arvados-login-sync 2.1.0 → 2.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c1a0c7f1fcb3c928fdbb862b70f72687d7c4a0be16d2fab5cdb6654a0b186637
-  data.tar.gz: bb169f64011ed76c08a2fd0f7593fa23f62825faba26ee1bc2a09037f1d8355f
+  metadata.gz: 5de21d43c3661e15027212f918ee6d0155a749e52b024a7006333c7221dfee10
+  data.tar.gz: 7fdc8ad2574bea2232b0d45b362e7529db3dd7572fe641fbb7fda3d7a39f24ea
 SHA512:
-  metadata.gz: f90f358925db86b5a4b7783ec1228bcae0ac8a6220ef7c54f9bdecc8fc08c7c4b134cf0bd288a3fa62bfc063c43433655b4d6f882b1c2e33ab8cafbc211ba4ee
-  data.tar.gz: 144925d7685c565fd224bd0c96cd509c988ef364765cbc556cfdf41f504124e39d07e6434a898e142054ee0ac6993f14ce88604ff0fb09ac7a1091f76d612281
+  metadata.gz: c8bc2b506596c6b525b1c80dc4a8b66f8f93d6ec2c3ccadf6b2af6a2c21e9afedbe3c1ec1daeb624df058400eaf2dda8bfb0407341ea6cacc65807c965c41d50
+  data.tar.gz: aea2f1384aaa89d948be82d7a1017d1c4d97cd18302acbdc1f2cd781170454c8b8285e6ae08b4bbc8397c18000526458afda4b117cdd9c0e7849b07737d6ee59

data/bin/arvados-login-sync

@@ -9,6 +9,7 @@ require 'arvados'
 require 'etc'
 require 'fileutils'
 require 'yaml'
+require 'optparse'
 
 req_envs = %w(ARVADOS_API_HOST ARVADOS_API_TOKEN ARVADOS_VIRTUAL_MACHINE_UUID)
 req_envs.each do |k|
@@ -17,20 +18,27 @@ req_envs.each do |k|
   end
 end
 
-exclusive_mode = ARGV.index("--exclusive")
+options = {}
+OptionParser.new do |parser|
+  parser.on('--exclusive', 'Manage SSH keys file exclusively.')
+  parser.on('--rotate-tokens', 'Always create new user tokens. Usually needed with --token-lifetime.')
+  parser.on('--skip-missing-users', "Don't try to create any local accounts.")
+  parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
+end.parse!(into: options)
+
 exclusive_banner = "#######################################################################################
 #  THIS FILE IS MANAGED BY #{$0} -- CHANGES WILL BE OVERWRITTEN  #
 #######################################################################################\n\n"
 start_banner = "### BEGIN Arvados-managed keys -- changes between markers will be overwritten\n"
 end_banner = "### END Arvados-managed keys -- changes between markers will be overwritten\n"
 
-# Don't try to create any local accounts
-skip_missing_users = ARGV.index("--skip-missing-users")
-
 keys = ''
 
 begin
   arv = Arvados.new({ :suppress_ssl_warnings => false })
+  logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
+                                   :api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
+                      :suppress_ssl_warnings => false })
 
   vm_uuid = ENV['ARVADOS_VIRTUAL_MACHINE_UUID']
 
@@ -61,7 +69,7 @@ begin
       begin
         pwnam[l[:username]] = Etc.getpwnam(l[:username])
       rescue
-        if skip_missing_users
+        if options[:"skip-missing-users"]
           STDERR.puts "Account #{l[:username]} not found. Skipping"
           true
         end
@@ -162,7 +170,7 @@ begin
       oldkeys = ""
     end
 
-    if exclusive_mode
+    if options[:exclusive]
       newkeys = exclusive_banner + newkeys
     elsif oldkeys.start_with?(exclusive_banner)
       newkeys = start_banner + newkeys + end_banner
@@ -189,8 +197,12 @@ begin
     tokenfile = File.join(configarvados, "settings.conf")
 
     begin
-      if !File.exist?(tokenfile)
-        user_token = arv.api_client_authorization.create(api_client_authorization: {owner_uuid: l[:user_uuid], api_client_id: 0})
+      if !File.exist?(tokenfile) || options[:"rotate-tokens"]
+        aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
+        if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
+          aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
+        end
+        user_token = logincluster_arv.api_client_authorization.create(api_client_authorization: aca_params)
         f = File.new(tokenfile, 'w')
         f.write("ARVADOS_API_HOST=#{ENV['ARVADOS_API_HOST']}\n")
         f.write("ARVADOS_API_TOKEN=v2/#{user_token[:uuid]}/#{user_token[:api_token]}\n")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arvados-login-sync
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.5
 platform: ruby
 authors:
 - Arvados Authors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-04 00:00:00.000000000 Z
+date: 2021-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: arvados
@@ -16,20 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.3.3.20190320201707
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.3.3.20190320201707
 - !ruby/object:Gem::Dependency
   name: launchy
   requirement: !ruby/object:Gem::Requirement
@@ -73,8 +67,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.12'
 description: Creates and updates local login accounts for Arvados users. Built from
-  git commit 1771152da97200b038378666457d18679f4c8cd7
-email: gem-dev@curoverse.com
+  git commit 24b0875964b3eff98c12d1c135d8797efcfabfb2
+email: packaging@arvados.org
 executables:
 - arvados-login-sync
 extensions: []