[arvados] updated: 2.5.0-303-gd7f388108

git repository hosting git at public.arvados.org
Tue Mar 28 20:29:38 UTC 2023


Summary of changes:
 lib/controller/localdb/container_gateway.go      |  27 +++--
 lib/controller/localdb/container_gateway_test.go | 145 ++++++++++++++++-------
 lib/controller/localdb/localdb_test.go           |   4 +-
 lib/controller/router/router.go                  |  15 ++-
 lib/crunchrun/container_gateway.go               |   3 +-
 services/keep-web/handler.go                     |  26 +++-
 6 files changed, 158 insertions(+), 62 deletions(-)

       via  d7f388108615d981636e464785129ce4a958a7f5 (commit)
       via  e1d9921132ec1f414aba996609bab2f46384e413 (commit)
       via  a8212ae5e38d2c412bad28115e010acd0c34b3db (commit)
       via  0c0236f2ef5b3f8e5fdf3ad664dc89e4ccf3d64a (commit)
      from  a7438bf8ec3a27920905d732c62baf91a355bf27 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit d7f388108615d981636e464785129ce4a958a7f5
Author: Tom Clegg <tom at curii.com>
Date:   Tue Mar 28 15:51:59 2023 -0400

    19889: Preserve WebDAV path when proxying to keep-web.
    
    WebDAV clients expect the path in the server response to match the
    request.
    
    Previously when proxying to keep-web we were rewriting the request
    from /arvados/v1/containers/{uuid}/log/stderr.txt to
    /by_id/{pdh}/stderr.txt, so the response referred to
    /by_id/{pdh}/stderr.txt.
    
    With this change, we leave the request path alone and use a new
    X-Webdav-Prefix request header (/arvados/v1/containers/{uuid}/log in
    this case) to tell keep-web to strip that part when accessing the
    virtual filesystem.
    
    New test uses cadaver, which fails on the previous version with
    
    Could not access /arvados/v1/containers/zzzzz-dz642-queuedcontainer/log/ (not WebDAV-enabled?):
    Did not find a collection resource.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 6cf787fcb..77507901a 100644
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -191,15 +191,11 @@ func (conn *Conn) serveContainerLogViaKeepWeb(opts arvados.ContainerLogOptions,
 	}
 	proxy := &httputil.ReverseProxy{
 		Director: func(r *http.Request) {
-			r.URL = &url.URL{
-				Scheme: webdavBase.Scheme,
-				Host:   webdavBase.Host,
-				Path:   "/by_id/" + url.PathEscape(ctr.Log) + opts.Path,
-			}
-			// Our outgoing Host header must match
-			// WebDAVDownload.ExternalURL, otherwise
-			// keep-web does not accept an auth token.
-			r.Host = conn.cluster.Services.WebDAVDownload.ExternalURL.Host
+			r.URL.Scheme = webdavBase.Scheme
+			r.URL.Host = webdavBase.Host
+			// Outgoing Host header specifies the
+			// collection ID.
+			r.Host = strings.Replace(ctr.Log, "+", "-", -1) + ".internal"
 			// We already checked permission on the
 			// container, so we can use a root token here
 			// instead of counting on the "access to log
@@ -207,6 +203,12 @@ func (conn *Conn) serveContainerLogViaKeepWeb(opts arvados.ContainerLogOptions,
 			// permission check, which can be racy when a
 			// request gets retried with a new container.
 			r.Header.Set("Authorization", "Bearer "+conn.cluster.SystemRootToken)
+			// We can't change r.URL.Path without
+			// confusing WebDAV (request body and response
+			// headers refer to the same paths) so we tell
+			// keep-web to map the log collection onto the
+			// containers/X/log/ namespace.
+			r.Header.Set("X-Webdav-Prefix", "/arvados/v1/containers/"+ctr.UUID+"/log")
 		},
 	}
 	if conn.cluster.TLS.Insecure {
diff --git a/lib/controller/localdb/container_gateway_test.go b/lib/controller/localdb/container_gateway_test.go
index cc0011864..4884eda46 100644
--- a/lib/controller/localdb/container_gateway_test.go
+++ b/lib/controller/localdb/container_gateway_test.go
@@ -29,6 +29,7 @@ import (
 	"git.arvados.org/arvados.git/sdk/go/arvadosclient"
 	"git.arvados.org/arvados.git/sdk/go/arvadostest"
 	"git.arvados.org/arvados.git/sdk/go/ctxlog"
+	"git.arvados.org/arvados.git/sdk/go/httpserver"
 	"git.arvados.org/arvados.git/sdk/go/keepclient"
 	"golang.org/x/crypto/ssh"
 	check "gopkg.in/check.v1"
@@ -53,7 +54,7 @@ func (s *ContainerGatewaySuite) SetUpTest(c *check.C) {
 	authKey := fmt.Sprintf("%x", h.Sum(nil))
 
