X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/ed1580a38c1aae0910cef83605622a41d927fba3..763af5413e6195fe004846abf86a7ae134168990:/services/api/app/models/collection.rb diff --git a/services/api/app/models/collection.rb b/services/api/app/models/collection.rb index ac845f50ad..5dd760feee 100644 --- a/services/api/app/models/collection.rb +++ b/services/api/app/models/collection.rb @@ -1,141 +1,147 @@ +require 'arvados/keep' + class Collection < ArvadosModel include HasUuid include KindAndEtag include CommonApiTemplate + before_validation :check_encoding + before_validation :check_signatures + before_validation :strip_manifest_text + before_validation :set_portable_data_hash + validate :ensure_hash_matches_manifest_text + + # Query only undeleted collections by default. + default_scope where("expires_at IS NULL or expires_at > CURRENT_TIMESTAMP") + api_accessible :user, extend: :common do |t| - t.add :data_size - t.add :files + t.add :name + t.add :description + t.add :properties + t.add :portable_data_hash t.add :manifest_text end - def self.attributes_required_columns - super.merge({ "data_size" => ["manifest_text"], - "files" => ["manifest_text"], - }) + def check_signatures + return false if self.manifest_text.nil? + + return true if current_user.andand.is_admin + + if self.manifest_text_changed? + # Check permissions on the collection manifest. + # If any signature cannot be verified, raise PermissionDeniedError + # which will return 403 Permission denied to the client. + api_token = current_api_client_authorization.andand.api_token + signing_opts = { + key: Rails.configuration.blob_signing_key, + api_token: api_token, + ttl: Rails.configuration.blob_signing_ttl, + } + self.manifest_text.lines.each do |entry| + entry.split[1..-1].each do |tok| + if /^[[:digit:]]+:[[:digit:]]+:/.match tok + # This is a filename token, not a blob locator. Note that we + # keep checking tokens after this, even though manifest + # format dictates that all subsequent tokens will also be + # filenames. Safety first! + elsif Blob.verify_signature tok, signing_opts + # OK. + elsif Keep::Locator.parse(tok).andand.signature + # Signature provided, but verify_signature did not like it. + logger.warn "Invalid signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError + elsif Rails.configuration.permit_create_collection_with_unsigned_manifest + # No signature provided, but we are running in insecure mode. + logger.debug "Missing signature on locator #{tok} ignored" + elsif Blob.new(tok).empty? + # No signature provided -- but no data to protect, either. + else + logger.warn "Missing signature on locator #{tok}" + raise ArvadosModel::PermissionDeniedError + end + end + end + end + true end - def redundancy_status - if redundancy_confirmed_as.nil? - 'unconfirmed' - elsif redundancy_confirmed_as < redundancy - 'degraded' - else - if redundancy_confirmed_at.nil? - 'unconfirmed' - elsif Time.now - redundancy_confirmed_at < 7.days - 'OK' - else - 'stale' + def strip_manifest_text + if self.manifest_text_changed? + # Remove any permission signatures from the manifest. + Collection.munge_manifest_locators(self[:manifest_text]) do |loc| + loc.without_signature.to_s end end + true end - def assign_uuid - if not self.manifest_text - errors.add :manifest_text, 'not supplied' - return false - end - expect_uuid = Digest::MD5.hexdigest(self.manifest_text) - if self.uuid - self.uuid.gsub! /\+.*/, '' - if self.uuid != expect_uuid - errors.add :uuid, 'must match checksum of manifest_text' + def set_portable_data_hash + if (self.portable_data_hash.nil? or (self.portable_data_hash == "") or (manifest_text_changed? and !portable_data_hash_changed?)) + self.portable_data_hash = "#{Digest::MD5.hexdigest(manifest_text)}+#{manifest_text.length}" + elsif portable_data_hash_changed? + begin + loc = Keep::Locator.parse!(self.portable_data_hash) + loc.strip_hints! + if loc.size + self.portable_data_hash = loc.to_s + else + self.portable_data_hash = "#{loc.hash}+#{self.manifest_text.length}" + end + rescue ArgumentError => e + errors.add(:portable_data_hash, "#{e}") return false end - else - self.uuid = expect_uuid end - self.uuid.gsub! /$/, '+' + self.manifest_text.length.to_s true end - # TODO (#3036/tom) replace above assign_uuid method with below assign_uuid and self.generate_uuid - # def assign_uuid - # # Even admins cannot assign collection uuids. - # self.uuid = self.class.generate_uuid - # end - # def self.generate_uuid - # # The last 10 characters of a collection uuid are the last 10 - # # characters of the base-36 SHA256 digest of manifest_text. - # [Server::Application.config.uuid_prefix, - # self.uuid_prefix, - # rand(2**256).to_s(36)[-5..-1] + Digest::SHA256.hexdigest(self.manifest_text).to_i(16).to_s(36)[-10..