Bug #16981
closed"sync-groups" tool doesn't find groups when running on a LoginCluster federation
Description
When using arvados-sync-groups
on a federated cluster with Login.LoginCluster
pointing to other cluster, the tool assumes that the needed groups should be owned by the LoginCluster's system user instead of the local system user.
This affects external groups that were synchronized before setting up the federation, because it will try to create a group named "Externally synchronized groups" and it will collide with the preexisting one.
Updated by Lucas Di Pentima over 4 years ago
Fix at ab9833a2d - branch 16981-logincluster-sync-groups-fix
Test run: developer-run-tests: #2134
- Fixed the problem by retrieving the local cluster ID from the exported config instead of assuming it from the user's uuid.
Updated by Lucas Di Pentima over 4 years ago
Manual testing was done by setting up a LoginCluster federation with a couple of arvbox instances A (main cluster) and B (satellite cluster)
Previous to setting up the federation, created some users and ran the tool with some groups on the B instance.
Then, set up the federation and ran the migrate users script to migrate B users to A.
As a last step into confirming the bug, ran again the arvados-sync-groups
tool with the A's admin user credentials from cluster B. Got the following error:
(venv-arvados) lucas@buster:~/arvados/tools/sync-groups$ ./sync-groups -user-id=username ../../test-groups.csv 2020/10/08 15:11:14 error creating system user owned group named "Externally synchronized groups": request failed: https://172.17.0.3:8000//arvados/v1/groups: 422 Unprocessable Entity: #<ActiveRecord::RecordNotUnique: PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "index_groups_on_owner_uuid_and_name" DETAIL: Key (owner_uuid, name)=(x1ejm-tpzed-000000000000000, Externally synchronized groups) already exists. : INSERT INTO "groups" ("uuid", "owner_uuid", "created_at", "modified_by_user_uuid", "modified_at", "name", "updated_at", "group_class") VALUES ($1, $2, $3, $4, $5, $6, $7, $8) RETURNING "id"> (req-28280i3qiygt1p4asl8e)
After the fix, the tool started to work again. Did some changes on the CSV files and re-applied; the changes were done correctly.
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2020-10-21 Sprint to 2020-11-04 Sprint
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2020-11-04 Sprint to 2020-11-18
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2020-11-18 to 2020-12-02 Sprint
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2020-12-02 Sprint to 2020-12-16 Sprint
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2020-12-16 Sprint to 2021-01-06 Sprint
Updated by Lucas Di Pentima about 4 years ago
- Target version changed from 2021-01-06 Sprint to 2021-01-20 Sprint
Updated by Lucas Di Pentima about 4 years ago
Updates at 59e8b47be - branch 16981-logincluster-sync-groups-tests
Test run: developer-run-tests: #2254
- Extracts
arvados-boot
based helper functions fromlib/controller/integration_test.go
into thearvadostest
package. - Adds federation test on
arvados-sync-groups
that confirms the tool works on a federated cluster with admin credentials from the LoginCluster.
Updated by Lucas Di Pentima about 4 years ago
Updates at c271137b5
Test run: developer-run-tests: #2255
API Test re-run: developer-run-tests-services-api: #2362
Fixes go import cycle problems.
Updated by Lucas Di Pentima almost 4 years ago
- Status changed from In Progress to Resolved