Project

General

Profile

Actions

Feature #16888

open

Federate container token should be able to access resources on other clusters

Added by Peter Amstutz about 4 years ago. Updated 19 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Crunch
Target version:
Story points:
-

Description

https://workbench.tordo.arvadosapi.com/container_requests/tordo-xvhdp-ios1sk1hbcj8knc

This fails, despite the fact that when accessing the collection by other means (both "arv collection get" and arv-mount) the user is able to go through tordo and fetch the collection from ce8i5 (i.e. federation works as intended).

I think what is happening here is that the container gets issued a new temporary token, that token belongs to the federate cluster not the LoginCluster, and so it can only be used to access resources on the federate but not other clusters in the federation.

So that's a bug / missing feature that in this situation.

When the user's token belongs to a LoginCluster, controller needs to request a new token from the LoginCluster instead creating a local one. This should be set as the "runtime token" on the container request, along with a new(?) flag to indicate if the runtime token should be expired when the container request is finished.


Subtasks 2 (2 open0 closed)

Task #19121: ReviewNewPeter AmstutzActions
Task #19242: Engineering discussion about desired solutionNewActions

Related issues 1 (1 open0 closed)

Related to Arvados - Idea #18973: Test combinations of federation scenariosNewActions
Actions #1

Updated by Peter Amstutz about 4 years ago

  • Description updated (diff)
Actions #2

Updated by Peter Amstutz about 4 years ago

  • Subject changed from Container token cannot access resources on other clusters to Federate container token cannot access resources on other clusters
Actions #3

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2020-10-21 Sprint to 2020-11-04 Sprint
Actions #4

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2020-11-04 Sprint to 2020-11-18
Actions #5

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2020-11-18 to 2020-12-02 Sprint
Actions #6

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2020-12-02 Sprint to 2020-12-16 Sprint
Actions #7

Updated by Peter Amstutz about 4 years ago

  • Description updated (diff)
Actions #8

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2020-12-16 Sprint to 2021-01-06 Sprint
Actions #9

Updated by Peter Amstutz about 4 years ago

  • Target version changed from 2021-01-06 Sprint to 2021-01-20 Sprint
Actions #10

Updated by Peter Amstutz almost 4 years ago

  • Target version changed from 2021-01-20 Sprint to 2021-02-03 Sprint
Actions #11

Updated by Peter Amstutz almost 4 years ago

  • Target version deleted (2021-02-03 Sprint)
Actions #14

Updated by Peter Amstutz over 2 years ago

  • Target version set to 2022-04-27 Sprint
Actions #15

Updated by Peter Amstutz over 2 years ago

  • Related to Idea #18973: Test combinations of federation scenarios added
Actions #16

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-04-27 Sprint to 2022-05-25 sprint
Actions #17

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Actions #18

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #19

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-22 Sprint to 2022-06-08 sprint
Actions #20

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-05-25 sprint
Actions #21

Updated by Tom Clegg over 2 years ago

  • Assigned To set to Tom Clegg
Actions #22

Updated by Tom Clegg over 2 years ago

  • Status changed from New to In Progress

Based on an unmerged branch from #15370, adding a test case that reproduces this failure, but passes/skips if the arv-mount log shows the expected token error:

16888-ctr-fed-token @ 18c115a8e88bc3786c84835d00cf10d1de160a59 -- developer-run-tests: #3138

16888-ctr-fed-token @ 18c115a8e88bc3786c84835d00cf10d1de160a59 -- developer-run-tests: #3144

Actions #23

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Actions #24

Updated by Tom Clegg over 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #25

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-22 Sprint to 2022-07-06
Actions #27

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-06 to 2022-07-20
Actions #28

Updated by Tom Clegg over 2 years ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions #29

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-08-03 Sprint to 2022-08-17 sprint
Actions #30

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-08-17 sprint to 2022-08-31 sprint
Actions #31

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-08-31 sprint to 2022-09-14 sprint
Actions #32

Updated by Tom Clegg over 2 years ago

  • Target version changed from 2022-09-14 sprint to 2022-09-28 sprint
Actions #33

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Actions #34

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-10-12 sprint to 2022-10-26 sprint
Actions #35

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-10-26 sprint to 2022-11-09 sprint
Actions #36

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-11-09 sprint to 2022-11-23 sprint
Actions #37

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-11-23 sprint to 2022-12-07 Sprint
Actions #38

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-12-07 Sprint to 2022-12-21 Sprint
Actions #39

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-12-21 Sprint to 2023-01-18 sprint
Actions #40

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2023-01-18 sprint to 2023-02-01 sprint
Actions #41

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2023-02-01 sprint to 2023-02-15 sprint
Actions #42

Updated by Peter Amstutz about 2 years ago

  • Release set to 47
Actions #43

Updated by Peter Amstutz about 2 years ago

  • Release deleted (47)
Actions #44

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2023-02-15 sprint to 2023-02-01 sprint
Actions #45

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2023-02-01 sprint to Future
Actions #46

Updated by Peter Amstutz about 2 months ago

  • Target version changed from Future to Development 2024-12-04
Actions #47

Updated by Peter Amstutz about 2 months ago

  • Assigned To deleted (Tom Clegg)
  • Subject changed from Federate container token cannot access resources on other clusters to Federate container token should be able to access resources on other clusters
  • Tracker changed from Bug to Feature
Actions #48

Updated by Peter Amstutz about 2 months ago

  • Target version changed from Development 2024-12-04 to Development 2024-11-20
Actions #49

Updated by Peter Amstutz about 2 months ago

  • Status changed from In Progress to New
Actions #50

Updated by Peter Amstutz about 2 months ago

  • Target version changed from Development 2024-11-20 to Development 2024-12-04
Actions #51

Updated by Peter Amstutz about 1 month ago

  • Target version changed from Development 2024-12-04 to Development 2025-01-08
Actions #52

Updated by Peter Amstutz 19 days ago

  • Target version changed from Development 2025-01-08 to Future
Actions

Also available in: Atom PDF