From b36492a0a569b9116ccf156430c901f4002d8814 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 21 Jan 2021 17:00:00 -0500 Subject: [PATCH] 17170: Re-word comment, document ...-Login-Username header. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- lib/crunchrun/container_gateway.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/crunchrun/container_gateway.go b/lib/crunchrun/container_gateway.go index 3764a8a439..d234e93415 100644 --- a/lib/crunchrun/container_gateway.go +++ b/lib/crunchrun/container_gateway.go @@ -126,8 +126,9 @@ func (gw *Gateway) Start() error { return nil } -// handleSSH connects to an SSH server that runs commands as root in -// the container. The tunnel itself can only be created by an +// handleSSH connects to an SSH server that allows the caller to run +// interactive commands as root (or any other desired user) inside the +// container. The tunnel itself can only be created by an // authenticated caller, so the SSH server itself is wide open (any // password or key will be accepted). // @@ -140,10 +141,12 @@ func (gw *Gateway) Start() error { // hmac(AuthSecret,certfingerprint) (this prevents other containers // and shell nodes from connecting directly) // -// Optional header: +// Optional headers: // -// X-Arvados-Detach-Keys: argument to "docker attach --detach-keys", +// X-Arvados-Detach-Keys: argument to "docker exec --detach-keys", // e.g., "ctrl-p,ctrl-q" +// X-Arvados-Login-Username: argument to "docker exec --user": account +// used to run command(s) inside the container. func (gw *Gateway) handleSSH(w http.ResponseWriter, req *http.Request) { // In future we'll handle browser traffic too, but for now the // only traffic we expect is an SSH tunnel from -- 2.30.2