}
func (conn *Conn) UserList(ctx context.Context, options arvados.ListOptions) (arvados.UserList, error) {
- if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.NoFederation {
+ if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.BypassFederation {
resp, err := conn.chooseBackend(id).UserList(ctx, options)
if err != nil {
return resp, err
}
func (conn *Conn) UserUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.User, error) {
- if options.NoFederation {
+ if options.BypassFederation {
return conn.local.UserUpdate(ctx, options)
}
return conn.chooseBackend(options.UUID).UserUpdate(ctx, options)
Count string `json:"count"`
IncludeTrash bool `json:"include_trash"`
IncludeOldVersions bool `json:"include_old_versions"`
- NoFederation bool `json:"no_federation"`
+ BypassFederation bool `json:"bypass_federation"`
}
type CreateOptions struct {
}
type UpdateOptions struct {
- UUID string `json:"uuid"`
- Attrs map[string]interface{} `json:"attrs"`
- NoFederation bool `json:"no_federation"`
+ UUID string `json:"uuid"`
+ Attrs map[string]interface{} `json:"attrs"`
+ BypassFederation bool `json:"bypass_federation"`
}
type UpdateUUIDOptions struct {
errors.append("Inconsistent login cluster configuration, expected '%s' on %s but was '%s'" % (loginCluster, config["ClusterID"], config["Login"]["LoginCluster"]))
continue
- if arv._rootDesc["revision"] < "20190926":
- errors.append("Arvados API server revision on cluster '%s' is too old, must be updated to at least Arvados 1.5 before running migration." % config["ClusterID"])
+ if arv._rootDesc["revision"] < "20200331":
+ errors.append("Arvados API server revision on cluster '%s' is too old, must be updated to at least Arvados 2.0.2 before running migration." % config["ClusterID"])
continue
try:
users = []
for c, arv in clusters.items():
print("Getting user list from %s" % c)
- ul = arvados.util.list_all(arv.users().list, no_federation=True)
+ ul = arvados.util.list_all(arv.users().list, bypass_federation=True)
for l in ul:
if l["uuid"].startswith(c):
users.append(l)
print("(%s) Updating username of %s to '%s' on %s" % (email, user_uuid, username, migratecluster))
if not args.dry_run:
try:
- conflicts = migratearv.users().list(filters=[["username", "=", username]], no_federation=True).execute()
+ conflicts = migratearv.users().list(filters=[["username", "=", username]], bypass_federation=True).execute()
if conflicts["items"]:
# There's already a user with the username, move the old user out of the way
migratearv.users().update(uuid=conflicts["items"][0]["uuid"],
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username+"migrate"}}).execute()
migratearv.users().update(uuid=user_uuid,
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username}}).execute()
except arvados.errors.ApiError as e:
print("(%s) Error updating username of %s to '%s' on %s: %s" % (email, user_uuid, username, migratecluster, e))
try:
olduser = oldhomearv.users().get(uuid=old_user_uuid).execute()
conflicts = homearv.users().list(filters=[["username", "=", username]],
- no_federation=True).execute()
+ bypass_federation=True).execute()
if conflicts["items"]:
homearv.users().update(uuid=conflicts["items"][0]["uuid"],
- no_federation=True,
+ bypass_federation=True,
body={"user": {"username": username+"migrate"}}).execute()
user = homearv.users().create(body={"user": {"email": email, "username": username,
"is_active": olduser["is_active"]}}).execute()
return None
try:
- findolduser = migratearv.users().list(filters=[["uuid", "=", old_user_uuid]], no_federation=True).execute()
+ findolduser = migratearv.users().list(filters=[["uuid", "=", old_user_uuid]], bypass_federation=True).execute()
if len(findolduser["items"]) == 0:
return False
if len(findolduser["items"]) == 1:
print("(%s) Activating user %s on %s" % (email, new_user_uuid, migratecluster))
try:
if not args.dry_run:
- migratearv.users().update(uuid=new_user_uuid, no_federation=True,
+ migratearv.users().update(uuid=new_user_uuid, bypass_federation=True,
body={"is_active": True}).execute()
except arvados.errors.ApiError as e:
print("(%s) Could not activate user %s on %s: %s" % (email, new_user_uuid, migratecluster, e))
### Check users on API server "A" (the LoginCluster) ###
###
-users = apiA.users().list().execute()
+users = apiA.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 11
###
### Check users on API server "B" (federation member) ###
###
-users = apiB.users().list().execute()
+users = apiB.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 11
for i in range(2, 9):
###
### Check users on API server "C" (federation member) ###
###
-users = apiC.users().list().execute()
+users = apiC.users().list(bypass_federation=True).execute()
assert len(users["items"]) == 8
for i in (2, 4, 6, 7, 8):
before_action :reload_object_before_update, :only => :update
before_action(:render_404_if_no_object,
except: [:index, :create] + ERROR_ACTIONS)
+ before_action :only_admin_can_bypass_federation
attr_writer :resource_attrs
render_not_found "Object not found" if !@object
end
+ def only_admin_can_bypass_federation
+ if params[:bypass_federation] && current_user.nil? or !current_user.is_admin
+ send_error("The bypass_federation parameter is only permitted when current user is admin", status: 403)
+ end
+ end
+
def render_error(e)
logger.error e.inspect
if e.respond_to? :backtrace and e.backtrace
location: "query",
required: false,
},
- no_federation: {
+ bypass_federation: {
type: 'boolean',
required: false,
description: 'bypass federation behavior, list items from local instance database only'