8936: update keep-block-check and keep-rsync to properly use blob-signature-ttl to...

[arvados.git] / tools / keep-block-check / keep-block-check.go

diff --git a/tools/keep-block-check/keep-block-check.go b/tools/keep-block-check/keep-block-check.go
index 646d417d880e2941ab7b785dab4b8c3328fe3df4..6cf11a728075c60990c1b049c0fb916cea5cd5d5 100644 (file)
--- a/tools/keep-block-check/keep-block-check.go
+++ b/tools/keep-block-check/keep-block-check.go
@@ -48,6 +48,11 @@ func doMain(args []string) error {
                "",
                "Block hash prefix. When a prefix is specified, only hashes listed in the file with this prefix will be checked.")
 
+       blobSignatureTTLFlag := flags.Duration(
+               "blob-signature-ttl",
+               0,
+               "Lifetime of blob permission signatures on the keepservers. If not provided, this will be retrieved from the API server's discovery document.")
+
        verbose := flags.Bool(
                "v",
                false,
@@ -68,12 +73,12 @@ func doMain(args []string) error {
        }
 
        // setup keepclient
-       kc, err := setupKeepClient(config, *keepServicesJSON)
+       kc, blobSignatureTTL, err := setupKeepClient(config, *keepServicesJSON, *blobSignatureTTLFlag)
        if err != nil {
                return fmt.Errorf("Error configuring keepclient: %s", err.Error())
        }
 
-       return performKeepBlockCheck(kc, blobSigningKey, blockLocators, *verbose)
+       return performKeepBlockCheck(kc, blobSignatureTTL, blobSigningKey, blockLocators, *verbose)
 }
 
 type apiConfig struct {
@@ -138,7 +143,7 @@ func readConfigFromFile(filename string) (config apiConfig, blobSigningKey strin
 }
 
 // setup keepclient using the config provided
-func setupKeepClient(config apiConfig, keepServicesJSON string) (kc *keepclient.KeepClient, err error) {
+func setupKeepClient(config apiConfig, keepServicesJSON string, blobSignatureTTL time.Duration) (kc *keepclient.KeepClient, ttl time.Duration, err error) {
        arv := arvadosclient.ArvadosClient{
                ApiToken:    config.APIToken,
                ApiServer:   config.APIHost,
@@ -162,6 +167,17 @@ func setupKeepClient(config apiConfig, keepServicesJSON string) (kc *keepclient.
                }
        }
 
+       // Get if blobSignatureTTL is not provided
+       ttl = blobSignatureTTL
+       if blobSignatureTTL == 0 {
+               value, err := arv.Discovery("blobSignatureTtl")
+               if err == nil {
+                       ttl = time.Duration(int(value.(float64))) * time.Second
+               } else {
+                       return nil, 0, err
+               }
+       }
+
        return
 }
 
@@ -191,19 +207,19 @@ func getBlockLocators(locatorFile, prefix string) (locators []string, err error)
 }
 
 // Get block headers from keep. Log any errors.
-func performKeepBlockCheck(kc *keepclient.KeepClient, blobSigningKey string, blockLocators []string, verbose bool) error {
+func performKeepBlockCheck(kc *keepclient.KeepClient, blobSignatureTTL time.Duration, blobSigningKey string, blockLocators []string, verbose bool) error {
        totalBlocks := len(blockLocators)
        notFoundBlocks := 0
        current := 0
        for _, locator := range blockLocators {
                current++
                if verbose {
-                       log.Printf("Checking block %d of %d: %v", current, totalBlocks, locator)
+                       log.Printf("Verifying block %d of %d: %v", current, totalBlocks, locator)
                }
                getLocator := locator
                if blobSigningKey != "" {
                        expiresAt := time.Now().AddDate(0, 0, 1)
-                       getLocator = keepclient.SignLocator(locator, kc.Arvados.ApiToken, expiresAt, []byte(blobSigningKey))
+                       getLocator = keepclient.SignLocator(locator, kc.Arvados.ApiToken, expiresAt, blobSignatureTTL, []byte(blobSigningKey))
                }
 
                _, _, err := kc.Ask(getLocator)