Storage issueshttps://community.opengroup.org/osdu/platform/system/storage/-/issues2022-11-21T11:53:43Zhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/9[System/Storage] Frame of Reference API for Normalized Records2022-11-21T11:53:43ZGary Murphy[System/Storage] Frame of Reference API for Normalized RecordsThe Storage service needs an API method to fetch records with numerical and date-valued attributes in a common frame of reference. Since ingested records can currently be in a variety of CRS and Unit systems as well as time zones, ther...The Storage service needs an API method to fetch records with numerical and date-valued attributes in a common frame of reference. Since ingested records can currently be in a variety of CRS and Unit systems as well as time zones, there needs to be a way for consumption zones to fetch records with a common frame of reference for meaningful comparisons as well as map displays, data quality metrics, and essentially any workflow requiring the same measurement system for an attribute.
The Storage API does not need to persist converted records, but should be an API enabling on-the-fly, in-memory representations of records to be retrieved. This is a common concern of all Storage consumers.
The API needs to handle:
- **NaN in data:** NaN values are allowed in Storage, so normalization needs to handle it correctly by treating it as an invalid value when trying to convert.
- If prerequisites such as lat/lon are not provided, then system should not try to do any conversion.
- Consistent error message needs to be provided for empty/missing/null values.M1 - Release 0.1https://community.opengroup.org/osdu/platform/system/storage/-/issues/46Design consideration: Support transactions2022-09-29T13:41:40ZAlan HensonDesign consideration: Support transactionsOne of the requirements made of ingestion is to support transactional capabilities while storing records. This would allow any process interacting with the Storage API to perform the following:
- Begin a transaction
- Modify one or more ...One of the requirements made of ingestion is to support transactional capabilities while storing records. This would allow any process interacting with the Storage API to perform the following:
- Begin a transaction
- Modify one or more records (Create, Update, Delete, Purge) without any additional activity occurring (i.e., sending notifications)
- Commit the transaction (persist all modifications in entirety with anyone error resulting in a rollback) - on success, release all notifications generated through the record modifications
- Rollback the transaction (undo all modifications)
I'm sure there are other considerations involved with adding transactional support. These are some early thoughts to initiate the discussion.
The expectation is that this is feature is not considered until after Release 3.Chris ZhangChris Zhanghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/41[System/Storage] Record update collision prevention2022-11-21T11:37:35ZThomas Gehrmann [slb][System/Storage] Record update collision preventionThe original SDU Storage used
1. sequential version numbers and
1. a validation of the version number during record update. Should an update request refer to a version number less than the current last version, the update request is rej...The original SDU Storage used
1. sequential version numbers and
1. a validation of the version number during record update. Should an update request refer to a version number less than the current last version, the update request is rejected.
This issue is about recording the difference in behavior between original and current R3 Storage, where
1. version numbers are system generated (timestamps) and
1. no validation of the version number happens. As a consequence all updates will succeed including apparently conflicting, simultaneous updates.
It is important to understand that the request to restore the previous SDU/OSDU validation is a **breaking** change, which may require adding the version property to the list of required system properties (=change in Data Definition affecting all records).
Thanks to @doniger to help understand this requirement.
# Priority
1. Behavior change: prevent record update collisions/conflicts.
2. Usability: the int64 numbers are not user friendly; consider usability in the _presentation_ of the version to end-users.
# Required actions:
* Decision whether or not the re-implement the update collision prevention.
* If yes:
1. Create a transition plan to support the breaking change;
1. Usage rules for populating the version number in the create/update requests;
1. Version number presentation recommendations.
* If no:
1. Augment documentation to describe the behavior during update collisions/conflicts and how to detect them.M1 - Release 0.1ethiraj krishnamanaiduethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/49Add Storage endpoint to create ids on request2022-09-29T13:41:40ZAlan HensonAdd Storage endpoint to create ids on requestAs part of storing records in OSDU, the Storage service creates an `id` value when the Record stored is absent an `id` value. The only way to get the `id` is to store the record. There are use cases, such as processing `surrogate-key` va...As part of storing records in OSDU, the Storage service creates an `id` value when the Record stored is absent an `id` value. The only way to get the `id` is to store the record. There are use cases, such as processing `surrogate-key` values prior to storing records, that warrant having an `id` created prior to storing the record so processing can occur external to storage while still using storage-generated (aka system-generated) `ids`.
This would function similarly to how database sequences might work. The API should support a request for one or more `id`s and it should support creating these `id`s for more than one type of `kind`.https://community.opengroup.org/osdu/platform/system/storage/-/issues/58[Question] PUT Record with same id overwrites previous record2022-11-21T10:22:09ZAlan Henson[Question] PUT Record with same id overwrites previous recordAsking on behalf of one of my teams:
In R2 we could upload a record multiple times with the same `id` and it would create a new record each time with a new version.
In R3 if we store a record more than once, it will overwrite the old r...Asking on behalf of one of my teams:
In R2 we could upload a record multiple times with the same `id` and it would create a new record each time with a new version.
In R3 if we store a record more than once, it will overwrite the old record without saving a new version.
Question:
Is this the expected behavior?ethiraj krishnamanaiduChris Zhangethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/61Different CSPs respond with different status code when a request is rejected ...2022-11-21T10:42:35ZKrishna Nikhil VedurumudiDifferent CSPs respond with different status code when a request is rejected by SpringBoot firewallA recent change was introduced in MR - https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/175 where conditional enablement of a feature **To support special character %25 in URLs** was enabled.
The expectatio...A recent change was introduced in MR - https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/175 where conditional enablement of a feature **To support special character %25 in URLs** was enabled.
The expectation was that the service responds with 403 Forbidden status code in case of such errors. However, the observation was GCP / AWS responded with a 500 whereas IBM sent back a 401.
Upon further debugging with @rostislav.dublin , it was identified that Azure and GCP had almost identical stacktrace when a request was rejected by Springboot apart from the single line difference of
Azure - `at org.opengroup.osdu.azure.filters.Slf4jMDCFilter.doFilter(Slf4jMDCFilter.java:54)`
GCP - `at org.opengroup.osdu.core.gcp.filter.Slf4jMDCFilter.doFilter(Slf4jMDCFilter.java:67)`
Hence, until the individual CSPs decide to enable the feature at their end, The newly added integration test will have an assertion of `assertNotEquals(200, response.getStatus());` for the test scenario if the feature flag of `enableEncodedPercentInURL` is not enabledhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/63Storage API /query/kinds behaviour is different on GCP compared to other CSPs2023-03-13T10:16:44ZFlorent FourcadeStorage API /query/kinds behaviour is different on GCP compared to other CSPsAccording to storage API documentation :
> a given **kind** can have zero or exactly one schema associated with.
While testing storage API record creation on Azure, I created a record with a non tied to schema kind.
When requesting /qu...According to storage API documentation :
> a given **kind** can have zero or exactly one schema associated with.
While testing storage API record creation on Azure, I created a record with a non tied to schema kind.
When requesting /query/kinds after record creation, the kind is absent from the returned results.
Doing the same test on a GCP instance, my kind (not tied to a schema) does appears when requesting /query/kinds.
I took a look at the code and I saw that to get the kinds, GCP retrieve all kinds from a RecordMetadata Database, so all kinds are returned, even if not tied to a schema.
On other CSPs, it seems that kinds are returned from a Schema database, so only kinds tied to a schema are returned.https://community.opengroup.org/osdu/platform/system/storage/-/issues/66[Intermittent] Record Metadata is available in Cosmos but the Blob store retu...2022-09-27T11:10:14ZKrishna Nikhil Vedurumudi[Intermittent] Record Metadata is available in Cosmos but the Blob store returns a 404.If record metadata exist and the actual record doesn't exist in BlobStore, FetchBatchRecords API is going to return a 500 with following response
```
{
"code": 500,
"reason": "Unable to process parallel blob download",
"mess...If record metadata exist and the actual record doesn't exist in BlobStore, FetchBatchRecords API is going to return a 500 with following response
```
{
"code": 500,
"reason": "Unable to process parallel blob download",
"message": "AppException(error=AppError(code=404, reason=Specified blob was not found, message=Status code 404, \"<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist._RequestId:580b9915-f01e-0009-2c0a-3c65a8000000_Time:2021-04-28T08:45:41.2917696Z</Message></Error>\", errors=null, debuggingInfo=null, originalException=com.azure.storage.blob.models.BlobStorageException: Status code 404, \"<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist._RequestId:580b9915-f01e-0009-2c0a-3c65a8000000_Time:2021-04-28T08:45:41.2917696Z</Message></Error>\"), originalException=com.azure.storage.blob.models.BlobStorageException: Status code 404, \"<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist._RequestId:580b9915-f01e-0009-2c0a-3c65a8000000_Time:2021-04-28T08:45:41.2917696Z</Message></Error>\")"
}
```
Couple of issues to investigate / fix
- The PersistentServiceImpl ensures that if the blob write has failed, the cosmos db update will not happen. How did we run into this inconsistency.
- If one blob does not exist, the entire FetchBatchRecords call should not fail with a 500.
- Error message for 5xx should always be standard. So, a 500 in this case should be Internal Server Error.https://community.opengroup.org/osdu/platform/system/storage/-/issues/67Skipdupes flag fails to recognize identical records when data block contains ...2022-11-21T11:51:57ZGary MurphySkipdupes flag fails to recognize identical records when data block contains integer-valued fields.**Summary** The "skipdupes" flag on PUT for a record does not work when a property value is an **integer**.
**Details** </br>
When a record is created, the "skipdupes" parameter can be set to "true" such that a duplicate record will not...**Summary** The "skipdupes" flag on PUT for a record does not work when a property value is an **integer**.
**Details** </br>
When a record is created, the "skipdupes" parameter can be set to "true" such that a duplicate record will not be created and the skip will be indicated in the response details. However, if a value for a "data" attribute ("dimension" in the example below) is an integer, skipdupes seems to never recognize that nothing has changed. The PUT request will always create a new record. It seems like float/text are fine.
` "data": {
"log": {
"dataType": "number333",
"dimension": 1,
"family": "Bulk Density Correction",
"familyType": "Density",
"format": "float64",
"longName": "DENSITY CORRECTION (DECR)",
"mnemonic": "DRHO",
"name": "DRHO",
"unitKey": "G/C3",
"bulkURI": "urn:uuid:d789e548-4dbf-4c76-b87a-77f7b29e94fe"
},`https://community.opengroup.org/osdu/platform/system/storage/-/issues/74storage max record id length to 1024 character2022-11-21T16:30:10ZNeelesh Thakurstorage max record id length to 1024 characterAzure Storage service supports record ID up to 1024 character. Other providers don't have this limitation.
Either we make this consistent across all cloud providers or document this specific restriction for Azure.Azure Storage service supports record ID up to 1024 character. Other providers don't have this limitation.
Either we make this consistent across all cloud providers or document this specific restriction for Azure.https://community.opengroup.org/osdu/platform/system/storage/-/issues/75Delete record does not delete the derivatives records.2022-11-21T09:48:12ZNitin-slbDelete record does not delete the derivatives records.Current implementation of Delete api does not check and act on the derivatives records and leave the storage records in inconsistent state. I think the correct behaviour is to delete the child records, but may be other option is to updat...Current implementation of Delete api does not check and act on the derivatives records and leave the storage records in inconsistent state. I think the correct behaviour is to delete the child records, but may be other option is to update the references. This is something to be discussed.https://community.opengroup.org/osdu/platform/system/storage/-/issues/76Normalizer Documentation (Tutorial) missing2023-03-09T18:15:54ZThomas Gehrmann [slb]Normalizer Documentation (Tutorial) missingRelated to issue #37, the tutorial for the 'undocumented endpoint' `query/records:batch` is missing.
This tutorial is present in the OpenDES source, is however a separate markdown file. The content needs to be updated to the OSDU contex...Related to issue #37, the tutorial for the 'undocumented endpoint' `query/records:batch` is missing.
This tutorial is present in the OpenDES source, is however a separate markdown file. The content needs to be updated to the OSDU context and the the tutorials should be cross-referenced.Gary MurphyGary Murphyhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/86Able to insert a record with invalid ACL in preship environment for Azure and...2022-11-21T10:10:35ZKamlesh TodaiAble to insert a record with invalid ACL in preship environment for Azure and IBM platforms**For Azure and IBM**
While testing the Dynamic policy ran into an issue of being able to create a record by providing an invalid ACL, using the storage API.
It appears that the storage API is not validating the ACL. In ACL for owners da...**For Azure and IBM**
While testing the Dynamic policy ran into an issue of being able to create a record by providing an invalid ACL, using the storage API.
It appears that the storage API is not validating the ACL. In ACL for owners data.**nodefault**.owner@...
PUT https://{{STORAGE_endpoint}}/records
[{
"kind": "{{data-partition-id}}:{{schemaSource}}:master-data--Well:1.0.0",
"legal": {
"legaltags": [
"{{tagName}}"
],
"otherRelevantDataCountries": [
"US"
]
},
"acl": {
"owners": [
"data.**notdefault**.owner@{{data-partition-id}}{{domain}}"
],
"viewers": [
"data.default.viewer@{{data-partition-id}}{{domain}}"
]
},
"id": "{{data-partition-id}}:master-data--Well:dynamic-policy-test-data-1-{{randomId}}",
"data": {
"description": "Dynamic policy test record 1"
}
}]
**For AWS:**
It does not create a record and gives the message of Forbidden
**For GCP:**
It does not create a record and gives the message Policy service is unavailable.
[DynamicPolicyTestingStatus.xlsx](/uploads/706b480e63e73f0d34dfa1873f7abbb2/DynamicPolicyTestingStatus.xlsx)[DynamicTestingM7.docx](/uploads/ccff71cfa867c66cbec9642901c883ef/DynamicTestingM7.docx)https://community.opengroup.org/osdu/platform/system/storage/-/issues/88Change the ENV var to be CRS_CONVERTER_API instead of CRS_API2022-11-21T10:37:29ZRitika KaushalChange the ENV var to be CRS_CONVERTER_API instead of CRS_APIIn current implementation placeholder "CRS_API" is used to refer to Crs-converter API. This will be an issue in the future when we want to also use CRS Catalog service since CRS_API is vague to which one it's using.So this should be rena...In current implementation placeholder "CRS_API" is used to refer to Crs-converter API. This will be an issue in the future when we want to also use CRS Catalog service since CRS_API is vague to which one it's using.So this should be renamed to CRS_CONVERTER_API .https://community.opengroup.org/osdu/platform/system/storage/-/issues/91ADR: Move service.datalake.admin group to Admin user role / Lower Storage GET...2024-01-09T11:12:17ZAn NgoADR: Move service.datalake.admin group to Admin user role / Lower Storage GET records and DELETE APIs to Admin roleAPI access level is controlled by different permission groups, the bootstrap of permission groups is explained in this documentation: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/blob/master/docs/b...API access level is controlled by different permission groups, the bootstrap of permission groups is explained in this documentation: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/blob/master/docs/bootstrap/bootstrap-groups-structure.md
Currently, group service.storage.admin is the parent group of group users.datalake.ops.
We want to change the permission such that service.storage.admin should be parent group of users.datalake.admins.
