[Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client
PUT "foo" at the same time (~1s) yields:
acbd18db4cc2f85cedef654fccc4a4d8+3+A4c4f3a5266482fc749c72d2265c533990ebe2aae@53cde0cf ← keepserver
acbd18db4cc2f85cedef654fccc4a4d8+3+A9abcab7c98791fbf0c78ee385a8f3b0c2ec5975a@53cde0cf ← keepproxy
Quick scan of source code suggests PUT requests are done with the keep proxy's
ARVADOS_API_TOKEN env var.
With my own token, arv-put fails:
arv-put foo.txt 0M / 0M 100.0% Traceback (most recent call last): File "/usr/local/bin/arv-put", line 4, in <module> main() File "/usr/local/lib/python2.7/dist-packages/arvados/commands/put.py", line 394, in main 'manifest_text': writer.manifest_text(), File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper return wrapped(*args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute raise HttpError(resp, content, uri=self.uri) apiclient.errors.HttpError: <HttpError 403 when requesting https://qr1hi.arvadosapi.com/arvados/v1/collections?alt=json returned "Forbidden">
If I copy ARVADOS_API_TOKEN from keepproxy's environment into my own environment, arv-put succeeds:
$ arv-put foo.txt 0M / 0M 100.0% 83367e8913dcec0bf3fc25ed5a27eacb+49
...which seems to support this theory.
#1 Updated by Tom Clegg almost 5 years ago
- Subject changed from Keep proxy uses API token from its env var for PUT requests, instead of token provided by client to [Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client
- Description updated (diff)
- Category set to Keep