git.arvados.org - arvados.git/commit

author	Tim Pierce <twp@curoverse.com>
	Tue, 13 May 2014 15:06:00 +0000 (11:06 -0400)
committer	Tim Pierce <twp@curoverse.com>
	Mon, 19 May 2014 21:54:36 +0000 (17:54 -0400)
commit	aad9cd74e61cff985944c400c40fe3f85907a1e7
tree	81899fa04dc84bb8354c581d876b91783ce2385a	tree \| snapshot
parent	81b517450a657fc56b91b25426505bf9b3937db7	commit \| diff

2755: Verify permission signatures on create.

Phase 1 of #2755: when creating a new collection, verify any permission
signatures found in the manifest.  Unsigned locators in the manifest are
implicitly permitted (to be disabled in Phase 4)

* New "Locator" class to parse, examine and manipulate Keep locators.
* Collections.create checks permission signatures in a manifest.
* Collections.show signs locators in a manifest.
* collections_controller_test.rb: new unit tests to exercise signed
  manifests and related features:
    - "create collection with signed manifest"
    - "create collection with signed manifest and explicit TTL"
    - "create fails with invalid signature"
    - "create fails with uuid of signed manifest"
    - "multiple locators per line"
    - "multiple signed locators per line"
* application.yml.example: new configuration variables
    - Rails.configuration.blob_signing_key
    - Rails.configuration.blob_signing_ttl

(refs #2755)

services/api/app/controllers/arvados/v1/collections_controller.rb		diff \| blob \| history
services/api/config/application.default.yml		diff \| blob \| history
services/api/config/application.yml.example		diff \| blob \| history
services/api/lib/locator.rb	[new file with mode: 0644]	blob
services/api/test/functional/arvados/v1/collections_controller_test.rb		diff \| blob \| history