With this change, the following APIs would be lowered to Admin privilege:
GET /query/records <br/>
DELETE /records/{id}<br/>
DELETE /schemas/{kind}
users.datalake.ops (Ops role) is a very high-privileged role given to service accounts only. Previously, there are certain APIs only reserved for this role since we deemed them to be drastic if not done with careful measures. However, per requests from many of our consumers who rightfully want control over their data even in a SaaS offering, we have revisited the permissions. The correct behavior should be allowing these capabilities with admin role, so that admins can query for all records of a kind, and can purge the records for contractual or space reasons. To achieve this, we will move the group service.storage.admin as the parent of admin role group so that users with admin role will have access to above APIs as well.
To de-elevate the permission level of above APIs to ADMIN, we need to move service.storage.admin from the parent of users.datalake.ops to the parent of users.datalake.admins.
After modifying bootstrap process moving service.storage.admin as the parent of users.datalke.admins, when setting up new data partition, above APIs will automatically de-elevate to ADMIN privilege. We also need to migrate existing data partition's group structure to cover such changes.Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/94Remove deprecated storage schema api feature flag and relevant integration tests2022-11-21T11:04:04ZLarissa PereiraRemove deprecated storage schema api feature flag and relevant integration testsThe following endpoints are currently driven by feature flag "schema_endpoints_disabled". MR (https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/251)
* POST endpoint(**/api/storage/v2/schema**) in storage servi...The following endpoints are currently driven by feature flag "schema_endpoints_disabled". MR (https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/251)
* POST endpoint(**/api/storage/v2/schema**) in storage service.
* GET endpoint(**/api/storage/v2/schema**) in storage service
* DELETE endpoint(**/api/storage/v2/schema**) in storage service
* GET endpoint(**/api/storage/v2/query/kinds**) in storage service
When the feature flag is removed please ensure to also update integration tests to fix/remove any tests that are using these deprecated endpoints. Currently these tests are being ignored if the feature flag is true (viz. schema_endpoints_disabled = true) as part of MR (https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/257)
**Update** -- the GET /query/kinds endpoint ended up being taken out from under the feature flag and retained as it is needed for the storage concern around what kinds are actually in storage vs. merely defined in the Schema Service.https://community.opengroup.org/osdu/platform/system/storage/-/issues/100Storage API /query/kinds is broken and breaks reindex functionality2023-03-13T10:16:44ZGary MurphyStorage API /query/kinds is broken and breaks reindex functionality**_Takeaway_**<br/>
The /query/kinds API has been broken in OSDU Storage for quite a while, and fixing it was not a priority as Schema Service endpoints were thought to be the successor solution. This is not the case, and /query/kinds ...**_Takeaway_**<br/>
The /query/kinds API has been broken in OSDU Storage for quite a while, and fixing it was not a priority as Schema Service endpoints were thought to be the successor solution. This is not the case, and /query/kinds needs to work as designed.<br/>
**_Summary_**
The context here is the issue to change the Indexer to use Schema Service schemas instead of the original Storage Schemas (https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/7). This has been done successfully; however, the original plan to retire the Storage Schema endpoints + /query/kinds entirely exposed a hole in functionality that needs to be addressed. Essentially, it was thought that fixing /query/kinds would not be needed with the Schema Service, but the use cases where Storage is the source of truth for *in use* kinds were not caught.<br/><br/>
**Key Use Case** -- reindexing all kinds<br/><br/>
Reindexing all kinds in an Elasticsearch cluster (Reindex All) is an infrequent but vital operation. Cases where it is required include:
disaster recovery after Storage Records are restored, application of changes to Elasticsearch analyzers, and correction of indices after changes to base OSDU schemas or client schemas.<br/><br/>
Disaster Recovery Scenario:
1. All records in Storage (including underlying CosmosDB or FireStore or whatever) are brought back to RPO state.
2. The Search index is not in sync yet with the restored Storage records, so Reindex All is executed.
3. Reindex All should *not* be using the Schema get all schemas endpoint as that will retrieve every schema that has been defined in the installation which includes unused schemas and obsolete schemas and those may number in the thousands. Instead, Reindex All needs to use /query/kinds from Storage which will retrieve only those kinds actually in use in Storage.
4. As Reindex All executes, the list of kinds is retrieved from Storage /query/kinds and iterated over, triggering a reindex on each individual kind known to Storage.M10 - Release 0.13https://community.opengroup.org/osdu/platform/system/storage/-/issues/110Issue in Publisher Facade2022-11-21T09:51:31ZAbhishek Kumar (SLB)Issue in Publisher FacadeThe branch is not in a running state due to bug in the azure core library.
Please refer to this issue https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/issues/17
**Branch:** UsageOfPublishFacadeThe branch is not in a running state due to bug in the azure core library.
Please refer to this issue https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/issues/17
**Branch:** UsageOfPublishFacadeNikhil Singh[MicroSoft]Nikhil Singh[MicroSoft]https://community.opengroup.org/osdu/platform/system/storage/-/issues/111Potential defect related to Delete methods due to no response body - Storage ...2022-11-21T10:12:09ZJevon WilliamsPotential defect related to Delete methods due to no response body - Storage SchemaDELETE API Methods that has no response body. This call will provide both a 204 success code and a 404 failure code but it does not provide any details and/or explanations:
1. Example 204 code is returned but it does not say item has su...DELETE API Methods that has no response body. This call will provide both a 204 success code and a 404 failure code but it does not provide any details and/or explanations:
1. Example 204 code is returned but it does not say item has successfully deleted.
1. Example 404 code is returned but it does not say why the error code was returned
URL Endpoint - base_url/api/storage/v2/schemas/osdu:osdu:fault-system-wp:0.2.0
![deleteAPI_Storage_screenshot](/uploads/1f100652e42805d620d8a6ee55e3dc45/deleteAPI_Storage_screenshot.PNG)https://community.opengroup.org/osdu/platform/system/storage/-/issues/112Potential defect related to Delete methods due to no response body - Storage ...2022-11-21T10:12:01ZJevon WilliamsPotential defect related to Delete methods due to no response body - Storage Delete RecordDELETE API Methods that has no response body. This call will provide both a 204 success code and a 404 failure code but it does not provide any details and/or explanations:
Example 204 code is returned but it does not say item has s...DELETE API Methods that has no response body. This call will provide both a 204 success code and a 404 failure code but it does not provide any details and/or explanations:
Example 204 code is returned but it does not say item has successfully deleted.
Example 404 code is returned but it does not say why the error code was returned
URL Endpoint - base_url/api/storage/v2/records/{{recordIds}}![deleteAPI_Storage_Record_screenshot](/uploads/396a120b7291f242bf4a0fac9b1b12ed/deleteAPI_Storage_Record_screenshot.PNG)https://community.opengroup.org/osdu/platform/system/storage/-/issues/113Storage /records endpoint without having Content-type in the header throws 41...2023-03-01T04:46:31ZAn NgoStorage /records endpoint without having Content-type in the header throws 415 errorStorage /records endpoint without having Content-type in the header throws 415 error codeStorage /records endpoint without having Content-type in the header throws 415 error codehttps://community.opengroup.org/osdu/platform/system/storage/-/issues/117Storage fails to delete large number of records upon legal tag expiration2024-03-21T15:19:58ZAn NgoStorage fails to delete large number of records upon legal tag expirationIf there are large number of records associated with a legalTag that expires after running the cron job, we are seeing availability issues and inconsistent result in terms of record searchability.
**Observations:**
**LegalTag cron job...If there are large number of records associated with a legalTag that expires after running the cron job, we are seeing availability issues and inconsistent result in terms of record searchability.
**Observations:**
**LegalTag cron job update issue:**
**Scenario**: I have a large number of records (in the 6 digits) that are associated with a legalTag (i.e. the record metadata has a particular legalTag (let's call it lt1) in the legal.legaltags section). The legalTag lt1 is set to expire soon
**Event**: lt1 expires
**Action 1** : Cron job `updateLegalTagStatus` is triggered on a periodic basis, which grabs the legalTags that have changed their state (valid to invalid and invalid to valid) and publishes this information onto SB topic 'legaltags' and EG topic 'legaltagschangedtopic'. The legalTag also changes its state in the CosmosDb
'legaltagschangedtopic' has an event subscription to SB topic 'legaltagschangedtopiceg', which has a subscription 'eg_sb_legaltagssubscription'
**Action 2 **: Storage service pulls messages from 'eg_sb_legaltagssubscription' for LegalTag update events and updates records associated with lt1. Storage updates the recordMetadata with active/inactive record status and publishes the change onto SB and EG for indexer-queue to consume.
**Expected outcome:** All records associated with lt1 are now inactive. They are unsearchable from Storage and Search APIs.
**Actual outcome:** Some records associated with lt1 are now inactive. They are unsearchable from Storage and Search APIs. I can still search other records.
**Issue**: Not all records are getting pulled from Storage service at **Action 2** to be processed. Thus, many records simply don't change their state, although the legalTag is invalid now.
**Observed behavior/possible improvements:**
1. The context of legalTag change (active to inactive or inactive to active) is not considered by Storage when fetching records to update. Storage tries to fetch ALL records for that legalTag with the query
SELECT * FROM c WHERE ARRAY_CONTAINS(c.metadata.legal.legaltags, lt1). In case of large number of records, this is a longer operation. We observed throttling on the cosmos-db during this process
2. No way to retry. Because Legal service updates the letalTag status in cosmosDb, running the `updateLegalTagStatus` job again will not pick up this legal tag. To do this, we are required to manually change the status of the legalTag and run the cron job again. Upon manual retries, we face the issue above where Storage is trying to process ALL records again.
3. What happens when Storage job is interrupted, possibly due to pod restart (high cpu utilization) or network error or cosmosDb error? Retrying the whole job doesn't help muchChad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/120Inconsistent behavior of storage PUT when skipdupes is passed as true2022-08-26T10:06:09ZMandar KulkarniInconsistent behavior of storage PUT when skipdupes is passed as trueStorage PUT API has an optional query parameter called [skipdupes](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/docs/tutorial/StorageService.md#using-skipdupes)
Current behavior of storage PUT API to update...Storage PUT API has an optional query parameter called [skipdupes](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/docs/tutorial/StorageService.md#using-skipdupes)
Current behavior of storage PUT API to update existing record is:
If skipdupes is passed as true, if the data, meta blocks in the input request are same as the existing record content, then the record update is skipped.
When skipdupes is passed as true, the record update is skipped in a scenario when the user has passed different legal, acl, tags blocks content in the input request, but data and meta block content is same as that of the existing record.
(This happens because when skipdupes is passed as true, the storage service compares only data and meta blocks of the incoming and existing records and not all the blocks in the record.)
Expected behavior is :
If skipdupes is passed as true, both data and meta blocks should be compared. If data block is same but legal, acl, tags blocks are different, then the same record should be updated. To keep the behavior in-sync with PATCH API, the record version should not be updated in case only tags, legal or acl blocks are being changed.https://community.opengroup.org/osdu/platform/system/storage/-/issues/121Storage Schema endpoints should be obsoleted2022-08-24T10:54:38ZGary MurphyStorage Schema endpoints should be obsoletedRemove code and config related to the storage schemas APIs from OSDU as they are EOL.
The following APIs are to be removed
- GET /Schema
- DELETE /Schema
- POST /schemaRemove code and config related to the storage schemas APIs from OSDU as they are EOL.
The following APIs are to be removed
- GET /Schema
- DELETE /Schema
- POST /schemahttps://community.opengroup.org/osdu/platform/system/storage/-/issues/123Storage GET record returns 404 for records with optional version (Record ID e...2023-06-06T20:04:08ZAn NgoStorage GET record returns 404 for records with optional version (Record ID ending with colon)Storage GET /api/storage/v2/records/{id} returns 404 error for records whose ID ends with a colon (version is empty).
For example, "osdu:master-data--Wellbore:nz-100000391126:"
This is the case where the version component is empty (this...Storage GET /api/storage/v2/records/{id} returns 404 error for records whose ID ends with a colon (version is empty).
For example, "osdu:master-data--Wellbore:nz-100000391126:"
This is the case where the version component is empty (this is allowed as part of [this change](https://community.opengroup.org/osdu/platform/system/storage/-/issues/26#summary-january-26-2021) in record ID validation).
Expected behavior should be returning the latest version of the record.https://community.opengroup.org/osdu/platform/system/storage/-/issues/127Soft-deleted record was skipped when re-ingested with same data2022-08-23T15:54:49ZAn NgoSoft-deleted record was skipped when re-ingested with same data**Steps to reproduce the current behavior:**
1. Ingest a record
2. Soft-delete the record
3. Fetch the record to confirm it is now "inactive", "not found"
**Case 1:** Works as expected
4. Ingest the same record using the same id and D...**Steps to reproduce the current behavior:**
1. Ingest a record
2. Soft-delete the record
3. Fetch the record to confirm it is now "inactive", "not found"
**Case 1:** Works as expected
4. Ingest the same record using the same id and DIFFERENT data, skipdupes=true
> Record was NOT skipped. Deleted record became active again. A new version of the record is created.
> Example response:
```
{
"recordCount": 1,
"recordIds": [
"osdu:document:ee7e8869217541a8b31f4e2ea18f7e3a"
],
"skippedRecordIds": [],
"recordIdVersions": [
"osdu:document:ee7e8869217541a8b31f4e2ea18f7e3a:1654731042152281"
]
}
```
5. Soft-delete the record
6. Fetch the record to confirm it is now "inactive", "not found"
**Case 2:** Skips the record even though it was already deleted
7. Ingest the same record using the same id, SAME data, skipdupes=true
> Record was skipped. So the record remains "inactive", "not found". The PUT call did nothing to the record.
>Example response:
```
{
"recordCount": 1,
"skippedRecordIds": [
"slb-osdu-dev-sis-internal-hq:document:ee7e8869217541a8b31f4e2ea18f7e3a"
]
}
```
**Expected behavior:**
If skipdupes is true
- if the record doesn't exist at all, then create a new record.
- **if the record was soft-deleted, then make the record active again if the data is the same (last deleted version becomes the latest version), or create a new version if data is different.**
- if the record exists,
- if the data is the same, then skip it.
- if data is different, then create a new version
If skipdupes is false:
- if the record doesn't exist at all, then create a new record.
- **if the record was soft-deleted, then create a new version of the record**
- if the record exists, then a new version of the record will be created, regardless whether the data is the same or different.https://community.opengroup.org/osdu/platform/system/storage/-/issues/128Data store location is not appended to legal tag ORDC of record2022-10-26T14:11:23ZAn NgoData store location is not appended to legal tag ORDC of recordUpon creating a record, the data store location/country is expected to be appended to the ORDC (Other relevant data countries) list.
This is not the current behavior.
```
"otherRelevantDataCountries": [
"VN"
]
```
Here, "VN"...Upon creating a record, the data store location/country is expected to be appended to the ORDC (Other relevant data countries) list.
This is not the current behavior.
