17583: Forwards ApiClientAuthorization list requests to LoginCluster.

Also, honor the bypass_federation parameter.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 298c693b4e9939a930daefb6c332f3092c0eaaf3..d3819f6262df8f7df4134753d0359e1d04e12950 100644 (file)
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -741,6 +741,9 @@ func (conn *Conn) APIClientAuthorizationCreate(ctx context.Context, options arva
 }
 
 func (conn *Conn) APIClientAuthorizationUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.APIClientAuthorization, error) {
+       if options.BypassFederation {
+               return conn.local.APIClientAuthorizationUpdate(ctx, options)
+       }
        return conn.chooseBackend(options.UUID).APIClientAuthorizationUpdate(ctx, options)
 }
 
@@ -749,7 +752,10 @@ func (conn *Conn) APIClientAuthorizationDelete(ctx context.Context, options arva
 }
 
 func (conn *Conn) APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
-       return conn.local.APIClientAuthorizationList(ctx, options)
+       if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.BypassFederation {
+               return conn.chooseBackend(conn.cluster.Login.LoginCluster).APIClientAuthorizationList(ctx, options)
+       }
+       return conn.generated_APIClientAuthorizationList(ctx, options)
 }
 
 func (conn *Conn) APIClientAuthorizationGet(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) {

diff --git a/lib/controller/federation/generate.go b/lib/controller/federation/generate.go
index b49e138ce1f635c3b692a873d646da20ca444173..8af61315643708aaa96466286275452d3c242edb 100644 (file)
--- a/lib/controller/federation/generate.go
+++ b/lib/controller/federation/generate.go
@@ -53,7 +53,7 @@ func main() {
                defer out.Close()
                out.Write(regexp.MustCompile(`(?ms)^.*package .*?import.*?\n\)\n`).Find(buf))
                io.WriteString(out, "//\n// -- this file is auto-generated -- do not edit -- edit list.go and run \"go generate\" instead --\n//\n\n")
-               for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link"} {
+               for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link", "APIClientAuthorization"} {
                        _, err := out.Write(bytes.ReplaceAll(orig, []byte("Collection"), []byte(t)))
                        if err != nil {
                                panic(err)

diff --git a/lib/controller/federation/generated.go b/lib/controller/federation/generated.go
index e8a5a08ff00c10d491e5fb29032fe003fb9b137a..66f36161d50817743ba25853fe1aadd637f84bdc 100755 (executable)
--- a/lib/controller/federation/generated.go
+++ b/lib/controller/federation/generated.go
@@ -262,3 +262,44 @@ func (conn *Conn) generated_LinkList(ctx context.Context, options arvados.ListOp
        }
        return merged, err
 }
+
+func (conn *Conn) generated_APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
+       var mtx sync.Mutex
+       var merged arvados.APIClientAuthorizationList
+       var needSort atomic.Value
+       needSort.Store(false)
+       err := conn.splitListRequest(ctx, options, func(ctx context.Context, _ string, backend arvados.API, options arvados.ListOptions) ([]string, error) {
+               options.ForwardedFor = conn.cluster.ClusterID + "-" + options.ForwardedFor
+               cl, err := backend.APIClientAuthorizationList(ctx, options)
+               if err != nil {
+                       return nil, err
+               }
+               mtx.Lock()
+               defer mtx.Unlock()
+               if len(merged.Items) == 0 {
+                       merged = cl
+               } else if len(cl.Items) > 0 {
+                       merged.Items = append(merged.Items, cl.Items...)
+                       needSort.Store(true)
+               }
+               uuids := make([]string, 0, len(cl.Items))
+               for _, item := range cl.Items {
+                       uuids = append(uuids, item.UUID)
+               }
+               return uuids, nil
+       })
+       if needSort.Load().(bool) {
+               // Apply the default/implied order, "modified_at desc"
+               sort.Slice(merged.Items, func(i, j int) bool {
+                       mi, mj := merged.Items[i].ModifiedAt, merged.Items[j].ModifiedAt
+                       return mj.Before(mi)
+               })
+       }
+       if merged.Items == nil {
+               // Return empty results as [], not null
+               // (https://github.com/golang/go/issues/27589 might be
+               // a better solution in the future)
+               merged.Items = []arvados.APIClientAuthorization{}
+       }
+       return merged, err
+}

diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index ca2a419c76ed2c36cf1e628a30e5b13dc48de04b..9f5d12598b70e31728fe29fb28ae4fa8ce58ec4e 100644 (file)
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -690,6 +690,7 @@ func (s *IntegrationSuite) TestFederatedApiClientAuthHandling(c *check.C) {
                },
        )
        c.Assert(err, check.IsNil)
+       c.Assert(resp.APIClientID, check.Not(check.Equals), 0)
        newTok := resp.TokenV2()
        c.Assert(newTok, check.Not(check.Equals), "")