#
# Currently, websocket event notifications rely on audit logs, so
# this should not be set lower than 600 (5 minutes).
- MaxAge: 1209600
+ MaxAge: 336h
# Maximum number of log rows to delete in a single SQL transaction.
#
# blob_signing_key note above.
#
# The default is 2 weeks.
- BlobSigningTTL: 1209600
+ BlobSigningTTL: 336h
# Default lifetime for ephemeral collections: 2 weeks. This must not
# be less than blob_signature_ttl.
- DefaultTrashLifetime: 1209600
+ DefaultTrashLifetime: 336h
# Interval (seconds) between trash sweeps. During a trash sweep,
# collections are marked as trash if their trash_at time has
#
# Currently, websocket event notifications rely on audit logs, so
# this should not be set lower than 600 (5 minutes).
- MaxAge: 1209600
+ MaxAge: 336h
# Maximum number of log rows to delete in a single SQL transaction.
#
# blob_signing_key note above.
#
# The default is 2 weeks.
- BlobSigningTTL: 1209600
+ BlobSigningTTL: 336h
# Default lifetime for ephemeral collections: 2 weeks. This must not
# be less than blob_signature_ttl.
- DefaultTrashLifetime: 1209600
+ DefaultTrashLifetime: 336h
# Interval (seconds) between trash sweeps. During a trash sweep,
# collections are marked as trash if their trash_at time has
timestamp = opts[:expire]
else
timestamp = db_current_time.to_i +
- (opts[:ttl] || Rails.configuration.Collections.BlobSigningTTL)
+ (opts[:ttl] || Rails.configuration.Collections.BlobSigningTTL.to_i)
end
timestamp_hex = timestamp.to_s(16)
# => "53163cb4"
- blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_s(16)
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_i.to_s(16)
# Generate a signature.
signature =
if timestamp.to_i(16) < (opts[:now] or db_current_time.to_i)
raise Blob::InvalidSignatureError.new 'Signature expiry time has passed.'
end
- blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_s(16)
+ blob_signature_ttl = Rails.configuration.Collections.BlobSigningTTL.to_i.to_s(16)
my_signature =
generate_signature((opts[:key] or Rails.configuration.Collections.BlobSigningKey),
return manifest_text
else
token = Thread.current[:token]
- exp = [db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL,
+ exp = [db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i,
trash_at].compact.map(&:to_i).min
self.class.sign_manifest manifest_text, token, exp
end
def self.sign_manifest manifest, token, exp=nil
if exp.nil?
- exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL
+ exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i
end
signing_opts = {
api_token: token,
arvcfg.declare_config "Collections.PreserveVersionIfIdle", ActiveSupport::Duration, :preserve_version_if_idle
arvcfg.declare_config "Collections.TrashSweepInterval", ActiveSupport::Duration, :trash_sweep_interval
arvcfg.declare_config "Collections.BlobSigningKey", NonemptyString, :blob_signing_key
-arvcfg.declare_config "Collections.BlobSigningTTL", Integer, :blob_signature_ttl
+arvcfg.declare_config "Collections.BlobSigningTTL", ActiveSupport::Duration, :blob_signature_ttl
arvcfg.declare_config "Collections.BlobSigning", Boolean, :permit_create_collection_with_unsigned_manifest, ->(cfg, k, v) { ConfigLoader.set_cfg cfg, "Collections.BlobSigning", !v }
arvcfg.declare_config "Containers.SupportedDockerImageFormats", Array, :docker_image_formats
arvcfg.declare_config "Containers.LogReuseDecisions", Boolean, :log_reuse_decisions
end
def self.tidy_in_background
- max_age = Rails.configuration.AuditLogs.MaxAge
