add Session-less archive() method
only admin users can call MN/CN.delete(). This is limited to any CN and only the MN that is calling itself
update the sysmeta data modified when setting archived=truehttps://redmine.dataone.org/issues/882
handle CN.archive() rest call: PUT /archive/{pid}https://redmine.dataone.org/issues/2678
correct log about 'archive' being called
handle 'archive' rest callshttps://redmine.dataone.org/issues/2678
[optionally] do not archive the xml_documents and xml_nodes to *_revisions when 'deleting' a document. This will effectively guarantee that the document/data cannot be retrieved after delete.NOTE: D1 system metadata will persist (for now) so that the ID cannot be reused with the DataONE API but Metacat calls may allow the ID to be reused -- may need to reconsider this behavior....
optionally remove the document/data file from the filesystem completely when 'deleting' it.https://redmine.dataone.org/issues/2677
newer d1 jars that include shared AuthUtilsmethod for isAuthorized() consistencyhttps://redmine.dataone.org/issues/2661
implement MN and CN.archive() method -- really just the existing delete() methods.https://redmine.dataone.org/issues/2674https://redmine.dataone.org/issues/2675
call MN.delete() for each replica when CN.delete() is calledhttps://redmine.dataone.org/issues/2676
defer to AuthUtils for flattening out the equivIdent subject list.https://redmine.dataone.org/issues/2661
check normal access control rules for getSystemMetadata before deferring to MN replica information that may grant MNs additional access to the SM.https://redmine.dataone.org/issues/2656
include Session-less interface methods and updated jars that define them.
use a shared ExecutorService for replicate() calls.https://redmine.dataone.org/issues/2623
remove extraneous pid and permission parameters from isAdminAuthorized() method and make public so that it can be called in other locations - namely before our asynchronous replicate() implementation on the MN.
check for empty null (missing) node.subjectList. This should probably be a required element in the D1 schema, but it appears not. (ORNL entry was missing subjects in cn-dev environment)
just use the e.getMessage() as e.getCause() may be null (seeing NPE when testing via the MN IT tester)
no not record EML access rules that use the "denyFirst" permOrder.https://redmine.dataone.org/issues/2614
needed to initialize the nodeList that stores matching nodes (by subject) -- this was the source of a NPE when we had a matching node subject.
do not create docid-guid mapping unless we are supposed to write access rules for the data to the dbasehttps://redmine.dataone.org/issues/2572
As Ben suggested, don't compare to the node list if there are no replicas listed. This reduces the number of calls to listNodes() on the CN.
Minor logging change in throwing ServiceFailure when Hazelcast throws a RuntimeException.
Modify getSystemMetadata() to allow nodes that are listed as replicas to access the system metadata. Use the Session.Subject to find a list of nodes from the CN that match the subject, and compare those node ids to the listed replica node ids. Add listNodesBySubject() helper method to do so.
save backup properties before attempting node registration/update so that we don't "forget" the user input
add a parameter for optionally writing EML-embedded access control rules to the Metacat DB.https://redmine.dataone.org/issues/2584https://redmine.dataone.org/issues/2583
added comments and logging about https://redmine.dataone.org/issues/2572
generalize the exception handling because our actions are the same no matter what the specific error is during create - we just notify the CN that the replicate call failed
catch general Exception that may be thrown during MN.replicate() when creating the object locally. There are a few records that keep slipping off our radar with no explanation as to why they remain in "REQUESTED" status.
do not download data at this point
catch errors for each localid we are processing so that they do do prevent other ids from having ORE content generated
additional debug logging for tracking down MN replication errors
only 2.1.0 EML docs for ORE generation right now...
band-aid for CN-CN replication permOrder issue when access control is embedded in EML and the system metadata is replicated before the EML. we just log the inconsistency and allow the insert to succeed https://redmine.dataone.org/issues/2583
add comment about returning early when no system metadata can be found.removed extraneous check on the content type of the SM -- was unused.formatted indenting
for SystemMetadata events we first check the event for the SM value. If it returns null, we look it up from the shared map. It seems as if we don't always get a value with our events.
comment out: synchronize local system metadata on cn restart
synchronize local system metadata on cn restart
additional logging in MN.replicate()
double check "ecogrid" data urls for valid docid.rev - namely integer rev numbers - when parsing EML and also generating system metadata when necessary. Log the errors as warnings.
log calls to store() system metadata to the backing store
register stmml-1.1 schema (distributed as part of EML 2.1.0) in an effort to avoid unnecessary network traffic or the failed retrieval of the stale XSD sitting on unofficial servers
Add the listener for LifecycleEvent state changes
synchronizeLocalStore() when the cluster has a LifecycleEvent state change to RESUMED.
refactor memberAdded code to separate method - synchronizeLocalStore for possible reuse
handle last group of ids (oops)
use range of the list for test system metadata
use non-random list for generating system metadata in test mode
include debug statements for systemMetadataReplicationStatus and systemMetadataReplicationPolicy SQL
change ordering of getLogRecords() parameter -- pidFilter is in the middle now
use 'formatId' for listObjects() parameterhttps://redmine.dataone.org/issues/2550
upgrade to latest RC in libclient and common jars -- includes updated getLogRecords and new mn.generateIdentifier method
-use MembershipListener to keep new members' backing store for system metadata synchronized with the shared system metadata map.-remove the unused InstanceListener interface
Modify deleteReplica() to use parameters parsed from the mime multipart entity rather than the request params. Need to check that the unit test uses MMP params. This partially addresses https://redmine.dataone.org/issues/2526.
Modify CN.setObsoletedBy() to use parameters parsed from the mime multipart entity rather than the request params. Need to check that the unit test uses MMP params. This partially addresses https://redmine.dataone.org/issues/2526.
