Task #2859

Story #2755: Implement Keep permission signatures in API server and Python SDK

Review 2755-python-sdk-permissions

Added by Tim Pierce about 5 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Start date:
05/14/2014
Due date:
% Done:

0%

Estimated time:
2.00 h

Description

Review @ 5214573

2755: add support for signed locators in the Python SDK.

  • arvados.Keep.put() saves the response body (which may contain a signed locator) and returns it to the caller.
  • arvados.Keep.get() passes the full signed locator to the remote Keep server. The bare MD5 hash is still used for caching and for shuffled_service_roots
  • run_test_server.run_keep() takes arguments 'blob_signing_key' and 'enforce_permissions', for testing permission signatures in unit tests.
  • test_keep_client: new unit tests for permissions:
    • with --enforce-permissions=true:
      • GET with a signed locator works
      • GET with an unsigned locator fails
      • unauthenticated GET fails
    • with --enforce-permissions=false:
      • GET with a signed locator works
      • GET with an unsigned locator works
      • unauthenticated GET works

Bug fixes to permission handling in the Keep server:

  • Locator hints may appear in any order; be flexible. Parse them in GetBlockHandler rather than in the REST router.
  • Returned locators are terminated with newline (consistent with Warehouse, and more friendly for human debugging).
  • The locator returned from a PUT request always has a size hint.
  • The correct Authorization header keyword is "OAuth2", not "OAuth". D'oh.
  • Updated unit tests to accommodate newlines, size hints and OAuth2.

Refs #2755.

History

#1 Updated by Tim Pierce about 5 years ago

  • Description updated (diff)

#2 Updated by Tom Clegg about 5 years ago

  • Status changed from New to In Progress

#3 Updated by Tom Clegg about 5 years ago

  • Description updated (diff)
  • Assigned To changed from Tom Clegg to Tim Pierce

#4 Updated by Tim Pierce about 5 years ago

  • Assigned To changed from Tim Pierce to Tom Clegg

#5 Updated by Tom Clegg about 5 years ago

  • Status changed from In Progress to Resolved
  • Remaining (hours) changed from 2.0 to 0.0

Also available in: Atom PDF