Arvados » Arvados Epics

“Frozen” project state is modeled with a new uuid attribute (database field) of Arvados projects called "frozen_by_uuid”. Users with “can_manage” permission are allowed to set "frozen_by_uuid" (which is set to that user). Once set, "frozen_by_uuid" state cannot be cleared, except by an admin.

The "frozen" state applies recursively to everything owned by the project: collections, workflow provenance, etc. Objects owned by the project cannot be independently un-frozen (but they can be copied). To modify an object inside a frozen project, the entire project must first be un-frozen (which can only be done by admins).

Objects that are frozen or are owned directly or indirectly by a project in the frozen state are read-only and cannot be modified by users that would normally have write permission, including admins.

• Cannot create/move objects within a frozen project (owner_uuid of a create or update operation cannot be a frozen project)
• Cannot move objects out of an frozen project (owner_uuid of frozen object cannot be changed)
• Cannot update any other field on archived objects, e.g. “name”, “manifest_text”
• Cannot delete objects owned by archived project or modify trash_at, delete_at
• Cannot freeze a project that contains objects with “trash_at” or “delete_at” set (attempt to set “frozen” will return an error with at least one object uuid which is blocking freezing)
• Cannot trash a project that contains frozen objects (attempt to set “trash_at” will return an error)
• Users with “can_manage” permission can still control sharing (create and remove permission links for frozen objects)

Make it configurable that in order to freeze a project, the description field or some other named properties must be non-empty.

In order to freeze a project, update the "frozen_by_uuid" field to the current user. Any other value is rejected. An admin un-freezes a project by setting "frozen_by_uuid" to "" (empty string).

• optional parameter "dry_run" or "no_op" on the freeze project call which only checks if a project is valid to freeze, but does not commit the change
  • the "dry_run" parameter provides a structured response either indicating the operation would be successful, or a list of reasons it would fail
  • Returns a 200 response on success with content just {"uuid": "..."} and a 4xx response if the operation would fail
• Trashed items in a frozen project are not returned with "include_trash" (should be explicitly filtered out from the call), from the user's perspective, trashed items in a frozen project are immediately gone, unless the project is un-frozen.

The following Workbench 2 features will be implemented by the customer:

• Add button to Workbench 2 enabling users to freeze a project (with warning). Workbench 2 will determine if an object or direct/indirect owner is frozen and adds an “Frozen” badge to the display.
• Workbench 2 feature to assist in making a project valid to freeze: If items exist with “trash_at” or “delete_at”, prompt user if they want to un-trash all of them, or move them out of the project to be frozen.