Story #3532

[Keep] Keepstore queries API server to verify tokens

Added by Tom Clegg over 4 years ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assigned To:
-
Category:
Keep
Target version:
Start date:
08/04/2014
Due date:
% Done:

100%

Estimated time:
(Total: 8.00 h)
Story points:
2.0

Description

  • Maintain a cache {token → (is_admin, verified_timestamp, expires_at)} with configurable TTL, so a series of N PUT/DELETE requests doesn't result in N token verifications.
  • The same token cache will also be useful in the future for things like enforcing storage quotas, so please make it easy to add fields to the cache values.
  • The token cache should be used to check validity of the client token during each PUT request (expires_at must not be in the past) and DELETE request (expires_at must not be in the past, and is_admin must be true).
Work in progress:
  • 2769-keep-lookup-admin-tokens branch
  • Very similar code exists already in keepproxy. Refactor this as a module that can be used by both servers?

Subtasks

Task #3272: Cache user authentication tokensClosed

Task #3475: Consult API server for user's admin status and scopes.Closed

History

#1 Updated by Tom Clegg over 4 years ago

  • Description updated (diff)

#2 Updated by Tim Pierce over 4 years ago

  • Status changed from New to In Progress
  • Assigned To set to Tim Pierce
  • Target version changed from Arvados Future Sprints to 2014-08-27 Sprint

Moving into 2014-08-27 sprint, as the principal work is done and this should only need review.

#3 Updated by Tim Pierce over 4 years ago

  • Story points changed from 2.0 to 1.0

#4 Updated by Tim Pierce over 4 years ago

Outstanding work for this story is on 2769-keep-lookup-admin-tokens. https://arvados.org/projects/arvados/repository?utf8=%E2%9C%93&rev=2769-keep-lookup-admin-tokens

#5 Updated by Tim Pierce over 4 years ago

  • Target version changed from 2014-08-27 Sprint to Arvados Future Sprints

#6 Updated by Tom Clegg about 4 years ago

  • Subject changed from [Keep] Blob server queries API server to verify tokens used in DELETE requests to [Keep] Blob server queries API server to verify tokens
  • Description updated (diff)

#7 Updated by Tom Clegg about 4 years ago

  • Subject changed from [Keep] Blob server queries API server to verify tokens to [Keep] Keepstore queries API server to verify tokens
  • Description updated (diff)
  • Category set to Keep
  • Status changed from In Progress to New
  • Assigned To deleted (Tim Pierce)

#8 Updated by Tom Clegg about 4 years ago

  • Target version changed from Arvados Future Sprints to 2015-02-18 sprint

#9 Updated by Tim Pierce almost 4 years ago

  • Assigned To set to Tim Pierce
  • Story points changed from 1.0 to 2.0

#10 Updated by Radhika Chippada almost 4 years ago

  • Assigned To changed from Tim Pierce to Radhika Chippada

After talking to Tim, I am assigning this to me. Tim will guide me through the development as needed.

#11 Updated by Tom Clegg almost 4 years ago

  • Target version changed from 2015-02-18 sprint to Arvados Future Sprints

#12 Updated by Radhika Chippada over 2 years ago

  • Assigned To deleted (Radhika Chippada)

#13 Updated by Tom Clegg 9 months ago

  • Status changed from New to Closed

Also available in: Atom PDF