Modify reserveIdentifier() to use parameters parsed from the mime multipart entity rather than the request params. Need to check that the unit test uses MMP params. This partially addresses https://redmine.dataone.org/issues/2526.
Don't throw a JibXException, but rather convert it to a ServiceFailure.
Modify owner() to set the rights holder from parameters parsed from the mime multipart entity rather than the request params. Need to check that the unit test uses MMp params. This partially addresses https://redmine.dataone.org/issues/2526.
Add a collectMultipartParams() convenience method to D1ResourceHandler to parse multipart parameters from the entity when the entity contains no file parts.
add logging statements when there is a problem calling setReplicationStatus
Get the serialVersion param from the MMP params map rather than the request object params map in setAccess().
Add a few more debugging statements to HazelcastService for troubleshooting hazelcast map concurrency.
handle case where EML access rule "permission" is not in our constrained list (EML 2.0.0 doc showed this with a "none" permission for public principal). we now omit this invalid access rule when interpreting it in system metadata -- effectively dropping that invalid access rule. "none" had been stored as a 0 in the DB xml_access table and would not have given or denied access for the document so I think it can safely be omitted for good. for example, see knb-lter-gce.101.2 with this rule:...
Use Jjava.util.Calendar rather than com.ibm ...
Also allow MNs to set the FAILED status in setReplicationStatus(). this was an oversight on my part, trying to keep MNs that truly did succeed from overriding the COMPLETED status with FAILED.
use Java-based temp file creation instead of Date (ms) timestamp to ensure uniqueness of the file and avoid re-use by two concurrent threads.
use current datetime (at system metadata generation) as the date last modified
Don't check for populated obsoletes and obsoletedBy fields during CN.create(), only MN.create(). The CN should expect that the MN has populated this field because of existing revision information, and should trust the MN information. Addresses https://redmine.dataone.org/issues/2507.
Some minor logging changes.
use scope prefix (knb-lter-%) for random test doc population
use isAdminAuthorized() to check access to CN.create(). Note this method takes a pid and permission parameter and neither is used. Also removed the NotFound exception because it would never come up.
check that caller is CN/admin for CN.delete()https://redmine.dataone.org/issues/2506
include CN.delete()https://redmine.dataone.org/issues/2506
Notify each replica MN when critical portions of system metadata change so the MN can pull the latest copy into its store. AccessPolicy and RightsHolder changes are the most critical for the MN to keep updated on.
Only allow CNs to call MN.synchronizationFailed() by calling isAdminAuthorized(). The pid must also be valid.
Modify CNodeService.setReplicationStatus() slightly to restrict MN-based calls to only set the status to COMPLETED. The CNs should be setting failures or invalidations, or the status can remain at QUEUED or REQUESTED, and the MNAuditTask can revisit those replicas as needed.
Add a notifyReplicaNodes() method that calls MNStorage.systemMetadataChanged() on MN replica nodes for a given object identifier. This will be called when there are changes to AccessPolicy and rights holder since these are critical access metadata for an MN, but they can only be changed on the CN.
Add some debugging statements in isAuthorized().
In setReplicationStatus(), first check for a replica target MN subject match with the session subject. If this fails, look to see if CN admin access is allowed. Otherwise throw NotAuthorized. Addresses https://redmine.dataone.org/issues/2494
do not allow "Metacat-conforming" identifiers to be used. "test.1.001" is interpreted as "test.1.1" which renders "test.1.002" unusable unless a traditional Metacat "update" is used for that id/revision which contradicts the DataONE use of Identifiers that have no lexical requirements for revisions.
check for session when checking administrative authorization
Remove individual calls to isAdminAuthorized() in favor of the centralized isAuthorized() call that handles it now.
Incorporate isAdminAuthorized() into isAuthorized() for blanket CN access to objects.
check for null Session before continuing with setReplicationStatus()https://redmine.dataone.org/issues/2476#note-3
do not attempt to parse empty file for the failure (BaseException serialization). There are cases when this is not given (failure="") when there is not a failure.https://redmine.dataone.org/issues/2476
check for null session (public) calls to MN.replicate() before passing it to the asynchronous implementation
do not replicate if session is null
throw not authorized when attempting to getReplica as an invalid/non-existent node
transitive properties for mapped subjects:-group membership-verified flaghttps://redmine.dataone.org/issues/2430https://redmine.dataone.org/issues/2432
check group membership defined at group level (in addition to membership defined as part of of the Person level)https://redmine.dataone.org/issues/2429
logging for permission checks - trying to nail down details of MN checking
use Event.CREATE.xmlValue() when converting "insert" to "create" http://redmine.dataone.org/issues/2471
log records should be inclusive of fromDate parameter (>=)https://redmine.dataone.org/issues/2471
use Timestamp object from results, not a new Date object from that Timestamp object
add an alternative method for loading system metadata identifiers but leave it commented out. We may find that using the ObjectList method is too much overhead, but it will always be consistent with what metacat reports for listObjects().
add note about long-running load for shared system metadata map
increase amount of text the 'xml_path_index.path' column can accommodate. I was seeing errors like this during indexing:knb 20120312-11:42:05: [ERROR]: DocumentImpl.buildIndex - SQL Exception while indexing document knb-lter-and.3147 : ERROR: value too long for type character varying(1000) [edu.ucsb.nceas.metacat.DocumentImpl]
Added the following values to the HTTPD site configuration: JkOptions +ForwardURICompatUnparsed AllowEncodedSlashes On AcceptPathInfo On
If PID is not part of the multipart params, we end up with a NullPointerException. Throw an InvalidRequest in this case rather than ServiceFailure resulting from the NPE.