Bug #3206

[Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client

Added by Tom Clegg about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Story points:
1.0

Description

PUT "foo" at the same time (~1s) yields:

acbd18db4cc2f85cedef654fccc4a4d8+3+A4c4f3a5266482fc749c72d2265c533990ebe2aae@53cde0cf ← keepserver
acbd18db4cc2f85cedef654fccc4a4d8+3+A9abcab7c98791fbf0c78ee385a8f3b0c2ec5975a@53cde0cf ← keepproxy

Quick scan of source code suggests PUT requests are done with the keep proxy's ARVADOS_API_TOKEN env var.

With my own token, arv-put fails:

arv-put foo.txt
0M / 0M 100.0% 
Traceback (most recent call last):
  File "/usr/local/bin/arv-put", line 4, in <module>
    main()
  File "/usr/local/lib/python2.7/dist-packages/arvados/commands/put.py", line 394, in main
    'manifest_text': writer.manifest_text(),
  File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute
    raise HttpError(resp, content, uri=self.uri)
apiclient.errors.HttpError: <HttpError 403 when requesting https://qr1hi.arvadosapi.com/arvados/v1/collections?alt=json returned "Forbidden">

If I copy ARVADOS_API_TOKEN from keepproxy's environment into my own environment, arv-put succeeds:

$ arv-put foo.txt
0M / 0M 100.0%
83367e8913dcec0bf3fc25ed5a27eacb+49

...which seems to support this theory.

Associated revisions

Revision 67df686d
Added by Peter Amstutz about 5 years ago

Merge branch '3206-keepproxy-use-client-token' closes #3206

History

#1 Updated by Tom Clegg about 5 years ago

  • Subject changed from Keep proxy uses API token from its env var for PUT requests, instead of token provided by client to [Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client
  • Description updated (diff)
  • Category set to Keep

#2 Updated by Peter Amstutz about 5 years ago

  • Assigned To set to Peter Amstutz

#3 Updated by Anonymous about 5 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Applied in changeset arvados|commit:67df686d24831e23283923e383838c1ab5c0db67.

Also available in: Atom PDF