Actions
Task #2859
closed
Idea #2755: Implement Keep permission signatures in API server and Python SDK
Review 2755-python-sdk-permissions
Description
Review @ 5214573
2755: add support for signed locators in the Python SDK.
arvados.Keep.put()saves the response body (which may contain a signed locator) and returns it to the caller.arvados.Keep.get()passes the full signed locator to the remote Keep server. The bare MD5 hash is still used for caching and for shuffled_service_rootsrun_test_server.run_keep()takes arguments 'blob_signing_key' and 'enforce_permissions', for testing permission signatures in unit tests.
- test_keep_client: new unit tests for permissions:
- with
--enforce-permissions=true:- GET with a signed locator works
- GET with an unsigned locator fails
- unauthenticated GET fails
- with
--enforce-permissions=false:- GET with a signed locator works
- GET with an unsigned locator works
- unauthenticated GET works
- with
Bug fixes to permission handling in the Keep server:
- Locator hints may appear in any order; be flexible. Parse them in
GetBlockHandlerrather than in the REST router. - Returned locators are terminated with newline (consistent with Warehouse, and more friendly for human debugging).
- The locator returned from a PUT request always has a size hint.
- The correct Authorization header keyword is "OAuth2", not "OAuth". D'oh.
- Updated unit tests to accommodate newlines, size hints and OAuth2.
Refs #2755.
Updated by Tom Clegg almost 10 years ago
- Description updated (diff)
- Assigned To changed from Tom Clegg to Tim Pierce
Updated by Tim Pierce almost 10 years ago
- Assigned To changed from Tim Pierce to Tom Clegg
Updated by Tom Clegg almost 10 years ago
- Status changed from In Progress to Resolved
- Remaining (hours) changed from 2.0 to 0.0
Actions