Hello Reader, here is this month’s iRODS news and developments!

News

A late one this month, so with more brevity than usual, apologies.

Paid Remote internships!

​Announcement It used to be that it had to be US based, might not be true? Do ask them if interested…

iRODS Development Update - December 2022

​Full update.* So* last year… ;-)

Python iRODS Client Release v1.1.6

Version 1.1.6 is released. Changelog​

​Changed from 1.1.5 (shows the changes to README as well)

Main Repository Activity

Open Issues

​Consider deprecation of acAclPolicy{msiAclPolicy(‘STANDARD’);} (strictACL as a knob)​

The default is changing to have ACL policy stop browsing collections unless the user has the appropriate permissions.

​How to use spLogSql​

This can be very useful if you don’t have the expertise or access to see the queries from the database side, so this issues clarifies how to turn it on (warning; it’s quite verbose!), as the existing docs have a couple of interpretations.

​iinit truncates password from stdin (pam_password)​

​iRODS must not allow non-admins to delete delay rules created via policy​

​Getting parsing and SSL connection errors with the logical quota plugin configured if there is unspecified rule instance call​

​Rule engine framework should stop if the rule execution returns a success?​

​Only the first item in catalog_provider_hosts the list is considered in negotiation key determination​

Having multiple ones considered would make HA easier, for certain. Or perhaps more complex!

​iput/iget across federation fails when federation negotiation_key does not match local zone negotiation_key​

What a bug! If you use Federation, it is worth being aware of this, when upgrading. I saw it in 4.2.11, and it wasn’t present in 4.2.7, so probably 4.2.9 or later?

​Opening a data object for write will not write to an existing copy if it is on a non-default resource​

​allow itree options specifying multiple match/ignore patterns​

​itree –pattern and –ignore should mimic “tree” command more closely​

I have to say, I don’t use tree in much more depth than the basics, so was interested to learn some additional options.

New access levels

Theses are introduced in the 4.3 code but not fully rolled out yet as I understand this, so if more complex ACLs are of interest, keep an eye on issues like these. That being said, I’m just going to leave them here, rather than go into them in depth. Let me know if you’d rather I went into detail on every issue, no matter its status, though.

​Cannot delete objects with the delete_object access level​

​Role of the create_object access level for data objects?​

​Cannot create objects inside a collection with the create_object access level​

Closed Issues

Closed on - 2023-01-04 21:36:58 Allow changes to myOutStruct pointer to be seen following call to sendAndProcApiReply()​

Closed on - 2023-01-04 21:37:57 Add missing elements for sql log category​

Closed on - 2023-01-04 21:38:21 Remove logic for log_level from startup script​

I don’t quite follow this issue, I think it’s saying that the setup script will fill in any missing defaults, so the exception is not needed here?

Closed on - 2023-01-11 16:19:28 msiSetDefaultResc / acSetRescSchemeForCreate no longer force Resource write when incorrect resource given​

In >= 4.2.9, if you specify a resource on the command line that doesn’t exist when uploading, the defaults will not redirect you to the default resource.

I presume therefore that if you don’t provide a resource, the default is still honoured.

Closed on - 2023-01-03 13:05:34 Error when calling msiDataObjChksum from acPostProcForFilePathReg​

 in 4.2.9, with the work done to unify many of the codepaths and provide logical locking - the registration for both 'large' AND 'small' files now happens prior to data being written to disk - as a placeholder for the locking to have a thing to hold.
In 4.2.8 and before, registration-before-data-on-disk would have only happened for 'large' files that triggered parallel transfer (default, >32MB).
Please try pep_api_phy_path_reg_post() instead

Closed on - 2022-12-22 21:09:46 Possible segmentation fault.​

Targetted for a 4.2.12 fix.

Depending on the version of the compiler and standard libraries, int freeL1desc_struct(l1desc& _l1desc) may cause segmentation fault.
It will be caused by the call _l1desc.replica_token.clear();
The root of the problems lies in the use of an object of type string initialized via memset in int initL1desc().

Closed on - 2022-12-20 15:16:55 Add support for admin mode to rx_atomic_apply_acl_operations()​

This would allow admins to bypass permissions and modify ACLs on other users's collections and data objects.

