arvados-login-sync 2.2.2 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +34 -3
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8d4d5cb0dc3dee04326d48be68713f48ad78b04017bde44dd40ca0860612d7e4
|
|
4
|
+
data.tar.gz: b8f1e93b27f5382578eee8d83eaaa6b5a72f10dc8c462373d0f9de7c0e71382e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 36b28aa854725eadf7a329ee374892a06661c2560e10d1fe25e2119432cd9f811166587338c9f4cf394e2f610bb20f6e94506fd60fd54e6c47220b4a81a20072
|
|
7
|
+
data.tar.gz: 281dc0df4857fe705b43d280b79c36a99231f8c357881a83e917ecd853d8015874d1415e67614412b721252d54f1300fd2072a42b5e7d2d2c7dbca899ac62566
|
data/bin/arvados-login-sync
CHANGED
|
@@ -21,9 +21,10 @@ end
|
|
|
21
21
|
options = {}
|
|
22
22
|
OptionParser.new do |parser|
|
|
23
23
|
parser.on('--exclusive', 'Manage SSH keys file exclusively.')
|
|
24
|
-
parser.on('--rotate-tokens', '
|
|
24
|
+
parser.on('--rotate-tokens', 'Force a rotation of all user tokens.')
|
|
25
25
|
parser.on('--skip-missing-users', "Don't try to create any local accounts.")
|
|
26
26
|
parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
|
|
27
|
+
parser.on('--debug', 'Enable debug output')
|
|
27
28
|
end.parse!(into: options)
|
|
28
29
|
|
|
29
30
|
exclusive_banner = "#######################################################################################
|
|
@@ -35,6 +36,10 @@ end_banner = "### END Arvados-managed keys -- changes between markers will be ov
|
|
|
35
36
|
keys = ''
|
|
36
37
|
|
|
37
38
|
begin
|
|
39
|
+
debug = false
|
|
40
|
+
if options[:"debug"]
|
|
41
|
+
debug = true
|
|
42
|
+
end
|
|
38
43
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
|
39
44
|
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
40
45
|
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
|
@@ -75,7 +80,7 @@ begin
|
|
|
75
80
|
end
|
|
76
81
|
else
|
|
77
82
|
if pwnam[l[:username]].uid < uid_min
|
|
78
|
-
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping"
|
|
83
|
+
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping" if debug
|
|
79
84
|
true
|
|
80
85
|
end
|
|
81
86
|
end
|
|
@@ -85,6 +90,7 @@ begin
|
|
|
85
90
|
|
|
86
91
|
# Collect all keys
|
|
87
92
|
logins.each do |l|
|
|
93
|
+
STDERR.puts("Considering #{l[:username]} ...") if debug
|
|
88
94
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
|
89
95
|
key = l[:public_key]
|
|
90
96
|
if !key.nil?
|
|
@@ -197,7 +203,32 @@ begin
|
|
|
197
203
|
tokenfile = File.join(configarvados, "settings.conf")
|
|
198
204
|
|
|
199
205
|
begin
|
|
200
|
-
|
|
206
|
+
STDERR.puts "Processing #{tokenfile} ..." if debug
|
|
207
|
+
newToken = false
|
|
208
|
+
if File.exist?(tokenfile)
|
|
209
|
+
# check if the token is still valid
|
|
210
|
+
myToken = ENV["ARVADOS_API_TOKEN"]
|
|
211
|
+
userEnv = IO::read(tokenfile)
|
|
212
|
+
if (m = /^ARVADOS_API_TOKEN=(.*?\n)/m.match(userEnv))
|
|
213
|
+
begin
|
|
214
|
+
tmp_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
215
|
+
:api_token => (m[1]),
|
|
216
|
+
:suppress_ssl_warnings => false })
|
|
217
|
+
tmp_arv.user.current
|
|
218
|
+
rescue Arvados::TransactionFailedError => e
|
|
219
|
+
if e.to_s =~ /401 Unauthorized/
|
|
220
|
+
STDERR.puts "Account #{l[:username]} token not valid, creating new token."
|
|
221
|
+
newToken = true
|
|
222
|
+
else
|
|
223
|
+
raise
|
|
224
|
+
end
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
elsif !File.exist?(tokenfile) || options[:"rotate-tokens"]
|
|
228
|
+
STDERR.puts "Account #{l[:username]} token file not found, creating new token."
|
|
229
|
+
newToken = true
|
|
230
|
+
end
|
|
231
|
+
if newToken
|
|
201
232
|
aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
|
|
202
233
|
if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
|
|
203
234
|
aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: arvados-login-sync
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Arvados Authors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: arvados
|
|
@@ -67,7 +67,7 @@ dependencies:
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0.12'
|
|
69
69
|
description: Creates and updates local login accounts for Arvados users. Built from
|
|
70
|
-
git commit
|
|
70
|
+
git commit 308c90af198f5dd6b25ac284fe24aa8e648bc6d8
|
|
71
71
|
email: packaging@arvados.org
|
|
72
72
|
executables:
|
|
73
73
|
- arvados-login-sync
|