[API] container requests can have broken references to containers
The database does not enforce foreign key consistency on the container_uuid column. It is possible to delete a container that has container requests referring to it. If a container request has a reference to a container record that no longer exists, clients such as workbench break badly.
Related, it is intended that normal (non-admin) users cannot delete container records, but that may be missing a permission check.
15656-user-delete-container @ 5fef2516e249671d288b35ba99a3c6730de0be91 -- https://ci.curoverse.com/view/Developer/job/developer-run-tests/1550/
15656-user-delete-container @ 55e5a470d6430d2026b94892112be6d985bcef09 -- https://ci.curoverse.com/view/Developer/job/developer-run-tests/1567/
#7 Updated by Eric Biagiotti 2 months ago
- Would an update to the delete method doc (https://doc.arvados.org/v1.4/api/methods/containers.html) saying that this is an admin only method and will break things if a container request still refers to it be helpful?
- If we are doing a 1.4.2 release, should this be included?
Other than that, this LGTM.
15656-user-delete-container @ d22da8c4ae59fa50bfecaf3c5857fe8c0cc5fae7
"This API requires admin privileges. In normal operation, it should not be used at all. API clients like Workbench might not work correctly when a container request references a container that has been deleted."