 	rtr := router.New(s.localdb, router.Config{})
-	s.srv = httptest.NewUnstartedServer(rtr)
+	s.srv = httptest.NewUnstartedServer(httpserver.AddRequestIDs(httpserver.LogRequests(rtr)))
 	s.srv.StartTLS()
 	// the test setup doesn't use lib/service so
 	// service.URLFromContext() returns nothing -- instead, this
@@ -201,7 +202,11 @@ func (s *ContainerGatewaySuite) TestDirectTCP(c *check.C) {
 	}
 }
 
-func (s *ContainerGatewaySuite) setupLogCollection(c *check.C, files map[string]string) {
+func (s *ContainerGatewaySuite) setupLogCollection(c *check.C) {
+	files := map[string]string{
+		"stderr.txt":   "hello world\n",
+		"a/b/c/d.html": "<html></html>\n",
+	}
 	client := arvados.NewClientFromEnv()
 	ac, err := arvadosclient.New(client)
 	c.Assert(err, check.IsNil)
@@ -226,14 +231,35 @@ func (s *ContainerGatewaySuite) setupLogCollection(c *check.C, files map[string]
 	s.gw.LogCollection = cfs
 }
 
+func (s *ContainerGatewaySuite) saveLogAndCloseGateway(c *check.C) {
+	rootctx := ctrlctx.NewWithToken(s.ctx, s.cluster, s.cluster.SystemRootToken)
+	txt, err := s.gw.LogCollection.MarshalManifest(".")
+	c.Assert(err, check.IsNil)
+	coll, err := s.localdb.CollectionCreate(rootctx, arvados.CreateOptions{
+		Attrs: map[string]interface{}{
+			"manifest_text": txt,
+		}})
+	c.Assert(err, check.IsNil)
+	_, err = s.localdb.ContainerUpdate(rootctx, arvados.UpdateOptions{
+		UUID: s.ctrUUID,
+		Attrs: map[string]interface{}{
+			"log":             coll.PortableDataHash,
+			"gateway_address": "",
+		}})
+	c.Assert(err, check.IsNil)
+	// gateway_address="" above already ensures localdb
+	// can't circumvent the keep-web proxy test by getting
+	// content from the container gateway; this is just
+	// extra insurance.
+	s.gw.LogCollection = nil
+}
+
 func (s *ContainerGatewaySuite) TestContainerLogViaTunnel(c *check.C) {
 	forceProxyForTest = true
 	defer func() { forceProxyForTest = false }()
 
 	s.gw = s.setupGatewayWithTunnel(c)
-	s.setupLogCollection(c, map[string]string{
-		"stderr.txt": "hello world\n",
-	})
+	s.setupLogCollection(c)
 
 	for _, broken := range []bool{false, true} {
 		c.Logf("broken=%v", broken)
@@ -269,40 +295,17 @@ func (s *ContainerGatewaySuite) TestContainerLogViaTunnel(c *check.C) {
 }
 
 func (s *ContainerGatewaySuite) TestContainerLogViaGateway(c *check.C) {
-	s.testContainerLog(c, true)
+	s.setupLogCollection(c)
+	s.testContainerLog(c)
 }
 
 func (s *ContainerGatewaySuite) TestContainerLogViaKeepWeb(c *check.C) {
-	s.testContainerLog(c, false)
+	s.setupLogCollection(c)
+	s.saveLogAndCloseGateway(c)
+	s.testContainerLog(c)
 }
 
