Bug #3206: [Keep] Keep proxy uses API token from its env var for PUT requests, instead of token provided by client - Arvados

Bug #3206

PUT "foo" at the same time (~1s) yields: 

 @acbd18db4cc2f85cedef654fccc4a4d8+3+A4c4f3a5266482fc749c72d2265c533990ebe2aae@53cde0cf@ &larr; keepserver 
 @acbd18db4cc2f85cedef654fccc4a4d8+3+A9abcab7c98791fbf0c78ee385a8f3b0c2ec5975a@53cde0cf@ &larr; keepproxy 

 Quick scan of source code suggests PUT requests are done with the keep proxy's @ARVADOS_API_TOKEN@ env var. 

 With my own token, arv-put fails: 

 <pre> 
 arv-put foo.txt 
 0M / 0M 100.0%  
 Traceback (most recent call last): 
   File "/usr/local/bin/arv-put", line 4, in <module> 
     main() 
   File "/usr/local/lib/python2.7/dist-packages/arvados/commands/put.py", line 394, in main 
     'manifest_text': writer.manifest_text(), 
   File "/usr/local/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper 
     return wrapped(*args, **kwargs) 
   File "/usr/local/lib/python2.7/dist-packages/apiclient/http.py", line 723, in execute 
     raise HttpError(resp, content, uri=self.uri) 
 apiclient.errors.HttpError: <HttpError 403 when requesting https://qr1hi.arvadosapi.com/arvados/v1/collections?alt=json returned "Forbidden"> 
 </pre> 

 If I copy ARVADOS_API_TOKEN from keepproxy's environment into my own environment, arv-put succeeds: 

 <pre> 
 $ arv-put foo.txt 
 0M / 0M 100.0% 
 83367e8913dcec0bf3fc25ed5a27eacb+49 
 </pre> 

 ...which seems to support this theory.

Back

Project

General

Profile

Arvados

Bug #3206