clear_temp() {
if [[ -z "$temp" ]]; then
- # we didn't even get as far as making a temp dir
+ # we did not even get as far as making a temp dir
:
elif [[ -z "$temp_preserve" ]]; then
+ # Go creates readonly dirs in the module cache, which cause
+ # "rm -rf" to fail unless we chmod first.
+ chmod -R u+w "$temp"
rm -rf "$temp"
else
echo "Leaving behind temp dirs in $temp"
tmpdir_gem_home="$(env - PATH="$PATH" HOME="$GEMHOME" gem env gempath | cut -f1 -d:)"
PATH="$tmpdir_gem_home/bin:$PATH"
- export GEM_PATH="$tmpdir_gem_home"
+ export GEM_PATH="$tmpdir_gem_home:$(gem env gempath)"
echo "Will install dependencies to $(gem env gemdir)"
- echo "Will install arvados gems to $tmpdir_gem_home"
+ echo "Will install bundler and arvados gems to $tmpdir_gem_home"
echo "Gem search path is GEM_PATH=$GEM_PATH"
- bundle="$(gem env gempath | cut -f1 -d:)/bin/bundle"
+ bundle="$tmpdir_gem_home/bin/bundle"
(
export HOME=$GEMHOME
bundlers="$(gem list --details bundler)"
h3. dev
-Development configuration. Boots a complete Arvados environment inside the container. The "arvados", "arvado-dev" and "sso-devise-omniauth-provider" code directories along data directories "postgres", "var", "passenger" and "gems" are bind mounted from the host file system for easy access and persistence across container rebuilds. Services are bound to the Docker container's network IP address and can only be accessed on the local host.
+Development configuration. Boots a complete Arvados environment inside the container. The "arvados" and "arvados-dev" code directories along data directories "postgres", "var", "passenger" and "gems" are bind mounted from the host file system for easy access and persistence across container rebuilds. Services are bound to the Docker container's network IP address and can only be accessed on the local host.
-In "dev" mode, you can override the default autogenerated settings of Rails projects by adding "application.yml.override" to any Rails project (sso, api, workbench). This can be used to test out API server settings or point Workbench at an alternate API server.
+In "dev" mode, you can override the default autogenerated settings of Rails projects by adding "application.yml.override" to any Rails project (api, workbench). This can be used to test out API server settings or point Workbench at an alternate API server.
h3. localdemo
The root directory of the Arvados-dev source tree
default: $ARVBOX_DATA/arvados-dev
-h3. SSO_ROOT
-
-The root directory of the SSO source tree
-default: $ARVBOX_DATA/sso-devise-omniauth-provider
-
h3. ARVBOX_PUBLISH_IP
The IP address on which to publish services when running in public configuration. Overrides default detection of the host's IP address.
package localdb
import (
+ "bytes"
"context"
- "errors"
"fmt"
+ "html/template"
"git.arvados.org/arvados.git/lib/controller/rpc"
"git.arvados.org/arvados.git/sdk/go/arvados"
}
func (ctrl *testLoginController) Login(ctx context.Context, opts arvados.LoginOptions) (arvados.LoginResponse, error) {
- return arvados.LoginResponse{}, errors.New("interactive login is not available")
+ tmpl, err := template.New("form").Parse(loginform)
+ if err != nil {
+ return arvados.LoginResponse{}, err
+ }
+ var buf bytes.Buffer
+ err = tmpl.Execute(&buf, opts)
+ if err != nil {
+ return arvados.LoginResponse{}, err
+ }
+ return arvados.LoginResponse{HTML: buf}, nil
}
func (ctrl *testLoginController) UserAuthenticate(ctx context.Context, opts arvados.UserAuthenticateOptions) (arvados.APIClientAuthorization, error) {
}
return arvados.APIClientAuthorization{}, fmt.Errorf("authentication failed for user %q with password len=%d", opts.Username, len(opts.Password))
}
+
+const loginform = `
+<!doctype html>
+<html>
+ <head><title>Arvados test login</title>
+ <script>
+ async function authenticate(event) {
+ event.preventDefault()
+ document.getElementById('error').innerHTML = ''
+ const resp = await fetch('/arvados/v1/users/authenticate', {
+ method: 'POST',
+ mode: 'same-origin',
+ headers: {'Content-Type': 'application/json'},
+ body: JSON.stringify({
+ username: document.getElementById('username').value,
+ password: document.getElementById('password').value,
+ }),
+ })
+ if (!resp.ok) {
+ document.getElementById('error').innerHTML = 'authentication failed (default accounts are user/user, admin/admin)'
+ return
+ }
+ var redir = document.getElementById('return_to').value
+ if (redir.indexOf('?') > 0) {
+ redir += '&'
+ } else {
+ redir += '?'
