Bug #22212
Updated by Peter Amstutz 6 months ago
<pre>
lucasdipentima2@shell:~$ arv user list -c "none" -f '[["uuid", "in", ["tordo-j7d0g-anonymouspublic"]]]'
Error: request failed: https://jutro.arvadosapi.com/arvados/v1/users?cluster_id=&count=none&filters=%5B%5B%22uuid%22%2C%22in%22%2C%5B%22to
rdo-j7d0g-anonymouspublic%22%5D%5D%5D&limit=100&offset=0: 502 Bad Gateway: request failed: https://tordo.arvadosapi.com/arvados/v1/users?c
luster_id=&count=none&filters=%5B%5B%22uuid%22%2C%22in%22%2C%5B%22tordo-j7d0g-anonymouspublic%22%5D%5D%5D&forwarded_for=jutro-&include=&li
mit=100&offset=0: 401 Unauthorized: request failed: https://jutro.arvadosapi.com/arvados/v1/users?cluster_id=&count=none&filters=%5B%5B%22
uuid%22%2C%22in%22%2C%5B%22tordo-j7d0g-anonymouspublic%22%5D%5D%5D&forwarded_for=jutro-&limit=100&offset=0: 401 Unauthorized: //railsapi.i
nternal/arvados/v1/users?cluster_id=&count=none&filters=%5B%5B%22uuid%22%2C%22in%22%2C%5B%22tordo-j7d0g-anonymouspublic%22%5D%5D%5D&forwar
ded_for=jutro-jutro-&include=&limit=100&offset=0: 401 Unauthorized: Not logged in (req-1qhaiyjrrkmx1v1gag97)
lucasdipentima2@shell:~$ arv user list -c "none" -f '[["uuid", "in", ["jutro-j7d0g-anonymouspublic"]]]'
{
"items":[],
"kind":"arvados#userList",
"limit":100,
"offset":0
}
</pre>
There's two problems here:
1. The query was sent to tordo, who blindly sent it to jutro (which is the login cluster, and almost all requests to the @user@ endpoint are proxied to the login cluster). jutro saw the "tordo" prefix and decided to federate the query back to tordo. I think this resulted in tordo sending the query back to jutro again but using a salted token that jutro didn't accept. However it doesn't look like @forwarded_for@ was respected.
2. When federating the @["uuid", "in", [...]]@ case, it should check the uuid types and discard any uuids that don't match the user uuid pattern.