Since we already have determined access via isAuthorized() and isAdminAuthorized(), act as the Metacat administrator during calls to DocumentImpl.delete() in archive(), passing in null username and group.
restrict getLogRecrods (both MN and CN) to be called only by admin users (the CN)https://redmine.dataone.org/issues/2855
In setReplicationStatus() and UpdateReplicationMetadata(), don't allow a status state change from COMPLETED to anything other than INVALIDATED. This prevents the completed status from being overwritten due to race conditions.
script to aid in converting denyFirst rules to allowFirsthttps://redmine.dataone.org/issues/2613
use kepler account as default
use metacat.properties to specify the default checksum algorithm to use -- this way it will be easy for us to switch to whatever DataONE decrees. https://redmine.dataone.org/issues/2834
put(sm) for every pid we have a SM value for so that all members receive the entry event and can save locally.
Throw an exception when NOT allowed, not when allowed =).
ignore partition owner -- always attempt to look up form local store if we were unable to get the SM from the shared map.
do not check if this CN has a "perfect" copy of the SM identifiers -- we need any CN coming online to contribute the records that they have locally so that in the event that all three CNs have a partial view of things they all eventually share each others' SM entries.
Also get the list size, which may throw an NPE.
Only add an AccessPolicy to SystemMetadata during generation when the AccessPolicy is not empty. We've had some scenarios where IdentifierManager.getaccessPolicy() is returning an empty policy because of an empty permission list coming from the db. This was causing InvalidSystemMetadata exceptions during MN to MN replication.
push SystemMetadata entries from the CN that has them all to the shared map where other nodes may not have all entries. The CN with the complete copy only pushes SM entries that it does not own and that return as null because those are the ones that are missing on the other, non-complete CNs....
trace level log for looping over EVERY pid in the system.
meant to log the guids (source) not the pids (target)
logging for each step of shared identifiers loading.
remove pause/resume - seemed to make metacat just hang on SM retrieval. Add more logging when returned SM is null -- want to make sure it is becuase the local node "owns" the pid key even though there is no value for it.
due to hudson build issue, did not actually end up testing pause/resume -- trying that again
pause/resume was not enough. trying shutdown/restart
experiment with lifecycle pause/resume. hopefully it prevents our node from taking ownership of any keys before we are sure we have them all.
increase logging and add back in the call to saveLocally() in case the SM object has already been loaded into the shared map but before this node came back online.
no need to call saveLocally explicitly since loading from the shared store triggers that behavior locally because of the configured listeners.use an iterator over the shared identifiers in case this set is constantly changing.
make only one DB call to look up local pids - no need to do a pstmt for every single shared pid.
on init (start up) launch a synchronization thread that ensures all shared identifier entries have a corresponding local System Metadata entry.
use 'allowFirst' for access rules. We have deprecated 'denyFirst' and deny rules in Metacat as of 2.0.0
handle https-only server configuration -- must pull resources from https not http for the skins etc.
fix NPE (logMetacat object was not initialized) that was occurring during store()
stack trace the HZ put exception during CN-CN replication
additional debugging statements for CONCURRENT_MAP_PUT error during CN-CN replication.
include eml2.0.0beta4 DTD during Metacat build so that we can continue to accept (and validate) beta4 documents.This arose when testing Metacat as DataONE Coordinating Node where legacy documents are being housed in the CN.
encode '/' and ':' in the DOI used for the resolve URL
Don't set the replication status to failed for an object when it is called by a public user. Just throw the NotAuthorized exception. This prevents this node from being de-prioritized because of public calls to the method.
include revisions table in the initial temp table population.use the "first" creator listed in the EML (either org or person).use other reasonable default values as needed to fully populate the spreadsheet columnshttps://redmine.dataone.org/issues/2815
add columns: publisher and pub_date. include default values for all columns - even data files should have title.still a few todos but closer.https://redmine.dataone.org/issues/2815
script to generate DOI registration spreadsheethttps://redmine.dataone.org/issues/2815
share the same dbConnection when inserting and then updating SystemMetadata objects in the backing store.any errors encountered during the update will rollback the entire transaction and the SM record will not exist, even in part.
Do not loadAllKeys() for SystemMetadataMap when Metacat first starts up. hzIdentifiers will be populated with a simple SQL statement rather than the serial loading of every single SystemMetadata object. It will remain in synch using the usual entryXXX() methods as before....
include pidFilter handling - only matches the complete pid. Issues a warning in the Metacat logs when pidFilter cannot be applied but allows the call to getLogs() to return as though there was no pidFilter given.https://redmine.dataone.org/issues/2798
use at least one thread on single-processor machines.https://redmine.dataone.org/issues/2800
script for re-applying missing FK constraints on KNB production DB.http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5608
Add a few logging statemnts for round trip replication metrics.
add trace statements for measuring time to complete SM generation.
instead of generating SM and ORE maps during dataone configuration/MN registration, moved this all to the replication admin screen where we can target generation for specific nodes. That way it's more controlled as to when and where we generate DataONE required content....
include all EML versions (had been only eml 2.1 for testing)
Append more information such as user name and group to the validating session response.
remove exception from method decl - was not matching the interface def and not compiling.