```
"otherRelevantDataCountries": [
"VN"
]
```
Here, "VN" was provided when creating the record. Upon record creation, the system is supposed to append "US" (US environment partition), "BE" (EU) or "NL" (WEU), etc..https://community.opengroup.org/osdu/platform/system/storage/-/issues/130Storage PUT: setting a non-number value to a number attribute results in an e...2022-08-23T15:45:28ZAn NgoStorage PUT: setting a non-number value to a number attribute results in an empty 400 response (no error message)For example, given this payload. This was provided:
` "value": Infinity`
```
curl --location --request PUT 'https://domain.com/api/storage/v2/records' \
--header 'accept: application/json' \
--header 'data-partition-id: osdu' \
--hea...For example, given this payload. This was provided:
` "value": Infinity`
```
curl --location --request PUT 'https://domain.com/api/storage/v2/records' \
--header 'accept: application/json' \
--header 'data-partition-id: osdu' \
--header 'Content-Type: application/json' \
--header 'Authorization: <token>' \
--data-raw '[
{
"acl": {
"owners": [
"data.default.owners@domain.com"
],
"viewers": [
"data.default.viewers@domain.com"
]
},
"data": {
"ExtensionProperties": {
"osdu": {
"curvesProperties": [
{
"curveID": "CTEM_GPITF",
"properties": [
{
"name": "MEASURE-POINT-OFFSET",
"value": Infinity
}
]
}
]
}
}
},
"kind": "osdu:wks:work-product-component--WellLog:1.1.0",
"legal": {
"legaltags": [
"osdu-default-legal"
],
"otherRelevantDataCountries": [
"US"
]
}
}
]'
```
Reponse:
Empty 400
![image](/uploads/18749c6ea879c9c888a3c5c173288b23/image.png)https://community.opengroup.org/osdu/platform/system/storage/-/issues/139[STORAGE] PUT. Reports 201 success with a 50 records payload but actually fails2023-02-13T15:19:27ZErnesto Gutierrez[STORAGE] PUT. Reports 201 success with a 50 records payload but actually fails**Description**
While issuing following request [50_records_payload.json](/uploads/3d2ddceee544b9741af0a0b54fff9981/50_records_payload.json), the storage service returns a 201 with records and versions [STORAGE_201_put_records.json](/upl...**Description**
While issuing following request [50_records_payload.json](/uploads/3d2ddceee544b9741af0a0b54fff9981/50_records_payload.json), the storage service returns a 201 with records and versions [STORAGE_201_put_records.json](/uploads/48a60f0dfa71bb13852b7ca8cc12fd8b/STORAGE_201_put_records.json).
But when trying to fecth the records they are not created/updated.
Looking at the logs [Storage_LOG_50_records.txt](/uploads/fdf868480d289199eb916f9d5d575b8f/Storage_LOG_50_records.txt), it seems the service is reaching this line https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/blob/1bddde80718274e34a36aee673092bf20526f5aa/src/main/java/org/opengroup/osdu/azure/cosmosdb/CosmosStoreBulkOperations.java#L124
**Expected behavior**
Two behaviors are expected
1. Payload with 50 records should not fail
2. If for any reason the request fail, the error should be propagated back and return error instead of 201.M13 - Release 0.16Krishna Nikhil VedurumudiKrishna Nikhil Vedurumudihttps://community.opengroup.org/osdu/platform/system/storage/-/issues/146POST /query/records:batch with normalization stops converting after 1 convers...2022-10-28T08:04:37ZAn NgoPOST /query/records:batch with normalization stops converting after 1 conversion failureAn attribute was defined as a number in the schema:
```
"depthA": {
"title": "depthA",
"type": "number"
}
```
The meta specified is to convert the values in depthA from ft to meter.
```
"meta": [
{
"...An attribute was defined as a number in the schema:
```
"depthA": {
"title": "depthA",
"type": "number"
}
```
The meta specified is to convert the values in depthA from ft to meter.
```
"meta": [
{
"kind": "Unit",
"name": "ft",
"persistableReference": "{\"scaleOffset\":{\"scale\":0.3048,\"offset\":0.0},\"symbol\":\"ft\",\"baseMeasurement\":{\"ancestry\":\"Length\",\"type\":\"UM\"},\"type\":\"USO\"}",
"propertyNames": [
"depthA",
"depthB"
],
```
The record was ingested/created with an empty string assigned to depthA.
```
"data": {
"depthA": "",
"depthB": 123,
"depthC": 456
},
```
Upon record creation, fetch API was called to normalize the record before indexing.
The conversion failed to convert depthA. An error was logged. Fetch API returned a 200, but with a conversion error.
![image](/uploads/28575874041594004a487f3ee009f1f9/image.png)
After this error, the API skipped conversion for other attributes.
Indexer saw this error and returned a 400 status. Trace index trace returns:
```
"statusCode": 400,
"trace": [
"Unit conversion: illegal value for property depthA"
]
```
**Action:** API should continue to convert all specified attributes, and log the conversion errors for those that failed.https://community.opengroup.org/osdu/platform/system/storage/-/issues/150PersistedCollection cannot scale to large values, an upper limit for records ...2022-11-08T09:28:01ZGary MurphyPersistedCollection cannot scale to large values, an upper limit for records is neededPersisted Collections have been seen lately in various environments that are getting somewhat pathological, meaning they are straining the limits of what the consuming services (mainly Storage and Search) can handle. As the number of it...Persisted Collections have been seen lately in various environments that are getting somewhat pathological, meaning they are straining the limits of what the consuming services (mainly Storage and Search) can handle. As the number of items in a Persisted Collection rise, they will increase the size of the Storage record beyond practical limits as well as put a heavy load on Indexing and Search as they are updated.
An exact limit is a bit tricky to specify, but experience with 100K records has shown increased 500 return codes from Storage and Search when counts are in that neighborhood (100K).
Based on the above behavior (and the upcoming introduction of Collaboration Spaces which provide a scalable solution with transactions and promotion capabilities), it is proposed to introduce a practical limit for sizes of Persisted Collections. A straw man number could be on the order of 50K records mentioned in the Persisted Collection. Counts higher than that would trigger an error on Storage PUT and meaningful response text.
Collaboration Spaces will hopefully be the correct home for controlled collections of massive size (1M records is considered reasonable) since updates can be done via distributed transactions and no single Storage record has to scale to contain the contents of the collection. In the meantime, a limit for Persisted Collections is needed.
[Collaboration Spaces](https://gitlab.opengroup.org/osdu/subcommittees/ea/work-products/adr-elaboration/-/issues/48)
[PersistedCollection](https://community.opengroup.org/osdu/data/data-definitions/-/blob/master/E-R/work-product-component/PersistedCollection.1.0.0.md)https://community.opengroup.org/osdu/platform/system/storage/-/issues/154Storage service stale in-memory cache leads to inconsistency.2023-02-15T18:37:33ZNikhil Singh[MicroSoft]Storage service stale in-memory cache leads to inconsistency.We recently uncovered a bug in storage service due to local cache getting stale. The flow can be understood by the following steps.
1. Deletion of a legal tag via legal service delete API --> response 204 No content after successful del...We recently uncovered a bug in storage service due to local cache getting stale. The flow can be understood by the following steps.
1. Deletion of a legal tag via legal service delete API --> response 204 No content after successful deletion
2. Storage service API call made at https://**********/api/storage/v2/push-handlers/legaltag-changed?token=*** --> Goes to a pod P1 of storage service --> Updates the records compliance for all the record associated with the deleted tag in step 1---> Removes the deleted tag from local cache of pod P1.
3. Storage PUT call to create a record with the deleted legal tag--> goes to a pod P2 of storage--> the cache still has that legal tag-->returns 201 created.
At step 3, all calls going to pod p1 returns "Invalid legal tag" but API calls landing on other pods successfully create these records.
The service ITs are failing in transient manner due to this issue.M17 - Release 0.20Nikhil Singh[MicroSoft]Nikhil Singh[MicroSoft]https://community.opengroup.org/osdu/platform/system/storage/-/issues/156ADR: Recover a soft deleted record in storage2023-09-11T08:27:45ZAbhishek NandaADR: Recover a soft deleted record in storageAbility to recover a soft deleted record in storage service
# Decision Title
## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
## Context & Scope
The storage service provides 2 ways to delete a r...Ability to recover a soft deleted record in storage service
# Decision Title
## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
## Context & Scope
The storage service provides 2 ways to delete a record. One way is to logically delete the record in which the record with same id can be revived later because its version history is maintained and the other one is to purge the record in which case, the record's version history is deleted too. In both types of deletions, the record cannot be accessed using storage or search service.
Today there is no easy way to query or recover the soft-deleted records. Providing admin-only APIs will help admins to search, view and recover the soft-deleted data if required.
# Tradeoff Analysis - Input to decision
Today users have to maintain the soft deleted record IDs on their own. Below is the workaround available today to attempt recovery of such records
1. Recreate the record with existing id and random/empty data and meta blocks. This will mark the record as active.
2. Fetch all versions of the record.
3. Fetch the latest version prior to the one just created to get back the actual record data and meta blocks.
4. Recreate the record using the response to create a new version of the record with the appropriate data.
## Decision
Create 3 new APIs as below
1. Fetch deleted records (accessible to _users.datalake.admins_) -> This will fetch a list of records. Since the list can be very long it should return a maximum of 100 records and support a from and to deletion dates filter along with pagination.
![image](/uploads/ca34cf94f3184fba05d2ade6bb502a90/image.png)
2. Recover deleted records by id (accessible to _users.datalake.admins_) -> This will take a list of record ids (max 500) that are to be recovered and return the list of record ids that succeeded as well as failed.
![image](/uploads/ae448c5fb9ed5803101aeba51a4fd7b4/image.png)
3. Recover deleted records by metadata filters (Currently support for only fromDeletedDate and toDeletedDate) (accessible to _users.datalake.admins_) -> This will take filter criteria of records that are to be recovered and return the list of record ids that succeeded as well as failed.
![image](/uploads/2b1d373eed8513e166fba784be4b3250/image.png)
## Consequences
1. This will help users to bulk recover deleted records in a single go.
2. The APIs will help prevent having garbage record versions that had to be created just to make the record active.
3. This will help users to fetch a list of soft deleted records which was not possible earlier.
Open API spec for the service
[storage-recover-swagger.yaml](/uploads/396cc62881dfe5f075f0e987f0313472/storage-recover-swagger.yaml)https://community.opengroup.org/osdu/platform/system/storage/-/issues/159Storage adds null meta to record ingested without2023-03-22T04:11:53ZAn NgoStorage adds null meta to record ingested without1. Record was ingested without specifying "meta" block. PUT api was successful.
2. Fetch the ingested record. Notice that Storage added "meta": null to the record.
**Checking with Search.**
Search indexed successfully. Status code was 2...1. Record was ingested without specifying "meta" block. PUT api was successful.
2. Fetch the ingested record. Notice that Storage added "meta": null to the record.
**Checking with Search.**
Search indexed successfully. Status code was 200.
Search result does not return the meta.
The current behavior is challenged saying that Meta block shouldn't have been added. Or if added, then it should be empty and not null.
So instead of adding:
"meta": null
It should be:
"meta": []
Upon creating or updating a record, providing an empty meta block should also be allowed.https://community.opengroup.org/osdu/platform/system/storage/-/issues/160ADR - Clean OpenAPI 3.0 Documentation using 'Code First Approach'2023-07-10T08:02:52ZOm Prakash GuptaADR - Clean OpenAPI 3.0 Documentation using 'Code First Approach'## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [x] Approved
- [ ] Retired
## Context & Scope
While adopting **OpenAPI 3.0** standards using `springdoc`, we end up adding lot of documentation to native controller of each AP...## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [x] Approved
- [ ] Retired
## Context & Scope
While adopting **OpenAPI 3.0** standards using `springdoc`, we end up adding lot of documentation to native controller of each API.
- API contract is not clearly visible
- reduces the readability of the API
- business logic & documentation at the same place
## Tradeoff Analysis
- To maintain clean API documentation
- API, Controller segregation
- adopt future changes w.r.t to documentation or contract change
## Proposed Solution:
- Introduce API, Controller Layer Segregation
- API will have contract, definitions & OpenAPI documentation
- Controller will implement the API contract with clean code
#References:
1. [‘Code First’ API Documentation](https://reflectoring.io/spring-boot-springdoc/)
## Sample Refactor in Storage Patch API
- [Patch API](https://community.opengroup.org/osdu/platform/system/storage/-/blob/az/td-codefirst/storage-core/src/main/java/org/opengroup/osdu/storage/api/PatchApi.java)
- [Patch Controller](https://community.opengroup.org/osdu/platform/system/storage/-/blob/az/td-codefirst/storage-core/src/main/java/org/opengroup/osdu/storage/api/PatchController.java)
## Sample Example code
Lets consider a TODO API with normal Crud operation
First we write Interface and define necessary annotations.
```
@RequestMapping("/api/todos")
@Tag(name = "Todo API", description = "euismod in pellentesque ...")
interface TodoApi {
@GetMapping
@ResponseStatus(code = HttpStatus.OK)
List<Todo> findAll();
@GetMapping("/{id}")
@ResponseStatus(code = HttpStatus.OK)
Todo findById(@PathVariable String id);
@PostMapping
@ResponseStatus(code = HttpStatus.CREATED)
Todo save(@RequestBody Todo todo);
@PutMapping("/{id}")
@ResponseStatus(code = HttpStatus.OK)
Todo update(@PathVariable String id, @RequestBody Todo todo);
@DeleteMapping("/{id}")
@ResponseStatus(code = HttpStatus.NO_CONTENT)
void delete(@PathVariable String id);
}
```
##
Then we derive existing controllers from interface for controller implementation
```
@RestController
class TodoController implements TodoApi {
// method implementations
}
```
## Consequences
- Requires changes across services and code refactoring.
- No Breaking functional changes.M17 - Release 0.20Chad LeongOm Prakash GuptaChad Leonghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/161Storage should rollback ingestion when publishing event fails2023-03-09T18:18:37ZThiago SenadorStorage should rollback ingestion when publishing event failsWhen storage service succeeds in saving new records but fails in publishing the event we create an inconsistency in the system since the data are kept in storage but are not notified to search/indexer. In other words, we need to rollback...When storage service succeeds in saving new records but fails in publishing the event we create an inconsistency in the system since the data are kept in storage but are not notified to search/indexer. In other words, we need to rollback the write to storage in case of a failed publish. The fix is trivial: move [these blocks](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/storage-core/src/main/java/org/opengroup/osdu/storage/service/PersistenceServiceImpl.java#L92) to [this block](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/storage-core/src/main/java/org/opengroup/osdu/storage/service/PersistenceServiceImpl.java#L104).https://community.opengroup.org/osdu/platform/system/storage/-/issues/162Record ACL should be case insensitive2023-03-09T18:17:51ZAn NgoRecord ACL should be case insensitiveEntitlements group creation always lowercases the group name, regardless of the input.
Storage honors the ACL group name case sensitivity. This creates inconsistency for ACL validation.
**For example:**<br>
User creates a data group cal...Entitlements group creation always lowercases the group name, regardless of the input.
Storage honors the ACL group name case sensitivity. This creates inconsistency for ACL validation.
**For example:**<br>
User creates a data group called: data.SomeGroup.viewers<br>
Upon this request, Entitlements creates a group called: data.somegroup.viewers
Upon creating a record, the user enters data.SomeGroup.viewers as the ACL.<br>
If the user tries to fetch the record, a 403 is returned since Entitlements only sees group data.somegroup.viewers.
