From: Peter Amstutz <peter.amstutz@curii.com>
Date: Tue, 2 Jun 2020 14:09:29 +0000 (-0400)
Subject: 16007: Update group-sync tool for new restrictions on roles
X-Git-Tag: 2.1.0~188^2~8
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/98c6516b3dd61db66c8f92345b45df33c4530a67

16007: Update group-sync tool for new restrictions on roles

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz@curii.com>
---

diff --git a/services/api/test/fixtures/links.yml b/services/api/test/fixtures/links.yml
index 2f66433379..4293b0466e 100644
--- a/services/api/test/fixtures/links.yml
+++ b/services/api/test/fixtures/links.yml
@@ -1111,3 +1111,17 @@ tagged_collection_readable_by_spectator:
   name: can_read
   head_uuid: zzzzz-4zz18-taggedcolletion
   properties: {}
+
+active_manages_viewing_group:
+  uuid: zzzzz-o0j2j-activemanagesvi
+  owner_uuid: zzzzz-tpzed-000000000000000
+  created_at: 2014-01-24 20:42:26 -0800
+  modified_by_client_uuid: zzzzz-ozdt8-brczlopd8u8d0jr
+  modified_by_user_uuid: zzzzz-tpzed-000000000000000
+  modified_at: 2014-01-24 20:42:26 -0800
+  updated_at: 2014-01-24 20:42:26 -0800
+  tail_uuid: zzzzz-tpzed-xurymjxw79nv3jz
+  link_class: permission
+  name: can_manage
+  head_uuid: zzzzz-j7d0g-futrprojviewgrp
+  properties: {}
diff --git a/tools/sync-groups/sync-groups.go b/tools/sync-groups/sync-groups.go
index 9e2307b7a6..4d03ba89e3 100644
--- a/tools/sync-groups/sync-groups.go
+++ b/tools/sync-groups/sync-groups.go
@@ -226,8 +226,9 @@ func SetParentGroup(cfg *ConfigParams) error {
 				log.Println("Default parent group not found, creating...")
 			}
 			groupData := map[string]string{
-				"name":       cfg.ParentGroupName,
-				"owner_uuid": cfg.SysUserUUID,
+				"name":        cfg.ParentGroupName,
+				"owner_uuid":  cfg.SysUserUUID,
+				"group_class": "role",
 			}
 			if err := CreateGroup(cfg, &parentGroup, groupData); err != nil {
 				return fmt.Errorf("error creating system user owned group named %q: %s", groupData["name"], err)
@@ -528,17 +529,21 @@ func GetRemoteGroups(cfg *ConfigParams, allUsers map[string]arvados.User) (remot
 
 	params := arvados.ResourceListParams{
 		Filters: []arvados.Filter{{
-			Attr:     "owner_uuid",
+			Attr:     "tail_uuid",
 			Operator: "=",
 			Operand:  cfg.ParentGroupUUID,
 		}},
 	}
-	results, err := GetAll(cfg.Client, "groups", params, &GroupList{})
+	results, err := GetAll(cfg.Client, "links", params, &LinkList{})
 	if err != nil {
 		return remoteGroups, groupNameToUUID, fmt.Errorf("error getting remote groups: %s", err)
 	}
 	for _, item := range results {
-		group := item.(arvados.Group)
+		var group arvados.Group
+		err = GetGroup(cfg, &group, item.(arvados.Link).HeadUUID)
+		if err != nil {
+			return remoteGroups, groupNameToUUID, fmt.Errorf("error getting remote group: %s", err)
+		}
 		// Group -> User filter
 		g2uFilter := arvados.ResourceListParams{
 			Filters: []arvados.Filter{{
diff --git a/tools/sync-groups/sync-groups_test.go b/tools/sync-groups/sync-groups_test.go
index 9eec6b6d97..2da8c1cdde 100644
--- a/tools/sync-groups/sync-groups_test.go
+++ b/tools/sync-groups/sync-groups_test.go
@@ -170,7 +170,7 @@ func RemoteGroupExists(cfg *ConfigParams, groupName string) (uuid string, err er
 		}, {
 			Attr:     "owner_uuid",
 			Operator: "=",
-			Operand:  cfg.ParentGroupUUID,
+			Operand:  cfg.SysUserUUID,
 		}, {
 			Attr:     "group_class",
 			Operator: "=",