Actions
Bug #3206
closed
[Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client
Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Start date:
Due date:
% Done:
100%
Estimated time:
Story points:
1.0
Description
PUT "foo" at the same time (~1s) yields:
acbd18db4cc2f85cedef654fccc4a4d8+3+A4c4f3a5266482fc749c72d2265c533990ebe2aae@53cde0cf ← keepserveracbd18db4cc2f85cedef654fccc4a4d8+3+A9abcab7c98791fbf0c78ee385a8f3b0c2ec5975a@53cde0cf ← keepproxy
Quick scan of source code suggests PUT requests are done with the keep proxy's ARVADOS_API_TOKEN env var.
With my own token, arv-put fails:
arv-put foo.txt
0M / 0M 100.0%
Traceback (most recent call last):
File "/usr/local/bin/arv-put", line 4, in <module>
main()
File "/usr/local/lib/python2.7/dist-packages/arvados/commands/put.py", line 394, in main
'manifest_text': writer.manifest_text(),
File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute
raise HttpError(resp, content, uri=self.uri)
apiclient.errors.HttpError: <HttpError 403 when requesting https://qr1hi.arvadosapi.com/arvados/v1/collections?alt=json returned "Forbidden">
If I copy ARVADOS_API_TOKEN from keepproxy's environment into my own environment, arv-put succeeds:
$ arv-put foo.txt 0M / 0M 100.0% 83367e8913dcec0bf3fc25ed5a27eacb+49
...which seems to support this theory.
Updated by 
Updated by 
Updated by Anonymous
Actions