X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/be8fbfd594717232c4dc7c4d16cdf3bde1137ee0..797885e26f85f04123bcba751addcd415ed3db2e:/services/api/app/models/collection.rb diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb index 61946f82b0..775ebdb494 100644 --- a/services/api/app/models/collection.rb +++ b/services/api/app/models/collection.rb @@ -14,9 +14,11 @@ class Collection < ArvadosModel include CommonApiTemplate include Trashable - serialize :properties, Hash - serialize :storage_classes_desired, Array - serialize :storage_classes_confirmed, Array + # Posgresql JSONB columns should NOT be declared as serialized, Rails 5 + # already know how to properly treat them. + attribute :properties, :jsonbHash, default: {} + attribute :storage_classes_desired, :jsonbArray, default: ["default"] + attribute :storage_classes_confirmed, :jsonbArray, default: [] before_validation :default_empty_manifest before_validation :default_storage_classes, on: :create @@ -27,8 +29,11 @@ class Collection < ArvadosModel validate :ensure_pdh_matches_manifest_text validate :ensure_storage_classes_desired_is_not_empty validate :ensure_storage_classes_contain_non_empty_strings + validate :versioning_metadata_updates, on: :update + validate :past_versions_cannot_be_updated, on: :update + after_validation :set_file_count_and_total_size before_save :set_file_names - before_create :set_current_version_uuid + around_update :manage_versioning, unless: :is_past_version? api_accessible :user, extend: :common do |t| t.add :name @@ -46,6 +51,11 @@ class Collection < ArvadosModel t.add :delete_at t.add :trash_at t.add :is_trashed + t.add :version + t.add :current_version_uuid + t.add :preserve_version + t.add :file_count + t.add :file_size_total end after_initialize do @@ -78,7 +88,7 @@ class Collection < ArvadosModel FILE_TOKEN = /^[[:digit:]]+:[[:digit:]]+:/ def check_signatures - return false if self.manifest_text.nil? + throw(:abort) if self.manifest_text.nil? return true if current_user.andand.is_admin @@ -95,7 +105,7 @@ class Collection < ArvadosModel # Check permissions on the collection manifest. # If any signature cannot be verified, raise PermissionDeniedError # which will return 403 Permission denied to the client. - api_token = current_api_client_authorization.andand.api_token + api_token = Thread.current[:token] signing_opts = { api_token: api_token, now: @validation_timestamp.to_i, @@ -115,7 +125,7 @@ class Collection < ArvadosModel # Signature provided, but verify_signature did not like it. logger.warn "Invalid signature on locator #{tok}" raise ArvadosModel::PermissionDeniedError - elsif Rails.configuration.permit_create_collection_with_unsigned_manifest + elsif !Rails.configuration.Collections.BlobSigning # No signature provided, but we are running in insecure mode. logger.debug "Missing signature on locator #{tok} ignored" elsif Blob.new(tok).empty? @@ -190,14 +200,33 @@ class Collection < ArvadosModel true end + def set_file_count_and_total_size + # Only update the file stats if the manifest changed + if self.manifest_text_changed? + m = Keep::Manifest.new(self.manifest_text) + self.file_size_total = m.files_size + self.file_count = m.files_count + # If the manifest didn't change but the attributes did, ignore the changes + elsif self.file_count_changed? || self.file_size_total_changed? + self.file_count = self.file_count_was + self.file_size_total = self.file_size_total_was + end + true + end + def manifest_files return '' if !self.manifest_text + done = {} names = '' self.manifest_text.scan(/ \d+:\d+:(\S+)/) do |name| + next if done[name] + done[name] = true names << name.first.gsub('\040',' ') + "\n" end self.manifest_text.scan(/^\.\/(\S+)/m) do |stream_name| + next if done[stream_name] + done[stream_name] = true names << stream_name.first.gsub('\040',' ') + "\n" end names @@ -215,75 +244,109 @@ class Collection < ArvadosModel ['current_version_uuid'] end - def set_current_version_uuid - self.current_version_uuid ||= self.uuid - end + def manage_versioning + should_preserve_version = should_preserve_version? # Time sensitive, cache value + return(yield) unless (should_preserve_version || syncable_updates.any?) - def save! - if !Rails.configuration.collection_versioning || new_record? || (!self.changes.include?