From 3a4434f8b767e05456eea248f645422b1ed670d0 Mon Sep 17 00:00:00 2001 From: Lucas Di Pentima Date: Thu, 25 Jan 2018 15:32:56 -0300 Subject: [PATCH 1/1] 12758: Query the API server for group memberships using a 'like' filter to retrieve all local and remote account links to groups. Added a remote user to the fixture and updated test to confirm remote users are able to be added & removed from local groups by sync-groups. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- sdk/go/arvadostest/fixtures.go | 1 + services/api/test/fixtures/users.yml | 16 +++++++++++++ tools/sync-groups/sync-groups.go | 21 ++++++++++------- tools/sync-groups/sync-groups_test.go | 33 ++++++++++++++++----------- 4 files changed, 50 insertions(+), 21 deletions(-) diff --git a/sdk/go/arvadostest/fixtures.go b/sdk/go/arvadostest/fixtures.go index 5e530658ab..d057c09b22 100644 --- a/sdk/go/arvadostest/fixtures.go +++ b/sdk/go/arvadostest/fixtures.go @@ -13,6 +13,7 @@ const ( DataManagerToken = "320mkve8qkswstz7ff61glpk3mhgghmg67wmic7elw4z41pke1" ManagementToken = "jg3ajndnq63sywcd50gbs5dskdc9ckkysb0nsqmfz08nwf17nl" ActiveUserUUID = "zzzzz-tpzed-xurymjxw79nv3jz" + FederatedActiveUserUUID = "zbbbb-tpzed-xurymjxw79nv3jz" SpectatorUserUUID = "zzzzz-tpzed-l1s2piq4t4mps8r" UserAgreementCollection = "zzzzz-4zz18-uukreo9rbgwsujr" // user_agreement_in_anonymously_accessible_project FooCollection = "zzzzz-4zz18-fy296fx3hot09f7" diff --git a/services/api/test/fixtures/users.yml b/services/api/test/fixtures/users.yml index 8087952133..8fb800c5f9 100644 --- a/services/api/test/fixtures/users.yml +++ b/services/api/test/fixtures/users.yml @@ -84,6 +84,22 @@ active: role: Computational biologist getting_started_shown: 2015-03-26 12:34:56.789000000 Z +federated_active: + owner_uuid: zzzzz-tpzed-000000000000000 + uuid: zbbbb-tpzed-xurymjxw79nv3jz + email: zbbbb-active-user@arvados.local + first_name: Active + last_name: User + identity_url: https://active-user.openid.local + is_active: true + is_admin: false + username: federatedactive + prefs: + profile: + organization: example.com + role: Computational biologist + getting_started_shown: 2015-03-26 12:34:56.789000000 Z + project_viewer: owner_uuid: zzzzz-tpzed-000000000000000 uuid: zzzzz-tpzed-projectviewer1a diff --git a/tools/sync-groups/sync-groups.go b/tools/sync-groups/sync-groups.go index ebc40b13cb..10569b2e13 100644 --- a/tools/sync-groups/sync-groups.go +++ b/tools/sync-groups/sync-groups.go @@ -307,7 +307,7 @@ func doMain(cfg *ConfigParams) error { } userIDToUUID[uID] = u.UUID if cfg.Verbose { - log.Printf("Seen user %q (%s)", u.Username, u.Email) + log.Printf("Seen user %q (%s)", u.Username, u.UUID) } } @@ -317,6 +317,11 @@ func doMain(cfg *ConfigParams) error { return err } log.Printf("Found %d remote groups", len(remoteGroups)) + if cfg.Verbose { + for groupUUID := range remoteGroups { + log.Printf("- Group %q: %d users", remoteGroups[groupUUID].Group.Name, len(remoteGroups[groupUUID].PreviousMembers)) + } + } membershipsRemoved := 0 @@ -504,9 +509,9 @@ func GetRemoteGroups(cfg *ConfigParams, allUsers map[string]arvados.User) (remot Operator: "=", Operand: group.UUID, }, { - Attr: "head_kind", - Operator: "=", - Operand: "arvados#user", + Attr: "head_uuid", + Operator: "like", + Operand: "%-tpzed-%", }}, } // User -> Group filter @@ -528,9 +533,9 @@ func GetRemoteGroups(cfg *ConfigParams, allUsers map[string]arvados.User) (remot Operator: "=", Operand: group.UUID, }, { - Attr: "tail_kind", - Operator: "=", - Operand: "arvados#user", + Attr: "tail_uuid", + Operator: "like", + Operand: "%-tpzed-%", }}, } g2uLinks, err := GetAll(cfg.Client, "links", g2uFilter, &LinkList{}) @@ -579,7 +584,7 @@ func GetRemoteGroups(cfg *ConfigParams, allUsers map[string]arvados.User) (remot // RemoveMemberFromGroup remove all links related to the membership func RemoveMemberFromGroup(cfg *ConfigParams, user arvados.User, group arvados.Group) error { if cfg.Verbose { - log.Printf("Getting group membership links for user %q (%s) on group %q (%s)", user.Email, user.UUID, group.Name, group.UUID) + log.Printf("Getting group membership links for user %q (%s) on group %q (%s)", user.Username, user.UUID, group.Name, group.UUID) } var links []interface{} // Search for all group<->user links (both ways) diff --git a/tools/sync-groups/sync-groups_test.go b/tools/sync-groups/sync-groups_test.go index e776648a80..4a3e470c42 100644 --- a/tools/sync-groups/sync-groups_test.go +++ b/tools/sync-groups/sync-groups_test.go @@ -83,7 +83,6 @@ func (s *TestSuite) SetUpTest(c *C) { c.Assert(len(s.users), Not(Equals), 0) } -// Clean any membership link and remote group created by the test func (s *TestSuite) TearDownTest(c *C) { var dst interface{} // Reset database to fixture state after every test run. @@ -93,7 +92,7 @@ func (s *TestSuite) TearDownTest(c *C) { var _ = Suite(&TestSuite{}) -// MakeTempCVSFile creates a temp file with data as comma separated values +// MakeTempCSVFile creates a temp file with data as comma separated values func MakeTempCSVFile(data [][]string) (f *os.File, err error) { f, err = ioutil.TempFile("", "test_sync_remote_groups") if err != nil { @@ -266,11 +265,15 @@ func (s *TestSuite) TestIgnoreSpaces(c *C) { // The absence of a user membership on the CSV file implies its removal func (s *TestSuite) TestMembershipRemoval(c *C) { - activeUserEmail := s.users[arvadostest.ActiveUserUUID].Email - activeUserUUID := s.users[arvadostest.ActiveUserUUID].UUID + localUserEmail := s.users[arvadostest.ActiveUserUUID].Email + localUserUUID := s.users[arvadostest.ActiveUserUUID].UUID + remoteUserEmail := s.users[arvadostest.FederatedActiveUserUUID].Email + remoteUserUUID := s.users[arvadostest.FederatedActiveUserUUID].UUID data := [][]string{ - {"TestGroup1", activeUserEmail}, - {"TestGroup2", activeUserEmail}, + {"TestGroup1", localUserEmail}, + {"TestGroup1", remoteUserEmail}, + {"TestGroup2", localUserEmail}, + {"TestGroup2", remoteUserEmail}, } tmpfile, err := MakeTempCSVFile(data) c.Assert(err, IsNil) @@ -283,11 +286,13 @@ func (s *TestSuite) TestMembershipRemoval(c *C) { groupUUID, err := RemoteGroupExists(s.cfg, groupName) c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, true) } - // New CSV with one previous membership missing + // New CSV with some previous membership missing data = [][]string{ - {"TestGroup1", activeUserEmail}, + {"TestGroup1", localUserEmail}, + {"TestGroup2", remoteUserEmail}, } tmpfile2, err := MakeTempCSVFile(data) c.Assert(err, IsNil) @@ -295,16 +300,18 @@ func (s *TestSuite) TestMembershipRemoval(c *C) { s.cfg.Path = tmpfile2.Name() err = doMain(s.cfg) c.Assert(err, IsNil) - // Confirm TestGroup1 membership still exist + // Confirm TestGroup1 memberships groupUUID, err := RemoteGroupExists(s.cfg, "TestGroup1") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, true) - // Confirm TestGroup2 membership was removed + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, true) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, false) + // Confirm TestGroup1 memberships groupUUID, err = RemoteGroupExists(s.cfg, "TestGroup2") c.Assert(err, IsNil) c.Assert(groupUUID, Not(Equals), "") - c.Assert(GroupMembershipExists(s.cfg.Client, activeUserUUID, groupUUID), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, localUserUUID, groupUUID), Equals, false) + c.Assert(GroupMembershipExists(s.cfg.Client, remoteUserUUID, groupUUID), Equals, true) } // If a group doesn't exist on the system, create it before adding users -- 2.30.2