-func (s *ContainerGatewaySuite) testContainerLog(c *check.C, viaGateway bool) {
-	s.setupLogCollection(c, map[string]string{
-		"stderr.txt":   "hello world\n",
-		"a/b/c/d.html": "<html></html>\n",
-	})
-	if !viaGateway {
-		rootctx := ctrlctx.NewWithToken(s.ctx, s.cluster, s.cluster.SystemRootToken)
-		txt, err := s.gw.LogCollection.MarshalManifest(".")
-		c.Assert(err, check.IsNil)
-		coll, err := s.localdb.CollectionCreate(rootctx, arvados.CreateOptions{
-			Attrs: map[string]interface{}{
-				"manifest_text": txt,
-			}})
-		c.Assert(err, check.IsNil)
-		_, err = s.localdb.ContainerUpdate(rootctx, arvados.UpdateOptions{
-			UUID: s.ctrUUID,
-			Attrs: map[string]interface{}{
-				"log":             coll.PortableDataHash,
-				"gateway_address": "",
-			}})
-		c.Assert(err, check.IsNil)
-		// gateway_address="" above already ensures localdb
-		// can't circumvent the keep-web proxy test by getting
-		// content from the container gateway; this is just
-		// extra insurance.
-		s.gw.LogCollection = nil
-	}
+func (s *ContainerGatewaySuite) testContainerLog(c *check.C) {
 	for _, trial := range []struct {
 		method       string
 		path         string
@@ -397,12 +400,19 @@ func (s *ContainerGatewaySuite) testContainerLog(c *check.C, viaGateway bool) {
 }
 
 func (s *ContainerGatewaySuite) TestContainerLogViaCadaver(c *check.C) {
+	s.setupLogCollection(c)
+
 	out := s.runCadaver(c, arvadostest.ActiveToken, "/arvados/v1/containers/"+s.ctrUUID+"/log", "ls")
 	c.Check(out, check.Matches, `(?ms).*stderr\.txt\s+12\s.*`)
 	c.Check(out, check.Matches, `(?ms).*a\s+0\s.*`)
 
 	out = s.runCadaver(c, arvadostest.ActiveTokenV2, "/arvados/v1/containers/"+s.ctrUUID+"/log", "get stderr.txt")
 	c.Check(out, check.Matches, `(?ms).*Downloading .* to stderr\.txt: .* succeeded\..*`)
+
+	s.saveLogAndCloseGateway(c)
+
+	out = s.runCadaver(c, arvadostest.ActiveTokenV2, "/arvados/v1/containers/"+s.ctrUUID+"/log", "get stderr.txt")
+	c.Check(out, check.Matches, `(?ms).*Downloading .* to stderr\.txt: .* succeeded\..*`)
 }
 
 func (s *ContainerGatewaySuite) runCadaver(c *check.C, password, path, stdin string) string {
@@ -410,14 +420,9 @@ func (s *ContainerGatewaySuite) runCadaver(c *check.C, password, path, stdin str
 	// just fail on TLS cert verification.
 	s.srv.Close()
 	rtr := router.New(s.localdb, router.Config{})
-	s.srv = httptest.NewUnstartedServer(rtr)
+	s.srv = httptest.NewUnstartedServer(httpserver.AddRequestIDs(httpserver.LogRequests(rtr)))
 	s.srv.Start()
 
-	s.setupLogCollection(c, map[string]string{
-		"stderr.txt":   "hello world\n",
-		"a/b/c/d.html": "<html></html>\n",
-	})
-
 	tempdir, err := ioutil.TempDir("", "localdb-test-")
 	c.Assert(err, check.IsNil)
 	defer os.RemoveAll(tempdir)
diff --git a/lib/controller/localdb/localdb_test.go b/lib/controller/localdb/localdb_test.go
index 8e543114c..053031a8c 100644
--- a/lib/controller/localdb/localdb_test.go
+++ b/lib/controller/localdb/localdb_test.go
@@ -44,8 +44,10 @@ func (s *localdbSuite) TearDownSuite(c *check.C) {
 
