Project

General

Profile

Actions

Feature #17583

closed

Remote controller forwards trusted client aware calls on a federated scenario

Added by Lucas Di Pentima over 1 year ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
API
Target version:
Start date:
01/21/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

When a client makes for example a token list request to a remote controller using a federated token, the remote controller responds with a "Forbidden: this API client cannot manipulate other clients' access tokens." error message.

This most probably be due to the fact that federated tokens are cached on the remote controller's database but not linked to a trusted client.

The right solution would probably be to make controller forward those requests to the token issuing cluster so that from the client's perspective the operation is transparent.


Subtasks 2 (1 open1 closed)

Task #17872: Review 17583-federated-token-reqsResolvedLucas Di Pentima01/21/2022

Actions
Task #17910: investigateNewPeter Amstutz

Actions

Related issues

Related to Arvados - Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression)ResolvedLucas Di Pentima11/23/2021

Actions
Actions #1

Updated by Ward Vandewege over 1 year ago

  • Related to Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
Actions #2

Updated by Peter Amstutz over 1 year ago

  • Target version changed from To Be Groomed to 2021-07-21 sprint
Actions #3

Updated by Peter Amstutz over 1 year ago

  • Assigned To set to Peter Amstutz
Actions #4

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2021-07-21 sprint to 2021-08-04 sprint
Actions #5

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2021-08-04 sprint to 2021-08-18 sprint
Actions #6

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2021-08-18 sprint to 2021-09-01 sprint
Actions #7

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2021-09-01 sprint to 2021-09-15 sprint
Actions #8

Updated by Peter Amstutz over 1 year ago

  • Assigned To deleted (Peter Amstutz)
Actions #9

Updated by Peter Amstutz over 1 year ago

  • Assigned To set to Lucas Di Pentima
Actions #10

Updated by Lucas Di Pentima about 1 year ago

  • Target version changed from 2021-09-15 sprint to 2021-09-29 sprint
Actions #11

Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2021-09-29 sprint to 2021-10-13 sprint
Actions #12

Updated by Lucas Di Pentima about 1 year ago

  • Target version changed from 2021-10-13 sprint to 2021-10-27 sprint
Actions #13

Updated by Lucas Di Pentima about 1 year ago

  • Target version changed from 2021-10-27 sprint to 2021-11-10 sprint
Actions #14

Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2021-11-10 sprint to 2021-11-24 sprint
Actions #15

Updated by Lucas Di Pentima about 1 year ago

  • Target version changed from 2021-11-24 sprint to 2021-12-08 sprint
Actions #16

Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2021-12-08 sprint to 2022-01-05 sprint
Actions #17

Updated by Peter Amstutz about 1 year ago

  • Target version changed from 2022-01-05 sprint to 2022-01-19 sprint
Actions #18

Updated by Lucas Di Pentima 11 months ago

  • Target version changed from 2022-01-19 sprint to 2022-02-02 sprint
Actions #19

Updated by Lucas Di Pentima 11 months ago

  • Status changed from New to In Progress
Actions #20

Updated by Lucas Di Pentima 11 months ago

Updates at 3c18a9d - branch 17583-federated-token-reqs
Test run: developer-run-tests: #2887

  • Expands test to expose a pending bug.
  • Forwards list requests.
  • Adds code to honor the bypass_federation as done with the users.
Actions #21

Updated by Ward Vandewege 10 months ago

Lucas Di Pentima wrote:

Updates at 3c18a9d - branch 17583-federated-token-reqs
Test run: developer-run-tests: #2887

  • Expands test to expose a pending bug.
  • Forwards list requests.
  • Adds code to honor the bypass_federation as done with the users.

Excellent! LGTM, thank you.

Actions #22

Updated by Lucas Di Pentima 10 months ago

  • % Done changed from 50 to 100
  • Status changed from In Progress to Resolved

Applied in changeset arvados-private:commit:arvados|9d095072a57089b4858b632199f3b57871458dee.

Actions #23

Updated by Peter Amstutz 9 months ago

  • Release set to 46
Actions

Also available in: Atom PDF