1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
15 "git.curoverse.com/arvados.git/sdk/go/auth"
16 "git.curoverse.com/arvados.git/sdk/go/httpserver"
19 func remoteContainerRequestCreate(
20 h *genericFederatedRequestHandler,
21 effectiveMethod string,
25 w http.ResponseWriter,
26 req *http.Request) bool {
28 if effectiveMethod != "POST" || uuid != "" || remainder != "" ||
29 *clusterId == "" || *clusterId == h.handler.Cluster.ClusterID {
33 defer req.Body.Close()
34 var request map[string]interface{}
35 err := json.NewDecoder(req.Body).Decode(&request)
37 containerRequest, ok := request["container_request"].(map[string]interface{})
43 // If runtime_token is not set, create a new token
44 if _, ok := containerRequest["runtime_token"]; !ok {
45 log.Printf("ok %v", ok)
47 // First make sure supplied token is valid.
48 creds := auth.NewCredentials()
49 creds.LoadTokensFromHTTPRequest(req)
51 currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
53 httpserver.Error(w, err.Error(), http.StatusForbidden)
57 if len(currentUser.Authorization.Scopes) != 1 || currentUser.Authorization.Scopes[0] != "all" {
61 newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
63 httpserver.Error(w, err.Error(), http.StatusForbidden)
66 containerRequest["runtime_token"] = newtok.TokenV2()
69 newbody, err := json.Marshal(request)
70 buf := bytes.NewBuffer(newbody)
71 req.Body = ioutil.NopCloser(buf)
72 req.ContentLength = int64(buf.Len())
73 req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
75 resp, err := h.handler.remoteClusterRequest(*clusterId, req)
76 h.handler.proxy.ForwardResponse(w, resp, err)