1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
11 "git.arvados.org/arvados.git/sdk/go/arvados"
12 "git.arvados.org/arvados.git/sdk/go/auth"
15 // CollectionGet defers to railsProxy for everything except blob
17 func (conn *Conn) CollectionGet(ctx context.Context, opts arvados.GetOptions) (arvados.Collection, error) {
18 if len(opts.Select) > 0 {
19 // We need to know IsTrashed and TrashAt to implement
20 // signing properly, even if the caller doesn't want
22 opts.Select = append([]string{"is_trashed", "trash_at"}, opts.Select...)
24 resp, err := conn.railsProxy.CollectionGet(ctx, opts)
28 conn.signCollection(ctx, &resp)
32 // CollectionList defers to railsProxy for everything except blob
34 func (conn *Conn) CollectionList(ctx context.Context, opts arvados.ListOptions) (arvados.CollectionList, error) {
35 if len(opts.Select) > 0 {
36 // We need to know IsTrashed and TrashAt to implement
37 // signing properly, even if the caller doesn't want
39 opts.Select = append([]string{"is_trashed", "trash_at"}, opts.Select...)
41 resp, err := conn.railsProxy.CollectionList(ctx, opts)
45 for i := range resp.Items {
46 conn.signCollection(ctx, &resp.Items[i])
51 // CollectionCreate defers to railsProxy for everything except blob
53 func (conn *Conn) CollectionCreate(ctx context.Context, opts arvados.CreateOptions) (arvados.Collection, error) {
54 if len(opts.Select) > 0 {
55 // We need to know IsTrashed and TrashAt to implement
56 // signing properly, even if the caller doesn't want
58 opts.Select = append([]string{"is_trashed", "trash_at"}, opts.Select...)
60 resp, err := conn.railsProxy.CollectionCreate(ctx, opts)
64 conn.signCollection(ctx, &resp)
68 // CollectionUpdate defers to railsProxy for everything except blob
70 func (conn *Conn) CollectionUpdate(ctx context.Context, opts arvados.UpdateOptions) (arvados.Collection, error) {
71 if len(opts.Select) > 0 {
72 // We need to know IsTrashed and TrashAt to implement
73 // signing properly, even if the caller doesn't want
75 opts.Select = append([]string{"is_trashed", "trash_at"}, opts.Select...)
77 resp, err := conn.railsProxy.CollectionUpdate(ctx, opts)
81 conn.signCollection(ctx, &resp)
85 func (conn *Conn) signCollection(ctx context.Context, coll *arvados.Collection) {
86 if coll.IsTrashed || coll.ManifestText == "" || !conn.cluster.Collections.BlobSigning {
90 if creds, ok := auth.FromContext(ctx); ok && len(creds.Tokens) > 0 {
91 token = creds.Tokens[0]
96 ttl := conn.cluster.Collections.BlobSigningTTL.Duration()
97 exp := time.Now().Add(ttl)
98 if coll.TrashAt != nil && !coll.TrashAt.IsZero() && coll.TrashAt.Before(exp) {
101 coll.ManifestText = arvados.SignManifest(coll.ManifestText, token, exp, ttl, []byte(conn.cluster.Collections.BlobSigningKey))