-assert len(users["items"]) == 10
+assert len(users["items"]) == 8
-for i in range(2, 9):
+for i in (2, 4, 6, 7, 8):
found = False
for u in users["items"]:
if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
found = True
assert found
+# cases 3, 5, 9 involve users that have never accessed cluster C so
+# there's nothing to migrate.
+for i in (3, 5, 9):
+ found = False
+ for u in users["items"]:
+ if u["username"] == ("case%d" % i) and u["email"] == ("case%d@test" % i) and u["uuid"] == by_username[u["username"]]:
+ found = True
+ assert not found
+
print("Passed checks")
# case 1
# user only exists on cluster A
-apiA.users().create(body={"user": {"email": "case1@test"}}).execute()
+apiA.users().create(body={"user": {"email": "case1@test", "is_active": True}}).execute()
# case 2
# user exists on cluster A and has remotes on B and C
-case2 = apiA.users().create(body={"user": {"email": "case2@test"}}).execute()
+case2 = apiA.users().create(body={"user": {"email": "case2@test", "is_active": True}}).execute()
newtok = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case2["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtok), insecure=True).users().current().execute()
# case 3
# user only exists on cluster B
-case3 = apiB.users().create(body={"user": {"email": "case3@test"}}).execute()
+case3 = apiB.users().create(body={"user": {"email": "case3@test", "is_active": True}}).execute()
# case 4
# user only exists on cluster B and has remotes on A and C
-case4 = apiB.users().create(body={"user": {"email": "case4@test"}}).execute()
+case4 = apiB.users().create(body={"user": {"email": "case4@test", "is_active": True}}).execute()
newtok = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case4["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtok), insecure=True).users().current().execute()
# case 5
# user exists on both cluster A and B
-case5 = apiA.users().create(body={"user": {"email": "case5@test"}}).execute()
-case5 = apiB.users().create(body={"user": {"email": "case5@test"}}).execute()
+case5 = apiA.users().create(body={"user": {"email": "case5@test", "is_active": True}}).execute()
+case5 = apiB.users().create(body={"user": {"email": "case5@test", "is_active": True}}).execute()
# case 6
# user exists on both cluster A and B, with remotes on A, B and C
-case6_A = apiA.users().create(body={"user": {"email": "case6@test"}}).execute()
+case6_A = apiA.users().create(body={"user": {"email": "case6@test", "is_active": True}}).execute()
newtokA = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case6_A["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokA), insecure=True).users().current().execute()
-case6_B = apiB.users().create(body={"user": {"email": "case6@test"}}).execute()
+case6_B = apiB.users().create(body={"user": {"email": "case6@test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case6_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
# case 7
# user exists on both cluster B and A, with remotes on A, B and C
-case7_B = apiB.users().create(body={"user": {"email": "case7@test"}}).execute()
+case7_B = apiB.users().create(body={"user": {"email": "case7@test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case7_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
-case7_A = apiA.users().create(body={"user": {"email": "case7@test"}}).execute()
+case7_A = apiA.users().create(body={"user": {"email": "case7@test", "is_active": True}}).execute()
newtokA = apiA.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case7_A["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokA), insecure=True).users().current().execute()
# case 8
# user exists on both cluster B and C, with remotes on A, B and C
-case8_B = apiB.users().create(body={"user": {"email": "case8@test"}}).execute()
+case8_B = apiB.users().create(body={"user": {"email": "case8@test", "is_active": True}}).execute()
newtokB = apiB.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case8_B["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokB), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][2], token=maketoken(newtokB), insecure=True).users().current().execute()
-case8_C = apiC.users().create(body={"user": {"email": "case8@test"}}).execute()
+case8_C = apiC.users().create(body={"user": {"email": "case8@test", "is_active": True}}).execute()
newtokC = apiC.api_client_authorizations().create(body={
"api_client_authorization": {'owner_uuid': case8_C["uuid"]}}).execute()
arvados.api(host=j["arvados_api_hosts"][0], token=maketoken(newtokC), insecure=True).users().current().execute()
arvados.api(host=j["arvados_api_hosts"][1], token=maketoken(newtokC), insecure=True).users().current().execute()
+
+# case 9
+# user only exists on cluster B, but is inactive
+case9 = apiB.users().create(body={"user": {"email": "case9@test", "is_active": False}}).execute()