Bug #16888

Federate container token cannot access resources on other clusters

Added by Peter Amstutz 27 days ago. Updated 2 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Crunch
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

https://workbench.tordo.arvadosapi.com/container_requests/tordo-xvhdp-ios1sk1hbcj8knc

This fails, despite the fact that when accessing the collection by other means (both "arv collection get" and arv-mount) the user is able to go through tordo and fetch the collection from ce8i5 (i.e. federation works as intended).

I think what is happening here is that the container gets issued a new temporary token, that token belongs to the federate cluster not the LoginCluster, and so it can only be used to access resources on the federate but not other clusters in the federation.

So that's a bug / missing feature that in this situation, it probably needs to request a token from the LoginCluster instead creating a local one.

History

#1 Updated by Peter Amstutz 27 days ago

  • Description updated (diff)

#2 Updated by Peter Amstutz 27 days ago

  • Subject changed from Container token cannot access resources on other clusters to Federate container token cannot access resources on other clusters

#3 Updated by Peter Amstutz 15 days ago

  • Target version changed from 2020-10-21 Sprint to 2020-11-04 Sprint

#4 Updated by Peter Amstutz 2 days ago

  • Target version changed from 2020-11-04 Sprint to 2020-11-18

Also available in: Atom PDF