('uuid') && current_version_uuid != uuid) - return super - end + # Put aside the changes because with_lock forces a record reload changes = self.changes - # Updates that will be synced with older versions - synced_updates = ['uuid', 'owner_uuid', 'delete_at', 'trash_at', 'is_trashed', - 'replication_desired', 'storage_classes_desired'] & changes.keys - # Updates that will produce a new version - versionable_updates = ['manifest_text', 'description', 'properties', 'name'] & changes.keys - - if versionable_updates.empty? && synced_updates.empty? - # Updates don't include interesting attributes, so don't save a new snapshot nor - # sync older versions. - return super - end - - # Does row locking (transaction is implicit) because 'version' - # may be incremented and the older versions synced. - # Note that 'with_lock' reloads the object after locking. + snapshot = nil with_lock do - # Sync older versions. - if !synced_updates.empty? - updates = {} - synced_updates.each do |attr| - if attr == 'uuid' - # Point old versions to current version's new UUID - updates['current_version_uuid'] = changes[attr].last - else - updates[attr] = changes[attr].last - end - end - Collection.where('current_version_uuid = ? AND uuid != ?', uuid, uuid).each do |c| - c.update_attributes!(updates) - end - # Also update current object just in case a new version will be created, - # as it has to receive the same values for the synced attributes. - self.attributes = updates - end - snapshot = nil - # Make a new version if applicable. - if !versionable_updates.empty? - # Create a snapshot of the original collection + # Copy the original state to save it as old version + if should_preserve_version snapshot = self.dup snapshot.uuid = nil # Reset UUID so it's created as a new record - # Update current version number - self.version += 1 + snapshot.created_at = self.created_at end + # Restore requested changes on the current version changes.keys.each do |attr| - next if attr == 'version' + if attr == 'preserve_version' && changes[attr].last == false + next # Ignore false assignment, once true it'll be true until next version + end self.attributes = {attr => changes[attr].last} + if attr == 'uuid' + # Also update the current version reference + self.attributes = {'current_version_uuid' => changes[attr].last} + end + end + + if should_preserve_version + self.version += 1 + self.preserve_version = false + end + + yield + + sync_past_versions if syncable_updates.any? + if snapshot + snapshot.attributes = self.syncable_updates + leave_modified_by_user_alone do + act_as_system_user do + snapshot.save + end + end + end + end + end + + def syncable_updates + updates = {} + (syncable_attrs & self.changes.keys).each do |attr| + if attr == 'uuid' + # Point old versions to current version's new UUID + updates['current_version_uuid'] = self.changes[attr].last + else + updates[attr] = self.changes[attr].last end - # Save current version first to avoid index collision - super - # Save the snapshot with previous state (if applicable) - snapshot.andand.save! - return true end + return updates + end + + def sync_past_versions + updates = self.syncable_updates + Collection.where('current_version_uuid = ? AND uuid != ?', self.uuid_was, self.uuid_was).each do |c| + c.attributes = updates + # Use a different validation context to skip the 'past_versions_cannot_be_updated' + # validator, as on this case it is legal to update some fields. + leave_modified_by_user_alone do + leave_modified_at_alone do + c.save(context: :update_old_versions) + end + end + end + end + + def versionable_updates?(attrs) + (['manifest_text', 'description', 'properties', 'name'] & attrs).any? + end + + def syncable_attrs + ['uuid', 'owner_uuid', 'delete_at', 'trash_at', 'is_trashed', 'replication_desired', 'storage_classes_desired'] + end + + def is_past_version? + # Check for the '_was' values just in case the update operation + # includes a change on current_version_uuid or uuid. + !(new_record? || self.current_version_uuid_was == self.uuid_was) + end + + def should_preserve_version? + return false unless (Rails.configuration.Collections.CollectionVersioning && versionable_updates?(self.changes.keys)) + + return false if self.is_trashed + + idle_threshold = Rails.configuration.Collections.PreserveVersionIfIdle + if !self.preserve_version_was && + (idle_threshold < 0 || + (idle_threshold > 0 && self.modified_at_was > db_current_time-idle_threshold.seconds)) + return false + end + return true end def check_encoding - if manifest_text.encoding.name == 'UTF-8' and manifest_text.valid_encoding? - true - else + if !