Skip to content

Revoke signed URLs #341 #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: draft
Choose a base branch
from
Draft

Revoke signed URLs #341 #381

wants to merge 1 commit into from

Conversation

m-mohr
Copy link
Member

@m-mohr m-mohr commented Apr 15, 2021
edited
Loading

Proposal for issue #341.

Please note that this endpoint could also be used for other functions in the future, that's why there is the specific requirement to send a specific command (i.e. assets = null) to the back-end to indicate that it should revoke access to assets.

This is more an idea for now, but would like to get feedback on the idea.

@m-mohr m-mohr mentioned this pull request Apr 15, 2021
Merged
@m-mohr m-mohr requested a review from soxofaan April 15, 2021 11:22
@m-mohr m-mohr linked an issue Apr 15, 2021 that may be closed by this pull request
Revoke signed URLs #341
Open
@soxofaan
Copy link
Member

Proposed commit looks fine.

some thoughts:

  • PATCHing assets to null might also be used to remove batch job result files from the backend (e.g. to reduce your storage bill without removing batch job metadata)
  • What if the backend does not support invalidating urls, e.g. because the (third party) storage solution does not support it? Should the backend then not support PATCH .../results (through the capabilities doc), or should it throw an error (e.g.FeatureUnsupported)?

@soxofaan soxofaan mentioned this pull request Apr 15, 2021
Open
@m-mohr
Copy link
Member Author

m-mohr commented Apr 15, 2021
edited
Loading

  • PATCHing assets to null might also be used to remove batch job result files from the backend (e.g. to reduce your storage bill without removing batch job metadata)

That would still be possible. assets: null is not allowed in STAC so we can use it for this special behavior. To actually remove assets, you'd send assets: {} (i.e. empty object) to be STAC-compliant.

  • What if the backend does not support invalidating urls, e.g. because the (third party) storage solution does not support it? Should the backend then not support PATCH .../results (through the capabilities doc), or should it throw an error (e.g.FeatureUnsupported)?

Endpoints in general should not be listed in the capabilities so that clients don't request them. Whether back-ends return a 501 or 404 or something else in the 4xx or 5xx range, if clients request the endpoint anyway is mostly up to them.
You'd be required to send a FeatureUnsupported though if you can e.g. do the asset removal (empty object), but not the asset renewal (null) and a client requests the renewal.

@soxofaan
Copy link
Member

assets = null to revoke all previously generated signed URLs
To actually remove assets, you'd send assets: {}

To be honest, this looks quite cryptic and somewhat ad-hoc to me

@m-mohr m-mohr added this to the future milestone Apr 16, 2021
@m-mohr
Copy link
Member Author

m-mohr commented Nov 3, 2021

Indeed, looking at it after a while makes it look weird. Maybe a specific HTTP header or a separate HTTP endpoint (although an issue with REST conventions) are better options.

@m-mohr m-mohr assigned m-mohr and unassigned m-mohr Dec 1, 2021
Base automatically changed from draft to master May 25, 2023 08:23
@m-mohr m-mohr changed the base branch from master to draft June 1, 2023 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soxofaan soxofaan Awaiting requested review from soxofaan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
future
Development

Successfully merging this pull request may close these issues.

Revoke signed URLs
2 participants
@m-mohr @soxofaan