 func (s *localdbSuite) SetUpTest(c *check.C) {
 	*s = localdbSuite{}
+	logger := ctxlog.TestLogger(c)
 	s.ctx, s.cancel = context.WithCancel(context.Background())
-	cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
+	s.ctx = ctxlog.Context(s.ctx, logger)
+	cfg, err := config.NewLoader(nil, logger).Load()
 	c.Assert(err, check.IsNil)
 	s.cluster, err = cfg.GetCluster("")
 	c.Assert(err, check.IsNil)
diff --git a/lib/controller/router/router.go b/lib/controller/router/router.go
index 72e5ab310..703c45701 100644
--- a/lib/controller/router/router.go
+++ b/lib/controller/router/router.go
@@ -662,11 +662,8 @@ func (rtr *router) addRoute(endpoint arvados.APIEndpoint, defaultOpts func() int
 		}
 		ctx := auth.NewContext(req.Context(), creds)
 		ctx = arvados.ContextWithRequestID(ctx, req.Header.Get("X-Request-Id"))
-		logger.WithFields(logrus.Fields{
-			"apiEndpoint": endpoint,
-			"apiOptsType": fmt.Sprintf("%T", opts),
-			"apiOpts":     opts,
-		}).Debug("exec")
+		req = req.WithContext(ctx)
+
 		// Extract the token UUIDs (or a placeholder for v1 tokens)
 		var tokenUUIDs []string
 		for _, t := range creds.Tokens {
@@ -683,7 +680,13 @@ func (rtr *router) addRoute(endpoint arvados.APIEndpoint, defaultOpts func() int
 				tokenUUIDs = append(tokenUUIDs, "v1 token ending in "+end)
 			}
 		}
-		httpserver.SetResponseLogFields(req.Context(), logrus.Fields{"tokenUUIDs": tokenUUIDs})
+		httpserver.SetResponseLogFields(ctx, logrus.Fields{"tokenUUIDs": tokenUUIDs})
+
+		logger.WithFields(logrus.Fields{
+			"apiEndpoint": endpoint,
+			"apiOptsType": fmt.Sprintf("%T", opts),
+			"apiOpts":     opts,
+		}).Debug("exec")
 		resp, err := exec(ctx, opts)
 		if err != nil {
 			logger.WithError(err).Debugf("returning error type %T", err)
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 97749d967..3b22a13b0 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -213,7 +213,26 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pathParts := strings.Split(r.URL.Path[1:], "/")
+	webdavPrefix := ""
+	arvPath := r.URL.Path
+	if prefix := r.Header.Get("X-Webdav-Prefix"); prefix != "" {
+		// Enable a proxy (e.g., container log handler in
+		// controller) to satisfy a request for path
+		// "/foo/bar/baz.txt" using content from
+		// "//abc123-4.internal/bar/baz.txt", by adding a
+		// request header "X-Webdav-Prefix: /foo"
+		if !strings.HasPrefix(arvPath, prefix) {
+			http.Error(w, "X-Webdav-Prefix header is not a prefix of the requested path", http.StatusBadRequest)
+			return
+		}
+		arvPath = r.URL.Path[len(prefix):]
+		if arvPath == "" {
+			arvPath = "/"
+		}
+		w.Header().Set("Vary", "X-Webdav-Prefix, "+w.Header().Get("Vary"))
+		webdavPrefix = prefix
+	}
+	pathParts := strings.Split(arvPath[1:], "/")
 
 	var stripParts int
 	var collectionID string
@@ -561,8 +580,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	if r.Method == http.MethodGet {
 		applyContentDispositionHdr(w, r, basename, attachment)
 	}
+	if webdavPrefix == "" {
+		webdavPrefix = "/" + strings.Join(pathParts[:stripParts], "/")
+	}
 	wh := webdav.Handler{
-		Prefix: "/" + strings.Join(pathParts[:stripParts], "/"),
+		Prefix: webdavPrefix,
 		FileSystem: &webdavfs.FS{
 			FileSystem:    sessionFS,
 			Prefix:        fsprefix,

commit e1d9921132ec1f414aba996609bab2f46384e413
Author: Tom Clegg <tom at curii.com>
Date:   Mon Mar 27 19:24:02 2023 -0400

    19889: Add www-authenticate header with 401 Unauthorized response.
    
