Arvados

We've received a report about arvados-ws getting errors from the API server.

This is what happens:

$ curl -k -G --data-urlencode 'select=["uuid"]' -H "Authorization: OAuth2 ---token---" https://example-host/arvados/v1/api_client_authorizations/some-valid-uuid
{"errors":["//railsapi.internal/arvados/v1/api_client_authorizations/some-valid-uuid?select=%5B%22uuid%22%5D: 422 Unprocessable Entity: #\u003cActiveModel::MissingAttributeError: missing attribute: api_token\u003e (req-c2h9urh6s0p0xvowm555)"]}

The arvados-ws services does a request like this and it has been doing it since 2017 (line 80):

https://dev.arvados.org/projects/arvados/repository/diff/services/ws/permission.go?utf8=✓&rev=ba418300c50e1375ca9938562579b7bd6bf9490d&rev_to=0f644e242ef37c911ad3dc25aca8135c339de349

RailsAPI attempts to access the api_token field in an after_initialize hook:

https://dev.arvados.org/projects/arvados/repository/revisions/608e8f79c3fb5cb7077fce4a0b497c5c93d6d6d0/entry/services/api/app/models/api_client_authorization.rb#L38

...but because the request does a select=["uuid"], that field isn't available.

Manual testing with arvbox determined that this is a regression introduced in the 2.3.0 release.