Project

General

Profile

Actions

Story #2769

closed

[Keep] Keep supports DELETE requests

Added by Tim Pierce over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tim Pierce
Category:
Keep
Target version:
Start date:
07/25/2014
Due date:
% Done:

100%

Estimated time:
(Total: 22.00 h)
Story points:
3.0

Description

New behavior:
  • When DELETE request is received, verify token in Authorization header
    • call arvados.v1.users.current method and confirm is_admin==true
    • call arvados.v1.api_client_authorizations.get and confirm the token's scopes contains "all" [1]
  • Maintain a cache {token → (is_admin, verified_timestamp)} with configurable TTL, so a series of N delete requests doesn't result in N token verifications.
  • If the token passes verification, delete all copies of the specified block from all (non-read-only) volumes.
  • Return value:
    • Respond 200 OK when the requested block was found on a local volume, with body like {"copies_deleted":2,"copies_not_deleted":1} (this would mean one copy was found on a read-only volume, two copies were found on writable volumes).
    • Respond 404 Not Found if no blocks present at all (i.e. {"copies_deleted":0,"copies_not_deleted":0}
    • Respond 403 Forbidden if the user is not allowed to delete blocks for some reason (additional work here has been moved to #3483)
Race conditions:
  • Refuse to delete a blob that has been PUT recently (i.e., age less than permission signature TTL). Enforcing this will involve tracking "most recent PUT" for each file, perhaps by updating modification timestamps.
    • Respond 422 if the target of an otherwise valid DELETE request is too new.
Configuration:
  • -no-delete flag disables DELETE functionality. Respond to valid DELETE requests with 405 (method not allowed) instead of deleting anything.
  • -token-cache-ttl argument specifies maximum age of token cache. Do not use a cache value older than this. (But do not bother with aggressive garbage collection.)
  • -token-cache-size argument specifies maximum number of entries in token cache. Delete oldest entry if the cache exceeds this size.
Notes:
  • The same token cache will also be useful in the future for things like enforcing storage quotas, so please make it easy to add fields to the cache values.

1 If this turns into a big deal, skip it for now.


Subtasks 4 (0 open4 closed)

Task #3273: Add configuration flags for DELETE.ResolvedTom Clegg08/08/2014

Actions
Task #3271: Implement DELETE requestResolvedTim Pierce07/25/2014

Actions
Task #3422: Review 2769-keep-delete-requestResolvedMisha Zatsman07/25/2014

Actions
Task #3533: Review 2769-disable-delete-flagResolvedPeter Amstutz07/25/2014

Actions
Actions

Also available in: Atom PDF