+ max_age = Rails.configuration.AuditLogs.MaxAge.to_i
max_batch = Rails.configuration.AuditLogs.MaxDeleteBatch
return if max_age <= 0 || max_batch <= 0
desc "Remove old container log entries from the logs table"
task delete_old_container_logs: :environment do
- delete_sql = "DELETE FROM logs WHERE id in (SELECT logs.id FROM logs JOIN containers ON logs.object_uuid = containers.uuid WHERE event_type IN ('stdout', 'stderr', 'arv-mount', 'crunch-run', 'crunchstat') AND containers.log IS NOT NULL AND clock_timestamp() - containers.finished_at > interval '#{Rails.configuration.Containers.Logging.MaxAge} seconds')"
+ delete_sql = "DELETE FROM logs WHERE id in (SELECT logs.id FROM logs JOIN containers ON logs.object_uuid = containers.uuid WHERE event_type IN ('stdout', 'stderr', 'arv-mount', 'crunch-run', 'crunchstat') AND containers.log IS NOT NULL AND clock_timestamp() - containers.finished_at > interval '#{Rails.configuration.Containers.Logging.MaxAge.to_i} seconds')"
ActiveRecord::Base.connection.execute(delete_sql)
end
namespace :db do
desc "Remove old job stderr entries from the logs table"
task delete_old_job_logs: :environment do
- delete_sql = "DELETE FROM logs WHERE id in (SELECT logs.id FROM logs JOIN jobs ON logs.object_uuid = jobs.uuid WHERE event_type = 'stderr' AND jobs.log IS NOT NULL AND clock_timestamp() - jobs.finished_at > interval '#{Rails.configuration.Containers.Logging.MaxAge} seconds')"
+ delete_sql = "DELETE FROM logs WHERE id in (SELECT logs.id FROM logs JOIN jobs ON logs.object_uuid = jobs.uuid WHERE event_type = 'stderr' AND jobs.log IS NOT NULL AND clock_timestamp() - jobs.finished_at > interval '#{Rails.configuration.Containers.Logging.MaxAge.to_i} seconds')"
ActiveRecord::Base.connection.execute(delete_sql)
end
earliest_delete = [
@validation_timestamp,
trash_at_was,
- ].compact.min + Rails.configuration.Collections.BlobSigningTTL.seconds
+ ].compact.min + Rails.configuration.Collections.BlobSigningTTL
# The previous value of delete_at is also an upper bound on the
# longest-lived permission token. For example, if TTL=14,
@object.update_attributes!(trash_at: db_current_time)
end
earliest_delete = (@object.trash_at +
- Rails.configuration.Collections.BlobSigningTTL.seconds)
+ Rails.configuration.Collections.BlobSigningTTL)
if @object.delete_at > earliest_delete
@object.update_attributes!(delete_at: earliest_delete)
end
name: 'foo',
trash_at: db_current_time + 1.years)
sig_exp = /\+A[0-9a-f]{40}\@([0-9]+)/.match(c.signed_manifest_text)[1].to_i
- expect_max_sig_exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL
+ expect_max_sig_exp = db_current_time.to_i + Rails.configuration.Collections.BlobSigningTTL.to_i
assert_operator c.trash_at.to_i, :>, expect_max_sig_exp
assert_operator sig_exp.to_i, :<=, expect_max_sig_exp
end
test test_name do
act_as_user users(:active) do
min_exp = (db_current_time +
- Rails.configuration.Collections.BlobSigningTTL.seconds)
+ Rails.configuration.Collections.BlobSigningTTL)
if fixture_name == :expired_collection
# Fixture-finder shorthand doesn't find trashed collections
# because they're not in the default scope.
assert_not_nil(trash)
assert_not_nil(delete)
assert_in_delta(trash, now + 1.second, 10)
- assert_in_delta(delete, now + Rails.configuration.Collections.BlobSigningTTL.second, 10)
+ assert_in_delta(delete, now + Rails.configuration.Collections.BlobSigningTTL, 10)
end
def check_output_ttl_1y(now, trash, delete)
projects / arvados.git / commitdiff