X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/6d95130da47af9fd0290d3c8f80a0364faf74957..91f7e961f18c0ef8ae584d1c8a53d322b617efee:/lib/controller/fed_containers.go

diff --git a/lib/controller/fed_containers.go b/lib/controller/fed_containers.go
index 8bb68d171f..fd4f0521bc 100644
--- a/lib/controller/fed_containers.go
+++ b/lib/controller/fed_containers.go
@@ -19,7 +19,7 @@ import (
 func remoteContainerRequestCreate(
 	h *genericFederatedRequestHandler,
 	effectiveMethod string,
-	clusterId *string,
+	clusterID *string,
 	uuid string,
 	remainder string,
 	w http.ResponseWriter,
@@ -33,19 +33,20 @@ func remoteContainerRequestCreate(
 	creds := auth.NewCredentials()
 	creds.LoadTokensFromHTTPRequest(req)
 
-	currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+	currentUser, ok, err := h.handler.validateAPItoken(req, creds.Tokens[0])
 	if err != nil {
-		httpserver.Error(w, err.Error(), http.StatusForbidden)
+		httpserver.Error(w, err.Error(), http.StatusInternalServerError)
+		return true
+	} else if !ok {
+		httpserver.Error(w, "invalid API token", http.StatusForbidden)
 		return true
 	}
 
-	if *clusterId == "" {
-		*clusterId = h.handler.Cluster.ClusterID
-	}
-
-	if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) &&
-		*clusterId == h.handler.Cluster.ClusterID {
-		// local user submitting container request to local cluster
+	if *clusterID == "" || *clusterID == h.handler.Cluster.ClusterID {
+		// Submitting container request to local cluster. No
+		// need to set a runtime_token (rails api will create
+		// one when the container runs) or do a remote cluster
+		// request.
 		return false
 	}
 
@@ -65,14 +66,14 @@ func remoteContainerRequestCreate(
 
 	crString, ok := request["container_request"].(string)
 	if ok {
-		var crJson map[string]interface{}
-		err := json.Unmarshal([]byte(crString), &crJson)
+		var crJSON map[string]interface{}
+		err := json.Unmarshal([]byte(crString), &crJSON)
 		if err != nil {
 			httpserver.Error(w, err.Error(), http.StatusBadRequest)
 			return true
 		}
 
-		request["container_request"] = crJson
+		request["container_request"] = crJSON
 	}
 
 	containerRequest, ok := request["container_request"].(map[string]interface{})
@@ -116,7 +117,7 @@ func remoteContainerRequestCreate(
 	req.ContentLength = int64(buf.Len())
 	req.Header.Set("Content-Length", fmt.Sprintf("%v", buf.Len()))
 
-	resp, err := h.handler.remoteClusterRequest(*clusterId, req)
+	resp, err := h.handler.remoteClusterRequest(*clusterID, req)
 	h.handler.proxy.ForwardResponse(w, resp, err)
 	return true
 }