16133: Don't take multiple hops when getting collections.

author Tom Clegg <tom@tomclegg.ca>

Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)

committer Tom Clegg <tom@tomclegg.ca>

Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)
author Tom Clegg <tom@tomclegg.ca>
Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)
committer Tom Clegg <tom@tomclegg.ca>
Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)
diff --git a/lib/controller/federation/conn.go b/lib/controller/federation/conn.go

index 4d4141ffd6a04b7b3fe793607959c678fe4a25b9..2aebc0e9707496807f96fa809fc24e111e5950e2 100644 (file)
--- a/lib/controller/federation/conn.go
+++ b/lib/controller/federation/conn.go
@@ -231,7 +231,13 @@ func (conn *Conn) CollectionGet(ctx context.Context, options arvados.GetOptions)
                 // UUID is a PDH
                 first := make(chan arvados.Collection, 1)
                 err := conn.tryLocalThenRemotes(ctx, func(ctx context.Context, remoteID string, be backend) error {
-                       if remoteID != "" && strings.Contains(downstream, remoteID) {
+                       if remoteID != "" && downstream != "" {
+                               // If remoteID isn't in downstream, we
+                               // might find the collection by taking
+                               // another hop, but we don't bother:
+                               // token salting and blob signature
+                               // rewriting don't work over multiple
+                               // hops.
                                 return notFoundError{}
                         }
                         c, err := be.CollectionGet(ctx, options)
author	Tom Clegg <tom@tomclegg.ca>
	Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)
committer	Tom Clegg <tom@tomclegg.ca>
	Thu, 6 Feb 2020 16:09:32 +0000 (11:09 -0500)