    Test webdav with cadaver.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 8a70dc8e8..6cf787fcb 100644
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -56,6 +56,13 @@ var (
 func (conn *Conn) ContainerLog(ctx context.Context, opts arvados.ContainerLogOptions) (http.Handler, error) {
 	ctr, err := conn.railsProxy.ContainerGet(ctx, arvados.GetOptions{UUID: opts.UUID, Select: []string{"uuid", "state", "gateway_address", "log"}})
 	if err != nil {
+		if se := httpserver.HTTPStatusError(nil); errors.As(err, &se) && se.HTTPStatus() == http.StatusUnauthorized {
+			// Hint to WebDAV client that we accept HTTP basic auth.
+			return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.Header().Set("Www-Authenticate", "Basic realm=\"collections\"")
+				w.WriteHeader(http.StatusUnauthorized)
+			}), nil
+		}
 		return nil, err
 	}
 	if ctr.GatewayAddress == "" ||
diff --git a/lib/controller/localdb/container_gateway_test.go b/lib/controller/localdb/container_gateway_test.go
index 2a472199d..cc0011864 100644
--- a/lib/controller/localdb/container_gateway_test.go
+++ b/lib/controller/localdb/container_gateway_test.go
@@ -5,6 +5,7 @@
 package localdb
 
 import (
+	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
 	"fmt"
@@ -15,6 +16,8 @@ import (
 	"net/http/httptest"
 	"net/url"
 	"os"
+	"os/exec"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -36,6 +39,7 @@ var _ = check.Suite(&ContainerGatewaySuite{})
 type ContainerGatewaySuite struct {
 	localdbSuite
 	ctrUUID string
+	srv     *httptest.Server
 	gw      *crunchrun.Gateway
 }
 
@@ -49,15 +53,15 @@ func (s *ContainerGatewaySuite) SetUpTest(c *check.C) {
 	authKey := fmt.Sprintf("%x", h.Sum(nil))
 
 	rtr := router.New(s.localdb, router.Config{})
-	srv := httptest.NewUnstartedServer(rtr)
-	srv.StartTLS()
+	s.srv = httptest.NewUnstartedServer(rtr)
+	s.srv.StartTLS()
 	// the test setup doesn't use lib/service so
 	// service.URLFromContext() returns nothing -- instead, this
 	// is how we advertise our internal URL and enable
 	// proxy-to-other-controller mode,
-	forceInternalURLForTest = &arvados.URL{Scheme: "https", Host: srv.Listener.Addr().String()}
+	forceInternalURLForTest = &arvados.URL{Scheme: "https", Host: s.srv.Listener.Addr().String()}
 	ac := &arvados.Client{
-		APIHost:   srv.Listener.Addr().String(),
+		APIHost:   s.srv.Listener.Addr().String(),
 		AuthToken: arvadostest.Dispatch1Token,
 		Insecure:  true,
 	}
@@ -91,6 +95,11 @@ func (s *ContainerGatewaySuite) SetUpTest(c *check.C) {
 	c.Check(err, check.IsNil)
 }
 
+func (s *ContainerGatewaySuite) TearDownTest(c *check.C) {
+	s.srv.Close()
+	s.localdbSuite.TearDownTest(c)
+}
+
 func (s *ContainerGatewaySuite) TestConfig(c *check.C) {
 	for _, trial := range []struct {
 		configAdmin bool
@@ -387,6 +396,57 @@ func (s *ContainerGatewaySuite) testContainerLog(c *check.C, viaGateway bool) {
 	}
 }
 
