...provided both local and remote clusters use the same login cluster.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
- ctxlog.FromContext(req.Context()).Infof("saltAuthToken: cluster %s token %s remote %s", h.Cluster.ClusterID, creds.Tokens[0], remote)
+ ctxlog.FromContext(req.Context()).Debugf("saltAuthToken: cluster %s token %s remote %s", h.Cluster.ClusterID, creds.Tokens[0], remote)
token, err := auth.SaltToken(creds.Tokens[0], remote)
token, err := auth.SaltToken(creds.Tokens[0], remote)
- if err == auth.ErrObsoleteToken {
+ if err == auth.ErrObsoleteToken || err == auth.ErrTokenFormat {
// If the token exists in our own database for our own
// user, salt it for the remote. Otherwise, assume it
// was issued by the remote, and pass it through
// If the token exists in our own database for our own
// user, salt it for the remote. Otherwise, assume it
// was issued by the remote, and pass it through
tokens = append(tokens, salted)
case auth.ErrSalted:
tokens = append(tokens, token)
tokens = append(tokens, salted)
case auth.ErrSalted:
tokens = append(tokens, token)
+ case auth.ErrTokenFormat:
+ // pass through unmodified (assume it's an OIDC access token)
+ tokens = append(tokens, token)
case auth.ErrObsoleteToken:
ctx := auth.NewContext(ctx, &auth.Credentials{Tokens: []string{token}})
aca, err := local.APIClientAuthorizationCurrent(ctx, arvados.GetOptions{})
case auth.ErrObsoleteToken:
ctx := auth.NewContext(ctx, &auth.Credentials{Tokens: []string{token}})
aca, err := local.APIClientAuthorizationCurrent(ctx, arvados.GetOptions{})
accesstoken := s.oidcprovider.ValidAccessToken()
for _, clusterID := range []string{"z1111", "z2222"} {
accesstoken := s.oidcprovider.ValidAccessToken()
for _, clusterID := range []string{"z1111", "z2222"} {
- c.Logf("trying clusterid %s", clusterID)
-
- conn := s.testClusters[clusterID].Conn()
- ctx, ac, kc := s.testClusters[clusterID].ClientsWithToken(accesstoken)
var coll arvados.Collection
// Write some file data and create a collection
{
var coll arvados.Collection
// Write some file data and create a collection
{
+ c.Logf("save collection to %s", clusterID)
+
+ conn := s.testClusters[clusterID].Conn()
+ ctx, ac, kc := s.testClusters[clusterID].ClientsWithToken(accesstoken)
+
fs, err := coll.FileSystem(ac, kc)
c.Assert(err, check.IsNil)
f, err := fs.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
fs, err := coll.FileSystem(ac, kc)
c.Assert(err, check.IsNil)
f, err := fs.OpenFile("test.txt", os.O_CREATE|os.O_RDWR, 0777)
c.Assert(err, check.IsNil)
}
c.Assert(err, check.IsNil)
}
- // Read the collection & file data
- {
+ // Read the collection & file data -- both from the
+ // cluster where it was created, and from the other
+ // cluster.
+ for _, readClusterID := range []string{"z1111", "z2222", "z3333"} {
+ c.Logf("retrieve %s from %s", coll.UUID, readClusterID)
+
+ conn := s.testClusters[readClusterID].Conn()
+ ctx, ac, kc := s.testClusters[readClusterID].ClientsWithToken(accesstoken)
+
user, err := conn.UserGetCurrent(ctx, arvados.GetOptions{})
c.Assert(err, check.IsNil)
c.Check(user.FullName, check.Equals, "Example User")
user, err := conn.UserGetCurrent(ctx, arvados.GetOptions{})
c.Assert(err, check.IsNil)
c.Check(user.FullName, check.Equals, "Example User")
- coll, err = conn.CollectionGet(ctx, arvados.GetOptions{UUID: coll.UUID})
+ readcoll, err := conn.CollectionGet(ctx, arvados.GetOptions{UUID: coll.UUID})
c.Assert(err, check.IsNil)
c.Assert(err, check.IsNil)
- c.Check(coll.ManifestText, check.Not(check.Equals), "")
- fs, err := coll.FileSystem(ac, kc)
+ c.Check(readcoll.ManifestText, check.Not(check.Equals), "")
+ fs, err := readcoll.FileSystem(ac, kc)
c.Assert(err, check.IsNil)
f, err := fs.Open("test.txt")
c.Assert(err, check.IsNil)
c.Assert(err, check.IsNil)
f, err := fs.Open("test.txt")
c.Assert(err, check.IsNil)
if err != nil {
return loginError(fmt.Errorf("error in OAuth2 exchange: %s", err))
}
if err != nil {
return loginError(fmt.Errorf("error in OAuth2 exchange: %s", err))
}
+ ctxlog.FromContext(ctx).WithField("oauth2Token", oauth2Token).Debug("oauth2 exchange succeeded")
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
return loginError(errors.New("error in OAuth2 exchange: no ID token in OAuth2 token"))
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
return loginError(errors.New("error in OAuth2 exchange: no ID token in OAuth2 token"))