Project

General

Profile

Actions

Bug #3206

closed

[Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client

Added by Tom Clegg over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Story points:
1.0

Description

PUT "foo" at the same time (~1s) yields:

acbd18db4cc2f85cedef654fccc4a4d8+3+A4c4f3a5266482fc749c72d2265c533990ebe2aae@53cde0cf ← keepserver
acbd18db4cc2f85cedef654fccc4a4d8+3+A9abcab7c98791fbf0c78ee385a8f3b0c2ec5975a@53cde0cf ← keepproxy

Quick scan of source code suggests PUT requests are done with the keep proxy's ARVADOS_API_TOKEN env var.

With my own token, arv-put fails:

arv-put foo.txt
0M / 0M 100.0% 
Traceback (most recent call last):
  File "/usr/local/bin/arv-put", line 4, in <module>
    main()
  File "/usr/local/lib/python2.7/dist-packages/arvados/commands/put.py", line 394, in main
    'manifest_text': writer.manifest_text(),
  File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute
    raise HttpError(resp, content, uri=self.uri)
apiclient.errors.HttpError: <HttpError 403 when requesting https://qr1hi.arvadosapi.com/arvados/v1/collections?alt=json returned "Forbidden">

If I copy ARVADOS_API_TOKEN from keepproxy's environment into my own environment, arv-put succeeds:

$ arv-put foo.txt
0M / 0M 100.0%
83367e8913dcec0bf3fc25ed5a27eacb+49

...which seems to support this theory.

Actions

Also available in: Atom PDF