[ARVADOS] created: 2.1.0-446-gdbce3584c

Git user git at public.arvados.org
Thu Feb 11 23:10:33 UTC 2021 

        at  dbce3584cab673b092d7274d345220617ecf2c41 (commit)


commit dbce3584cab673b092d7274d345220617ecf2c41
Author: Nico Cesar <nico at nicocesar.com>
Date:   Thu Feb 11 18:09:09 2021 -0500

    Lucas, this is what I see where the bug might be
    
    Arvados-DCO-1.1-Signed-off-by: Nico Cesar <nico at curii.com>

diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go
index b86266d67..1a9bacde0 100644
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -374,8 +374,14 @@ func (conn *Conn) ContainerRequestCreate(ctx context.Context, options arvados.Cr
 			if !ok {
 				return arvados.ContainerRequest{}, httpErrorf(http.StatusInternalServerError, "bug: local backend is a %T, not a *localdb.Conn", conn.local)
 			}
+			nn := conn.cluster.Collections.BlobSigningTTL.Duration()
+
+			fmt.Printf("NICO NN: %d\n", nn)
+			if nn == 0 {
+				nn = 14 * 24 * time.Hour
+			}
 			aca, err = local.CreateAPIClientAuthorization(ctx, conn.cluster.SystemRootToken, rpc.UserSessionAuthInfo{UserUUID: user.UUID,
-				ExpiresAt: time.Now().UTC().Add(conn.cluster.Collections.BlobSigningTTL.Duration())})
+				ExpiresAt: time.Now().UTC().Add(nn)})
 			if err != nil {
 				return arvados.ContainerRequest{}, err
 			}
diff --git a/lib/controller/federation_test.go b/lib/controller/federation_test.go
index c78180aa5..256dbeb46 100644
--- a/lib/controller/federation_test.go
+++ b/lib/controller/federation_test.go
@@ -709,21 +709,26 @@ func (s *FederationSuite) TestCreateRemoteContainerRequestCheckRuntimeToken(c *c
 	// RuntimeToken must be different than the Original Token we originally did the request with.
 	c.Check(cr.RuntimeToken, check.Not(check.Equals), arvadostest.ActiveTokenV2)
 
-	if forceLegacyAPI14 {
-		// Runtime token should not have an expiration based on API.MaxTokenLifetime
-		req2 := httptest.NewRequest("GET", "/arvados/v1/api_client_authorizations/current", nil)
-		req2.Header.Set("Authorization", "Bearer "+cr.RuntimeToken)
-		req2.Header.Set("Content-type", "application/json")
-		resp = s.testRequest(req2).Result()
-		c.Check(resp.StatusCode, check.Equals, http.StatusOK)
-		var aca arvados.APIClientAuthorization
-		c.Check(json.NewDecoder(resp.Body).Decode(&aca), check.IsNil)
-		c.Check(aca.ExpiresAt, check.NotNil) // BlobSigningTTL
-		t, _ := time.Parse(time.RFC3339Nano, aca.ExpiresAt)
-		c.Check(t.After(time.Now().Add(time.Hour)), check.Equals, true)
-		// fmt.Printf("\n\n>>BlobSigningTTL: %v // ExpiresAt: %v>>\n\n", s.testHandler.Cluster.Collections.BlobSigningTTL.Duration(), t)
-		// c.Check(t.Before(time.Now().Add(s.testHandler.Cluster.Collections.BlobSigningTTL.Duration())), check.Equals, true)
-	}
+	// Runtime token should not have an expiration based on API.MaxTokenLifetime
+	req2 := httptest.NewRequest("GET", "/arvados/v1/api_client_authorizations/current", nil)
+	req2.Header.Set("Authorization", "Bearer "+cr.RuntimeToken)
+	req2.Header.Set("Content-type", "application/json")
+	//----------
+	data, err := ioutil.ReadAll(s.remoteMockRequests[0].Body)
+	c.Check(err, check.IsNil)
+	fmt.Printf("NICO WAS HERE: %s\n", data)
+	//---------------
+	resp = s.testRequest(req2).Result()
+	c.Check(resp.StatusCode, check.Equals, http.StatusOK)
+
+	var aca arvados.APIClientAuthorization
+	c.Check(json.NewDecoder(resp.Body).Decode(&aca), check.IsNil)
+	c.Check(aca.ExpiresAt, check.NotNil) // BlobSigningTTL
+	t, _ := time.Parse(time.RFC3339Nano, aca.ExpiresAt)
+	c.Check(t.After(time.Now().Add(time.Hour)), check.Equals, true)
+	// fmt.Printf("\n\n>>BlobSigningTTL: %v // ExpiresAt: %v>>\n\n", s.testHandler.Cluster.Collections.BlobSigningTTL.Duration(), t)
+	// c.Check(t.Before(time.Now().Add(s.testHandler.Cluster.Collections.BlobSigningTTL.Duration())), check.Equals, true)
+
 }
 
 func (s *FederationSuite) TestCreateRemoteContainerRequestCheckSetRuntimeToken(c *check.C) {
diff --git a/lib/controller/localdb/login.go b/lib/controller/localdb/login.go
index 4e76b176d..365cfffc1 100644
--- a/lib/controller/localdb/login.go
+++ b/lib/controller/localdb/login.go
@@ -144,6 +144,7 @@ func noopLogout(cluster *arvados.Cluster, opts arvados.LogoutOptions) (arvados.L
 }
 
 func (conn *Conn) CreateAPIClientAuthorization(ctx context.Context, rootToken string, authinfo rpc.UserSessionAuthInfo) (resp arvados.APIClientAuthorization, err error) {
+	fmt.Printf("NICO CAPO %v\n", authinfo.ExpiresAt)
 	if rootToken == "" {
 		return arvados.APIClientAuthorization{}, errors.New("configuration error: empty SystemRootToken")
 	}

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list