Story #6296
closedauthMN SM.accessPolicy out of synch with CN and replicaMN
75%
Description
Lauren noticed some replica packages from urn:node:GOA on urn:node:KNB today that did not have public read allowed on their data files. The CN also does not have public read for these data objects. I suspect that the EML <access> was updated at some point after the package was initially saved and the CN harvested it from the GOA node. The updates to the SystemMetadata.accessPolicy are correctly reflected on the GOA (which is the authoritative MN for these objects).
This is somewhat of a "known" issue in that SM.accessPolicy can only be updated on the CN using the CN.setAccessPolicy() method which then calls back the all MNs that hold replicas (or originals) and informs them of the change. A long time ago we realized that this robs the authMN of their primary authority on the object but have not been able to re-architect DataONE to support authMN-control.
In the interim, which could be forever, we should make sure Metacat calls CN.setAccessPolicy() whenever it changes on the authMN. Typically this will happen when parsing an updated EML file that contains additional (or fewer) access control rules but there is also a Metacat servlet API call to set access blocks (action=setaccess, I believe).
While we can put in place code to deal with future changes to the SM.accessPolicy, we also want a mechanism for fixing the ones that we have today. There are a couple options for that: manually with a bash script and a few curl commands, or an upgrade routine included for the next release of Metacat that is run automatically during upgrade, or after Metacat has been completely [re]configured as a Member Node. (There are client certificate configuration issues to think about if using an upgrade routine).
Related issues