From 3c18a9d8e2ebb6483413085ce6e0eb2fa382f06f Mon Sep 17 00:00:00 2001
From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Fri, 21 Jan 2022 17:27:36 -0300
Subject: [PATCH 1/1] 17583: Forwards ApiClientAuthorization list requests to
 LoginCluster.

Also, honor the bypass_federation parameter.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---
 lib/controller/federation/conn.go      |  8 ++++-
 lib/controller/federation/generate.go  |  2 +-
 lib/controller/federation/generated.go | 41 ++++++++++++++++++++++++++
 lib/controller/integration_test.go     |  1 +
 4 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index 298c693b4e..d3819f6262 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -741,6 +741,9 @@ func (conn *Conn) APIClientAuthorizationCreate(ctx context.Context, options arva
 }
 
 func (conn *Conn) APIClientAuthorizationUpdate(ctx context.Context, options arvados.UpdateOptions) (arvados.APIClientAuthorization, error) {
+	if options.BypassFederation {
+		return conn.local.APIClientAuthorizationUpdate(ctx, options)
+	}
 	return conn.chooseBackend(options.UUID).APIClientAuthorizationUpdate(ctx, options)
 }
 
@@ -749,7 +752,10 @@ func (conn *Conn) APIClientAuthorizationDelete(ctx context.Context, options arva
 }
 
 func (conn *Conn) APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
-	return conn.local.APIClientAuthorizationList(ctx, options)
+	if id := conn.cluster.Login.LoginCluster; id != "" && id != conn.cluster.ClusterID && !options.BypassFederation {
+		return conn.chooseBackend(conn.cluster.Login.LoginCluster).APIClientAuthorizationList(ctx, options)
+	}
+	return conn.generated_APIClientAuthorizationList(ctx, options)
 }
 
 func (conn *Conn) APIClientAuthorizationGet(ctx context.Context, options arvados.GetOptions) (arvados.APIClientAuthorization, error) {
diff --git a/lib/controller/federation/generate.go b/lib/controller/federation/generate.go
index b49e138ce1..8af6131564 100644
--- a/lib/controller/federation/generate.go
+++ b/lib/controller/federation/generate.go
@@ -53,7 +53,7 @@ func main() {
 		defer out.Close()
 		out.Write(regexp.MustCompile(`(?ms)^.*package .*?import.*?\n\)\n`).Find(buf))
 		io.WriteString(out, "//\n// -- this file is auto-generated -- do not edit -- edit list.go and run \"go generate\" instead --\n//\n\n")
-		for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link"} {
+		for _, t := range []string{"Container", "ContainerRequest", "Group", "Specimen", "User", "Link", "APIClientAuthorization"} {
 			_, err := out.Write(bytes.ReplaceAll(orig, []byte("Collection"), []byte(t)))
 			if err != nil {
 				panic(err)
diff --git a/lib/controller/federation/generated.go b/lib/controller/federation/generated.go
index e8a5a08ff0..66f36161d5 100755
--- a/lib/controller/federation/generated.go
+++ b/lib/controller/federation/generated.go
@@ -262,3 +262,44 @@ func (conn *Conn) generated_LinkList(ctx context.Context, options arvados.ListOp
 	}
 	return merged, err
 }
+
+func (conn *Conn) generated_APIClientAuthorizationList(ctx context.Context, options arvados.ListOptions) (arvados.APIClientAuthorizationList, error) {
+	var mtx sync.Mutex
+	var merged arvados.APIClientAuthorizationList
+	var needSort atomic.Value
+	needSort.Store(false)
+	err := conn.splitListRequest(ctx, options, func(ctx context.Context, _ string, backend arvados.API, options arvados.ListOptions) ([]string, error) {
+		options.ForwardedFor = conn.cluster.ClusterID + "-" + options.ForwardedFor
+		cl, err := backend.APIClientAuthorizationList(ctx, options)
+		if err != nil {
+			return nil, err
+		}
+		mtx.Lock()
+		defer mtx.Unlock()
+		if len(merged.Items) == 0 {
+			merged = cl
+		} else if len(cl.Items) > 0 {
+			merged.Items = append(merged.Items, cl.Items...)
+			needSort.Store(true)
+		}
+		uuids := make([]string, 0, len(cl.Items))
+		for _, item := range cl.Items {
+			uuids = append(uuids, item.UUID)
+		}
+		return uuids, nil
+	})
+	if needSort.Load().(bool) {
+		// Apply the default/implied order, "modified_at desc"
+		sort.Slice(merged.Items, func(i, j int) bool {
+			mi, mj := merged.Items[i].ModifiedAt, merged.Items[j].ModifiedAt
+			return mj.Before(mi)
+		})
+	}
+	if merged.Items == nil {
+		// Return empty results as [], not null
+		// (https://github.com/golang/go/issues/27589 might be
+		// a better solution in the future)
+		merged.Items = []arvados.APIClientAuthorization{}
+	}
+	return merged, err
+}
diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index ca2a419c76..9f5d12598b 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -690,6 +690,7 @@ func (s *IntegrationSuite) TestFederatedApiClientAuthHandling(c *check.C) {
 		},
 	)
 	c.Assert(err, check.IsNil)
+	c.Assert(resp.APIClientID, check.Not(check.Equals), 0)
 	newTok := resp.TokenV2()
 	c.Assert(newTok, check.Not(check.Equals), "")
 
-- 
2.30.2