Arvados

Problem: A user using the Java SDK reports that when they try to download files from a large collection via keep-web, theyoccasionally get this error:

sync failed: update zzzzz-4zz18-aaaaaaaaaaaaaaa: request failed: https://api.example.com/arvados/v1/collections/zzzzz-4zz18-aaaaaaaaaaaaaaa: 403 Forbidden: //railsapi.internal/arvados/v1/collections/zzzzz-4zz18-aaaaaaaaaaaaaaa: 403 Forbidden: Uuid  zzzzz-4zz18-aaaaaaaaaaaaaaa is not writable by zzzzz-tpzed-bbbbbbbbbbbbbbb (req-3613d933bafr1itnlnpf)

We have not 100% tracked this down, but handler.ServeHTTP has this code:

    forceReload := false
    if cc := r.Header.Get("Cache-Control"); strings.Contains(cc, "no-cache") || strings.Contains(cc, "must-revalidate") {
        forceReload = true
    }
    …
    if forceReload {
        err := collectionDir.Sync()
        …

The Java SDK sends Cache-Control: no-cache with all requests, so it can go down this path. fsCollection.Sync can sometimes issue an update request for the underlying collection, and returns an error message in the format above when that fails, which it would if the user didn't have permission to write the collection.

One way or another, keep-web should successfully serve the request if the user has permission to read but not write it.