projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
14345: Use "." placeholder to persist empty directories.
[arvados.git] / lib / controller / fed_containers.go
diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index a3c292583f2df626f2323449f93ff3752d746a3d..5c5501d22c73767f87f74d5b5439927c4c4282bb 100644 (file)
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -9,8 +9,8 @@ import (
        "encoding/json"
        "fmt"
        "io/ioutil"
-       "log"
        "net/http"
+       "strings"
 
        "git.curoverse.com/arvados.git/sdk/go/auth"
        "git.curoverse.com/arvados.git/sdk/go/httpserver"
@@ -64,8 +64,6 @@ func remoteContainerRequestCreate(
 
        // If runtime_token is not set, create a new token
        if _, ok := containerRequest["runtime_token"]; !ok {
-               log.Printf("ok %v", ok)
-
                // First make sure supplied token is valid.
                creds := auth.NewCredentials()
                creds.LoadTokensFromHTTPRequest(req)
@@ -81,12 +79,15 @@ func remoteContainerRequestCreate(
                        return true
                }
 
-               newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
-               if err != nil {
-                       httpserver.Error(w, err.Error(), http.StatusForbidden)
-                       return true
+               // Must be home cluster for this authorization
+               if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) {
+                       newtok, err := h.handler.createAPItoken(req, currentUser.UUID, nil)
+                       if err != nil {
+                               httpserver.Error(w, err.Error(), http.StatusForbidden)
+                               return true
+                       }
+                       containerRequest["runtime_token"] = newtok.TokenV2()
                }
-               containerRequest["runtime_token"] = newtok.TokenV2()
        }
 
        newbody, err := json.Marshal(request)
@@ -95,10 +96,7 @@ func remoteContainerRequestCreate(
        req.ContentLength = int64(buf.Len())
        req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
 
-       resp, cancel, err := h.handler.remoteClusterRequest(*clusterId, req)
-       if cancel != nil {
-               defer cancel()
-       }
+       resp, err := h.handler.remoteClusterRequest(*clusterId, req)
        h.handler.proxy.ForwardResponse(w, resp, err)
        return true
 }