add "Generate System Metadata" button to the replication server list display. When clicked, we generate SM for records belonging to that source server. This is only enabled when DataONE has been configured.https://redmine.dataone.org/issues/2762
expose serverLocation parameter to run GenerateSystemMetadata for different replication parters as needed.https://redmine.dataone.org/issues/2740
only generate system metadata for original objects.https://redmine.dataone.org/issues/2721
handle authorization for delete() differently for CN vs MN.On the CN, only the CN (or tbd admin user) can call it.On the MN, both the CN (or admin user) and the same MN can call it.
add Session-less archive() method
only admin users can call MN/CN.delete(). This is limited to any CN and only the MN that is calling itself
update the sysmeta data modified when setting archived=truehttps://redmine.dataone.org/issues/882
handle CN.archive() rest call: PUT /archive/{pid}https://redmine.dataone.org/issues/2678
correct log about 'archive' being called
handle 'archive' rest callshttps://redmine.dataone.org/issues/2678
[optionally] do not archive the xml_documents and xml_nodes to *_revisions when 'deleting' a document. This will effectively guarantee that the document/data cannot be retrieved after delete.NOTE: D1 system metadata will persist (for now) so that the ID cannot be reused with the DataONE API but Metacat calls may allow the ID to be reused -- may need to reconsider this behavior....
optionally remove the document/data file from the filesystem completely when 'deleting' it.https://redmine.dataone.org/issues/2677
newer d1 jars that include shared AuthUtilsmethod for isAuthorized() consistencyhttps://redmine.dataone.org/issues/2661
implement MN and CN.archive() method -- really just the existing delete() methods.https://redmine.dataone.org/issues/2674https://redmine.dataone.org/issues/2675
call MN.delete() for each replica when CN.delete() is calledhttps://redmine.dataone.org/issues/2676
defer to AuthUtils for flattening out the equivIdent subject list.https://redmine.dataone.org/issues/2661
check normal access control rules for getSystemMetadata before deferring to MN replica information that may grant MNs additional access to the SM.https://redmine.dataone.org/issues/2656
include Session-less interface methods and updated jars that define them.
use a shared ExecutorService for replicate() calls.https://redmine.dataone.org/issues/2623
remove extraneous pid and permission parameters from isAdminAuthorized() method and make public so that it can be called in other locations - namely before our asynchronous replicate() implementation on the MN.
check for empty null (missing) node.subjectList. This should probably be a required element in the D1 schema, but it appears not. (ORNL entry was missing subjects in cn-dev environment)
just use the e.getMessage() as e.getCause() may be null (seeing NPE when testing via the MN IT tester)
no not record EML access rules that use the "denyFirst" permOrder.https://redmine.dataone.org/issues/2614
needed to initialize the nodeList that stores matching nodes (by subject) -- this was the source of a NPE when we had a matching node subject.
do not create docid-guid mapping unless we are supposed to write access rules for the data to the dbasehttps://redmine.dataone.org/issues/2572
As Ben suggested, don't compare to the node list if there are no replicas listed. This reduces the number of calls to listNodes() on the CN.
Minor logging change in throwing ServiceFailure when Hazelcast throws a RuntimeException.
Modify getSystemMetadata() to allow nodes that are listed as replicas to access the system metadata. Use the Session.Subject to find a list of nodes from the CN that match the subject, and compare those node ids to the listed replica node ids. Add listNodesBySubject() helper method to do so.
save backup properties before attempting node registration/update so that we don't "forget" the user input
add a parameter for optionally writing EML-embedded access control rules to the Metacat DB.https://redmine.dataone.org/issues/2584https://redmine.dataone.org/issues/2583
added comments and logging about https://redmine.dataone.org/issues/2572
generalize the exception handling because our actions are the same no matter what the specific error is during create - we just notify the CN that the replicate call failed
catch general Exception that may be thrown during MN.replicate() when creating the object locally. There are a few records that keep slipping off our radar with no explanation as to why they remain in "REQUESTED" status.
do not download data at this point
catch errors for each localid we are processing so that they do do prevent other ids from having ORE content generated
additional debug logging for tracking down MN replication errors
only 2.1.0 EML docs for ORE generation right now...
band-aid for CN-CN replication permOrder issue when access control is embedded in EML and the system metadata is replicated before the EML. we just log the inconsistency and allow the insert to succeed https://redmine.dataone.org/issues/2583
add comment about returning early when no system metadata can be found.removed extraneous check on the content type of the SM -- was unused.formatted indenting
for SystemMetadata events we first check the event for the SM value. If it returns null, we look it up from the shared map. It seems as if we don't always get a value with our events.
comment out: synchronize local system metadata on cn restart
synchronize local system metadata on cn restart
additional logging in MN.replicate()
double check "ecogrid" data urls for valid docid.rev - namely integer rev numbers - when parsing EML and also generating system metadata when necessary. Log the errors as warnings.
log calls to store() system metadata to the backing store
register stmml-1.1 schema (distributed as part of EML 2.1.0) in an effort to avoid unnecessary network traffic or the failed retrieval of the stale XSD sitting on unofficial servers
Add the listener for LifecycleEvent state changes
synchronizeLocalStore() when the cluster has a LifecycleEvent state change to RESUMED.
refactor memberAdded code to separate method - synchronizeLocalStore for possible reuse
handle last group of ids (oops)
use range of the list for test system metadata