Project

General

Profile

Story #2769

Updated by Tom Clegg over 8 years ago

New behavior: 
 * When DELETE request is received, verify token in Authorization header 
 ** call arvados.v1.users.current method and confirm is_admin==true 
 ** call arvados.v1.api_client_authorizations.get and confirm the token's @scopes@ contains @"all"@ [1] 
 * Maintain a cache {token → (is_admin, verified_timestamp)} with configurable TTL, so a series of N delete requests doesn't result in N token verifications. 
 * If the token passes verification, delete all copies of the specified block from all (non-read-only) volumes. Respond 200 OK with body like @{"copies_deleted":2,"copies_not_deleted":1}@ (this would mean one copy was found on a read-only volume, two copies were found on writable volumes). 
 * If the token is valid (users.get responds 200) but does not pass is_admin/scopes verification, or users.get responds 403 (which is another scope problem), respond 403 Forbidden. 
 * If the token is invalid (users.get responds 401), respond 401 Unauthorized. (This probably means the token has expired.) 

 Configuration: 
 * @-no-delete@ flag disables DELETE functionality. Respond to valid DELETE requests with 405 (method not allowed) instead of deleting anything. 
 * @-token-cache-ttl@ argument specifies maximum age of token cache. Do not use a cache value older than this. (But do not bother with aggressive garbage collection.) 
 * @-token-cache-size@ argument specifies maximum size of token cache. Delete oldest entry if the cache exceeds this size. 

 Notes: 
 * The same token cache will also be useful in the future for things like enforcing storage quotas, so please make it easy to add fields to the cache values. 

 fn1. If this turns into a big deal, skip it for now. 

Back