Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix tiering with complex permissions and rodsusers running tiering rules (main) #299

Merged
merged 6 commits into from
Jan 15, 2025
Merged

Fix tiering with complex permissions and rodsusers running tiering rules (main) #299

merged 6 commits into from
Jan 15, 2025

Conversation

alanking
Copy link
Contributor

Addresses #164
Addresses #189
Addresses #273
Addresses #293

Cherry-picked from #295

korydraughn
korydraughn approved these changes Jan 15, 2025
View reviewed changes
Copy link
Collaborator

@korydraughn korydraughn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ship it.

@alanking
[irods#292] .clang-format: Do not use tabs nor align trailing comments
13e7013 
Restore use of tabs before running clang-format on all the code.

AlignTrailingComments is false in irods/irods and is generally annoying,
so don't restore that.
@alanking
[irods#293] Add tests for tiering rules as rodsuser
678d182 
Also adds ability to specify a session for running the
tiering rule in tests. Previously, this was done using
a temporary session for an existing admin user.
@alanking
[irods#293] Only allow rodsadmins to run tiering rules
954ae09
@alanking
[irods#164,irods#189,irods#273] Add tests for tiering with various pe…
81e3305 
…rmissions
@alanking
[irods#164,irods#189,irods#273] Run all storage tiering ops as admin
f86e931 
This commit makes a couple of changes:

1. Added proxy_connection::make_rodsadmin_connection.
This function simply establishes a client connection as the
local service account rodsadmin. Importantly, it also sets
the authFlag in the created RcComm in order to appropriately
indicate the privilege level of the client user.

2. All instances of establishing a connection with the local
server to perform actions have been replaced with connections
as the local service account rodsadmin. This allows storage tiering
to do its job properly without needing to worry about user
permissions. Note: Violating queries still select the USER_NAME
and USER_ZONE, but they are no longer used.
@alanking
[irods#273] Fix race condition in migration scheduler
3a411e6 
The lambda function fed to the irods::query_processor for
scheduling violating data objects for migration had a race
condition wherein objects marked as already having been
processed were not protected by a mutex. This resulted in
data objects with multiple users or groups with permissions
on those data objects being scheduled for migration multiple
times.
@alanking
Copy link
Contributor Author

#'d, mergin

@alanking alanking merged commit f8a2155 into irods:main Jan 15, 2025
1 check passed
@alanking alanking deleted the perms.m branch January 15, 2025 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@korydraughn korydraughn korydraughn approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alanking @korydraughn