+func (s *ContainerGatewaySuite) TestContainerLogViaCadaver(c *check.C) {
+	out := s.runCadaver(c, arvadostest.ActiveToken, "/arvados/v1/containers/"+s.ctrUUID+"/log", "ls")
+	c.Check(out, check.Matches, `(?ms).*stderr\.txt\s+12\s.*`)
+	c.Check(out, check.Matches, `(?ms).*a\s+0\s.*`)
+
+	out = s.runCadaver(c, arvadostest.ActiveTokenV2, "/arvados/v1/containers/"+s.ctrUUID+"/log", "get stderr.txt")
+	c.Check(out, check.Matches, `(?ms).*Downloading .* to stderr\.txt: .* succeeded\..*`)
+}
+
+func (s *ContainerGatewaySuite) runCadaver(c *check.C, password, path, stdin string) string {
+	// Replace s.srv with an HTTP server, otherwise cadaver will
+	// just fail on TLS cert verification.
+	s.srv.Close()
+	rtr := router.New(s.localdb, router.Config{})
+	s.srv = httptest.NewUnstartedServer(rtr)
+	s.srv.Start()
+
+	s.setupLogCollection(c, map[string]string{
+		"stderr.txt":   "hello world\n",
+		"a/b/c/d.html": "<html></html>\n",
+	})
+
+	tempdir, err := ioutil.TempDir("", "localdb-test-")
+	c.Assert(err, check.IsNil)
+	defer os.RemoveAll(tempdir)
+
+	cmd := exec.Command("cadaver", s.srv.URL+path)
+	if password != "" {
+		cmd.Env = append(os.Environ(), "HOME="+tempdir)
+		f, err := os.OpenFile(filepath.Join(tempdir, ".netrc"), os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600)
+		c.Assert(err, check.IsNil)
+		_, err = fmt.Fprintf(f, "default login none password %s\n", password)
+		c.Assert(err, check.IsNil)
+		c.Assert(f.Close(), check.IsNil)
+	}
+	cmd.Stdin = bytes.NewBufferString(stdin)
+	cmd.Dir = tempdir
+	stdout, err := cmd.StdoutPipe()
+	c.Assert(err, check.Equals, nil)
+	cmd.Stderr = cmd.Stdout
+	c.Logf("cmd: %v", cmd.Args)
+	go cmd.Start()
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, stdout)
+	c.Check(err, check.Equals, nil)
+	err = cmd.Wait()
+	c.Check(err, check.Equals, nil)
+	return buf.String()
+}
+
 func (s *ContainerGatewaySuite) TestConnect(c *check.C) {
 	c.Logf("connecting to %s", s.gw.Address)
 	sshconn, err := s.localdb.ContainerSSH(s.userctx, arvados.ContainerSSHOptions{UUID: s.ctrUUID})

commit a8212ae5e38d2c412bad28115e010acd0c34b3db
Author: Tom Clegg <tom at curii.com>
Date:   Mon Mar 27 19:23:42 2023 -0400

    19889: Remove unused code.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/controller/localdb/container_gateway_test.go b/lib/controller/localdb/container_gateway_test.go
index 0be0b4810..2a472199d 100644
--- a/lib/controller/localdb/container_gateway_test.go
+++ b/lib/controller/localdb/container_gateway_test.go
@@ -288,12 +288,6 @@ func (s *ContainerGatewaySuite) testContainerLog(c *check.C, viaGateway bool) {
 				"gateway_address": "",
 			}})
 		c.Assert(err, check.IsNil)
-		// _, err = s.localdb.ContainerUpdate(rootctx, arvados.UpdateOptions{
-		// 	UUID: s.ctrUUID,
-		// 	Attrs: map[string]interface{}{
-		// 		"state": "Cancelled",
-		// 	}})
-		// c.Assert(err, check.IsNil)
 		// gateway_address="" above already ensures localdb
 		// can't circumvent the keep-web proxy test by getting
 		// content from the container gateway; this is just

commit 0c0236f2ef5b3f8e5fdf3ad664dc89e4ccf3d64a
Author: Tom Clegg <tom at curii.com>
Date:   Mon Mar 27 19:23:32 2023 -0400

    19889: Fix comment.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/crunchrun/container_gateway.go b/lib/crunchrun/container_gateway.go
index e0f3b386f..12bdc6b7d 100644
--- a/lib/crunchrun/container_gateway.go
+++ b/lib/crunchrun/container_gateway.go
@@ -81,7 +81,8 @@ type Gateway struct {
 	// controller process at the other end of the tunnel.
 	UpdateTunnelURL func(url string)
 
-	// Source for serving WebDAV requests at /arvados/v1/{uuid}/log/
+	// Source for serving WebDAV requests at
+	// /arvados/v1/containers/{uuid}/log/
 	LogCollection arvados.CollectionFileSystem
 
 	sshConfig   ssh.ServerConfig

-----------------------------------------------------------------------


hooks/post-receive
-- 




More information about the arvados-commits mailing list