X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2581a27602bd98fa532926efc02d9401ee095108..31ef294c700811eae8ade8dfc5fcb7ec40d1ad2e:/tools/keep-block-check/keep-block-check.go

diff --git a/tools/keep-block-check/keep-block-check.go b/tools/keep-block-check/keep-block-check.go
index ceafa8c7ef..6cf11a7280 100644
--- a/tools/keep-block-check/keep-block-check.go
+++ b/tools/keep-block-check/keep-block-check.go
@@ -48,6 +48,11 @@ func doMain(args []string) error {
 		"",
 		"Block hash prefix. When a prefix is specified, only hashes listed in the file with this prefix will be checked.")
 
+	blobSignatureTTLFlag := flags.Duration(
+		"blob-signature-ttl",
+		0,
+		"Lifetime of blob permission signatures on the keepservers. If not provided, this will be retrieved from the API server's discovery document.")
+
 	verbose := flags.Bool(
 		"v",
 		false,
@@ -68,12 +73,12 @@ func doMain(args []string) error {
 	}
 
 	// setup keepclient
-	kc, err := setupKeepClient(config, *keepServicesJSON)
+	kc, blobSignatureTTL, err := setupKeepClient(config, *keepServicesJSON, *blobSignatureTTLFlag)
 	if err != nil {
 		return fmt.Errorf("Error configuring keepclient: %s", err.Error())
 	}
 
-	return performKeepBlockCheck(kc, blobSigningKey, blockLocators, *verbose)
+	return performKeepBlockCheck(kc, blobSignatureTTL, blobSigningKey, blockLocators, *verbose)
 }
 
 type apiConfig struct {
@@ -138,7 +143,7 @@ func readConfigFromFile(filename string) (config apiConfig, blobSigningKey strin
 }
 
 // setup keepclient using the config provided
-func setupKeepClient(config apiConfig, keepServicesJSON string) (kc *keepclient.KeepClient, err error) {
+func setupKeepClient(config apiConfig, keepServicesJSON string, blobSignatureTTL time.Duration) (kc *keepclient.KeepClient, ttl time.Duration, err error) {
 	arv := arvadosclient.ArvadosClient{
 		ApiToken:    config.APIToken,
 		ApiServer:   config.APIHost,
@@ -162,6 +167,17 @@ func setupKeepClient(config apiConfig, keepServicesJSON string) (kc *keepclient.
 		}
 	}
 
+	// Get if blobSignatureTTL is not provided
+	ttl = blobSignatureTTL
+	if blobSignatureTTL == 0 {
+		value, err := arv.Discovery("blobSignatureTtl")
+		if err == nil {
+			ttl = time.Duration(int(value.(float64))) * time.Second
+		} else {
+			return nil, 0, err
+		}
+	}
+
 	return
 }
 
@@ -191,7 +207,7 @@ func getBlockLocators(locatorFile, prefix string) (locators []string, err error)
 }
 
 // Get block headers from keep. Log any errors.
-func performKeepBlockCheck(kc *keepclient.KeepClient, blobSigningKey string, blockLocators []string, verbose bool) error {
+func performKeepBlockCheck(kc *keepclient.KeepClient, blobSignatureTTL time.Duration, blobSigningKey string, blockLocators []string, verbose bool) error {
 	totalBlocks := len(blockLocators)
 	notFoundBlocks := 0
 	current := 0
@@ -203,7 +219,7 @@ func performKeepBlockCheck(kc *keepclient.KeepClient, blobSigningKey string, blo
 		getLocator := locator
 		if blobSigningKey != "" {
 			expiresAt := time.Now().AddDate(0, 0, 1)
-			getLocator = keepclient.SignLocator(locator, kc.Arvados.ApiToken, expiresAt, []byte(blobSigningKey))
+			getLocator = keepclient.SignLocator(locator, kc.Arvados.ApiToken, expiresAt, blobSignatureTTL, []byte(blobSigningKey))
 		}
 
 		_, _, err := kc.Ask(getLocator)