+ }
+ const respj = await resp.json()
+ document.location = redir + "api_token=" + respj.api_token
+ }
+ </script>
+ </head>
+ <body>
+ <h3>Arvados test login</h3>
+ <form method="POST">
+ <input id="return_to" type="hidden" name="return_to" value="{{.ReturnTo}}">
+ username <input id="username" type="text" name="username" size=16>
+ password <input id="password" type="password" name="password" size=16>
+ <input type="submit" value="Log in">
+ <br>
+ <p id="error"></p>
+ </form>
+ </body>
+ <script>
+ document.getElementsByTagName('form')[0].onsubmit = authenticate
+ </script>
+</html>
+`
}
}
}
+
+func (s *TestUserSuite) TestLoginForm(c *check.C) {
+ resp, err := s.ctrl.Login(s.ctx, arvados.LoginOptions{
+ ReturnTo: "https://localhost:12345/example",
+ })
+ c.Check(err, check.IsNil)
+ c.Check(resp.HTML.String(), check.Matches, `(?ms).*<form method="POST".*`)
+ c.Check(resp.HTML.String(), check.Matches, `(?ms).*<input id="return_to" type="hidden" name="return_to" value="https://localhost:12345/example">.*`)
+}
ARVADOS_ROOT="$ARVBOX_DATA/arvados"
fi
-if test -z "$SSO_ROOT" ; then
- SSO_ROOT="$ARVBOX_DATA/sso-devise-omniauth-provider"
-fi
-
if test -z "$COMPOSER_ROOT" ; then
COMPOSER_ROOT="$ARVBOX_DATA/composer"
fi
docker_run_dev() {
docker run \
"--volume=$ARVADOS_ROOT:/usr/src/arvados:rw" \
- "--volume=$SSO_ROOT:/usr/src/sso:rw" \
"--volume=$COMPOSER_ROOT:/usr/src/composer:rw" \
"--volume=$WORKBENCH2_ROOT:/usr/src/workbench2:rw" \
"--volume=$PG_DATA:/var/lib/postgresql:rw" \
if ! test -d "$ARVADOS_ROOT" ; then
git clone https://git.arvados.org/arvados.git "$ARVADOS_ROOT"
fi
- if ! test -d "$SSO_ROOT" ; then
- git clone https://github.com/arvados/sso-devise-omniauth-provider.git "$SSO_ROOT"
- fi
if ! test -d "$COMPOSER_ROOT" ; then
git clone https://github.com/arvados/composer.git "$COMPOSER_ROOT"
git -C "$COMPOSER_ROOT" checkout arvados-fork
/usr/local/lib/arvbox/runsu.sh \
/usr/local/lib/arvbox/waitforpostgres.sh
- docker exec -ti \
- $ARVBOX_CONTAINER \
- /usr/local/lib/arvbox/runsu.sh \
- /var/lib/arvbox/service/sso/run-service --only-setup
-
docker exec -ti \
$ARVBOX_CONTAINER \
/usr/local/lib/arvbox/runsu.sh \
exit 1
fi
set -x
+ chmod -R u+w "$ARVBOX_DATA"
rm -rf "$ARVBOX_DATA"
else
if test "$1" != -f ; then
"$ARVBOX_BASE/$1/gopath" \
"$ARVBOX_BASE/$1/Rlibs" \
"$ARVBOX_BASE/$1/arvados" \
- "$ARVBOX_BASE/$1/sso-devise-omniauth-provider" \
"$ARVBOX_BASE/$1/composer" \
"$ARVBOX_BASE/$1/workbench2" \
"$ARVBOX_BASE/$2"
FROM arvados/arvbox-base
ARG arvados_version
-ARG sso_version=master
ARG composer_version=arvados-fork
ARG workbench2_version=master
git clone --no-checkout https://github.com/arvados/arvados.git && \
git -C arvados checkout ${arvados_version} && \
git -C arvados pull && \
- git clone --no-checkout https://github.com/arvados/sso-devise-omniauth-provider.git sso && \
- git -C sso checkout ${sso_version} && \
- git -C sso pull && \
git clone --no-checkout https://github.com/arvados/composer.git && \
