[API] container requests can have broken references to containers
The database does not enforce foreign key consistency on the container_uuid column. It is possible to delete a container that has container requests referring to it. If a container request has a reference to a container record that no longer exists, clients such as workbench break badly.
Related, it is intended that normal (non-admin) users cannot delete container records, but that may be missing a permission check.
Updated by Eric Biagiotti over 4 years ago
- Would an update to the delete method doc (https://doc.arvados.org/v1.4/api/methods/containers.html) saying that this is an admin only method and will break things if a container request still refers to it be helpful?
- If we are doing a 1.4.2 release, should this be included?
Other than that, this LGTM.
Updated by Tom Clegg over 4 years ago
15656-user-delete-container @ d22da8c4ae59fa50bfecaf3c5857fe8c0cc5fae7
"This API requires admin privileges. In normal operation, it should not be used at all. API clients like Workbench might not work correctly when a container request references a container that has been deleted."