Closed on - 2022-12-19 17:13:39 rodsadmin should not be allowed to downgrade user type of another rodsadmin operating an irods-server​

I wonder what happens if a server is down when the poll happens? One assumes that the account wouldn’t get flagged. It also makes me wonder how the account is picked up - via izone report, perhaps? I am thinking of edge cases where say a zone might have two Providers, but as neither provider has any resources, it would only pick up the provider the check was run on and any consumers? The issue is closed now, and I don’t want to reactivate it for idle speculation!

Closed on - 2022-12-19 17:13:32 rodsadmin can downgrade their own user type​

See above!

Closed on - 2023-01-05 22:26:37 iquest not like operator not working for DATA_RESC_HIER​

4.2.12 target as 4.3 uses flex/bison instead. Spot the errant banana…

Closed on - 2022-12-23 22:23:05 write ticket for collection does not allow upload of new data objects​

To clarify ... in 4.2.6, using iput and specifying (via the -t ticketstring option) a write ticket on coll A :
may be used to force-overwrite an existing data object directly in that collection
may be used to create a new data object (of whatever name) directly in that collection
may not be used to write into data objects within A's subcollections (whether pre-existing or not)
What the above mentioned commit 6ed2c6f loses us in the above list is the second (2) capability.

Closed on - 2022-12-19 18:59:54 After iexit full with PAM, icommands ask for Native irods password.​

Fixed in 4.3.0, left as wont fix for 4.2.12

The issue appears to be that iinit is super special in how it handles different authentication schemes with respect to clientLogin. As @trel mentioned back in 2017, clientLogin can be adjusted to handle this case for all iCommands. The logic for determining whether to "override" the authentication scheme from the environment would need to be ported to clientLogin. I do not know at this time how this interaction will play out for other authentication plugins (e.g. OpenID).

Closed on - 2023-01-11 16:43:58 core.re cache not updating after rapid sequential changes to core.re​

Targetted for 4.2.12

Python iRODS Client Activity

Open Issues

​irods.access.iRODAccess.codes not well-ordered in Python2​

​Show iRODS Permission Model - List Access Levels​

A number of the ACL issues in the main repo are also referred to here, with the same caveats.

Closed Issues

Closed on - 2023-01-12 20:09:24 raise error in testing if server is more recent than advertised IRODS_VERSION​

irods.message.IRODS_VERSION is the highest version of iRODS for which the PRC advertises compatibility. This variable is used in the generation of the StartupPack message.
By raising an error condition when the test suite is run if the server is more recent than what IRODS_VERSION variable indicates appropriate, we can ensure a reminder to update the variable.

Closed on - 2022-10-18 17:41:59 Rule execution with a file with null input throws an error -1201000​

Closed on - 2023-01-12 18:15:29 Expose err no code in string representation of an irods.exception​

Hurrah, for more helpful logs!

Closed on - 2023-01-04 16:12:12 iRODSResource needs access to its parent resource’s name​

Alternatively we just make a free function in the Python library that computes a resc hierarchy string given an iRODSResource object. This makes it clearer to library users that retrieving the hierarchy string is not an iRODS innate capability, but rather a client computation of complexity O(Depth)

As the issue also mentions, once computed it’s always possible it’s out of date, so you and throw away, unless you know you’re not moving resources around a lot?

Closed on - 2022-12-19 17:59:21 DataObjectManager.open() ignores DEST_RESC_HIER_KW​

As of PRC version 0.8.5 , a data object open( ) call respected DEST_RESC_NAME_KW but ignored DEST_RESC_HIER_STR_KW, so that low-level open( ) calls from within parallel put were opening replicas on the default resource , even if a different resource was being targeted by the put request.

NFSRODS Activity

Open Issues

​SNAPSHOT reference in 2.1.0 pom​

in tagged version 2.1.0 the pom contains a reference to 4.3.2.5-SNAPSHOT of Jargon.
Shouldn't tagged versions always reference RELEASE? ...
That is the intent - but 4.3.2.5-RELEASE was not available at the time. If this is important for your organization / policy, please let us know and we can prioritize accordingly.

YODA Activity

Open Issues

​[BUG] Removing all Contributor or Identifier blocks generates a confusing Validation warning​

The metadata form should either disallow removing all Contributor or Identifier "blocks" in the form or silently add an empty block on saving.

If you think someone else would appreciate this newsletter, they can sign up at https://theresource.metadata.school/​

Two Yaks were shaved in the making of this newsletter. There were more waiting, but I ran out of TUIT’s