projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
6260: add check in datamanager to ensure that the configured datamanager token belong...
[arvados.git] / services / datamanager / datamanager.go
diff --git a/services/datamanager/datamanager.go b/services/datamanager/datamanager.go
index 70a9ae785956396bab936e73b1a7f6ed04c63731..8ca107b1e5b71119a8e32a22c56b3c8c6d36035b 100644 (file)
--- a/services/datamanager/datamanager.go
+++ b/services/datamanager/datamanager.go
@@ -84,6 +84,17 @@ func singlerun() error {
                arvLogger.AddWriteHook(loggerutil.LogMemoryAlloc)
        }
 
+  // Verify that datamanager token belongs to an admin user
+  dataManagerToken := keep.GetDataManagerToken(arvLogger)
+  origArvToken := arv.ApiToken
+  arv.ApiToken = dataManagerToken
+       if is_admin, err := util.UserIsAdmin(arv); err != nil {
+               log.Fatalf("Error querying arvados user for data manager token %s", err.Error())
+       } else if !is_admin {
+               log.Fatalf("Datamanager token does not belong to an admin user.")
+       }
+  arv.ApiToken = origArvToken
+
        var (
                dataFetcher     summary.DataFetcher
                readCollections collection.ReadCollections
@@ -154,7 +165,7 @@ func singlerun() error {
        if trashErr != nil {
                return err
        } else {
-               keep.SendTrashLists(keep.GetDataManagerToken(arvLogger), kc, trashLists)
+               keep.SendTrashLists(dataManagerToken, kc, trashLists)
        }
 
        return nil