X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/56e130608f8977d20b21c54f6ab8973d71e045a0..88bb9b9fc4392f4a3514ae59e3ffd454d3ce90a8:/lib/controller/rpc/conn.go

diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index e80542e3e1..c9c0ac308c 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -293,26 +293,42 @@ func (conn *Conn) ContainerUnlock(ctx context.Context, options arvados.GetOption
 // a running container. If the returned error is nil, the caller is
 // responsible for closing sshconn.Conn.
 func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSHOptions) (sshconn arvados.ContainerSSHConnection, err error) {
-	netconn, err := tls.Dial("tcp", net.JoinHostPort(conn.baseURL.Host, "https"), nil)
+	addr := conn.baseURL.Host
+	if strings.Index(addr, ":") < 1 || (strings.Contains(addr, "::") && addr[0] != '[') {
+		// hostname or ::1 or 1::1
+		addr = net.JoinHostPort(addr, "https")
+	}
+	insecure := false
+	if tlsconf := conn.httpClient.Transport.(*http.Transport).TLSClientConfig; tlsconf != nil && tlsconf.InsecureSkipVerify {
+		insecure = true
+	}
+	netconn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: insecure})
 	if err != nil {
+		err = fmt.Errorf("tls.Dial: %w", err)
 		return
 	}
+	defer func() {
+		if err != nil {
+			netconn.Close()
+		}
+	}()
 	bufr := bufio.NewReader(netconn)
 	bufw := bufio.NewWriter(netconn)
 
 	u, err := conn.baseURL.Parse("/" + strings.Replace(arvados.EndpointContainerSSH.Path, "{uuid}", options.UUID, -1))
 	if err != nil {
-		netconn.Close()
+		err = fmt.Errorf("tls.Dial: %w", err)
 		return
 	}
-	u.RawQuery = url.Values{"detach_keys": {options.DetachKeys}}.Encode()
+	u.RawQuery = url.Values{
+		"detach_keys":    {options.DetachKeys},
+		"login_username": {options.LoginUsername},
+	}.Encode()
 	tokens, err := conn.tokenProvider(ctx)
 	if err != nil {
-		netconn.Close()
 		return
 	} else if len(tokens) < 1 {
 		err = httpserver.ErrorWithStatus(errors.New("unauthorized"), http.StatusUnauthorized)
-		netconn.Close()
 		return
 	}
 	bufw.WriteString("GET " + u.String() + " HTTP/1.1\r\n")
@@ -323,20 +339,25 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH
 	bufw.Flush()
 	resp, err := http.ReadResponse(bufr, &http.Request{Method: "GET"})
 	if err != nil {
-		netconn.Close()
+		err = fmt.Errorf("http.ReadResponse: %w", err)
 		return
 	}
 	if resp.StatusCode != http.StatusSwitchingProtocols {
 		defer resp.Body.Close()
 		body, _ := ioutil.ReadAll(resp.Body)
-		err = fmt.Errorf("tunnel connection failed: %d %q", resp.StatusCode, body)
-		netconn.Close()
+		var message string
+		var errDoc httpserver.ErrorResponse
+		if err := json.Unmarshal(body, &errDoc); err == nil {
+			message = strings.Join(errDoc.Errors, "; ")
+		} else {
+			message = fmt.Sprintf("%q", body)
+		}
+		err = fmt.Errorf("server did not provide a tunnel: %s (HTTP %d)", message, resp.StatusCode)
 		return
 	}
 	if strings.ToLower(resp.Header.Get("Upgrade")) != "ssh" ||
 		strings.ToLower(resp.Header.Get("Connection")) != "upgrade" {
-		err = fmt.Errorf("bad response: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection"))
-		netconn.Close()
+		err = fmt.Errorf("bad response from server: Upgrade %q Connection %q", resp.Header.Get("Upgrade"), resp.Header.Get("Connection"))
 		return
 	}
 	sshconn.Conn = netconn
@@ -344,6 +365,13 @@ func (conn *Conn) ContainerSSH(ctx context.Context, options arvados.ContainerSSH
 	return
 }
 
+func (conn *Conn) ContainerRequestList(ctx context.Context, options arvados.ListOptions) (arvados.ContainerRequestList, error) {
+	ep := arvados.EndpointContainerRequestList
+	var resp arvados.ContainerRequestList
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}
+
 func (conn *Conn) SpecimenCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Specimen, error) {
 	ep := arvados.EndpointSpecimenCreate
 	var resp arvados.Specimen