Default 'nothing allowed' state for ServiceComputePrivacy

[kremalicious]

At the moment, whenever a new compute data set is published all published algorithms are allowed to run on it by default, which seems unintended. This is because in the background there are some unexpected interpretations of non-existing or empty array value for publisherTrustedAlgorithms.

To make this more clear and explicit, we could have something like allowAllAlgorithms within ServiceComputePrivacy, set to false by default upon data set publish, as suggested in oceanprotocol/market#417 (comment)

[mihaisc]

As far as i know this was intended, empty publisherTrustedAlgorithms means all algorithms are allowed. But now that i think about it this is conceptually wrong. Everything should not be allowed until the publisher expresses its wishes

[alexcos20]

ComputePrivacy is going to look like this:

export interface publisherTrustedAlgorithm {
  did: string
  filesChecksum: string
  containerSectionChecksum: string
}

export interface ServiceComputePrivacy {
  allowRawAlgorithm: boolean
  allowNetworkAccess: boolean
  allowAllPublishedAlgorithms: boolean
  publisherTrustedAlgorithms?: publisherTrustedAlgorithm[]
}

where:
allowRawAlgorithm: boolean - if you can start a compute job with a raw algorithm (drag&drop)
allowNetworkAccess: boolean - if algo pod has network access during compute (not implemented yet in C2D)
allowAllPublishedAlgorithms: boolean - if you can start a compute job with any published algorithm
publisherTrustedAlgorithms - specific list of algos approved by the publisher. If this list is empty -> there are no trusted algos by the publisher.

Having allowRawAlgorithm == false && allowAllPublishedAlgorithms == false -> only trusted algos can be started.
If publisherTrustedAlgorithms is also empty -> you cannot run any jobs on that dataset

Default values on publishing:

• allowRawAlgorithm: false
• allowNetworkAccess: false
• allowAllPublishedAlgorithms: false
• publisherTrustedAlgorithms : []

[mihaisc]

allowNetworkAccess: boolean - if algo pod has network access during compute (not implemented yet in C2D)

if the pod has no network access how does it fetch the data?

[alexcos20]

data is fetched by pod-configuration, before algo pod is created.
Algos are using data from an already mounted volume, under /data