RBAC subuser clients unable to create subdirectories

[jperkin]

This is an issue we hit a long time ago, but unfortunately it looks like I didn't get the chance to log a PR about it at the time, and only recently when setting up some new hosts have I been running into it again. Sorry about that.

Background: We have RBAC subusers that manage subdirectories of the /pkgsrc account, posting bulk build reports under /pkgsrc/public/reports. The directory that they manage has the correct role-tag applied.

In short, the environment is correctly configured, and the subuser is able to create a directory successfully within their managed directory, and that directory has the appropriate role-tag applied to it:

$ export MANTA_URL=https://us-east.manta.joyent.com
$ export MANTA_USER=pkgsrc
$ export MANTA_SUBUSER=linux
$ mmkdir /pkgsrc/public/reports/Linux/test
$ minfo /pkgsrc/public/reports/Linux/test | grep role-tag
role-tag: manta-upload-linux

But if I try to use a Manta client such as muntar or manta-sync to upload directory contents, I get NoMatchingRoleTagError errors:

$ mkdir test
$ echo test >test/file
$ tar cf test.tar test
$ muntar -f test.tar /pkgsrc/public/reports/Linux/test
muntar: NoMatchingRoleTagError: None of your active roles are present on the resource.

This is specific to creating subdirectories. If I create a tar that contains just a file, then it works fine.

$ echo test >file
$ tar cf file.tar file
$ muntar -f file.tar /pkgsrc/public/reports/Linux/test
/pkgsrc/public/reports/Linux/test/file

The patch I've been using to fix this is as follows (against version 4.0.0):

diff -ru manta.orig/node_modules/manta/lib/client.js manta/node_modules/manta/lib/client.js
--- manta.orig/node_modules/manta/lib/client.js      2016-10-27 23:30:21.000000000 +0000
+++ manta/node_modules/manta/lib/client.js      2016-11-29 19:00:32.000000000 +0000
@@ -1740,7 +1740,13 @@
             path.posix.normalize(sprintf('/%s/%s/%s', root, tmp, _d));

         tasks.push(function _mkdir(_, _cb) {
-            self.mkdir(_dir, _opts, _cb);
+            self.info(_dir, _opts, function (err, check) {
+                if (err && err.name === 'NotFoundError') {
+                    self.mkdir(_dir, _opts, _cb);
+                } else {
+                    _cb(null);
+                }
+            });
         });
     });

I can't find any logs which discusses exactly why this change fixes the issue, but I'm wondering if it's related to similar issues around mkdirp and role tags being wiped.

I've applied this patch to my newer hosts running the latest node-manta and it resolves the issue there too:

$ muntar -f test.tar /pkgsrc/public/reports/Linux/test
/pkgsrc/public/reports/Linux/test/test/file