"net/http"
"strings"
- "git.curoverse.com/arvados.git/sdk/go/auth"
- "git.curoverse.com/arvados.git/sdk/go/httpserver"
+ "git.arvados.org/arvados.git/sdk/go/auth"
+ "git.arvados.org/arvados.git/sdk/go/httpserver"
)
func remoteContainerRequestCreate(
h *genericFederatedRequestHandler,
effectiveMethod string,
- clusterId *string,
+ clusterID *string,
uuid string,
remainder string,
w http.ResponseWriter,
creds := auth.NewCredentials()
creds.LoadTokensFromHTTPRequest(req)
- currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+ currentUser, ok, err := h.handler.validateAPItoken(req, creds.Tokens[0])
if err != nil {
- httpserver.Error(w, err.Error(), http.StatusForbidden)
+ httpserver.Error(w, err.Error(), http.StatusInternalServerError)
+ return true
+ } else if !ok {
+ httpserver.Error(w, "invalid API token", http.StatusForbidden)
return true
}
- if *clusterId == "" {
- *clusterId = h.handler.Cluster.ClusterID
- }
-
- if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) &&
- *clusterId == h.handler.Cluster.ClusterID {
- // local user submitting container request to local cluster
+ if *clusterID == "" || *clusterID == h.handler.Cluster.ClusterID {
+ // Submitting container request to local cluster. No
+ // need to set a runtime_token (rails api will create
+ // one when the container runs) or do a remote cluster
+ // request.
return false
}
crString, ok := request["container_request"].(string)
if ok {
- var crJson map[string]interface{}
- err := json.Unmarshal([]byte(crString), &crJson)
+ var crJSON map[string]interface{}
+ err := json.Unmarshal([]byte(crString), &crJSON)
if err != nil {
httpserver.Error(w, err.Error(), http.StatusBadRequest)
return true
}
- request["container_request"] = crJson
+ request["container_request"] = crJSON
}
containerRequest, ok := request["container_request"].(map[string]interface{})
containerRequest["runtime_token"] = newtok.TokenV2()
} else {
// Remote user. Container request will use the
- // current token.
- containerRequest["runtime_token"] = creds.Tokens[0]
+ // current token, minus the trailing portion
+ // (optional container uuid).
+ sp := strings.Split(creds.Tokens[0], "/")
+ if len(sp) >= 3 {
+ containerRequest["runtime_token"] = strings.Join(sp[0:3], "/")
+ } else {
+ containerRequest["runtime_token"] = creds.Tokens[0]
+ }
}
}
req.ContentLength = int64(buf.Len())
req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
- resp, err := h.handler.remoteClusterRequest(*clusterId, req)
+ resp, err := h.handler.remoteClusterRequest(*clusterID, req)
h.handler.proxy.ForwardResponse(w, resp, err)
return true
}