6260: Continue to force never_delete to be true until #6221 is resolved; in the meant...

[arvados.git] / services / datamanager / datamanager.go

diff --git a/services/datamanager/datamanager.go b/services/datamanager/datamanager.go
index 70a9ae785956396bab936e73b1a7f6ed04c63731..8f3109362b7ee3def6ebc32c9755f937348fb81e 100644 (file)
--- a/services/datamanager/datamanager.go
+++ b/services/datamanager/datamanager.go
@@ -84,6 +84,17 @@ func singlerun() error {
                arvLogger.AddWriteHook(loggerutil.LogMemoryAlloc)
        }
 
+       // Verify that datamanager token belongs to an admin user
+       dataManagerToken := keep.GetDataManagerToken(arvLogger)
+       origArvToken := arv.ApiToken
+       arv.ApiToken = dataManagerToken
+       if is_admin, err := util.UserIsAdmin(arv); err != nil {
+               log.Fatalf("Error querying arvados user for data manager token %s", err.Error())
+       } else if !is_admin {
+               log.Fatalf("Datamanager token does not belong to an admin user.")
+       }
+       arv.ApiToken = origArvToken
+
        var (
                dataFetcher     summary.DataFetcher
                readCollections collection.ReadCollections
@@ -154,7 +165,7 @@ func singlerun() error {
        if trashErr != nil {
                return err
        } else {
-               keep.SendTrashLists(keep.GetDataManagerToken(arvLogger), kc, trashLists)
+               keep.SendTrashLists(dataManagerToken, kc, trashLists)
        }
 
        return nil