Task #2859
Updated by Tom Clegg almost 10 years ago
Review @ commit:5214573
2755: add support for signed locators in the Python SDK.
* @arvados.Keep.put()@ saves the response body (which may contain a signed locator) and returns it to the caller.
* @arvados.Keep.get()@ passes the full signed locator to the remote Keep server. The bare MD5 hash is still used for caching and for shuffled_service_roots
* @run_test_server.run_keep()@ takes arguments 'blob_signing_key' and 'enforce_permissions', for testing permission signatures in unit tests.
* test_keep_client: new unit tests for permissions:
** with @--enforce-permissions=true@:
*** GET with a signed locator works
*** GET with an unsigned locator fails
*** unauthenticated GET fails
** with @--enforce-permissions=false@:
*** GET with a signed locator works
*** GET with an unsigned locator works
*** unauthenticated GET works
Bug fixes to permission handling in the Keep server:
* Locator hints may appear in any order; be flexible. Parse them in @GetBlockHandler@ rather than in the REST router.
* Returned locators are terminated with newline (consistent with Warehouse, and more friendly for human debugging).
* The locator returned from a PUT request always has a size hint.
* The correct Authorization header keyword is "OAuth2", not "OAuth". D'oh.
* Updated unit tests to accommodate newlines, size hints and OAuth2.
Refs #2755.