[ARVADOS] updated: 2.1.0-110-gbee9aff3b

Git user git at public.arvados.org
Wed Nov 18 15:10:13 UTC 2020 

Summary of changes:
 doc/api/keep-s3.html.textile.liquid                 | 4 ++--
 services/api/app/models/api_client_authorization.rb | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

       via  bee9aff3bd6b69f81a0dd53fa7b4118d0eeeb0a9 (commit)
       via  998f990baafdd07501d801d063c7ed6b21feec6a (commit)
      from  6a613ba162b66beab17bcdf6192034d6ed335ad4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit bee9aff3bd6b69f81a0dd53fa7b4118d0eeeb0a9
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Wed Nov 18 10:10:02 2020 -0500

    17106: Update docs.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/doc/api/keep-s3.html.textile.liquid b/doc/api/keep-s3.html.textile.liquid
index 2cae81761..8fe1ab516 100644
--- a/doc/api/keep-s3.html.textile.liquid
+++ b/doc/api/keep-s3.html.textile.liquid
@@ -70,5 +70,5 @@ h3. Authorization mechanisms
 
 Keep-web accepts AWS Signature Version 4 (AWS4-HMAC-SHA256) as well as the older V2 AWS signature.
 
-* If your client uses V4 signatures exclusively: use the Arvados token's UUID part as AccessKey, and its secret part as SecretKey.  This is preferred.
-* If your client uses V2 signatures, or a combination of V2 and V4, or the Arvados token UUID is unknown: use the secret part of the Arvados token for both AccessKey and SecretKey.
+* If your client uses V4 signatures exclusively, and your Arvados token was issued by the same cluster you are connecting to: use the Arvados token's UUID part as AccessKey, and its secret part as SecretKey. This is preferred, where applicable.
+* If your client uses V2 signatures, or a combination of V2 and V4, or the Arvados token UUID is unknown, or a LoginCluster is in use: use the secret part of the Arvados token for both AccessKey and SecretKey.

commit 998f990baafdd07501d801d063c7ed6b21feec6a
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Wed Nov 18 10:02:40 2020 -0500

    17106: Comment on stored_secret behavior.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/services/api/app/models/api_client_authorization.rb b/services/api/app/models/api_client_authorization.rb
index 1c1c669de..6b308a231 100644
--- a/services/api/app/models/api_client_authorization.rb
+++ b/services/api/app/models/api_client_authorization.rb
@@ -345,6 +345,11 @@ class ApiClientAuthorization < ArvadosModel
         auth.user = user
         auth.api_client_id = 0
       end
+      # If stored_secret is set, we save stored_secret in the database
+      # but return the real secret to the caller. This way, if we end
+      # up returning the auth record to the client, they see the same
+      # secret they supplied, instead of the HMAC we saved in the
+      # database.
       stored_secret = stored_secret || secret
       auth.update_attributes!(user: user,
                               api_token: stored_secret,

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list