Story #2755

Updated by Tom Clegg over 5 years ago

h3. Phase 1

* Collections.create() - verify permission signatures in provided manifest_text. Strip them -- and all other +whatever hints except one size hint -- before verifying @uuid==hash(manifest_text)@ and storing manifest_text in database.
** Pass signature verification step (until Phase 4) if a blob locator is missing the permission signature entirely.
Collections.get() - return a manifest_text with a +A... permission signature added to each blob locator.

(Phase 1 can be deployed any time now.)

h3. Phase 2

* Python SDK, when writing a collection,
** Stop throwing away the +A
Collections.create() - verify permission signatures that (might) emanate from the keep servers during Keep.put().
** In arv-put, include the +A signatures
in the provided manifest_text. Strip them before storing manifest_text when sending to server.
** In arv-put, compute collection uuid based on a version of manifest_text with the +A signatures (and all other +anything other than +size) stripped off.
** For good form, when doing collections.create()
in arv-put, ensure the UUID returned by API server matches the one you sent. database and verifying @uuid==hash(manifest_text)@
* Python SDK, when reading creating a blob,
** Set "Authorization: OAuth2 $ARVADOS_API_TOKEN" header
collection - strip +A... permission signatures before computing uuid (but supply them in http requests to Keep servers.

(Phase 2 package
manifest_text so they can be published any time now.)

h3. Phase 3

* Deploy Keep server with signature _generation_ feature enabled.
* Test old and new Python clients.

h3. Phase 4

*Upgrade all python SDKs/clients first. Then:*

* Remove "no signature provided" exemption from API server.
* Enable signature _verification_ on keep servers.