Removing share item (folder) does not work #255
Comments
|
Hi @degoldner I just tested it and you are right, the sharing stays. I did not get the error |
|
@dlpzx , the error happens only when the share request is submitted and approved again after a successfully shared folder has been removed. Then only the share manager task will try to revoke the access for the removed folder as part of the anew approval for the share object. |
|
That said I think our issue here is not how we handle the removal of folders for a share request which has been approved anew but rather we have to think how we handle the removal of share items in the first place and the state associated to them. I could imagine to only directly remove/delete share items in certain states (DRAFT e.g.) and introduce new logic for revoking permissions on item level for share items which are in status Share_Succeeded. |
|
Hi @degoldner, I agree, I have revisited the sharing state machines a few times as well. For a while, I thought about introducing a I will post here any ideas that come up to improve the design and avoid this kind of errors |
|
@dlpzx, our team will also revisit the current state machine for the share request and its share items and then provide a proposal. |
|
Hi @degoldner! Here is a draft from ideas that we have considered. There are 2 options, option 2 is a little simplified but it is mostly the same. The top diagram is the share items state machine and the bottom one the share request state machine. Submission affects only the request and there is a better handling of states in which under-the-hood there is a share (all that are colored in blue)
|
|
I have modified it a bit adding the revokeALL: |
|
I like the more detailed view on the share items state machine! One remark here, I think we should differentiate between removing and revoking a share item. The removing of a share item being the deletion from the share request and the revoking the technical permission removal on the share item. Another point I would like to mention is that the state machine for the share request should be extended as well. |
|
Hi @degoldner, I have been working on this today. I think you are right on differentiating between the two kinds of actions (removeItem vs revokeItem). I have adjusted the SM accordingly. Thank you :) As for the Share Request being in Edit, I see why you are proposing it, but I think with the above design without having items in draft, you always know which items are being requested and what their actual state is. I am working in this branch https://github.com/awslabs/aws-dataall/tree/review-sharing-workflow-folders |
|
Hi @dlpzx, thank you very much for picking this issue up so fast! I agree that inside the share object the item status is clear now. The intention of introducing the EDIT status for the share request was to clearly differentiate between a share request which has already approved items and one which does not. Imagine a user wants to check share requests with approved share items and sees the request in status DRAFT, that might be confusing. Regarding the implementation for the SM of the share items we might want to discuss whether an approval for a share item revoke action is required or it happens automatically? The status of the share request after an item has been revoked could be DRAFT or EDIT, and bringing another point in, what would happen if the share revoke fails, this would not be reflected on the current SM of the share request. Also I think when we revoke an item we should do this not as part of the approval of the share request but immediately calling the revoke handler but for a single items only. What I do not understand is the NO_ITEM status of a share item, where would that state be saved if the share item is deleted or non existing? |
|
Hi @degoldner, After some iterations, here is a more advanced design:
Last, the most important part: do we handle revoke and granting together or separated? As advantage, I see the point of revoking items without the need to going through submission-approval process and secondly we simplify the SM by removing the I am going to take some time to reflect on this and discuss internally. Thank you for your feedback, it is gold :) |
dlpzx
added
type: enhancement
### Feature or Bugfix - Feature - Refactoring ### Detail - Embed sharing actions into code defined State machines - Redesign the sharing workflow to keep track of revoke of access - Adjust and simplify sharing managers and tasks - separation of approval and revoke process - Revoke items in batch - Added info in share statistics in inbox and outbox - Added testing for S3 and LakeFormation share managers and for sharing APIs (Check out the conversation in the below issue for more details) ### Relates - #255 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Dennis Goldner <107395339+degoldner@users.noreply.github.com>
dlpzx
added
status: in-review
- Feature - Refactoring - Embed sharing actions into code defined State machines - Redesign the sharing workflow to keep track of revoke of access - Adjust and simplify sharing managers and tasks - separation of approval and revoke process - Revoke items in batch - Added info in share statistics in inbox and outbox - Added testing for S3 and LakeFormation share managers and for sharing APIs (Check out the conversation in the below issue for more details) - #255 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Dennis Goldner <107395339+degoldner@users.noreply.github.com>
- Feature - Refactoring - Embed sharing actions into code defined State machines - Redesign the sharing workflow to keep track of revoke of access - Adjust and simplify sharing managers and tasks - separation of approval and revoke process - Revoke items in batch - Added info in share statistics in inbox and outbox - Added testing for S3 and LakeFormation share managers and for sharing APIs (Check out the conversation in the below issue for more details) - data-dot-all#255 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Co-authored-by: Dennis Goldner <107395339+degoldner@users.noreply.github.com>
Describe the bug
After having successfully shared folders cross account the removal of certain folders from the share object is not working as expected. The permission is not revoked immediately and also after subsequent submission the permission does not get revoked correctly, though it is not shown in the data.all UI anymore.
How to Reproduce
WHEN
THEN
After owner removes folder from share object the permission is NOT revoked and the owner has no possibility to revoke the whole share object any more.
After approving share object with only one remaining folder the revoking of removed of folders fails and thus no permission to the removed folder is revoked. The requester still has access to the folder.
We identified that the issue resides in the removal of folders in the S3ShareApproval.py class.
When removing a share item from a share object it is deleted from the share object in the database.
Later during approval of the share object we look for the removed folders as a share item and get a None exception:
Sharing task failed due to: 'NoneType' object has no attribute 'status'With the following code being the root cause:
Expected behavior
When the owner of a dataset edits items in the share object he/she should trigger an immediate action which is reflected also in the AWS permission layer or get better feedback about the status of the share item. Removing a share item currently is not equal to actually revoking permissions.
Your project
No response
Screenshots
No response
OS
AWS deployment
Python version
3.7
AWS data.all version
v1.2.0
Additional context
No response
The text was updated successfully, but these errors were encountered: