Feature #17583
closed
Remote controller forwards trusted client aware calls on a federated scenario
Added by Lucas Di Pentima almost 3 years ago.
Updated about 2 years ago.
Release relationship:
Auto
Description
When a client makes for example a token list request to a remote controller using a federated token, the remote controller responds with a "Forbidden: this API client cannot manipulate other clients' access tokens." error message.
This most probably be due to the fact that federated tokens are cached on the remote controller's database but not linked to a trusted client.
The right solution would probably be to make controller forward those requests to the token issuing cluster so that from the client's perspective the operation is transparent.
- Related to Bug #17785: [controller/api] "Forbidden: this API client cannot manipulate other clients' access tokens." on federated login clusters (2.2.0 regression) added
- Target version changed from To Be Groomed to 2021-07-21 sprint
- Assigned To set to Peter Amstutz
- Target version changed from 2021-07-21 sprint to 2021-08-04 sprint
- Target version changed from 2021-08-04 sprint to 2021-08-18 sprint
- Target version changed from 2021-08-18 sprint to 2021-09-01 sprint
- Target version changed from 2021-09-01 sprint to 2021-09-15 sprint
- Assigned To deleted (
Peter Amstutz)
- Assigned To set to Lucas Di Pentima
- Target version changed from 2021-09-15 sprint to 2021-09-29 sprint
- Target version changed from 2021-09-29 sprint to 2021-10-13 sprint
- Target version changed from 2021-10-13 sprint to 2021-10-27 sprint
- Target version changed from 2021-10-27 sprint to 2021-11-10 sprint
- Target version changed from 2021-11-10 sprint to 2021-11-24 sprint
- Target version changed from 2021-11-24 sprint to 2021-12-08 sprint
- Target version changed from 2021-12-08 sprint to 2022-01-05 sprint
- Target version changed from 2022-01-05 sprint to 2022-01-19 sprint
- Target version changed from 2022-01-19 sprint to 2022-02-02 sprint
- Status changed from New to In Progress
Updates at 3c18a9d - branch 17583-federated-token-reqs
Test run: developer-run-tests: #2887 
- Expands test to expose a pending bug.
- Forwards list requests.
- Adds code to honor the
bypass_federation as done with the users.
Lucas Di Pentima wrote:
Updates at 3c18a9d - branch 17583-federated-token-reqs
Test run: developer-run-tests: #2887
- Expands test to expose a pending bug.
- Forwards list requests.
- Adds code to honor the
bypass_federation as done with the users.
Excellent! LGTM, thank you.
- % Done changed from 50 to 100
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|9d095072a57089b4858b632199f3b57871458dee.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by