**Fix:**<br>
**For existing records (addressing the ghosted records):** Storage fetch record validation should lowercase the ACL group against the list of groups returned from Entitlements.<br>
**Long term solution:** The fix should be in the record creation. Storage PUT API should lowercase the ACL upon record creation. OR We could fail the PUT request if the ACL group has mixed case. Note that there is no ACL group existence validation upon record creation.https://community.opengroup.org/osdu/platform/system/storage/-/issues/163The request to get records of particular kind using the limit is not working.2023-06-20T05:07:07ZKamlesh TodaiThe request to get records of particular kind using the limit is not working.The Storage API CI/CD v1.11 (from Platform Validation project) was working on all the platforms and passing with 100% pass rate.
https://community.opengroup.org/osdu/platform/testing/-/blob/master/Postman%20Collection/12_CICD_Setup_Stor...The Storage API CI/CD v1.11 (from Platform Validation project) was working on all the platforms and passing with 100% pass rate.
https://community.opengroup.org/osdu/platform/testing/-/blob/master/Postman%20Collection/12_CICD_Setup_StorageAPI/Storage%20API%20CI-CD%20v1.11.postman_collection.json
At present, it is still passing with 100% pass rate in AWS R3 M16 Platform Validation (forum testing environment)
But it is not passing with 100% pass rate in all other Platform Validation CSPs environments as well as
it is not passing with 100% pass rate in all CSPs environments in pre-ship
In the referenced collection Request #8 is failing.
The following request for STORAGE API is in question 08 - Storage - Get all records for a kind with limit of 10 records
=====================================================================
e.g. of passing in Platform Validaition R3 M16 (forum testing)
curl --location 'https://r3m16.forumtesting.osdu.aws/api/storage/v2/query/records?limit=10&kind=osdu%3Awks%3AautoTest_955280%3A1.1.0' \
--header 'data-partition-id: osdu' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJraWQiOi...4XnucQETfnB3biA' \
--header 'Cookie: session=eyJfZnJlc2giOmZhbHNlLCJfcGVybWFuZW50Ijp0cnVlfQ.Y_VNrw.SMJbZoZwlkMYCD7E9ge4ICPnqJY'
https://{{STORAGE_HOST}}/query/records?limit=10&kind={{authority}}:{{schemaSource}}:{{entityType}}:{{schemaVerMajor}}.{{schemaVerMinor}}.{{schemaVerPatch}}
The response code: 200 OK
{
"results": [
"osdu:999611481173:999301114394"
]
}
===================================================================
Example of when it is failing
curl --location 'https://r3m16-ue1.preshiptesting.osdu.aws/api/storage/v2/query/records?limit=10&kind=osdu%3Awks%3AautoTest_20923%3A1.1.0' \
--header 'data-partition-id: osdu' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer eyJraWQiOi...tW7kPscDabFJ3sEPeNA'
Response code: 415 Unsupported Media Type
Body of response is blank
It is same message for all the CSP where failure is happening
============================================================================
@chad @debasiscM16 - Release 0.19https://community.opengroup.org/osdu/platform/system/storage/-/issues/166Need example of how to use the POST /query/records:batch Fetch multiple rec...2023-04-20T03:00:55ZKamlesh TodaiNeed example of how to use the POST /query/records:batch Fetch multiple recordsThe Storage API documentation mention about
POST /query/records/batch Fetch multiple records. Would like to get the sample of how is this feature expected to be used.
Need clarification on
Account ID is the active OSDU account (OSDU ...The Storage API documentation mention about
POST /query/records/batch Fetch multiple records. Would like to get the sample of how is this feature expected to be used.
Need clarification on
Account ID is the active OSDU account (OSDU account or customer's account) which the users choose to use with the Search API.
frame-of-reference: This value indicates whether normalization applies, should be either 'none' or 'units=SI;crs=wgs84;elevation=msl;azimuth=true north;dates=utc;'
@chad @debasiscM17 - Release 0.20https://community.opengroup.org/osdu/platform/system/storage/-/issues/168Storage should allow empty data block upon record creation/update2023-03-22T04:13:47ZAn NgoStorage should allow empty data block upon record creation/updateStorage PUT api should allow empty data block upon record creation/update if that is compliant with the schema being defined.
Currently, data block is required.
data: {}
This is a breaking change since it changes the behavior of the ...Storage PUT api should allow empty data block upon record creation/update if that is compliant with the schema being defined.
Currently, data block is required.
data: {}
This is a breaking change since it changes the behavior of the API.
Indexer service needs to be checked to ensure empty data block is being handled correctly.https://community.opengroup.org/osdu/platform/system/storage/-/issues/169ADR: API to purge a batch of storage records2023-05-02T12:16:58ZMandar KulkarniADR: API to purge a batch of storage recordsNew API in Storage service to purge a batch of records
## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
## Context & Scope
The OSDU Storage service provides 2 ways to delete a record. One way is ...New API in Storage service to purge a batch of records
## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
## Context & Scope
The OSDU Storage service provides 2 ways to delete a record. One way is to logically delete the record in which the record with same id can be revived later because its version history is maintained.The other way is to permanently delete the record (called as purging) in which case, the record's version history is deleted too. This operation cannot be undone meaning records purged cannot be revived.
In both types of deletions, the record content cannot be accessed using storage or search service.
The storage service provides separate APIs for logical deletion (`POST /records/{id}:delete`) and purging of records (`DELETE /records/{id}`).
The storage service provides API for logical deletion of batch of records (`POST /records/delete`), but such an API is not available for purging of records.
The proposal is to provide an API on storage service to support purging of batch of records, where the maximum batch of size 500 will be supported.
Only the record IDs passed in the request body will be deleted not including any linked records or files if they exist. Cleaning up of all the linked records, such as child records, records in relationship block, and actual data (files ingested via workflow service), would not be in the scope of this API. It would be the user's responsibility.
The new bulk API will work on active as well as non-active (soft-deleted) records, similar to the existing purge API.
Purging of records can be performed by the owner of the records and the owner should be part of users.datalake.admins group.
The API response would be similar to the response of the logical deletion API that is `POST /records/{id}:delete`
In case of partial success, the response code would be 207 and the not-deleted-record-IDs would be listed in the response.
## Tradeoff Analysis
In the absence of an API to purge a batch of records, users would have to call the DELETE API once for every record and it would increase the number of calls to the storage service.
## Decision
Provide an admin-only API to purge a batch of records, with maximum batch size of 500 records.
The Open API specs for storage service with new API is here:
[storage_openapi_batchpurge.yaml](/uploads/1da3f68253419edd693a87d706049565/storage_openapi_batchpurge.yaml)
## Consequences
- New API on Storage service would be available.
- Documentation of Storage service should be modified with details for the new API.https://community.opengroup.org/osdu/platform/system/storage/-/issues/170Invalidate derived data when parent record is deleted2023-03-31T10:02:02ZAn NgoInvalidate derived data when parent record is deletedDerived data (records with ancestry/parent) inherit the legal tags from the parent record(s).
So when at least one of the parent records is deleted, then the children records are no longer valid. Without this step, there are records wit...Derived data (records with ancestry/parent) inherit the legal tags from the parent record(s).
So when at least one of the parent records is deleted, then the children records are no longer valid. Without this step, there are records with invalid legal tags (or no legal tag) still exists in the system.https://community.opengroup.org/osdu/platform/system/storage/-/issues/171Metadata only updates (via PATCH api) creates a mismatch in modifyUser and mo...2023-07-05T09:50:37ZAlok JoshiMetadata only updates (via PATCH api) creates a mismatch in modifyUser and modifyTime fields between record metadata and record data[This ADR](https://community.opengroup.org/osdu/platform/system/storage/-/issues/148) introduces separate modifyTime and modifyUser fields for every version of OSDU Storage record. This creates a mismatch between modifyTime and modifyUse...[This ADR](https://community.opengroup.org/osdu/platform/system/storage/-/issues/148) introduces separate modifyTime and modifyUser fields for every version of OSDU Storage record. This creates a mismatch between modifyTime and modifyUser fields for metadata and data objects respectively.
Repro steps:
- Create a storage record
- Modify the metadata ACL with PATCH api
- Retrieve the record with Storage records:batch api or getRecord api
- modifyTime and modifyUser fields are not returned.
OR
- Create a storage record
- Update the same record with PUT api
- Modify the metadata ACL with PATCH api
- Retrieve the record
- modifyTime and modifyUser are returned but not correct
Expected: From a user's perspective, when they update a record (either metadata or data or both), they should get back modifyUser and modifyTime values appropriatelyhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/172Metadata update API succeeds on remove operation on a `tag` if the tag doesn'...2023-05-25T10:36:21ZAlok JoshiMetadata update API succeeds on remove operation on a `tag` if the tag doesn't existSteps to reproduce:
- Create a record with some tags
- Try to update the record metadata via [metadata update API](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/docs/tutorial/StorageService.md#metadata-updat...Steps to reproduce:
- Create a record with some tags
- Try to update the record metadata via [metadata update API](https://community.opengroup.org/osdu/platform/system/storage/-/blob/master/docs/tutorial/StorageService.md#metadata-update-api) by removing a non-existing tag
```
curl --request PATCH \
--url '/api/storage/v2/records' \
--header 'accept: application/json' \
--header 'authorization: Bearer <JWT>' \
--header 'content-type: application/json'\
--header 'Data-Partition-Id: common'
--data-raw ‘{
"query": {
"ids": [
"tenant1:type:unique-identifier:version"
]
},
"ops": [
{
"op":"remove",
"path":"/tags",
"value":[
"tagthatdoesntexist"
]
}
]
}
```
This should return 4xx, but returns 2xxhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/173Does not detect mismatch of entity name between "kind" and "id"2023-06-06T00:42:59ZDebasis ChatterjeeDoes not detect mismatch of entity name between "kind" and "id"I made this test case to create record directly by using Storage service and then the same record by using Manifest-based Ingestion.
```
"kind": "osdu:wks:work-product-component--TubularComponent:1.0.0",
"id": "osdu:work...I made this test case to create record directly by using Storage service and then the same record by using Manifest-based Ingestion.
```
"kind": "osdu:wks:work-product-component--TubularComponent:1.0.0",
"id": "osdu:work-product-component--TubularAssembly:TUBULARDC31May",
```
As you can see "kind" speaks of **TubularComponent** whereas "id" speaks of **TubularAssembly**.
Storage service seems very forgiving. It creates the record and also Indexer replicates the record in Index store. So, we can also retrieve by using Search service.
Whereas Manifest-based Ingestion rejects this JSON payload wit suitable reason, as expected.
See this document.
https://community.opengroup.org/osdu/platform/pre-shipping/-/blob/main/R3-M17/Test_Plan_Results_M17/Core_Services/M17-AWS-Storage-service-test-sanity.docxhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/176Storage x-collaboration header bug2023-09-26T14:21:44ZShane HutchinsStorage x-collaboration header bugFound this issue in /api/storage/v2/query/records, /api/storage/v2/query/records:batch
Received a response with 5xx status code: 500
Run this curl command to reproduce this failure:
curl -X GET -H 'Authorization: Bearer TOKEN' -H ...Found this issue in /api/storage/v2/query/records, /api/storage/v2/query/records:batch
Received a response with 5xx status code: 500
Run this curl command to reproduce this failure:
curl -X GET -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' -H 'x-collaboration: ^À' 'https://osdu.r3m18.preshiptesting.osdu.aws/api/storage/v2/query/records?kind='
curl -X POST -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' -H 'x-collaboration: ^À' -d '[]' https://osdu.r3m18.preshiptesting.osdu.aws/api/storage/v2/records/delete
PUT /api/storage/v2/records
curl -X PUT -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: osdu' -H 'x-collaboration: €' -d '[]' https://osdu.r3m18.preshiptesting.osdu.aws/api/storage/v2/records
Azure PUT /api/storage/v2/records:
curl -X PUT -H 'Authorization: Bearer TOKEN' -H 'data-partition-id: opendes' -H 'x-collaboration: €' -d '[]' https://osdu-ship.msft-osdu-test.org/api/storage/v2/records
Confirmed this bug in AWS and Azure.https://community.opengroup.org/osdu/platform/system/storage/-/issues/177Integration test coverage for users.data.root2023-07-20T11:05:00ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comIntegration test coverage for users.data.rootChanges to data authentication were recently introduced with the merge request: https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/694. However, we currently lack integration test cases to cover these modificat...Changes to data authentication were recently introduced with the merge request: https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/694. However, we currently lack integration test cases to cover these modifications.
It is essential to ensure that these changes won't disrupt the current flow and that `users.data.root` will consistently have access to ingested data.
To address this, we need to implement integration test cases to cover the new data authentication mechanisms.M20 - Release 0.23Rustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/178ADR: CosmosDb saturation/throttling when records reach too many versions2024-03-25T06:43:30ZAlok JoshiADR: CosmosDb saturation/throttling when records reach too many versions## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [x] Approved
- [ ] Retired
## Context & Scope
***ISSUE***: Storage service stability issues due to too many versions of records.
***User behavior that causes this issue***: ...## Status
- [X] Proposed
- [ ] Trialing
- [ ] Under review
- [x] Approved
- [ ] Retired
## Context & Scope
***ISSUE***: Storage service stability issues due to too many versions of records.
***User behavior that causes this issue***: Creating a lot of versions for the same record ID. When multiple applications/teams do this long enough, we have too many versions for many records. There are no checks in place to prevent this scenario. We eventually hit infrastructure limits (i.e. CosmosDb document max size 2MB) but observe service instability much before.
***Why is this a problem***: Record versions are stored as part of record metadata. This is part of the `gcsVersionPaths` array. Each version is a string that represents the full path to the version's blob location. Record metadata is stored in CosmosDb. While CosmosDb has a hard size limit (2MB) for each document, this size is already too big when RU usage is considered. If we have hundreds or thousands of such records being updated, the total RU consumed is very high, incurring huge costs. This scenario poorly impacts service latency and availability. While not ideal, it is quite possible for applications to create versions of the same record for their workflows.
![image](/uploads/3f53fa471e7566a04d69ea539712db76/image.png)
For reference, here are some preliminary observations on the number of versions, size of the document and RU consumed to perform an UPSERT on a ***single*** document (note that the number of versions is not an ***absolute*** indicator to say how much RU will be consumed in performing an UPSERT, because its the size of the document that matters, and each version string can be of different length. One can fit a lot more versions if each version's length is small. However, as we stand today, it is the only metadata property that is causing documents to be big).
~1500 versions, ~300 RU consumed, ~243kb file size
~1500 versions, ~370 RU consumed, ~300kb file size
~3800 versions, ~1250 RU consumed, ~750kb file size
~5300 versions, ~1253 RU consumed, ~880kb file size
~9850 versions, ~2502 RU consumed, ~1.3mb file size
It is quite easy to have a few hundred or thousand records cripple the system once the records reach certain number of versions.
***CLARIFICATION***: The issue we observed is more specific to the Azure use case. Infrastructure limitations (i.e. cost to access a large document, hard limit on the size of the document) may vary per CSP (i.e. 2MB for CosmosDb, 1MB for GCP datastore). Other CSPs may see this issue once the number of versions reaches a certain number.
