projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'master' into 10231-keep-cache-runtime-constraints
[arvados.git]
/
services
/
api
/
app
/
models
/
collection.rb
diff --git
a/services/api/app/models/collection.rb
b/services/api/app/models/collection.rb
index 459eacc77cbfc02f37d8c0f45d9b337a4e9631a0..8579509de70e9eff1c46d25563ca239fcf9dff8d 100644
(file)
--- a/
services/api/app/models/collection.rb
+++ b/
services/api/app/models/collection.rb
@@
-29,6
+29,7
@@
class Collection < ArvadosModel
t.add :replication_desired
t.add :replication_confirmed
t.add :replication_confirmed_at
t.add :replication_desired
t.add :replication_confirmed
t.add :replication_confirmed_at
+ t.add :expires_at
end
def self.attributes_required_columns
end
def self.attributes_required_columns
@@
-38,10
+39,17
@@
class Collection < ArvadosModel
# expose signed_manifest_text as manifest_text in the
# API response, and never let clients select the
# manifest_text column.
# expose signed_manifest_text as manifest_text in the
# API response, and never let clients select the
# manifest_text column.
- 'manifest_text' => ['manifest_text'],
+ #
+ # We need expires_at to determine the correct
+ # timestamp in signed_manifest_text.
+ 'manifest_text' => ['manifest_text', 'expires_at'],
)
end
)
end
+ def self.ignored_select_attributes
+ super + ["updated_at", "file_names"]
+ end
+
FILE_TOKEN = /^[[:digit:]]+:[[:digit:]]+:/
def check_signatures
return false if self.manifest_text.nil?
FILE_TOKEN = /^[[:digit:]]+:[[:digit:]]+:/
def check_signatures
return false if self.manifest_text.nil?
@@
-212,14
+220,19
@@
class Collection < ArvadosModel
def signed_manifest_text
if has_attribute? :manifest_text
token = current_api_client_authorization.andand.api_token
def signed_manifest_text
if has_attribute? :manifest_text
token = current_api_client_authorization.andand.api_token
- @signed_manifest_text = self.class.sign_manifest manifest_text, token
+ exp = [db_current_time.to_i + Rails.configuration.blob_signature_ttl,
+ expires_at].compact.map(&:to_i).min
+ @signed_manifest_text = self.class.sign_manifest manifest_text, token, exp
end
end
end
end
- def self.sign_manifest manifest, token
+ def self.sign_manifest manifest, token, exp=nil
+ if exp.nil?
+ exp = db_current_time.to_i + Rails.configuration.blob_signature_ttl
+ end
signing_opts = {
api_token: token,
signing_opts = {
api_token: token,
- expire:
db_current_time.to_i + Rails.configuration.blob_signature_ttl
,
+ expire:
exp
,
}
m = munge_manifest_locators(manifest) do |match|
Blob.sign_locator(match[0], signing_opts)
}
m = munge_manifest_locators(manifest) do |match|
Blob.sign_locator(match[0], signing_opts)
@@
-301,7
+314,7
@@
class Collection < ArvadosModel
# looks like a saved Docker image.
manifest = Keep::Manifest.new(coll_match.manifest_text)
if manifest.exact_file_count?(1) and
# looks like a saved Docker image.
manifest = Keep::Manifest.new(coll_match.manifest_text)
if manifest.exact_file_count?(1) and
- (manifest.files[0][1] =~ /^[0-9A-Fa-f]{64}\.tar$/)
+ (manifest.files[0][1] =~ /^
(sha256:)?
[0-9A-Fa-f]{64}\.tar$/)
return [coll_match]
end
end
return [coll_match]
end
end