[ARVADOS] updated: 1.3.0-596-ge4b516194

Git user git at public.curoverse.com
Fri Mar 22 18:44:14 UTC 2019


Summary of changes:
 lib/controller/cmd.go          |  2 +-
 lib/controller/handler_test.go |  2 +-
 lib/controller/proxy.go        |  1 +
 lib/dispatchcloud/cmd.go       |  4 ++--
 lib/service/cmd.go             | 24 ++++++++++++------------
 lib/service/token.go           | 30 ------------------------------
 6 files changed, 17 insertions(+), 46 deletions(-)
 delete mode 100644 lib/service/token.go

       via  e4b51619430c53f6da603dc8f9b5ece1cb33449f (commit)
      from  4d9a5c4f0f19c2e6d394dca6a1de903dc09c43e5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit e4b51619430c53f6da603dc8f9b5ece1cb33449f
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Fri Mar 22 14:44:03 2019 -0400

    14807: Pass token to service handlers explicitly, not via context.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/lib/controller/cmd.go b/lib/controller/cmd.go
index c1d4657ba..f0268091b 100644
--- a/lib/controller/cmd.go
+++ b/lib/controller/cmd.go
@@ -14,6 +14,6 @@ import (
 
 var Command cmd.Handler = service.Command(arvados.ServiceNameController, newHandler)
 
-func newHandler(_ context.Context, cluster *arvados.Cluster, np *arvados.NodeProfile) service.Handler {
+func newHandler(_ context.Context, cluster *arvados.Cluster, np *arvados.NodeProfile, _ string) service.Handler {
 	return &Handler{Cluster: cluster, NodeProfile: np}
 }
diff --git a/lib/controller/handler_test.go b/lib/controller/handler_test.go
index dfe60d90a..96110ea85 100644
--- a/lib/controller/handler_test.go
+++ b/lib/controller/handler_test.go
@@ -50,7 +50,7 @@ func (s *HandlerSuite) SetUpTest(c *check.C) {
 		},
 	}
 	node := s.cluster.NodeProfiles["*"]
-	s.handler = newHandler(s.ctx, s.cluster, &node)
+	s.handler = newHandler(s.ctx, s.cluster, &node, "")
 }
 
 func (s *HandlerSuite) TearDownTest(c *check.C) {
diff --git a/lib/controller/proxy.go b/lib/controller/proxy.go
index c01c15235..c0b94c2b5 100644
--- a/lib/controller/proxy.go
+++ b/lib/controller/proxy.go
@@ -32,6 +32,7 @@ var dropHeaders = map[string]bool{
 	"Keep-Alive":          true,
 	"Proxy-Authenticate":  true,
 	"Proxy-Authorization": true,
+	// this line makes gofmt 1.10 and 1.11 agree
 	"TE":                true,
 	"Trailer":           true,
 	"Transfer-Encoding": true, // *-Encoding headers interfer with Go's automatic compression/decompression
diff --git a/lib/dispatchcloud/cmd.go b/lib/dispatchcloud/cmd.go
index 82205c742..f8143ac8c 100644
--- a/lib/dispatchcloud/cmd.go
+++ b/lib/dispatchcloud/cmd.go
@@ -14,11 +14,11 @@ import (
 
 var Command cmd.Handler = service.Command(arvados.ServiceNameDispatchCloud, newHandler)
 
-func newHandler(ctx context.Context, cluster *arvados.Cluster, _ *arvados.NodeProfile) service.Handler {
+func newHandler(ctx context.Context, cluster *arvados.Cluster, _ *arvados.NodeProfile, token string) service.Handler {
 	d := &dispatcher{
 		Cluster:   cluster,
 		Context:   ctx,
-		AuthToken: service.Token(ctx),
+		AuthToken: token,
 	}
 	go d.Start()
 	return d
diff --git a/lib/service/cmd.go b/lib/service/cmd.go
index e56f52eec..e23791b30 100644
--- a/lib/service/cmd.go
+++ b/lib/service/cmd.go
@@ -26,7 +26,7 @@ type Handler interface {
 	CheckHealth() error
 }
 
-type NewHandlerFunc func(context.Context, *arvados.Cluster, *arvados.NodeProfile) Handler
+type NewHandlerFunc func(_ context.Context, _ *arvados.Cluster, _ *arvados.NodeProfile, token string) Handler
 
 type command struct {
 	newHandler NewHandlerFunc
@@ -79,16 +79,6 @@ func (c *command) RunCommand(prog string, args []string, stdin io.Reader, stdout
 	})
 	ctx := ctxlog.Context(context.Background(), log)
 
-	// Currently all components use SystemRootToken if configured,
-	// otherwise ARVADOS_API_TOKEN. In future, per-process tokens
-	// will be generated/obtained here.
-	token := cluster.SystemRootToken
-	if token == "" {
-		log.Warn("SystemRootToken missing from cluster config, falling back to ARVADOS_API_TOKEN environment variable")
-		token = os.Getenv("ARVADOS_API_TOKEN")
-	}
-	ctx = tokenContext(ctx, token)
-
 	profileName := *nodeProfile
 	if profileName == "" {
 		profileName = os.Getenv("ARVADOS_NODE_PROFILE")
@@ -102,7 +92,17 @@ func (c *command) RunCommand(prog string, args []string, stdin io.Reader, stdout
 		err = fmt.Errorf("configuration does not enable the %s service on this host", c.svcName)
 		return 1
 	}
-	handler := c.newHandler(ctx, cluster, profile)
+
+	// Currently all components use SystemRootToken if configured,
+	// otherwise ARVADOS_API_TOKEN. In future, per-process tokens
+	// will be generated/obtained here.
+	token := cluster.SystemRootToken
+	if token == "" {
+		log.Warn("SystemRootToken missing from cluster config, falling back to ARVADOS_API_TOKEN environment variable")
+		token = os.Getenv("ARVADOS_API_TOKEN")
+	}
+
+	handler := c.newHandler(ctx, cluster, profile, token)
 	if err = handler.CheckHealth(); err != nil {
 		return 1
 	}
diff --git a/lib/service/token.go b/lib/service/token.go
deleted file mode 100644
index 5070ae564..000000000
--- a/lib/service/token.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) The Arvados Authors. All rights reserved.
-//
-// SPDX-License-Identifier: Apache-2.0
-
-package service
-
-import (
-	"context"
-)
-
-type contextKey string
-
-var contextKeyServiceToken contextKey = "serviceToken"
-
-// Token returns the privileged system token suitable for the given
-// service context.
-//
-// It only works on contexts that were generated by Command() and
-// passed to a Handler. For other contexts it returns the empty
-// string.
-func Token(ctx context.Context) string {
-	t, _ := ctx.Value(contextKeyServiceToken).(string)
-	return t
-}
-
-// tokenContext returns a child context with the given token attached
-// so it can be retrieved by Token().
-func tokenContext(ctx context.Context, t string) context.Context {
-	return context.WithValue(ctx, contextKeyServiceToken, t)
-}

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list