Project

General

Profile

Story #2769

Updated by Tim Pierce over 10 years ago

New behavior: 
 * When DELETE request is received, verify token in Authorization header 
 ** call arvados.v1.users.current method and confirm is_admin==true 
 ** call arvados.v1.api_client_authorizations.get and confirm the token's @scopes@ contains @"all"@ [1] 
 * Maintain a cache {token → (is_admin, verified_timestamp)} with configurable TTL, so a series of N delete requests doesn't result in N token verifications. 
 * If the token passes verification, delete all copies of the specified block from all (non-read-only) volumes. 
 * Return value: 
 ** Respond 200 OK when the requested block was found on a local volume, with body like @{"copies_deleted":2,"copies_not_deleted":1}@ (this would mean one copy was found on a read-only volume, two copies were found on writable volumes). 
 ** Respond 404 Not Found if no blocks present at all (i.e. @{"copies_deleted":0,"copies_not_deleted":0}@ 
 ** Respond 403 Forbidden if the user token is valid (users.get responds 200) but does not allowed to delete blocks for some reason (additional work here pass is_admin/scopes verification, or users.get responds 403 (which is another scope problem). 
 ** Respond 401 Unauthorized If the token is invalid (users.get responds 401) (This probably means the token has been moved to #3483) expired.) 

 Race conditions: 
 * Refuse to delete a blob that has been PUT recently (i.e., age less than permission signature TTL). Enforcing this will involve tracking "most recent PUT" for each file, perhaps by updating modification timestamps. 
 ** Respond 422 if the target of an otherwise valid DELETE request is too new. 

 Configuration: 
 * @-no-delete@ flag disables DELETE functionality. Respond to valid DELETE requests with 405 (method not allowed) instead of deleting anything. 
 * @-token-cache-ttl@ argument specifies maximum age of token cache. Do not use a cache value older than this. (But do not bother with aggressive garbage collection.) 
 * @-token-cache-size@ argument specifies maximum number of entries in token cache. Delete oldest entry if the cache exceeds this size. 

 Notes: 
 * The same token cache will also be useful in the future for things like enforcing storage quotas, so please make it easy to add fields to the cache values. 

 fn1. If this turns into a big deal, skip it for now. 

Back