[ARVADOS] updated: 1.2.0-301-g11ed4d78b

Git user git at public.curoverse.com
Thu Nov 1 15:18:12 EDT 2018 

Summary of changes:
 lib/controller/fed_containers.go                  | 3 ++-
 lib/controller/fed_generic.go                     | 4 ++--
 services/api/test/integration/remote_user_test.rb | 4 ++--
 services/api/test/unit/container_request_test.rb  | 9 ++-------
 4 files changed, 8 insertions(+), 12 deletions(-)

       via  11ed4d78b3abaa8f31e749093638df0804753ad4 (commit)
       via  1ce5dff8ff14f4886e9c0eefc0c7b83e3bea54b6 (commit)
      from  6a7a7920e8ce4b6f6743d0a644afb87e6bae63c1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 11ed4d78b3abaa8f31e749093638df0804753ad4
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Thu Nov 1 15:14:14 2018 -0400

    14262: Avoid out-of-bounds panics checking cluster prefixes
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index e4c80a32c..5c5501d22 100644
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"strings"
 
 	"git.curoverse.com/arvados.git/sdk/go/auth"
 	"git.curoverse.com/arvados.git/sdk/go/httpserver"
@@ -79,7 +80,7 @@ func remoteContainerRequestCreate(
 		}
 
 		// Must be home cluster for this authorization
-		if currentUser.Authorization.UUID[0:5] == h.handler.Cluster.ClusterID {
+		if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) {
 			newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
 			if err != nil {
 				httpserver.Error(w, err.Error(), http.StatusForbidden)
diff --git a/lib/controller/fed_generic.go b/lib/controller/fed_generic.go
index 63e61e690..6c8135cf9 100644
--- a/lib/controller/fed_generic.go
+++ b/lib/controller/fed_generic.go
@@ -140,7 +140,7 @@ func (h *genericFederatedRequestHandler) handleMultiClusterQuery(w http.Response
 		if op == "in" {
 			if rhs, ok := filter[2].([]interface{}); ok {
 				for _, i := range rhs {
-					if u, ok := i.(string); ok {
+					if u, ok := i.(string); ok && len(u) == 27 {
 						*clusterId = u[0:5]
 						queryClusters[u[0:5]] = append(queryClusters[u[0:5]], u)
 						expectCount += 1
@@ -148,7 +148,7 @@ func (h *genericFederatedRequestHandler) handleMultiClusterQuery(w http.Response
 				}
 			}
 		} else if op == "=" {
-			if u, ok := filter[2].(string); ok {
+			if u, ok := filter[2].(string); ok && len(u) == 27 {
 				*clusterId = u[0:5]
 				queryClusters[u[0:5]] = append(queryClusters[u[0:5]], u)
 				expectCount += 1

commit 1ce5dff8ff14f4886e9c0eefc0c7b83e3bea54b6
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Thu Nov 1 14:53:37 2018 -0400

    14262: Fix remote_user_test.rb so it doesn't mess up remote_hosts
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/services/api/test/integration/remote_user_test.rb b/services/api/test/integration/remote_user_test.rb
index 0e61db7bc..44737524e 100644
--- a/services/api/test/integration/remote_user_test.rb
+++ b/services/api/test/integration/remote_user_test.rb
@@ -63,8 +63,8 @@ class RemoteUsersTest < ActionDispatch::IntegrationTest
     ready.pop
     @remote_server = srv
     @remote_host = "127.0.0.1:#{srv.config[:Port]}"
-    Rails.configuration.remote_hosts['zbbbb'] = @remote_host
-    Rails.configuration.remote_hosts['zbork'] = @remote_host
+    Rails.configuration.remote_hosts = Rails.configuration.remote_hosts.merge({'zbbbb' => @remote_host,
+                                                                               'zbork' => @remote_host})
     Arvados::V1::SchemaController.any_instance.stubs(:root_url).returns "https://#{@remote_host}"
     @stub_status = 200
     @stub_content = {
diff --git a/services/api/test/unit/container_request_test.rb b/services/api/test/unit/container_request_test.rb
index f53b07e5a..0fafb9903 100644
--- a/services/api/test/unit/container_request_test.rb
+++ b/services/api/test/unit/container_request_test.rb
@@ -506,7 +506,6 @@ class ContainerRequestTest < ActiveSupport::TestCase
   ].each do |img|
     test "container_image_for_container(#{img.inspect}) => 422" do
       set_user_from_auth :active
-      Rails.configuration.remote_hosts = {}
       assert_raises(ArvadosModel::UnresolvableContainerError) do
         Container.resolve_container_image(img)
       end
@@ -515,12 +514,8 @@ class ContainerRequestTest < ActiveSupport::TestCase
 
   test "allow unrecognized container when there are remote_hosts" do
     set_user_from_auth :active
-    begin
-      Rails.configuration.remote_hosts = {"foooo" => "bar.com"}
-      Container.resolve_container_image('acbd18db4cc2f85cedef654fccc4a4d8+3')
-    ensure
-      Rails.configuration.remote_hosts = {}
-    end
+    Rails.configuration.remote_hosts = {"foooo" => "bar.com"}
+    Container.resolve_container_image('acbd18db4cc2f85cedef654fccc4a4d8+3')
   end
 
   test "migrated docker image" do

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list