git -C composer checkout ${composer_version} && \
git -C composer pull && \
RUN ln -sf /var/lib/arvbox/service /etc
RUN mkdir -p /var/lib/arvados
RUN echo "production" > /var/lib/arvados/api_rails_env
-RUN echo "production" > /var/lib/arvados/sso_rails_env
RUN echo "production" > /var/lib/arvados/workbench_rails_env
RUN /usr/local/lib/arvbox/createusers.sh
RUN sudo -u arvbox /var/lib/arvbox/service/composer/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/workbench2/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/keep-web/run-service --only-deps
-RUN sudo -u arvbox /var/lib/arvbox/service/sso/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/workbench/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/doc/run-service --only-deps
RUN sudo -u arvbox /var/lib/arvbox/service/vm/run-service --only-deps
RUN ln -sf /var/lib/arvbox/service /etc
RUN mkdir -p /var/lib/arvados
RUN echo "development" > /var/lib/arvados/api_rails_env
-RUN echo "development" > /var/lib/arvados/sso_rails_env
RUN echo "development" > /var/lib/arvados/workbench_rails_env
RUN mkdir /etc/test-service && \
secret_token=$(cat /var/lib/arvados/api_secret_token)
blob_signing_key=$(cat /var/lib/arvados/blob_signing_key)
management_token=$(cat /var/lib/arvados/management_token)
- sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
database_pw=$(cat /var/lib/arvados/api_database_pw)
vm_uuid=$(cat /var/lib/arvados/vm-uuid)
uuid_prefix: $uuid_prefix
secret_token: $secret_token
blob_signing_key: $blob_signing_key
- sso_app_secret: $sso_app_secret
- sso_app_id: arvados-server
- sso_provider_url: "https://$localip:${services[sso]}"
- sso_insecure: false
workbench_address: "https://$localip/"
websocket_address: "wss://$localip:${services[websockets-ssl]}/websocket"
git_repo_ssh_base: "git@$localip:"
fi
system_root_token=$(cat /var/lib/arvados/system_root_token)
-if ! test -s /var/lib/arvados/sso_app_secret ; then
- ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_app_secret
-fi
-sso_app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
if ! test -s /var/lib/arvados/vm-uuid ; then
echo $uuid_prefix-2x53u-$(ruby -e 'puts rand(2**400).to_s(36)[0,15]') > /var/lib/arvados/vm-uuid
fi
ExternalURL: "https://$localip:${services[workbench]}"
Workbench2:
ExternalURL: "https://$localip:${services[workbench2-ssl]}"
- SSO:
- ExternalURL: "https://$localip:${services[sso]}"
Keepproxy:
ExternalURL: "https://$localip:${services[keepproxy-ssl]}"
InternalURLs:
DefaultReplication: 1
TrustAllContent: true
Login:
- SSO:
+ Test:
Enable: true
- ProviderAppSecret: $sso_app_secret
- ProviderAppID: arvados-server
+ Users:
+ admin:
+ Email: admin@example.com
+ Password: admin
+ user:
+ Email: user@example.com
+ Password: user
Users:
NewUsersAreActive: true
- AutoAdminFirstUser: true
+ AutoAdminUserWithEmail: admin@example.com
AutoSetupNewUsers: true
AutoSetupNewUsersWithVmUUID: $vm_uuid
