ood_core 0.28.0 → 0.30.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc94feaae3ffa1016b59b053179a18322a7e9c4ad1f937776864a2c2b19fc0a1
-  data.tar.gz: e41085ddcbbfff4a36723da314f41f1010e4db2fb28209ad781d5c2a6516cd46
+  metadata.gz: 14dedae6a9b9508f87bb9b950520fb4614f345a90d8841c23836c2650a5b5d2f
+  data.tar.gz: 357f6a0eec8b1029f6ad1d32983a55e071b6fda90b453953a8400c5e7f442c68
 SHA512:
-  metadata.gz: 85daa1b26fe2b973ecdbb3b9d2f72b37b142795f637d2db0a73611de0b4081c052b732c56e71ea7d37830bcf3211edc6c01109a2d2514b1a2500b38ac9ac6b98
-  data.tar.gz: 3a2f47afde0ac909f4d3ea6a7ccf2fcf48b8e13de94ad4e550ee1b2492cf28c7dcc72df179755b332b358f49accb72e8c229a1b506de6614148db14233e6c902
+  metadata.gz: 0c7782f857836971b0f26207669c9ef21746b0490755a0e86ba0eea6d4b75069c61e7a5c349aea813b4c38f812e099725d97ba0b7d8e916a3cd00e859e12e4eb
+  data.tar.gz: 798c9a6709dbba8d704e51942e9677ca632df7c773689dafeaebbe2212f560c2a18643f15dfa8550bdc1bff810eda34b929ce9fd4d84fef10001a68d63533056

data/lib/ood_core/cluster.rb

@@ -77,6 +77,16 @@ module OodCore
       end
     end
 
+    def title
+      if !metadata.title.nil?
+        metadata.title
+      elsif id.to_s.respond_to?(:titleize)
+        id.to_s.titleize
+      else
+        id.to_s
+      end
+    end
+
     # Metadata that provides extra information about this cluster
     # @return [OpenStruct] the metadata
     def metadata
@@ -100,7 +110,7 @@ module OodCore
     # Build a job adapter from the job configuration
     # @return [Job::Adapter] the job adapter
     def job_adapter
-      Job::Factory.build(job_config)
+      Job::Factory.build(job_config.merge({ id: id }))
     end
 
     # Whether the job feature is allowed based on the ACLs

data/lib/ood_core/job/account_info.rb

@@ -12,19 +12,10 @@ module OodCore
       # The QoS values this account can use.
       attr_reader :qos
 
-      # The cluster this account is associated with.
-      attr_reader :cluster
-
-      # The queue this account can use. nil means there is no queue info
-      # for this account.
-      attr_reader :queue
-
       def initialize(**opts)
         orig_name = opts.fetch(:name, 'unknown')
         @name = upcase_accounts? ? orig_name.upcase : orig_name
         @qos = opts.fetch(:qos, [])
-        @cluster = opts.fetch(:cluster, nil)
-        @queue = opts.fetch(:queue, nil)
       end
 
       def to_h

data/lib/ood_core/job/adapter.rb

@@ -210,7 +210,8 @@ module OodCore
         ENV["OOD_JOB_NAME_ILLEGAL_CHARS"].to_s
       end
 
-      # Retrieve the accounts available to use  for the current user.
+      # Retrieve the accounts available to use for the current user.
+      # The same account might appear muiltiple times if it has access to multiple clusters.
       #
       # Subclasses that do not implement this will return empty arrays.
       # @return [Array<AccountInfo>] the accounts available to the user.

data/lib/ood_core/job/adapters/coder/batch.rb

@@ -1,26 +1,25 @@
 require "ood_core/refinements/hash_extensions"
 require "json"
+  
 
 # Utility class for the Coder adapter to interact with the Coders API.
 class OodCore::Job::Adapters::Coder::Batch
   require_relative "coder_job_info"
   class Error < StandardError; end
-  def initialize(config)
+  def initialize(config, credentials)
     @host = config[:host]
     @token = config[:token]
+    @service_user = config[:service_user]
+    @credential_deletion_max_attempts = config[:credential_deletion_max_attempts] || 5
+    @credential_deletion_timeout_interval = config[:credential_deletion_timeout_interval] || 10
+    @credentials = credentials 
   end
 
