Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Implement abstractions to annotate non-sharable datasets & objectstores. #10840

Closed
wants to merge 1 commit into from
Closed

[WIP] Implement abstractions to annotate non-sharable datasets & objectstores. #10840

wants to merge 1 commit into from

Conversation

jmchilton
Copy link
Member

@jmchilton jmchilton commented Dec 1, 2020
edited
Loading

Sketched out so far:

  • Allow marking objectstores (in either XML or YAML) as private - indicating datasets stored in them should not be shared.
  • Add sharable property to model.Dataset that checks its object_store_id against the configured object store to determine if it is not stored in a private objectstore.
  • Add abstraction to security_agent to check if a dataset is restricted to a single user and augment galaxy.jobs.JobWrapper._set_object_store_ids and ObjectStorePopulator to prevent jobs that might create non-private datasets in private objectstores.
  • Model/security layer prevents copying non-sharable dataset into libraries or attaching private sharing roles to them.
  • The edit metadata form will display a message that the dataset is unsharable on the permissions page.
  • Integration test case to ensure cannot upload public datasets to a private objectstore.
  • Integration test case to ensure cannot modify access permissions of datasets stored in private objectstores.
  • Expose information about whether objectstores are private in newly merged ObjectStore metadata display (User-facing objectstore metadata. #10233).

Left to do:

  • Test case to verify library sets can't be uploaded to private objectstores.
  • Test case to verify private object stores operate appropriately with dynamically discovered collection datasets. (past @jmchilton had this in his notes - not sure exactly what his concern was).

xrefs:

@jmchilton jmchilton force-pushed the sharable_data branch 4 times, most recently from 4f919ab to f13778e Compare December 8, 2020 14:04
@jmchilton jmchilton mentioned this pull request Dec 15, 2020
Closed
@jmchilton jmchilton force-pushed the sharable_data branch 8 times, most recently from bdb8d11 to b382c0c Compare December 21, 2020 00:21
@jmchilton jmchilton mentioned this pull request Dec 21, 2020
Closed
@jmchilton jmchilton force-pushed the sharable_data branch 2 times, most recently from 99478fa to 1b8bfac Compare December 30, 2020 15:32
@jmchilton jmchilton force-pushed the sharable_data branch 3 times, most recently from 6d11ced to 377af6c Compare April 3, 2021 22:33
@jmchilton jmchilton mentioned this pull request Apr 5, 2021
Open
@jmchilton jmchilton mentioned this pull request Apr 12, 2021
Closed
12 tasks
@jmchilton jmchilton mentioned this pull request Sep 1, 2021
Closed
24 tasks
@jmchilton jmchilton force-pushed the sharable_data branch 2 times, most recently from 1318983 to b4232a8 Compare September 7, 2021 19:50
@jmchilton
private objectstores & dataset.sharable
77b8810 
Setup abstractions to prevent sharing transient or private per-user objects in an objectstore.
@jmchilton
Copy link
Member Author

Rebased this on 21.09... a rebase of that on to 22.01 is in branch sharable_data_2201.

@jmchilton jmchilton closed this Jun 9, 2022
This was referenced Jun 9, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/jobs area/objectstore area/testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmchilton @martenson