AutoSetupNewUsersWithRepository: true
[api]=8004
[controller]=8003
[controller-ssl]=8000
- [sso]=8900
[composer]=4200
[arv-git-httpd-ssl]=9000
[arv-git-httpd]=9001
gemlockcount=0
for l in /usr/src/arvados/services/api/Gemfile.lock \
- /usr/src/arvados/apps/workbench/Gemfile.lock \
- /usr/src/sso/Gemfile.lock ; do
+ /usr/src/arvados/apps/workbench/Gemfile.lock ; do
gc=$(cat $l \
| grep -vE "(GEM|PLATFORMS|DEPENDENCIES|BUNDLED|GIT|$^|remote:|specs:|revision:)" \
| sed 's/^ *//' | sed 's/(.*)//' | sed 's/ *$//' | sort | uniq | wc -l)
+++ /dev/null
-/usr/local/lib/arvbox/logger
\ No newline at end of file
+++ /dev/null
-/usr/local/lib/arvbox/runsu.sh
\ No newline at end of file
+++ /dev/null
-#!/bin/bash
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-exec 2>&1
-set -ex -o pipefail
-
-. /usr/local/lib/arvbox/common.sh
-
-cd /usr/src/sso
-if test -s /var/lib/arvados/sso_rails_env ; then
- export RAILS_ENV=$(cat /var/lib/arvados/sso_rails_env)
-else
- export RAILS_ENV=development
-fi
-
-run_bundler --without=development
-bundle exec passenger-config build-native-support
-bundle exec passenger-config install-standalone-runtime
-
-if test "$1" = "--only-deps" ; then
- exit
-fi
-
-set -u
-
-uuid_prefix=$(cat /var/lib/arvados/api_uuid_prefix)
-
-if ! test -s /var/lib/arvados/sso_secret_token ; then
- ruby -e 'puts rand(2**400).to_s(36)' > /var/lib/arvados/sso_secret_token
-fi
-secret_token=$(cat /var/lib/arvados/sso_secret_token)
-
-openssl verify -CAfile $root_cert $server_cert
-
-cat >config/application.yml <<EOF
-$RAILS_ENV:
- uuid_prefix: $uuid_prefix
- secret_token: $secret_token
- default_link_url: "http://$localip"
- allow_account_registration: true
-EOF
-
-(cd config && /usr/local/lib/arvbox/yml_override.py application.yml)
-
-if ! test -f /var/lib/arvados/sso_database_pw ; then
- ruby -e 'puts rand(2**128).to_s(36)' > /var/lib/arvados/sso_database_pw
-fi
-database_pw=$(cat /var/lib/arvados/sso_database_pw)
-
-if ! (psql postgres -c "\du" | grep "^ arvados_sso ") >/dev/null ; then
- psql postgres -c "create user arvados_sso with password '$database_pw'"
- psql postgres -c "ALTER USER arvados_sso CREATEDB;"
-fi
-
-sed "s/password:.*/password: $database_pw/" <config/database.yml.example >config/database.yml
-
-if ! test -f /var/lib/arvados/sso_database_setup ; then
- bundle exec rake db:setup
-
- app_secret=$(cat /var/lib/arvados/sso_app_secret)
-
- bundle exec rails console <<EOF
-c = Client.new
-c.name = "joshid"
-c.app_id = "arvados-server"
-c.app_secret = "$app_secret"
-c.save!
-EOF
-
- touch /var/lib/arvados/sso_database_setup
-fi
-
-rm -rf tmp
-mkdir -p tmp/cache
-
-bundle exec rake assets:precompile
-bundle exec rake db:migrate
-
-set +u
-if test "$1" = "--only-setup" ; then
- exit
-fi
-
-exec bundle exec passenger start --port=${services[sso]} \
- --ssl --ssl-certificate=/var/lib/arvados/server-cert-${localip}.pem \
- --ssl-certificate-key=/var/lib/arvados/server-cert-${localip}.key