From: Tom Clegg Date: Wed, 15 Jul 2015 19:47:11 +0000 (-0400) Subject: Merge branch '6610-login-without-ssh-key' closes #6610 X-Git-Tag: 1.1.0~1500 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/97374cec874aaaaeb92eeb962bf580bdba199be9?hp=0d9da683cb9572f6b5ba3f65376066938e701fb4 Merge branch '6610-login-without-ssh-key' closes #6610 --- diff --git a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb index 519178b0bb..84251db470 100644 --- a/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb +++ b/services/api/app/controllers/arvados/v1/virtual_machines_controller.rb @@ -9,32 +9,40 @@ class Arvados::V1::VirtualMachinesController < ApplicationController end def get_all_logins - @users = {} - User.includes(:authorized_keys).all.each do |u| - @users[u.uuid] = u - end @response = [] - @vms = VirtualMachine.includes(:login_permissions) + @vms = VirtualMachine.eager_load :login_permissions if @object - @vms = @vms.where('uuid=?', @object.uuid) + @vms = @vms.where uuid: @object.uuid else @vms = @vms.all end + @users = {} + User.eager_load(:authorized_keys). + where('users.uuid in (?)', + @vms.map { |vm| vm.login_permissions.map &:tail_uuid }.flatten.uniq). + each do |u| + @users[u.uuid] = u + end @vms.each do |vm| vm.login_permissions.each do |perm| user_uuid = perm.tail_uuid - @users[user_uuid].andand.authorized_keys.andand.each do |ak| - unless perm.properties['username'].blank? - @response << { - username: perm.properties['username'], - hostname: vm.hostname, - groups: (perm.properties["groups"].to_a rescue []), - public_key: ak.public_key, - user_uuid: user_uuid, - virtual_machine_uuid: vm.uuid, - authorized_key_uuid: ak.uuid - } - end + next if not @users[user_uuid] + next if perm.properties['username'].blank? + aks = @users[user_uuid].authorized_keys + if aks.empty? + # We'll emit one entry, with no public key. + aks = [nil] + end + aks.each do |ak| + @response << { + username: perm.properties['username'], + hostname: vm.hostname, + groups: (perm.properties['groups'].to_a rescue []), + public_key: ak ? ak.public_key : nil, + user_uuid: user_uuid, + virtual_machine_uuid: vm.uuid, + authorized_key_uuid: ak ? ak.uuid : nil, + } end end end diff --git a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb index 8ca2a94c8d..7c3270c5c5 100644 --- a/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb +++ b/services/api/test/functional/arvados/v1/virtual_machines_controller_test.rb @@ -44,4 +44,25 @@ class Arvados::V1::VirtualMachinesControllerTest < ActionController::TestCase assert_empty(json_response. select { |login| login["user_uuid"] == spectator_uuid }) end + + test "logins without ssh keys are listed" do + u, vm = nil + act_as_system_user do + u = create :active_user, first_name: 'Bob', last_name: 'Blogin' + vm = VirtualMachine.create! hostname: 'foo.shell' + Link.create!(tail_uuid: u.uuid, + head_uuid: vm.uuid, + link_class: 'permission', + name: 'can_login', + properties: {'username' => 'bobblogin'}) + end + authorize_with :admin + get :logins, id: vm.uuid + assert_response :success + assert_equal 1, json_response['items'].length + assert_equal nil, json_response['items'][0]['public_key'] + assert_equal nil, json_response['items'][0]['authorized_key_uuid'] + assert_equal u.uuid, json_response['items'][0]['user_uuid'] + assert_equal 'bobblogin', json_response['items'][0]['username'] + end end