[ARVADOS] updated: 1.2.0-352-g017ea8c74

Tue Nov 13 11:43:25 EST 2018

Summary of changes:
 lib/controller/fed_containers.go | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

       via  017ea8c747b3bd9cb57c5a7d52ca90e423c5c1fc (commit)
      from  5b7b8beb6b02f913f1881065ab5a856f7f8ebfb6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 017ea8c747b3bd9cb57c5a7d52ca90e423c5c1fc
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Tue Nov 13 11:42:19 2018 -0500

    14198: Remote user uses current token in runtime_token
    
    Can't create a new token for a remote user, so use the token that was
    supplied.
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index 1ca27bf6f..7b8cdabe5 100644
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -57,7 +57,7 @@ func remoteContainerRequestCreate(
 	originalBody := req.Body
 	defer originalBody.Close()
 	var request map[string]interface{}
-	err := json.NewDecoder(req.Body).Decode(&request)
+	err = json.NewDecoder(req.Body).Decode(&request)
 	if err != nil {
 		httpserver.Error(w, err.Error(), http.StatusBadRequest)
 		return true
@@ -89,27 +89,18 @@ func remoteContainerRequestCreate(
 		}
 
 		if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) {
-			// Local user, so create a new token
+			// Local user, submitting to a remote cluster.
+			// Create a new time-limited token.
 			newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
 			if err != nil {
 				httpserver.Error(w, err.Error(), http.StatusForbidden)
 				return true
 			}
 			containerRequest["runtime_token"] = newtok.TokenV2()
-		} else if strings.HasPrefix(currentUser.Authorization.UUID, *cluster_id) {
-			// Remote user from the cluster that we want
-			// to send work to.  Submit container to run
-			// using current token.
-			containerRequest["runtime_token"] = creds.Tokens[0]
 		} else {
-			// Remote user.  Submit container to run with current token,
-			// salted for the target cluster.
-			saltedToken, err := auth.SaltToken(creds.Tokens[0], *clusterId)
-			if err != nil {
-				httpserver.Error(w, err.Error(), http.StatusForbidden)
-				return true
-			}
-			containerRequest["runtime_token"] = saltedToken
+			// Remote user. Container request will use the
+			// current token.
+			containerRequest["runtime_token"] = creds.Tokens[0]
 		}
 	}
 

-----------------------------------------------------------------------


hooks/post-receive
-- 