## Tradeoff Analysis
It is clear we want to limit the number of record versions. We see 2 ways to achieve this.
1. ***Set a hard limit*** on the number of versions on each record (say 1000) (preferred approach).
- Pros: Easy to implement, no behind-the-scenes magic.
- Cons: Breaking change for the existing workflows, when their records already have more than 1000 versions. Needs advance notice of breaking change and time for teams to update the workflows.
We can roll this out by first introducing a `deleteVersion` API in Storage that would give users time to delete older versions by themselves before breaking change is introduced so they don't break immediately.
2. ***Only keep 1000 recent versions***. For new records, this would mean actively start deleting the oldest version once we reach 1000 versions. For existing records with more than 1000 versions, this would mean cleaning up all older versions.
- Pros: Older versions are cleaned up for users automatically.
- Cons: Still a breaking change as older versions would get deleted automatically. Involves behind-the-scenes cleanup of older versions. For records that currently have more than 1000 records, this includes all remaining versions. There can be failure scenarios with cleanup and performance implications.
## Consequences
Storage will introduce a limit on the number of versions a record can have. Depending on the solution we choose, API will either fails after n versions (hard limit) OR older versions will get deleted automatically.M23 - Release 0.26Alok JoshiChad LeongThulasi Dass SubramanianOm Prakash GuptaAlok Joshihttps://community.opengroup.org/osdu/platform/system/storage/-/issues/179Storage batch API returns 404 for unauthorized records2024-03-07T13:08:37ZAn NgoStorage batch API returns 404 for unauthorized records**Use-case:** Reindex Kind API is called.
Noted in the logs there were 404s returned.
Record Fetch on some of the impacted records, 403s were returned.
Investigation shows Batch Record fetch returned 404s instead.
Issue identified f...**Use-case:** Reindex Kind API is called.
Noted in the logs there were 404s returned.
Record Fetch on some of the impacted records, 403s were returned.
Investigation shows Batch Record fetch returned 404s instead.
Issue identified from this workflow:
- Storage batch API responds unauthorized records (403) as not found (404)
### ADR: Storage batch API responds unauthorized records (403) as not found (404)
#### Status
- [x] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
#### Context & Scope
The current behavior of Storage batch API: if a record is not authorized, it is put in the _notFound_ field of the response body along with other not found records. The response body in this case looks like this:
```
{
"records": [],
"notFound": [
"opendes:facet:unauthorizedrecord1",
"opendes:facet:unauthorizedrecord2",
//other not found records...
],
"conversionStatuses": []
}
```
#### Solution
To fix this behavior of the Storage batch API we can introduce a new field to the response body. The proposed solution is to add a new field (_unauthorized_) to the response body, so we can distinguish between unauthorized and actual not found records. Sample response body:
```
{
"records": [],
"notFound": [
//not found records...
],
"unauthorized": [
"opendes:facet:unauthorizedrecord1",
"opendes:facet:unauthorizedrecord2"
],
"conversionStatuses": []
}
```
#### Сonsequence
This solution is a breaking change as it implies changing API contract. It will include a change in the core library, a change in Storage, and then a change in the Indexer service to handle batch API response.Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/180Unable to nullify a non-system attribute from DateTime value to null or empty...2023-08-22T10:20:49ZShubhankar SrivastavaUnable to nullify a non-system attribute from DateTime value to null or empty value using Storage serviceTo support a business use case, a user would need to update an existing attribute (with data type as date time) residing under data { } section of a **work-product-component** schema from a valid DateTime value (e.g.- 2023-08-10T00:00:00...To support a business use case, a user would need to update an existing attribute (with data type as date time) residing under data { } section of a **work-product-component** schema from a valid DateTime value (e.g.- 2023-08-10T00:00:00+0000) to "null" or an empty string (""). But when this transaction is attempted and executed via STORAGE service, the value of the attribute remains unchanged even after a successful execution (HTTP status code - 200). STORAGE service should allow users to register an empty/null value for DateTime attribute.
Please note that the attribute "DateSubmitted" does not belong to the list of System Properties like "createTime" or "modifyTime" and might not be used for auditing purposes.
1. "kind": "shell:wks:work-product-component--LQCWebSheet:1.0.0"
2. Example record:
{
"data": {
"ApprovalStatusTypeID": "osdu:reference-data--LQCApprovalStatusType:Submitted:",
"Source": "shell",
"Name": null,
"IsBonus": false,
"LoggingInterpreter": null,
"FinalDeliveryDuration": 1.0,
"WebSheetName": "Test_LWD_Websheet_Edit_Approver_Request_v2",
"LastUpdatedPPEmail": null,
"ApproverEmail": "NewApprover1.Nayak@shell.com",
"WellboreID": "osdu:master-data--Wellbore:BDLQCGOM2_1_WB2:", "
"OperationalComment": "Test_LWD_Websheet_Edit_Approver_v2_Operational_Comments",
"ApproverComment": null,
"SourceApplication": "Created in LQC WebSheets",
"SubmitterName": "Sujith.Submitter@shell.com",
"IsApprovalStatusReset": true,
"DateSubmitted": "2023-06-05T07:56:19.914485+0000"
},
"kind": "shell:wks:work-product-component--LQCWebSheet:1.0.0",
"source": "wks",
"acl": {
"viewers": [
"data.default.viewers@osdu.shell.com"
],
"owners": [
"data.default.owners@osdu.shell.com"
]
},
"type": "work-product-component--LQCWebSheet",
"version": 1686283555925808,
"tags": {
"normalizedKind": "shell:wks:work-product-component--LQCWebSheet:1"
},
"modifyUser": "Monalisa.Mohapatra@shell.com",
"modifyTime": "2023-06-09T04:05:56.083Z",
"createTime": "2022-12-15T11:26:58.940Z",
"authority": "shell",
"namespace": "shell:wks",
"legal": {
"legaltags": [
"osdu-shell-lqc-dataset-testing"
],
"otherRelevantDataCountries": [
"US"
],
"status": "compliant"
},
"createUser": "Labanyendu.Nayak@shell.com",
"id": "osdu:work-product-component--LQCWebSheet:62008"
}
3. Target attribute - "data.DateSubmitted"https://community.opengroup.org/osdu/platform/system/storage/-/issues/181GET: /records/{recordID}/{version} - ERROR 5002024-01-01T08:47:32ZSiarhei Khaletski (EPAM)GET: /records/{recordID}/{version} - ERROR 500**Context**
GET: /records/{recordID}/{version} fails with error 500 if an invalid version is provided (see the attachment)
We noticed an odd behavior of the service:
List of existing versions of the following record: `opendes:work-pro...**Context**
GET: /records/{recordID}/{version} fails with error 500 if an invalid version is provided (see the attachment)
We noticed an odd behavior of the service:
List of existing versions of the following record: `opendes:work-product-component--SamplesAnalysis:e9f02f48f43149a8b69606ff7597f391`
![image](/uploads/3d75fd80a57f5558c7d0eb00a4d795eb/image.png)
If request unexisting version `1` - status error 500
![image](/uploads/d3dc228f70263bd24ff7d09975baa63c/image.png)
Meanwhile, if request unexisting version `1234` - status 404
![image](/uploads/e82da89c3673b643aaa26845f0eb0c81/image.png)
**Azure GLab Logs**
![image](/uploads/8d54b1addcbc1835b4ea3c90135072b6/image.png)
**Expected Behavior**
404 - status codeM22 - Release 0.25Siarhei Khaletski (EPAM)Chad LeongSiarhei Khaletski (EPAM)https://community.opengroup.org/osdu/platform/system/storage/-/issues/183Add a note on deleted records to /versions2023-09-06T13:20:14ZMarton NagyAdd a note on deleted records to /versions**GET /records/versions/{id}** "Get all record versions" endpoint in [Storage Service](https://p4d.developer.delfi.cloud.slb-ds.com/workspace/apiCatalog/OSDU-Storage-Service) seems to retrieve record versions regardless of the record its...**GET /records/versions/{id}** "Get all record versions" endpoint in [Storage Service](https://p4d.developer.delfi.cloud.slb-ds.com/workspace/apiCatalog/OSDU-Storage-Service) seems to retrieve record versions regardless of the record itself **being (soft) deleted** or not. While neither **GET /records/{id}** "Get record" or **GET /records/{id}/{version}** "Get record version" retrieves the record when it's (soft) deleted... doing so correctly.
Please add a note to the **GET /records/versions/{id}** endpoint description to highlight the difference.
cc @nthakur, @gehrmannhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/185ADR: API to retrieve past events of storage records2023-10-11T16:28:52ZYifan YeADR: API to retrieve past events of storage recordsNew API in Storage service to rehydrate past creation and last modified events for a given kind within the given time range.
* [x] Proposed
* [ ] Trialing
* [ ] Under review
* [ ] Approved
* [ ] Retired
## Context & Scope
The OSDU Sto...New API in Storage service to rehydrate past creation and last modified events for a given kind within the given time range.
* [x] Proposed
* [ ] Trialing
* [ ] Under review
* [ ] Approved
* [ ] Retired
## Context & Scope
The OSDU Storage service does not provide a way to retrieve past events of the records been created/modified. Many OSDU applications would be interested in retrieving the past events of the records that happened before the application subscribed to the notification service. This new API proposed in the ADR will provide the concerned applications with a way to backtrack the events.
The proposal is to provide an API on storage service to support retrieving past events of records of a kind that happened in the given time range, where the events will be returned in a paginated format and ascending chronological order based on the timestamp.
The new API will retrieve the first and the last events of the record, filter the events by the start date and end date provided by the user, and then return the filtered events.
## Tradeoff Analysis
The new API does not represent a breaking change of any other API, and consequently neither for the consuming applications. Only concerned-consuming applications would benefit from this new feature, while it remains entirely transparent for others.
## Decision
Provide an API to query past events of records of the given kind and return the events in paginated ascending chronological order.
{
“id”: \<RECORD_ID\>
“kind”: \<KIND\>
“op”: \<CREATE|UPDATE|DELETE, etc\>
"version": \<VERSION\>
"timestamp": \<TIMESTAMP\>\
}
## Consequences
* A new API on the Storage service would be available.
* Documentation of the Storage service should be modified with details for the new API.Yifan YeYifan Yehttps://community.opengroup.org/osdu/platform/system/storage/-/issues/186ADR: Replay2024-03-05T10:59:17ZAkshat JoshiADR: Replay<a name="ppadhi"></a>OSDU - Replay and Replay API
# Table of Contents
[Context ](#_toc119676063)
[Problems with Current Reindex All Solution ](#_toc119676075)
[Replay ](#_toc119676076)
[Requirements to address ](#_toc119676077)
[Arc...<a name="ppadhi"></a>OSDU - Replay and Replay API
# Table of Contents
[Context ](#_toc119676063)
[Problems with Current Reindex All Solution ](#_toc119676075)
[Replay ](#_toc119676076)
[Requirements to address ](#_toc119676077)
[Architectural Options ](#_toc119676078)
[Decision ](#_toc119676079)
[Replay API](#_toc119676080)
## Status
* [x] Proposed
* [ ] Trialing
* [ ] Under review
* [ ] Approved
* [ ] Retired
## <a name="_toc119676063"></a>Context
This ADR is centered around the design of the new replay flow within OSDU's storage service. The purpose of this Replay flow is to publish messages that indicate changes to records, which are subsequently received and processed by consumers. It's important to note that the handling of these messages follows an idempotent process.
The Replay flow will address following-
1. In case of disaster, this replay flow will help us to rebuild the indexes that to RPO.[Out of Scope of ADR]
2. Reindexing the records by publishing the record change messages to consumer Indexer service.
3. Correction of indices after changes to structure of the storage records of a particular kind.
**Replay rate** - It is the rate at which storage publish the record changes message to service bus.
## <a name="_toc119676075"></a>Problems with Current Reindex All Solution
|**Problem**|**Details**|**What is Required?**|
| :- | :- | :- |
|Reliability |<p>**Operation is Synchronous.**</p><p>- Very long HTTP call is never reliable</p><p></p><p></p><p>The Reindex is a synchronous operation, making the operation Unreliable and not resilient to failures. If there is any interruption to the connection, all the status and progress could be lost.</p><p></p>|The operation must be reliable. If the operation is triggered, it must either succeed or it must fail and in both the cases, the user must be diligently informed with the right reasons for success/failures. The system should not be in a state where the user has no clue what’s happening.|
|Resiliency|Abrupt disturbance of the reindex-process leaves the system in an inconsistent state. For example, if there is any exception or if the process crashes, then the system is left entirely in an inconsistent state.|The system must be resilient to failure and must always succeed. If the operation fails, then the system must be left in the previous state.|
|Scale|Due to the synchronous and non-resilient nature of the current implementation, the scale is very limited. It cannot ingest more than a couple of million records reliably.|The reindex operation must scale to any number of records|
|Speed|The speed is very slow. It’s known to take close to an hour for 1 million records.|Faster rate of reindexing is required. For example, 100 million records should not take more than a few hours. |
|Tracking/Observability|There is no way for the user to know about the progress.||
|Pausing/Resuming reindex|Today, there is no capability to pause and resume reindex. Given that this will be a long running operation, having pause and resume will be good to have.||
|No Delta Reindexing|For some Disaster Recovery Scenarios, there may be partial backups available. So reindexing only a subset of records of a kind can prove to be useful. This functionality is not available today.||
|Parallelization|Currently, the reindex is a procedural process. This has impact on both scale as well as speed.||
## <a name="_toc119676077"></a>Requirements to address
To be able to address these issues, we need to re-design the way reindex works, addressing various functional and non-functional aspects like speed, scale, reliability, observability, etc. The below table outlines what is expected out of the new Reindex design.
