lib/controller/fed_containers.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package controller
   6
   7 import (
   8         "bytes"
   9         "encoding/json"
  10         "fmt"
  11         "io/ioutil"
  12         "log"
  13         "net/http"
  14
  15         "git.curoverse.com/arvados.git/sdk/go/auth"
  16         "git.curoverse.com/arvados.git/sdk/go/httpserver"
  17 )
  18
  19 func remoteContainerRequestCreate(
  20         h *genericFederatedRequestHandler,
  21         effectiveMethod string,
  22         clusterId *string,
  23         uuid string,
  24         remainder string,
  25         w http.ResponseWriter,
  26         req *http.Request) bool {
  27
  28         if effectiveMethod != "POST" || uuid != "" || remainder != "" ||
  29                 *clusterId == "" || *clusterId == h.handler.Cluster.ClusterID {
  30                 return false
  31         }
  32
  33         defer req.Body.Close()
  34         var request map[string]interface{}
  35         err := json.NewDecoder(req.Body).Decode(&request)
  36
  37         containerRequest, ok := request["container_request"].(map[string]interface{})
  38         if !ok {
  39                 log.Printf("wah wah")
  40                 return false
  41         }
  42
  43         // If runtime_token is not set, create a new token
  44         if _, ok := containerRequest["runtime_token"]; !ok {
  45                 log.Printf("ok %v", ok)
  46
  47                 // First make sure supplied token is valid.
  48                 creds := auth.NewCredentials()
  49                 creds.LoadTokensFromHTTPRequest(req)
  50
  51                 currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
  52                 if err != nil {
  53                         httpserver.Error(w, err.Error(), http.StatusForbidden)
  54                         return true
  55                 }
  56
  57                 if len(currentUser.Authorization.Scopes) != 1 || currentUser.Authorization.Scopes[0] != "all" {
  58                         return false
  59                 }
  60
  61                 newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
  62                 if err != nil {
  63                         httpserver.Error(w, err.Error(), http.StatusForbidden)
  64                         return true
  65                 }
  66                 containerRequest["runtime_token"] = newtok.TokenV2()
  67         }
  68
  69         newbody, err := json.Marshal(request)
  70         buf := bytes.NewBuffer(newbody)
  71         req.Body = ioutil.NopCloser(buf)
  72         req.ContentLength = int64(buf.Len())
  73         req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
  74
  75         resp, err := h.handler.remoteClusterRequest(*clusterId, req)
  76         h.handler.proxy.ForwardResponse(w, resp, err)
  77         return true
  78 }