(manifest_text.encoding.name == 'UTF-8' and manifest_text.valid_encoding?) begin # If Ruby thinks the encoding is something else, like 7-bit # ASCII, but its stored bytes are equal to the (valid) UTF-8 @@ -298,7 +361,7 @@ class Collection < ArvadosModel rescue end errors.add :manifest_text, "must use UTF-8 encoding" - false + throw(:abort) end end @@ -308,7 +371,7 @@ class Collection < ArvadosModel true rescue ArgumentError => e errors.add :manifest_text, e.message - false + throw(:abort) end end @@ -318,8 +381,8 @@ class Collection < ArvadosModel elsif is_trashed return manifest_text else - token = current_api_client_authorization.andand.api_token - exp = [db_current_time.to_i + Rails.configuration.blob_signature_ttl, + token = Thread.current[:token] + exp = [db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i, trash_at].compact.map(&:to_i).min self.class.sign_manifest manifest_text, token, exp end @@ -327,7 +390,7 @@ class Collection < ArvadosModel def self.sign_manifest manifest, token, exp=nil if exp.nil? - exp = db_current_time.to_i + Rails.configuration.blob_signature_ttl + exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i end signing_opts = { api_token: token, @@ -437,7 +500,7 @@ class Collection < ArvadosModel # # If filter_compatible_format is true (the default), only return image # collections which are support by the installation as indicated by - # Rails.configuration.docker_image_formats. Will follow + # Rails.configuration.Containers.SupportedDockerImageFormats. Will follow # 'docker_image_migration' links if search_term resolves to an incompatible # image, but an equivalent compatible image is available. def self.find_all_for_docker_image(search_term, search_tag=nil, readers=nil, filter_compatible_format: true) @@ -448,15 +511,17 @@ class Collection < ArvadosModel joins("JOIN collections ON links.head_uuid = collections.uuid"). order("links.created_at DESC") - if (Rails.configuration.docker_image_formats.include? 'v1' and - Rails.configuration.docker_image_formats.include? 'v2') or filter_compatible_format == false + docker_image_formats = Rails.configuration.Containers.SupportedDockerImageFormats + + if (docker_image_formats.include? 'v1' and + docker_image_formats.include? 'v2') or filter_compatible_format == false pattern = /^(sha256:)?[0-9A-Fa-f]{64}\.tar$/ - elsif Rails.configuration.docker_image_formats.include? 'v2' + elsif docker_image_formats.include? 'v2' pattern = /^(sha256:)[0-9A-Fa-f]{64}\.tar$/ - elsif Rails.configuration.docker_image_formats.include? 'v1' + elsif docker_image_formats.include? 'v1' pattern = /^[0-9A-Fa-f]{64}\.tar$/ else - raise "Unrecognized configuration for docker_image_formats #{Rails.configuration.docker_image_formats}" + raise "Unrecognized configuration for docker_image_formats #{docker_image_formats}" end # If the search term is a Collection locator that contains one file @@ -464,7 +529,16 @@ class Collection < ArvadosModel if loc = Keep::Locator.parse(search_term) loc.strip_hints! coll_match = readable_by(*readers).where(portable_data_hash: loc.to_s).limit(1) - return get_compatible_images(readers, pattern, coll_match) + rc = Rails.configuration.RemoteClusters.select{ |k| + k != :"*" && k != Rails.configuration.ClusterID} + if coll_match.any? or rc.length == 0 + return get_compatible_images(readers, pattern, coll_match) + else + # Allow bare pdh that doesn't exist in the local database so + # that federated container requests which refer to remotely + # stored containers will validate. + return [Collection.new(portable_data_hash: loc.to_s)] + end end if search_tag.nil? and (n = search_term.index(":")) @@ -508,7 +582,7 @@ class Collection < ArvadosModel end def self.searchable_columns operator - super - ["manifest_text", "current_version_uuid"] + super - ["manifest_text"] end def self.full_text_searchable_columns @@ -585,4 +659,30 @@ class Collection < ArvadosModel end end end + + def past_versions_cannot_be_updated + if is_past_version? + errors.add(:base, "past versions cannot be updated") + false + end + end + + def versioning_metadata_updates + valid = true + if !is_past_version? && current_version_uuid_changed? + errors.add(:current_version_uuid, "cannot be updated") + valid = false + end + if version_changed? + errors.add(:version, "cannot be updated") + valid = false + end + valid + end + + def assign_uuid + super + self.current_version_uuid ||= self.uuid + true + end end