|**Requirement**|**Details**|**Technical Implications** | **Scope** |
| :- | :- | :- | :- |
|1. Scalability|<p>The Replay operation must be scalable; it should be able to handle infinitely large amounts of records.</p><p><br>A realistic goal to target can be 100m records in 4-5 hours.</p>|<p>Need to ensure Elasticsearch storage can be scaled up.</p><p></p><p>For achieving a higher scale, the following must be done: -</p><p>- The whole operation must be **Asynchronous** in nature</p><p>- It must be resilient to failures due to pod crashes, 429s due to high Database/Service Bus/Elasticsearch load.</p><p>- We can leverage Message Broker to divide and conquer and have the framework.</p><p>- We can also look at job schedulers like QUARTZ to achieve a reliable reindex.</p><p>- Need to evaluate which is the best service to perform this reindexing. </p><p>- Can also try to leverage **Airflow**</p><p></p>| In Scope of ADR |
|2. Reliable Responses|<p>When the operation is triggered, the response must be reliable. </p><p></p><p>There could be some pre-validation done to check whether the reindex process can be completed either successfully or not.</p><p>The result of whether the operation is success or fail, should be communicated via response to the user properly.</p>|Today, we don’t return anything apart from 200 OK in the response even if things fail. <br><br>The entire response should be revamped and reworked on how the status can be conveyed to the user in a useful way.| In Scope of ADR |
|3. Observability and Monitoring|<p>Given the fact that reindex is a long running operation, the User triggering the reindex must have insights into what is going on, using a track status API.</p><p></p><p>Some of the details should include:</p><p>- **Status:** Validating, Stopping-Ingestion, In-progress, Finalizing, Complete, Error, etc.</p><p>- **Progress:** Overall percentage, per index progress, remaining records count, ETA</p><p></p>|We could store the progress in a Redis cache or elsewhere that can be used to report back to the user on the progress.| In Scope of ADR |
|4. Reliable System State – Consistency before/after operation in case of failure|<p>Guarantee to reindex valid storage records – **Must have**</p><p><br>**(depends on message broker reliability)**</p><p></p><p><br>**Rollbacks** – nice to have</p>|<p></p><p>If there are unrecoverable errors during reindexing a particular kind, then that leaves the system in an inconsistent state. It would be good to “**rollback**” the operation to restore the system to the state before the operation was triggered for that kind.</p><p></p><p>There should also be **no concurrent “reindexAll” operation** running. There can however, be concurrent reindex of different kinds happening at the same time.</p><p>It can be a configurable parameter on whether the rollback should be done in case of unrecoverable failures, due to internal system errors.<br><br>How this can be achieved is that, all the reindexed records for a kind, should be indexed into a new “secondary index” for that kind, and only if that is succeeds completely, the index can be renamed and replace the primary index.<br><br>Elasticsearch’s clone index feature can be utilized to achieve this.</p><p></p><p>- Reindex failed record IDs</p>|Out of Scope of ADR |
|5. Stop Ingestion/Search during Reindex|<p>During **Reindex**, the normal ingestion should stop. This is because:</p><p>- There are some edge cases which could end up the system in an inconsistent state. Edge Cases: **<TODO>**</p><p>- Load on Elasticsearch</p><p></p>| | Out of Scope of ADR|
|6. Speed</p>|<p></p><p>The operation is quite slow today. It takes almost an hour to reindex a million records. This means it will take a few days to reindex 100m records, which is not practical.</p><p></p><p>Two Issues:</p><p>1. Finding Unique Kinds</p><p>2. Reindexing – Database load</p>|<p></p><p>This is **directly dependent on the scalability of the underlying infra like Database** and Elasticsearch. </p><p>Database can be scaled up/out on demand, by either the UI by customer (i.e., a via CP), or some other means. </p><p></p><p>Auto scaling-out of Elasticsearch is currently not possible, so we may be limited in speed due to Elasticsearch. We can, however, scale up Elasticsearch and this can help in higher speed.</p><p></p><p>How this scale up is triggered automatically or manually is something we need to evaluate and do a POC.</p><p></p><p>Storage Service’s queries can also be revisited – there was a change done in some service which had a more efficient implementation of paginated queries - [Performance improvement on paginated query for CosmosDB (!244) · Merge requests · Open Subsurface Data Universe Software / Platform / System / Lib / cloud / azure / OS Core Lib Azure · GitLab (opengroup.org)](https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/244/diffs)</p><p></p><p></p>| |Out Scope of ADR |
|7. **Delta Reindex** and **Consistency Checker/Enforcer**|<p>Doing a delta reindex can be useful if there is restoration of backups during a disaster recovery. This will result in faster recovery times.</p><p></p><p>Delta Reindex = reindex only those records that are not present in Backup.<br><br>When we talk about delta reindex, we need to ensure there is consistency across all 3 components – storage blob, storage records and Elasticsearch.</p><p></p>|<p>Need to explore feasibility. The operation can be something like Reindex All records whose create/update time > X.</p><p></p><p>A consistency enforcer should be built that will ensure that the 3 entities are in consistent state.</p>| Out Scope of ADR |
|8. Snapshot Backup/Cluster replication|<p>Backup Elasticsearch storage Snapshots frequently, and in case of disaster, restore the snapshot and then perform the delta reindex.<br><br>This will make the recovery times much faster| |Out Scope of ADR |
|9. Source of trigger|During a recovery process, who will make the call to reindex? Is it the user or internal system? |Will need to design and account for this fact in the reindex design.| Out Scope of ADR |
|10. Pause/Resume Reindex|Since reindex is a long running operation, having the ability to pause and resume reindex operation would be nice to have|<p>We need to ensure system consistency when the operation is paused and resumed. </p><p></p><p>Also, any new records ingested after the pause must be included in the reindex process when it’s resumed.</p><p></p>| Out Scope of ADR |
## <a name="_toc119676078"></a> Architectural Options:
<br>
|**Options**|**Pro**|**Cons**|**Work Required**|
| :- | :- | :- | :- |
|1. Using **Airflow** + Message Broker + StorageService + Workflow Service|<p>- Proven Workflow Engine</p><p>- Lesser new implementations in storage services, so lesser work required by other CSPs.</p>|<p>- Process becomes slower and inefficient.</p><p>- Lot of HTTP calls from Airflow <-> AKS</p><p>- Airflow will require access to internal Infrastructure to operate in the most efficient manner.</p><p>- Some required features are not yet available in ADF Airflow </p><p>- Parallelization may spawn up 1000s of tasks waiting to be scheduled. **Scalability can be issue.**</p><p>- Concurrency and Safety guarantee is tricky – allowing no more than one reindex for a kind</p><p></p>|<p>**Airflow**</p><p>- DAG using TaskGroups, Dynamic Task Mapping, Concurrency handling.</p><p>- Build pipelines to integrate new DAG.</p><p></p><p>**Storage Service**</p><p>- Implement new APIs to publish messages to message broker.</p><p></p><p>**Indexer Service**</p><p></p><p>**Workflow Service**</p><p>- Have new APIs to support observability</p><p>- Design for checkpointing</p>|
|2. Using **StorageService** + **Message Broker**|<p>- Simple, Lesser moving parts</p><p>- Fast & Efficient</p>|- Parallelization may require state management.|<p>**Storage Service**</p><p>- New APIs for exposing Replay functionality (ReplayAll, ReplayKind, GetReplayStatus)</p><p>- New Modules for replay message processing</p><p></p><p>**Indexer Service**</p><p>- Delete ALL kinds API</p>|
## <a name="_toc119676079"></a> Decision:
We chose design option 2 using storage service and message broker as the advantage is to persist the replay status and allows to re-play and return the status and simpler implementation.
- **[Decision]** What led us to select the Storage service for the Replay API decision? <br>
* The source of truth for the storage records is – Storage Service. It is the storage service, that publishes the record change messages, which are then consumed by the consumers. This processing of those messages is idempotent.So, it’s fair to say that to trigger reindexing, we must invoke some procedure in storage service, that will make it emit record change messages onto the message broker.<br>
* Indexer is just a consumer of the recordChange messages, and there could be other consumers who require this replay functionality as well. In those cases, instead of letting each consumer build their own replay logic, if we have it in one common place, it would benefit all the consumers. <br>
* This way, one consumer doesn’t have to depend on indexer, which is also just another consumer<br>
* Reindex is just one-use cases, that uses this new Replay functionality. Other consumers can have their own use case for consuming those replayed messages.
<br>
**Design Approach for option 2:**
![Aspose.Words.71972436-70f7-48df-8f1c-d2035f55ce34.004](/uploads/5a573b82493315f91adeee547fd97fee/Aspose.Words.71972436-70f7-48df-8f1c-d2035f55ce34.004.png)
**Note**
The ADR also helps to address following issues - <br>
- **[Issue]** https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/91 <br>
* The Replay flow will include a Service Bus topic for every event. If we need to introduce new events in the future that necessitate message publishing, we can easily do so by introducing a new topic and associated logic. This approach can help prevent unintended consequences that may arise from triggering other listeners on the same topic, as they can be resolved accordingly. <br>
- **[Issue]** https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/66
* Utilizing the service bus and tracking its progress assists us in achieving a reliable design, including the built-in reliability of message queuing. <br>
- **[Issue]** https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/80
* With the flexibility to introduce new topics in the ReindexAkshat JoshiAkshat Joshihttps://community.opengroup.org/osdu/platform/system/storage/-/issues/187ADR: Replay API2024-02-29T14:40:15ZAkshat JoshiADR: Replay APITwo New API in Storage service as part of Replay flow will be introduce in the storage service.
* [] Proposed
* [ ] Trialing
* [ ] Under review
* [x] Approved
* [ ] Retired
## Context & Scope
This ADR is centered around the design of ...Two New API in Storage service as part of Replay flow will be introduce in the storage service.
* [] Proposed
* [ ] Trialing
* [ ] Under review
* [x] Approved
* [ ] Retired
## Context & Scope
This ADR is centered around the design of the new replay API within OSDU's storage service which is introduced as the part of the [Replay ADR](https://community.opengroup.org/osdu/platform/system/storage/-/issues/186). The purpose of this Replay API is to publish messages that indicate changes to records, which are subsequently received and processed by consumers. It's important to note that the handling of these messages follows an idempotent process.
## Terminology
<table>
<tr>
<td><strong> Name</strong>
</td>
<td><strong> Explanation</strong>
</td>
</tr>
<tr>
<td><strong> Record</strong>
</td>
<td>The record is stored in OSDU Data Platform in two parts, i.e., document database, which contains basic data (id, kind, legal information, and access permissions), and file storage in a Java Script Object Notation (JSON) format, which contains other relevant information of the record. We are interested in the document database part.
</td>
</tr>
</table>
## Tradeoff Analysis
The new APIs does not represent a breaking change of any other API, and consequently neither for the consuming applications. Only concerned-consuming applications would benefit from this new feature, while it remains entirely transparent for others.
## Additional Requirement
The newly introduced APIs must facilitate [Collaboration workflows](https://community.opengroup.org/osdu/platform/system/storage/-/issues/149) through the utilization of the x-collaboration header. Additionally, the replay mechanism should ensure the accurate publication of collaboration context information in the corresponding event.
## Decision
The proposal is to provide POST and GET Replay API -
The new APIs does not represent a breaking change of any other API, and consequently neither for the consuming applications. Only concerned-consuming applications would benefit from this new feature, while it remains entirely transparent for others.
<table>
<tr>
<td><strong> API fields </strong>
</td>
<td><strong>Explanation</strong>
</td>
</tr>
<tr>
<td><strong>kind</strong>
</td>
<td>It specifies to what Kind the schema belongs to. [optional]
</td>
</tr>
<tr>
<td><strong>repalyId</strong>
</td>
<td>It represents status id. [required]
</td>
</tr>
<tr>
<td><strong>operation</strong>
</td>
<td> Define the replay operation to be carried out. [required]
</td>
</tr>
<tr>
<td><strong>filter</strong>
</td>
<td> Define based on which field the record is selected. [optional]
</td>
</tr>
</table>
<strong>Allowed roles for API access</strong> : users.datalake.ops
<br>
<table>
<tr>
<td>
<strong>Method</strong>
</td>
<td>
<strong> API Endpoint</strong>
</td>
<td>
<strong>Design</strong>
</td>
</tr>
<tr>
<td> POST
</td>
<td>v1/replay
</td>
<td>
<strong>Request Example - </strong>
<p>
<strong> </strong>
<p>
1. <strong>Description</strong> - This API request will reindex all the storage records.
<p>
This phase we will pass empty body for reindexall
<p>
{
<p>
}
<p>
In next phase -
<p>
![operationrepaly](/uploads/d7679bf7d4d6d9745e0d9c579905fc74/operationrepaly.png)
<p>
2. <strong>Description</strong> - This API request will reindex the specific kinds of storage records in this operationName is optional by default, it will reindex specific kinds with filter field. Currently we will replay for single kind only so the array of kind will be restricted to size one.
<p>
![operationrepaly](/uploads/f06805a167d15986688ba23ac85ee897/operationrepaly.png)
<p>
<p>
<strong>Response example – </strong>
![responsepostreplay](/uploads/c557910f6369deda3971866bd2130864/responsepostreplay.png)
<p>
<strong>
</td>
</tr>
<tr>
<td> GET
</td>
<td>
replay/status/{id}</em>
<p>
</td>
<td>
<strong>Request:</strong>
<p>
<p>
<p>
1. <strong>Response Replay in Progress:</strong> <br>
<p>
a) <b>Scenario</b> - In Replay All <br><br>
![replaystatusAllKind](/uploads/12f155b5d491010f3ea37c2576e56e19/replaystatusAllKind.png) <br>
b) <b>Scenario</b> - In Replay single kind <br><br> ![replaystatusforsinglekind](/uploads/2043d80e2d350faa2f3fdb41d4601e0f/replaystatusforsinglekind.png)
<br>
<p>
<p>
2. <strong>Response Replay in Failed:</strong> <br>
<p>
a) <b>Scenario</b> - In Replay All <br><br>
![replayFailedForAllKind](/uploads/3d9a64803b229d3b46d4e283047d285e/replayFailedForAllKind.png)
<br>
b) <b>Scenario</b> - In Replay single kind <br><br>
![replayfailedforsinglekind](/uploads/407b53b19ddfa4545f52e9e88d34fb11/replayfailedforsinglekind.png)
<p>
<p>
</td>
</tr>
</table>
<br>
API spec swagger yaml -[ReplayAPISpecs.yaml](/uploads/f9e8ddd4958bf04f9bc99994ebdc4e41/ReplayAPISpecs.yaml)https://community.opengroup.org/osdu/platform/system/storage/-/issues/189[SAST] Vue_DOM_XSS in file index.html2023-11-15T10:54:25ZYauhen Shaliou [EPAM/GCP][SAST] Vue_DOM_XSS in file index.html**Description**
The method m-1"\> embeds untrusted data in generated output with href, at line 36 of \\storage\\provider\\storage-azure\\src\\main\\resources\\static\\index.html. This untrusted data is embedded into the output without p...**Description**
The method m-1"\> embeds untrusted data in generated output with href, at line 36 of \\storage\\provider\\storage-azure\\src\\main\\resources\\static\\index.html. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.
# **Location:**
<table>
<tr>
<th> </th>
<th>Source</th>
<th>Destination</th>
</tr>
<tr>
<th>File</th>
<td>storage/provider/storage-azure/src/main/resources/static/index.html</td>
<td>storage/provider/storage-azure/src/main/resources/static/index.html</td>
</tr>
<tr>
<th>Line number</th>
<td>92</td>
<td>36</td>
</tr>
<tr>
<th>Object</th>
<td>pathname</td>
<td>href</td>
</tr>
<tr>
<th>Code line</th>
<td>return location.protocol + '//' + location.host + location.pathname</td>
<td>
\<a :href="signInUrl" class="btn btn-primary" v-if="!token" class="col-2"\>Login\</a\>
</td>
</tr>
</table>M21 - Release 0.24https://community.opengroup.org/osdu/platform/system/storage/-/issues/190ADR Consumer Topic Identification [ Replay Design ]2024-02-21T13:15:35ZAkshat JoshiADR Consumer Topic Identification [ Replay Design ]<h2>ADR Consumer Topic Identification</h2>
## Status
* [x] Proposed
* [ ] Trialing
* [ ] Under review
* [ ] Approved
* [ ] Retired
<h3>Problem Context</h3>
Today, the storage service publishes **RecordChange messages to “recordstopi...<h2>ADR Consumer Topic Identification</h2>
## Status
* [x] Proposed
* [ ] Trialing
* [ ] Under review
* [ ] Approved
* [ ] Retired
<h3>Problem Context</h3>
Today, the storage service publishes **RecordChange messages to “recordstopic”.**
When Storage Service publishes a **RecordChange** message to the “**recordstopic**” topic of the service bus, all the consumers get notified (eg. Indexer service, notification service). During scenarios like replaying for **reindex** scenarios, notifying all the consumers may not be required. Hence, we need a way to instruct storage service to publish **RecordChange** messages to a custom topic depending on the use case. For example, if the replay is going to be done for re-index, then we can instruct storage service to publish the **RecordChange** messages to a “reindex” topic which is being listened to by the indexer only, instead of publishing them to **recordstopic which has many consumers.** This will ensure that only the indexer service gets notified of the events.