-  def get_os_app_credentials(username, project_id)
-    credentials_file = File.read("/home/#{username}/application_credentials.json")
-    credentials = JSON.parse(credentials_file)
-    credentials.find { |cred| cred["project_id"] == project_id }
-  end
-
-  def get_rich_parameters(coder_parameters, project_id, os_app_credentials)
+  def get_rich_parameters(coder_parameters, project_id, app_credentials)
     rich_parameter_values = [
-      { name: "application_credential_name", value: os_app_credentials["name"] },
-      { name: "application_credential_id", value: os_app_credentials["id"] },
-      { name: "application_credential_secret", value: os_app_credentials["secret"] },
+      { name: "application_credential_name", value: app_credentials[:name] },
+      { name: "application_credential_id", value: app_credentials[:id] },
+      { name: "application_credential_secret", value: app_credentials[:secret] },
       {name: "project_id", value: project_id }
     ]
     if coder_parameters
@@ -43,34 +42,59 @@ class OodCore::Job::Adapters::Coder::Batch
     org_id = script.native[:org_id]
     project_id = script.native[:project_id]
     coder_parameters = script.native[:coder_parameters]
-    endpoint = "https://#{@host}/api/v2/organizations/#{org_id}/members/#{username}/workspaces"
-    os_app_credentials = get_os_app_credentials(username, project_id)
+    endpoint = "#{@host}/api/v2/organizations/#{org_id}/members/#{@service_user}/workspaces"
+    app_credentials = @credentials.generate_credentials(project_id, username)
     headers = get_headers(@token)
+    workspace_name = "#{username}-#{script.native[:workspace_name]}-#{rand(2_821_109_907_456).to_s(36)}"
     body = {
-      template_id: script.native[:template_id],
-      template_version_name: script.native[:template_version_name],
-      name: "#{username}-#{script.native[:workspace_name]}-#{rand(2_821_109_907_456).to_s(36)}",
-      rich_parameter_values: get_rich_parameters(coder_parameters, project_id, os_app_credentials),
+      template_version_id: script.native[:template_version_id],
+      name: workspace_name,
+      rich_parameter_values: get_rich_parameters(coder_parameters, project_id, app_credentials),
     }
 
     resp = api_call('post', endpoint, headers, body)
+    @credentials.save_credentials(resp["id"], username, app_credentials)
     resp["id"]
+
   end
 
   def delete(id)
-    endpoint = "https://#{@host}/api/v2/workspaces/#{id}/builds"
+    endpoint = "#{@host}/api/v2/workspaces/#{id}/builds"
     headers = get_headers(@token)
     body = {
       'orphan' => false,
       'transition' => 'delete'
     }
-    res = api_call('post', endpoint, headers, body)
+    api_call('post', endpoint, headers, body)
+  
+    credentials = @credentials.load_credentials(id, username)
+  
+    wait_for_workspace_deletion(id) do |attempt|
+      puts "#{Time.now.inspect} Deleting workspace (attempt #{attempt + 1}/#{5})"
+    end
+  
+    @credentials.destroy_credentials(credentials, workspace_json(id).dig("latest_build", "status"), id, username)
+  end
+  
+  def wait_for_workspace_deletion(id)
+    max_attempts = @credential_deletion_max_attempts
+    timeout_interval = @credential_deletion_timeout_interval
+  
+    max_attempts.times do |attempt|
+      break unless workspace_json(id) && workspace_json(id).dig("latest_build", "status") == "deleting"
+      yield(attempt + 1)
+      sleep(timeout_interval)
+    end
   end
 
-  def info(id)
-    endpoint = "https://#{@host}/api/v2/workspaces/#{id}?include_deleted=true"
+  def workspace_json(id)
+    endpoint = "#{@host}/api/v2/workspaces/#{id}?include_deleted=true"
     headers = get_headers(@token)
-    workspace_info_from_json(api_call('get', endpoint, headers))
+    api_call('get', endpoint, headers)
+  end
+
+  def info(id)
+    workspace_info_from_json(workspace_json(id))
   end
 
   def coder_state_to_ood_status(coder_state)
@@ -137,7 +161,6 @@ class OodCore::Job::Adapters::Coder::Batch
 
   def api_call(method, endpoint, headers, body = nil)
     uri = URI(endpoint)
-
     case method.downcase
     when 'get'
       request = Net::HTTP::Get.new(uri, headers)
@@ -150,11 +173,9 @@ class OodCore::Job::Adapters::Coder::Batch
     end
 
     request.body = body.to_json if body
-
     response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') do |http|
       http.request(request)
     end
-
     case response
     when Net::HTTPSuccess
       JSON.parse(response.body)

data/lib/ood_core/job/adapters/coder/credentials.rb

@@ -0,0 +1,16 @@
+class CredentialsInterface
+  def load_credentials
+    raise NotImplementedError, "#{self.class} must implement #{__method__}"
+  end
+
+  def generate_credentials
+    raise NotImplementedError, "#{self.class} must implement #{__method__}"
+  end
+
+  def destroy_credentials
+    raise NotImplementedError, "#{self.class} must implement #{__method__}"
+  end
+  def save_credentials
+    raise NotImplementedError, "#{self.class} must implement #{__method__}"
+  end
+end

data/lib/ood_core/job/adapters/coder/openstack_credentials.rb

@@ -0,0 +1,118 @@
+require "fog/openstack"
+require "json"
+require "ood_core/job/adapters/coder/credentials"
+
+class OpenStackCredentials < CredentialsInterface
+  def initialize(auth_url)
+    @auth_url = auth_url
+  end
+
+  def load_credentials(id, username)
+    file_path = "/home/#{username}/#{id}_credentials.json"
+    JSON.parse(File.read(file_path))
+  rescue Errno::ENOENT => e
+    puts "Error loading credentials: #{e}"
+    nil
+  end
+
+  def generate_credentials(project_id, username)
+    token_json = JSON.parse(File.read("/home/#{username}/token.json"))
+    access_token = token_json["id"]
+    user_id = token_json["user_id"]
+    connection = Fog::OpenStack::Identity.new({
+      openstack_auth_url: @auth_url,
+      openstack_management_url: @auth_url,
+      openstack_auth_token: access_token,
+    })
+
+    auth = {
+      "auth": {
+          "identity": {
+              "methods": [
+                  "token"
+              ],
+              "token": {
+                  "id": access_token
+              }
+          },
+          "scope": {
+              "project": {
+                  "id": project_id
+              }
+          }
+      }
+    }
+
+    scoped_token = connection.tokens.authenticate(auth)
+
+
+    connection = Fog::OpenStack::Identity.new({
+      openstack_auth_url: @auth_url,
+      openstack_management_url: @auth_url,
+      openstack_auth_token: scoped_token,
+    })
+
+
+    app_credentials = {
+        "name": "OOD_generated_#{rand(16**8).to_s(16)}" ,
+        "description": "Application credential generated via OOD for Coder.",
+        "roles": [
+        ],
+        "unrestricted": true,
+        "user_id": user_id
+    }
+    res = connection.application_credentials.create app_credentials
+
+    credential_data = {
+      id: res.id,
+      name: res.name,
+      user_id: user_id,
+      secret: res.secret
+    }
+
+    credential_data
+
+  end
+
+  def save_credentials(id, username, app_credentials)
+    file_path = "/home/#{username}/#{id}_credentials.json"
+    File.write(file_path, JSON.generate(app_credentials))
+  end
+
+
+  def destroy_credentials(os_app_credentials, deletion_status, id, username)
+    return if os_app_credentials.nil?
+    
+  
+    connection = create_fog_connection(os_app_credentials)
+    credentials_to_destroy = find_os_application_credentials(connection, os_app_credentials)
+  
+    if deletion_status != "deleted"
+      File.delete("/home/#{username}/#{id}_credentials.json")
+      puts "Workspace deletion timed out, credentials with id #{os_app_credentials['id']} of user #{os_app_credentials['user_id']} were not destroyed"
+      return
+    end
+
+    begin
+      credentials_to_destroy.destroy
+    rescue Excon::Error::Forbidden => e
+      puts "Error destroying application credentials with id #{os_app_credentials['id']} #{e}"
+    end
+  end
+
+
+  private
+  def create_fog_connection(os_app_credentials)
+    Fog::OpenStack::Identity.new({
+      openstack_auth_url: @auth_url,
+      openstack_management_url: @auth_url,
+      openstack_application_credential_id: os_app_credentials['id'],
+      openstack_application_credential_secret: os_app_credentials['secret']
+    })
+  end
+
+  private
+  def find_os_application_credentials(connection, os_app_credentials)
+    connection.application_credentials.find_by_id(os_app_credentials['id'], os_app_credentials['user_id'])
+  end
+end

data/lib/ood_core/job/adapters/coder.rb

@@ -9,8 +9,16 @@ module OodCore
     class Factory
       using Refinements::HashExtensions
 
+      require "ood_core/job/adapters/coder/openstack_credentials"
+
       def self.build_coder(config)
-        batch = Adapters::Coder::Batch.new(config.to_h.symbolize_keys)
+        config = config.to_h.symbolize_keys
+        if config[:auth]["cloud"] == "openstack"
+          credentials = OpenStackCredentials.new(config[:auth]["url"]) 
+        else
+          raise ArgumentError, "Unsupported credentials for cloud type: #{config[:auth]['cloud']}"
+        end
+        batch = Adapters::Coder::Batch.new(config.to_h.symbolize_keys, credentials)
         Adapters::Coder.new(batch)
       end
     end
@@ -18,7 +26,7 @@ module OodCore
     module Adapters
       attr_reader :host, :token
 
-      # The adapter class for Kubernetes.
+      # The adapter class for Coder.
       class Coder < Adapter
 
         using Refinements::ArrayExtensions