Actions
Bug #21907
openUncached permission lookup in keep-web when handling s3 request
Status:
New
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Story points:
-
Release:
Release relationship:
Auto
Description
In arvados:source:services/keep-web/s3.go
if len(key) == 27 && key[5:12] == "-gj3su-" {
// Access key is the UUID of an Arvados token, secret
// key is the secret part.
ctx := arvados.ContextWithAuthorization(r.Context(), "Bearer "+h.Cluster.SystemRootToken)
err = client.RequestAndDecodeContext(ctx, &aca, "GET", "arvados/v1/api_client_authorizations/"+key, nil, nil)
secret = aca.APIToken
} else {
// Access key and secret key are both an entire
// Arvados token or OIDC access token.
ctx := arvados.ContextWithAuthorization(r.Context(), "Bearer "+unescapeKey(key))
err = client.RequestAndDecodeContext(ctx, &aca, "GET", "arvados/v1/api_client_authorizations/current", nil, nil)
secret = key
}
Related issues
Updated by Tom Clegg 15 days ago
- Related to Bug #21748: awscli downloads from keep-web slowly? added
Updated by Peter Amstutz 14 days ago
- Target version set to Development 2024-07-03 sprint
Actions