Therefore, it is of utmost importance that the Producer's design allows for the appropriate routing of operations to their intended topics. This brings us to the question of how the Storage service can accurately determine the topic to which each message should be directed based on its specific functionality/operation . In response to this challenge, we have explored the following design, which will serve as the foundation for the development of our Replay API.
<table>
<tr>
<td><strong> Design Option </strong>
</td>
<td><strong> Detailed Approach </strong>
</td>
<td><strong> Pros/Cons</strong>
</td>
</tr>
<tr>
<td>
<ol>
<ul>1. <strong> Create different Topic for Each Operation and provide operation name i.e. reindex as input to the replay API</strong>.
<p><span style="color: green;"> [Preferred Approach] </span></p>
<ul>
</ol>
</td>
<td>There will be a separate topic for each operation.
<p>
For example, indexer service can listen to a topic called “reindex” and notification service can listen to the topic “notify” in addition to “recordstopic”.
<p>
The replay API will take the input as operation name i.e. reindex, based on that, it will decide which topic the replay API has to publish the recordChange message. This will ensure only the indexer gets notified.
<p>
![Picture1](/uploads/37e29ff02caff81f2f62ff3e98cabb74/Picture1.png)
<p>
<strong>Note</strong> – One operation will maps to one Topic in Service ( 1:1) . While a single topic can have multiple consumers.
</td>
<td><strong> Pros: </strong>
<ul>
<li>Abstraction and statelessness as users need not know about internal topics.
<li>Consistency as different CSP can decides on common operation name irrespective of internal implementation details.
<li>Decoupling of the internal implementation from Replay operation.
<p>
<strong>Cons: </strong>
<ul>
<li>Management of mapper which helps us to map the functionality i.e. reindex to topic name.
<li>Implementation will take time.
<li>Producers should know about consumer topic mapping. [ <strong>Remark</strong> – every Producer knows topic names either through registry or in memory store or environment variable mapper, currently we pass it as hardcoded value from deployment yaml to application properties]
</li>
</ul>
</li>
</ul>
</td>
</tr>
<tr>
<td>
<ol>
<ul>2. <strong>Create different Topic for Each Operation and provide Topic Name/ID as input to the replay API</strong>.
</ul>
</ol>
</td>
<td>There will be a separate topic for each operation.
<p>
For example, indexer service can listen to a topic called “reindex” and notification service can listen to the topic “notify” in addition to “recordstopic”.
<p>
If Replay is required for reindex scenario, then replay API can be called with the parameter topicId’s value as “reindex”.
<p>
This will cause storage services to publish recordChange messages to reindex topic instead of recordchangetopic. This will ensure only the indexer gets notified.
</td>
<td><strong>Pros - </strong>
<ul>
<li> No need to maintain the internal mapper if we use topic name.
<li>Implementation will be easy if we use the topic name directly.
<p>
<strong>Cons –</strong>
<ul>
<li> We must keep up with the mapper that allows us to associate topic IDs with their corresponding topic names when utilizing the topic ID as input for the reply to API in case we pass topic id.
<li> Users should have access to the internal topic details in case we use topic name.
<li> Since these APIs will be introduced at the community level, customizing them for specific topics, which may have different names or implementations by different CSPs, could impact uniformity.
</li>
</ul>
</li>
</ul>
</td>
</tr>
<tr>
<td>
<ol>
<ul>3. <strong> Create Different Topic for Each Consumer and let the specific consumer like indexer, call the replayAPI with the topicId</strong>
</ul>
</ol>
</td>
<td>In this, a new Reindex API in indexer will call the replay API and will provide the topic name along in the request body.
</td>
<td><strong>Pros – </strong>
<ul>
<li>Internal details like topic name need not be known to the user.
<li>The consumer can perform pre-requisite operations like deleting indices before calling the replay API.
<p>
<strong>Cons – </strong>
<ul>
<li> User has to use different APIs which will be bad experience.
<li>If we call it using reindex is that I must change the response payload to incorporate the status id and ADR in community and code merge.
</li>
</ul>
</li>
</ul>
</td>
</tr>
</table>
**Conclusion** - We are going with approach 1 taking into consideration the Pros.Akshat JoshiAkshat Joshihttps://community.opengroup.org/osdu/platform/system/storage/-/issues/192RAFSDDMS Unit conversion issue2023-12-05T13:46:05ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRAFSDDMS Unit conversion issueIt was observed that the record from the collection: https://community.opengroup.org/osdu/qa/-/tree/main/Dev/48_CICD_Setup_RAFSDDMSAPI?ref_type=heads
Requested with conversion headers:
```plaintext
curl --location 'https://community.g...It was observed that the record from the collection: https://community.opengroup.org/osdu/qa/-/tree/main/Dev/48_CICD_Setup_RAFSDDMSAPI?ref_type=heads
Requested with conversion headers:
```plaintext
curl --location 'https://community.gcp.gnrg-osdu.projects.epam.com/api/storage/v2/query/records:batch' \
--header 'Content-Type: application/json' \
--header 'data-partition-id: osdu' \
--header 'accept: application/json' \
--header 'frame-of-reference: units=SI;crs=wgs84;elevation=msl;azimuth=true north;dates=utc;' \
--header 'Authorization: Bearer ' \
--data '{
"records": [
"osdu:work-product-component--RockSampleAnalysis:Test"
]
}'
```
Causing internal server error:
```plaintext
Caused by: java.lang.NullPointerException: Cannot invoke "com.google.gson.JsonArray.size()" because "elementArray" is null
at org.opengroup.osdu.core.common.util.JsonUtils.overrideNestedNumberPropertyOfJsonObject(JsonUtils.java:219)
at org.opengroup.osdu.core.common.util.JsonUtils.overrideNumberPropertyOfJsonObject(JsonUtils.java:146)
at org.opengroup.osdu.core.common.crs.UnitConversionImpl.convertRecordToSIUnits(UnitConversionImpl.java:166)
at org.opengroup.osdu.core.common.crs.UnitConversionImpl.convertUnitsToSI(UnitConversionImpl.java:56)
at org.opengroup.osdu.storage.conversion.DpsConversionService.doConversion(DpsConversionService.java:80)
at org.opengroup.osdu.storage.service.BatchServiceImpl.fetchMultipleRecords(BatchServiceImpl.java:228)
at org.opengroup.osdu.storage.api.QueryApi.fetchRecords(QueryApi.java:135)
```
Further investigation is required to fix it.https://community.opengroup.org/osdu/platform/system/storage/-/issues/193How to troubleshoot? Field missed from Search response although we see it fro...2023-12-16T16:45:21ZDebasis ChatterjeeHow to troubleshoot? Field missed from Search response although we see it from Storage response.Companion issue in Preship site is here -
https://community.opengroup.org/osdu/platform/pre-shipping/-/issues/649
This is not a case of anything linked to conversion (using Meta block) or typo error in the field name.
The real question...Companion issue in Preship site is here -
https://community.opengroup.org/osdu/platform/pre-shipping/-/issues/649
This is not a case of anything linked to conversion (using Meta block) or typo error in the field name.
The real question is - how to troubleshoot this kind of problem?
cc @nthakur and @gehrmannhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/195Unhandled Exceptions for missing required attributes while creating record2024-03-15T14:13:45ZAnubhav BajajUnhandled Exceptions for missing required attributes while creating recordIssue Currently, the storage PUT endpoint lacks proper error messages if there are missing attributes of in the payload. It shows a generic message which is not informative enough for user to address it: "HV000028: Unexpected exception d...Issue Currently, the storage PUT endpoint lacks proper error messages if there are missing attributes of in the payload. It shows a generic message which is not informative enough for user to address it: "HV000028: Unexpected exception during isValid call,"
Ideally the error message should clearly list out the missing attributes such as 'kind', 'acl', or 'legal'.
Below sample example where acl in null , Response gives generic message.
![image](/uploads/738760ea17a8bce24fc4615d5d26920b/image.png)
Suggestions
• Add cases where these required attributes are null. With relevant error messages like
| Missing Attributes | Suggested Error Messages |
|--------------------|--------------------------|
| Kind | Mandatory fields missing- kind / kind cannot be empty |
| Acl | Mandatory fields missing- acl / acl cannot be empty |
| Legal | Mandatory fields missing- legal / legal cannot be empty |
| Acl and Legal | Mandatory fields missing- acl, Mandatory fields missing- legal / acl cannot be empty, legal cannot be empty |
| Kind, Acl and Legal | Mandatory fields missing- kind, Mandatory fields missing- acl, Mandatory fields missing- legal / kind cannot be empty, acl cannot be empty, legal cannot be empty |https://community.opengroup.org/osdu/platform/system/storage/-/issues/211Different behavior on delete endpoint2024-03-15T14:13:21ZAdam ChengDifferent behavior on delete endpointThere are currently two endpoints for deleting an object>
1. Deleting multiple objects: /records/delete
2. Deleting single object /records/<Object_id>:delete
When attempt to delete an object that is already been deleted:
Endpoint 1 will...There are currently two endpoints for deleting an object>
1. Deleting multiple objects: /records/delete
2. Deleting single object /records/<Object_id>:delete
When attempt to delete an object that is already been deleted:
Endpoint 1 will return 204 while endpoint 2 will return 404
It would be desirable if endpoint 1 returns some sort of error if one of/multiple objects has already been deleted or non-existencehttps://community.opengroup.org/osdu/platform/system/storage/-/issues/212GeoJson validation2024-03-15T14:11:20ZAdam ChengGeoJson validationThis is a linked issue between the Storage API and Search API.
When I ingest an new object witha invalid GeoJSON (e.g. polygon is is not close). It will pass the Storage API as it mainly check types. But it will silently failed indexing...This is a linked issue between the Storage API and Search API.
When I ingest an new object witha invalid GeoJSON (e.g. polygon is is not close). It will pass the Storage API as it mainly check types. But it will silently failed indexing and never show up on Search API.
A related issue: currently it take up to 30 seconds before a newly ingested object shows up on the Search API. It makes a bit challenging for a near real-time application.
Possible solution:
An additional query param on the PUT `/records` endpoint. If the param is set, the operation will only be successful when it finished indexing.
It would be ideal for ingestion and indexing/discovery operations to be atomichttps://community.opengroup.org/osdu/platform/system/storage/-/issues/213Discrepancy in Storage API for create/update record operation2024-01-31T23:00:31ZNeha KhandelwalDiscrepancy in Storage API for create/update record operationFor Storage create/update record API, if a record ID ends in a dot (.) the data block for the record is not properly uploaded to the Microsoft storage account. In cases, where the records for create/update multiple record operation have ...For Storage create/update record API, if a record ID ends in a dot (.) the data block for the record is not properly uploaded to the Microsoft storage account. In cases, where the records for create/update multiple record operation have the similar IDs only differentiated by a dot at the end (ex. M/M.), the data block will be the same for both records. The issue is that Microsoft storage accounts do not support directory names ending with a dot (.), a forward slash (/), or a backslash (\\) and path segments ending with a dot ([https://learn.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata](https://learn.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata "https://learn.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata")). When uploading the block blob with the record data to the storage container, the BlobStore.class tries to use a path with the record ID as a folder, such as
\<kind\>/\<partition\>:reference-data--ExternalUnitOfMeasure:LIS-LAS::**M.**/1704916580557751
but \<partition\>:reference-data--ExternalUnitOfMeasure:LIS-LAS::**M.** is not a valid directory name so the dot at the end is ignored, and block blob is uploaded to \<partition\>:reference-data--ExternalUnitOfMeasure:LIS-LAS::**M** instead. This was also manually confirmed by trying to upload a blob to a folder with a name ending in dot.
It is a corner case but this issue has impacted RDD values for M and M. on all partitions
* For example on "prod-weu-des-prod-testing-eu", the records prod-weu-des-prod-testing-eu:reference-data--ExternalUnitOfMeasure:LIS-LAS::M. and prod-weu-des-prod-testing-eu:reference-data--ExternalUnitOfMeasure:LIS-LAS::M has same "M." values in ID, Code and Symbol field. These were created using RDD script/pipeline.
* Impact is on all partitions for \<partition\>:reference-data--ExternalUnitOfMeasure:LIS-LAS::M. and \<partition\>:reference-data--ExternalUnitOfMeasure:LIS-LAS::M values
Proposed solution is to reject record IDs that end in these unsupported characters (i.e. return 400 bad request when such record IDs are used).https://community.opengroup.org/osdu/platform/system/storage/-/issues/214CRS Conversion not working if persistableReferenceCrs left off --> Move Stora...2024-03-08T00:30:17ZBryan DawsonCRS Conversion not working if persistableReferenceCrs left off --> Move Storage to crs-conversion v3According to the documentation we are supposed to be able to leave off the `persistableReferenceCrs` now (although, because of it being required in the schema the best we can do is make it an empty string) and that the CRS conversions wi...According to the documentation we are supposed to be able to leave off the `persistableReferenceCrs` now (although, because of it being required in the schema the best we can do is make it an empty string) and that the CRS conversions will use the `CoordinateReferenceSystemID` to look up the value of the persistable reference. However, this does not appear to work.
Take the following simple Well for example:
```json
{
"acl": {
"owners": [
"data.default.owners@dp.myosdu.com"
],
"viewers": [
"data.default.viewers@dp.myosdu.com"
]
},
"data": {
"FacilityName": "Dummy 1 - Do Not Use Me",
"SpatialLocation": {
"AsIngestedCoordinates": {
"CoordinateReferenceSystemID": "dp:reference-data--CoordinateReferenceSystem:Geographic2D:EPSG::4326:",
"features": [
{
"geometry": {
"coordinates": [
-45.944904,
18.12565
],
"type": "AnyCrsPoint"
},
"properties": {},
"type": "AnyCrsFeature"
}
],
"persistableReferenceCrs": "",
"type": "AnyCrsFeatureCollection"
},
"SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:"
}
},
"id": "dp:master-data--Well:TEST_CRS_METHODS",
"kind": "osdu:wks:master-data--Well:1.3.0",
"legal": {
"legaltags": [
"dp-default-legal"
],
"otherRelevantDataCountries": [
"US"
],
"status": "compliant"
},
"meta": [ ]
}
```
Which should populate the Wgs84Coordinates when sent to the indexer, but you do not see it in the indexer record:
```json
{
"acl": {
"owners": [
"data.default.owners@dp.myosdu.com"
],
"viewers": [
"data.default.viewers@dp.myosdu.com"
]
},
"authority": "osdu",
"createTime": "2024-01-23T19:16:46.001Z",
"createUser": "bryan.j.dawson@exxonmobil.com",
"data": {
"FacilityName": "Dummy 1 - Do Not Use Me",
"SpatialLocation.SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:",
"VirtualProperties.DefaultLocation.SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:",
"VirtualProperties.DefaultName": "Dummy 1 - Do Not Use Me"
},
"id": "dp:master-data--Well:TEST_CRS_METHODS",
"kind": "osdu:wks:master-data--Well:1.3.0",
"legal": {
"legaltags": [
"dp-default-legal"
],
"otherRelevantDataCountries": [
"US"
],
"status": "compliant"
},
"namespace": "osdu:wks",
"source": "wks",
"tags": {
"normalizedKind": "osdu:wks:master-data--Well:1"
},
"type": "master-data--Well",
"version": 1706037405365334
}
```
However, if we fill in the `persistableReferenceCrs` and meta block it works as expected.
