Skip to content

Revoke signed URLs #341#381

Draft
m-mohr wants to merge 1 commit intodraftfrom
jobs-revoke-signed-urls
Draft

Revoke signed URLs #341#381
m-mohr wants to merge 1 commit intodraftfrom
jobs-revoke-signed-urls

Conversation

@m-mohr
Copy link
Member

@m-mohr m-mohr commented Apr 15, 2021
edited
Loading

Proposal for issue #341.

Please note that this endpoint could also be used for other functions in the future, that's why there is the specific requirement to send a specific command (i.e. assets = null) to the back-end to indicate that it should revoke access to assets.

This is more an idea for now, but would like to get feedback on the idea.

@m-mohr m-mohr mentioned this pull request Apr 15, 2021
Merged
@m-mohr m-mohr requested a review from soxofaan April 15, 2021 11:22
@m-mohr m-mohr linked an issue Apr 15, 2021 that may be closed by this pull request
Revoke signed URLs #341
Open
@soxofaan
Copy link
Member

soxofaan commented Apr 15, 2021

Proposed commit looks fine.

some thoughts:

  • PATCHing assets to null might also be used to remove batch job result files from the backend (e.g. to reduce your storage bill without removing batch job metadata)
  • What if the backend does not support invalidating urls, e.g. because the (third party) storage solution does not support it? Should the backend then not support PATCH .../results (through the capabilities doc), or should it throw an error (e.g.FeatureUnsupported)?

@soxofaan soxofaan mentioned this pull request Apr 15, 2021
Open
@m-mohr
Copy link
Member Author

m-mohr commented Apr 15, 2021
edited
Loading

  • PATCHing assets to null might also be used to remove batch job result files from the backend (e.g. to reduce your storage bill without removing batch job metadata)

That would still be possible. assets: null is not allowed in STAC so we can use it for this special behavior. To actually remove assets, you'd send assets: {} (i.e. empty object) to be STAC-compliant.

  • What if the backend does not support invalidating urls, e.g. because the (third party) storage solution does not support it? Should the backend then not support PATCH .../results (through the capabilities doc), or should it throw an error (e.g.FeatureUnsupported)?

Endpoints in general should not be listed in the capabilities so that clients don't request them. Whether back-ends return a 501 or 404 or something else in the 4xx or 5xx range, if clients request the endpoint anyway is mostly up to them.
You'd be required to send a FeatureUnsupported though if you can e.g. do the asset removal (empty object), but not the asset renewal (null) and a client requests the renewal.

@soxofaan
Copy link
Member

soxofaan commented Apr 15, 2021

assets = null to revoke all previously generated signed URLs
To actually remove assets, you'd send assets: {}

To be honest, this looks quite cryptic and somewhat ad-hoc to me

@m-mohr m-mohr added this to the future milestone Apr 16, 2021
@m-mohr
Copy link
Member Author

m-mohr commented Nov 3, 2021

Indeed, looking at it after a while makes it look weird. Maybe a specific HTTP header or a separate HTTP endpoint (although an issue with REST conventions) are better options.

@m-mohr m-mohr assigned m-mohr and unassigned m-mohr Dec 1, 2021
Base automatically changed from draft to master May 25, 2023 08:23
@m-mohr m-mohr changed the base branch from master to draft June 1, 2023 11:09
@m-mohr m-mohr moved this to Todo in Next API release Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@soxofaan soxofaan Awaiting requested review from soxofaan

Assignees

No one assigned

Labels

None yet

Projects

Next API release
Status: Todo

Milestone

future

Development

Successfully merging this pull request may close these issues.

Revoke signed URLs

2 participants

@m-mohr @soxofaan

Comments