-1], - # ].join '-' - # end - - def data_size - inspect_manifest_text if @data_size.nil? or manifest_text_changed? - @data_size - end - - def files - inspect_manifest_text if @files.nil? or manifest_text_changed? - @files + def ensure_hash_matches_manifest_text + if manifest_text_changed? or portable_data_hash_changed? + computed_hash = "#{Digest::MD5.hexdigest(manifest_text)}+#{manifest_text.length}" + unless computed_hash == portable_data_hash + logger.debug "(computed) '#{computed_hash}' != '#{portable_data_hash}' (provided)" + errors.add(:portable_data_hash, "does not match hash of manifest_text") + return false + end + end + true end - def inspect_manifest_text - if !manifest_text - @data_size = false - @files = [] - return + def check_encoding + if manifest_text.encoding.name == 'UTF-8' and manifest_text.valid_encoding? + true + else + errors.add :manifest_text, "must use UTF-8 encoding" + false end + end - @data_size = 0 - tmp = {} - - manifest_text.split("\n").each do |stream| - toks = stream.split(" ") - - stream = toks[0].gsub /\\(\\|[0-7]{3})/ do |escape_sequence| - case $1 - when '\\' '\\' - else $1.to_i(8).chr - end - end - - toks[1..-1].each do |tok| - if (re = tok.match /^[0-9a-f]{32}/) - blocksize = nil - tok.split('+')[1..-1].each do |hint| - if !blocksize and hint.match /^\d+$/ - blocksize = hint.to_i - end - if (re = hint.match /^GS(\d+)$/) - blocksize = re[1].to_i - end - end - @data_size = false if !blocksize - @data_size += blocksize if @data_size - else - if (re = tok.match /^(\d+):(\d+):(\S+)$/) - filename = re[3].gsub /\\(\\|[0-7]{3})/ do |escape_sequence| - case $1 - when '\\' '\\' - else $1.to_i(8).chr - end - end - fn = stream + '/' + filename - i = re[2].to_i - if tmp[fn] - tmp[fn] += i - else - tmp[fn] = i - end - end - end + def redundancy_status + if redundancy_confirmed_as.nil? + 'unconfirmed' + elsif redundancy_confirmed_as < redundancy + 'degraded' + else + if redundancy_confirmed_at.nil? + 'unconfirmed' + elsif Time.now - redundancy_confirmed_at < 7.days + 'OK' + else + 'stale' end end - - @files = [] - tmp.each do |k, v| - re = k.match(/^(.+)\/(.+)/) - @files << [re[1], re[2], v] - end end - def self.uuid_like_pattern - "________________________________+%" + def self.munge_manifest_locators(manifest) + # Given a manifest text and a block, yield each locator, + # and replace it with whatever the block returns. + manifest.andand.gsub!(/ [[:xdigit:]]{32}(\+[[:digit:]]+)?(\+\S+)/) do |word| + if loc = Keep::Locator.parse(word.strip) + " " + yield(loc) + else + " " + word + end + end end def self.normalize_uuid uuid @@ -154,7 +160,8 @@ class Collection < ArvadosModel [hash_part, size_part].compact.join '+' end - def self.uuids_for_docker_image(search_term, search_tag=nil, readers=nil) + # Return array of Collection objects + def self.find_all_for_docker_image(search_term, search_tag=nil, readers=nil) readers ||= [Thread.current[:user]] base_search = Link. readable_by(*readers). @@ -164,15 +171,25 @@ class Collection < ArvadosModel # If the search term is a Collection locator that contains one file # that looks like a Docker image, return it. - if loc = Locator.parse(search_term) + if loc = Keep::Locator.parse(search_term) loc.strip_hints! - coll_match = readable_by(*readers).where(uuid: loc.to_s).first - if coll_match and (coll_match.files.size == 1) and - (coll_match.files[0][1] =~ /^[0-9A-Fa-f]{64}\.tar$/) - return [loc.to_s] + coll_match = readable_by(*readers).where(portable_data_hash: loc.to_s).limit(1).first + if coll_match + # Check if the Collection contains exactly one file whose name + # looks like a saved Docker image. + manifest = Keep::Manifest.new(coll_match.manifest_text) + if manifest.exact_file_count?(1) and + (manifest.files[0][1] =~ /^[0-9A-Fa-f]{64}\.tar$/) + return [coll_match] + end end end + if search_tag.nil? and (n = search_term.index(":")) + search_tag = search_term[n+1..-1] + search_term = search_term[0..n-1] + end + # Find Collections with matching Docker image repository+tag pairs. matches = base_search. where(link_class: "docker_image_repo+tag", @@ -181,7 +198,7 @@ class Collection < ArvadosModel # If that didn't work, find Collections with matching Docker image hashes. if matches.empty? matches = base_search. - where("link_class = ? and name LIKE ?", + where("link_class = ? and links.name LIKE ?", "docker_image_hash", "#{search_term}%") end @@ -189,20 +206,14 @@ class Collection < ArvadosModel # so that anything with an image timestamp is considered more recent than # anything without; then we use the link's created_at as a tiebreaker. uuid_timestamps = {} - matches.find_each do |link| - uuid_timestamps[link.head_uuid] = - [(-link.properties["image_timestamp"].to_datetime.to_i rescue 0), - -link.created_at.to_i] + matches.all.map do |link| + uuid_timestamps[link.head_uuid] = [(-link.properties["image_timestamp"].to_datetime.to_i rescue 0), + -link.created_at.to_i] end - uuid_timestamps.keys.sort_by { |uuid| uuid_timestamps[uuid] } + Collection.where('uuid in (?)', uuid_timestamps.keys).sort_by { |c| uuid_timestamps[c.uuid] } end def self.for_latest_docker_image(search_term, search_tag=nil, readers=nil) - image_uuid = uuids_for_docker_image(search_term, search_tag, readers).first - if image_uuid.nil? - nil - else - find_by_uuid(image_uuid) - end + find_all_for_docker_image(search_term, search_tag, readers).first end end