```json
{
"acl": {
"owners": [
"data.default.owners@dp.myosdu.com"
],
"viewers": [
"data.default.viewers@dp.myosdu.com"
]
},
"data": {
"FacilityName": "Dummy 1 - Do Not Use Me",
"SpatialLocation": {
"AsIngestedCoordinates": {
"CoordinateReferenceSystemID": "dp:reference-data--CoordinateReferenceSystem:Geographic2D:EPSG::4326:",
"features": [
{
"geometry": {
"coordinates": [
-45.944904,
18.12565
],
"type": "AnyCrsPoint"
},
"properties": {},
"type": "AnyCrsFeature"
}
],
"persistableReferenceCrs": "{\"authCode\":{\"auth\":\"EPSG\",\"code\":\"4326\"},\"name\":\"GCS_WGS_1984\",\"type\":\"LBC\",\"ver\":\"PE_10_9_1\",\"wkt\":\"GEOGCS[\\\"GCS_WGS_1984\\\",DATUM[\\\"D_WGS_1984\\\",SPHEROID[\\\"WGS_1984\\\",6378137.0,298.257223563]],PRIMEM[\\\"Greenwich\\\",0.0],UNIT[\\\"Degree\\\",0.0174532925199433],AUTHORITY[\\\"EPSG\\\",4326]]\"}",
"type": "AnyCrsFeatureCollection"
},
"SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:"
}
},
"id": "dp:master-data--Well:TEST_CRS_METHODS",
"kind": "osdu:wks:master-data--Well:1.3.0",
"legal": {
"legaltags": [
"dp-default-legal"
],
"otherRelevantDataCountries": [
"US"
],
"status": "compliant"
},
"meta": [
{
"coordinateReferenceSystemID": "dp:reference-data--CoordinateReferenceSystem:Geographic2D:EPSG::4326:",
"kind": "CRS",
"name": "WGS 84",
"persistableReference": "{\"authCode\":{\"auth\":\"EPSG\",\"code\":\"4326\"},\"name\":\"GCS_WGS_1984\",\"type\":\"LBC\",\"ver\":\"PE_10_9_1\",\"wkt\":\"GEOGCS[\\\"GCS_WGS_1984\\\",DATUM[\\\"D_WGS_1984\\\",SPHEROID[\\\"WGS_1984\\\",6378137.0,298.257223563]],PRIMEM[\\\"Greenwich\\\",0.0],UNIT[\\\"Degree\\\",0.0174532925199433],AUTHORITY[\\\"EPSG\\\",4326]]\"}",
"propertyNames": [
"SpatialLocation.AsIngestedCoordinates"
]
}
]
}
```
and indexer record looks like what we expected
```json
{
"acl": {
"owners": [
"data.default.owners@dp.myosdu.com"
],
"viewers": [
"data.default.viewers@dp.myosdu.com"
]
},
"authority": "osdu",
"createTime": "2024-01-23T19:16:46.001Z",
"createUser": "bryan.j.dawson@exxonmobil.com",
"data": {
"FacilityName": "Dummy 1 - Do Not Use Me",
"SpatialLocation.SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:",
"SpatialLocation.Wgs84Coordinates": {
"geometries": [
{
"coordinates": [
-45.944904,
18.12565
],
"type": "point"
}
],
"type": "geometrycollection"
},
"VirtualProperties.DefaultLocation.IsDecimated": false,
"VirtualProperties.DefaultLocation.SpatialGeometryTypeID": "dp:reference-data--SpatialGeometryType:Point:",
"VirtualProperties.DefaultLocation.Wgs84Coordinates": {
"geometries": [
{
"coordinates": [
-45.944904,
18.12565
],
"type": "point"
}
],
"type": "geometrycollection"
},
"VirtualProperties.DefaultName": "Dummy 1 - Do Not Use Me"
},
"id": "dp:master-data--Well:TEST_CRS_METHODS",
"kind": "osdu:wks:master-data--Well:1.3.0",
"legal": {
"legaltags": [
"dp-default-legal"
],
"otherRelevantDataCountries": [
"US"
],
"status": "compliant"
},
"modifyTime": "2024-01-23T19:33:06.905Z",
"modifyUser": "bryan.j.dawson@exxonmobil.com",
"namespace": "osdu:wks",
"source": "wks",
"tags": {
"normalizedKind": "osdu:wks:master-data--Well:1"
},
"type": "master-data--Well",
"version": 1706038386690196
}
```
:pushpin: **Update from @nthakur :**
> `CoordinateReferenceSystemID` dynamic lookup feature was implemented on crs-conversion `v3` endpoint.
> Storage service conversion endpoint (used by indexer-service) calls crs-conversion service to get converted records. As of current release (M22), Storage service is using `v2` endpoints from crs-conversion. This is the reason we see this behavior.
So to solve this one will require moving to the v3 endpoints for crs-conversion service.https://community.opengroup.org/osdu/platform/system/storage/-/issues/216Storage PUT /records lost update2024-02-28T08:02:10ZMykyta SavchukStorage PUT /records lost updateThe issue occurs in storage service when trying to update the same record (with the same id) using multiple asynchronous requests at the same time. As a result, only one version is saved in the database and the others are lost.
For exam...The issue occurs in storage service when trying to update the same record (with the same id) using multiple asynchronous requests at the same time. As a result, only one version is saved in the database and the others are lost.
For example, suppose we call the storage PUT API with three asynchronous requests for the same record. Even though the storage returns 201 with version for each of the requests, calling /records/{id}/{version} with the three created versions results in two 404s and only one 200. All three versions are saved in the blob storage, but "gcsVersionPaths" array of the record in the database has only one new version.
Looking at the code, it appears that this is a lost update problem. When updating a record, the storage fetches the record from the database, performs certain manipulations on it, and then saves it in the database. So when multiple threads are running at the same time, they simultaneously fetch the same record (with the same "gcsVersionPaths" array), add a new version to the array, and save the record in the database. And each thread overwrites the newly added version by the previous thread, resulting in only one version being saved by the last thread executed.
Possible solution: Implement optimistic locking for PUT API. To implement optimistic locking, we can add an additional field to the database record that is updated together with the record. So we fetch the record along with this field and when saving it, we check whether the value of the field has changed, if so, we abort the changes.
I'm assuming all provider databases have this functionality built in. For example, in Azure CosmosDB, every item stored in the database has a system-defined property "_etag", and to enable optimistic locking we can pass parameters when saving the record.https://community.opengroup.org/osdu/platform/system/storage/-/issues/217ADR: Delete record versions2024-03-26T09:49:14ZNeelesh ThakurADR: Delete record versions<a name="TOC"></a>
[[_TOC_]]
# Status
- [x] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
# Problem Statement
Storage service allows creation of record versions without any restrictions. Once number of reco...<a name="TOC"></a>
[[_TOC_]]
# Status
- [x] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
# Problem Statement
Storage service allows creation of record versions without any restrictions. Once number of record versions goes beyond certain limit (e.g. 1K for Azure), it's very costly to fetch the record. Please refer to [ADR](https://community.opengroup.org/osdu/platform/system/storage/-/issues/178) for more details.
[ADR](https://community.opengroup.org/osdu/platform/system/storage/-/issues/178) implementation restricts the maximum number of versions to avoid any accidently cost spikes.
This ADR proposes a solution to delete record versions.
[Back to TOC](#TOC)
# Proposed solution
Storage API should provide a new endpoint to delete record versions. It will permanently delete record versions and operation cannot be undone. Users must be member of 'users.datalake.admins' role and OWNER of the record
<details>
<summary>API specification</summary>
```yaml
"/records/{id}/versions":
delete:
tags:
- Records
summary: Purge record versions
description: "The API performs the permanent physical deletion of the given record versions excluding latest version and any linked records or files if there are any.
If 'from' query parameter is used then it will delete all versions before current one (exclusive). If 'limit' query parameter is used then it will delete oldest versions defined by 'limit'.
If both 'from' and 'limit' are used then API will delete 'limit' number of versions starting 'from' version. Instead of using 'limit' or 'from', list of versions can be provided on 'versionIds' query parameter.
API will delete all versions defined by 'versionIds' query parameter. Maximum 50 record versions can be deleted per request.
This operation cannot be undone. Required roles: 'users.datalake.admins' who is the OWNER of the record."
operationId: Purge record versions
parameters:
- name: id
in: path
description: Valid record id following "^[\\w\\-\\.]+:[\\w-\\.]+:[\\w\\-\\.\\:\\%]+$" pattern
required: true
schema:
type: string
- name: from
in: query
description: Record version id from which all record versions aside from the current one are deleted
required: false
schema:
type: long
- name: limit
in: query
description: Number of oldest record versions to be deleted. Value must not exceed number of record versions (excluding latest version)
required: false
schema:
type: integer
- name: versionIds
in: query
description: Comma separated version list (excluding latest version) to be deleted. Maximum 50 versions can be deleted per request.
required: false
schema:
type: integer
- $ref: "#/components/parameters/data-partition-id"
responses:
"204":
description: Record deleted successfully.
"400":
description: Validation error.
content:
application/json:
schema:
$ref: "#/components/schemas/AppError"
"403":
description: User not authorized to perform the action.
content:
application/json:
schema:
$ref: "#/components/schemas/AppError"
"404":
description: Record not found.
content:
application/json:
schema:
$ref: "#/components/schemas/AppError"
"500":
description: Unknown Error.
content:
application/json:
schema:
$ref: "#/components/schemas/AppError"
security:
- bearer: []
```
</details>
[Back to TOC](#TOC)
# Consequences
- New API added to Storage service
- New endpoint is available on Storage service's swagger page
- Tutorial is updated with new endpoint
[Back to TOC](#TOC)M23 - Release 0.26Neelesh ThakurNeelesh Thakurhttps://community.opengroup.org/osdu/platform/system/storage/-/issues/218ADR: Option to retain source systems audit info and override audit fields dur...2024-03-26T15:01:14ZRasheed Nagoor GaniADR: Option to retain source systems audit info and override audit fields during migration[[_TOC_]]
# Status
- [x] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
# Background
When a record is created, the 'createUser'/'modifyUser' field automatically captures the username from the token and sets ...[[_TOC_]]
# Status
- [x] Proposed
- [ ] Trialing
- [ ] Under review
- [ ] Approved
- [ ] Retired
# Background
When a record is created, the 'createUser'/'modifyUser' field automatically captures the username from the token and sets the 'createTime'/'modifyTime' to the current timestamp. These fields play a crucial role in providing audit information to identify who created or modified and when. While this mechanism works seamlessly for new records created through the OSDU APIs, it may lead to confusion when dealing with migrated data.
The source systems maintain their own set of audit fields, which should be preserved in their original state during migration. Preserving this audit trail is vital to upholding data integrity and regulatory compliance.
Refer Aha ticket [IDEA-I-130](https://osdu-community.ideas.aha.io/ideas/IDEA-I-130)
# Context & Scope
The audit information captured in 'createUser', 'createTime', 'modifyUser' and 'modifyTime' fields can be stored in extendedProperties. However, the limitations of extendedProperties, such as the inability to index values, hinder the efficient filtering and retrieval of records.
To address this issue, either source system’s audit information such as createUser, creatTime, modifyUser and modifyTime should be set in new attribute, or the storage service should allow to override existing attribute values.
# Proposed solution
Option 1: Introduce an 'Audit' object attribute into the common schema, integrating it as a standard attribute of all data type schemas. This approach ensures consistent and comprehensive auditing capabilities across different data types.
Option 2: Implement a new user or role with specialized permissions to override audit attributes, including the createUser, createDate, modifyUser and modifyTime fields. This designated user or role is specifically designated for managing data migration processes. For instance, when initiating the ingestion API using this designated user, the Platform verifies its migration status. In such instances, the user's email and creation time will be sourced from Manifest values rather than the token or current timestamp.
# Consequences
Option 1: The implementation of Option 1 may entail a time-consuming process and could potentially have a significant impact on existing records. Integrating the 'Audit' object attribute into the common schema may require thorough planning and careful consideration to mitigate disruptions to the system.
Option 2: While Option 2 eliminates the need for introducing new attributes, it necessitates modifications to the Storage Service logic. Adapting the system to accommodate a new user or role with override permissions may require adjustments to the existing logic and workflows within the Storage Service.https://community.opengroup.org/osdu/platform/system/storage/-/issues/219Records created with special characters are not discoverable2024-03-15T13:22:20ZAbhishek Kumar (SLB)Records created with special characters are not discoverableStorage service allows user to a create record with encoded special character.
However, if we try to get the created record storage service return 404.
**Actual ID:** winter-aker-bp-super-sprint-5:reference-data--UnitOfMeasure:m/h
<br>
...Storage service allows user to a create record with encoded special character.
However, if we try to get the created record storage service return 404.
**Actual ID:** winter-aker-bp-super-sprint-5:reference-data--UnitOfMeasure:m/h
<br>
**Encoded ID**: winter-aker-bp-super-sprint-5:reference-data--UnitOfMeasure:m%2fh
The Storage POST endpoint allows user to create storage records with encoded ids:
![image](/uploads/6a923c3582dcb993eaf8d84e2ff32166/image.png)
But the problem arises when user tries to retrieve the record using get endpoint:
`{
"code": 400,
"reason": "Validation error.",
"message": "{\"errors\":[\"Not a valid record id. Found: winter-aker-bp-super-sprint-5:reference-data--UnitOfMeasure:m%2fh\"]}"
}`
The same record do appears in the search result:
![image](/uploads/566be3486c02de5956b2c96e10709d2e/image.png)Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/storage/-/issues/222SLB Feature Request - Need capability to write policy based on data records p...2024-03-15T13:21:48ZDadong ZhouSLB Feature Request - Need capability to write policy based on data records propertiesFrom Fabrice HAÜY \[SLB\] on Slack:
Hi Team, I'm looking for some updated information / roadmap, as from our latest conversations at the OSDU F2F in London, I understood that currently, the policy engine only knowns about id, kind, lega...From Fabrice HAÜY \[SLB\] on Slack:
Hi Team, I'm looking for some updated information / roadmap, as from our latest conversations at the OSDU F2F in London, I understood that currently, the policy engine only knowns about id, kind, legal tag, and acl, making it not possible to create policy entitlements based on the value of a property of the record. I'm looking for information surrounding this limitation and when it'll be unlocked. thank you in advance
Copied from Policy repo: https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/95
cc @chad @hutchins @KellyZhou