Merge pull request #10029 from ErykKul/10022_upload_redirect_without_tagging

disable s3 tagging JVM option

Author: pdurbin

doc/release-notes/10022_upload_redirect_without_tagging.md

@@ -0,0 +1,5 @@
+If your S3 store does not support tagging and gives an error if you configure direct uploads, you can disable the tagging by using the ``dataverse.files.<id>.disable-tagging`` JVM option. For more details see https://dataverse-guide--10029.org.readthedocs.build/en/10029/developers/big-data-support.html#s3-tags #10022 and #10029.
+
+## New config options
+
+- dataverse.files.<id>.disable-tagging

doc/sphinx-guides/source/api/native-api.rst

@@ -2013,7 +2013,7 @@ The fully expanded example above (without environment variables) looks like this
 
 .. _cleanup-storage-api:
 
-Cleanup storage of a Dataset
+Cleanup Storage of a Dataset
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 This is an experimental feature and should be tested on your system before using it in production.

doc/sphinx-guides/source/developers/big-data-support.rst

@@ -81,7 +81,12 @@ with the contents of the file cors.json as follows:
 
 Alternatively, you can enable CORS using the AWS S3 web interface, using json-encoded rules as in the example above. 
 
-Since the direct upload mechanism creates the final file rather than an intermediate temporary file, user actions, such as neither saving or canceling an upload session before closing the browser page, can leave an abandoned file in the store. The direct upload mechanism attempts to use S3 Tags to aid in identifying/removing such files. Upon upload, files are given a "dv-state":"temp" tag which is removed when the dataset changes are saved and the new file(s) are added in the Dataverse installation. Note that not all S3 implementations support Tags: Minio does not. WIth such stores, direct upload works, but Tags are not used.
+.. _s3-tags-and-direct-upload:
+
+S3 Tags and Direct Upload
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Since the direct upload mechanism creates the final file rather than an intermediate temporary file, user actions, such as neither saving or canceling an upload session before closing the browser page, can leave an abandoned file in the store. The direct upload mechanism attempts to use S3 tags to aid in identifying/removing such files. Upon upload, files are given a "dv-state":"temp" tag which is removed when the dataset changes are saved and new files are added in the Dataverse installation. Note that not all S3 implementations support tags. Minio, for example, does not. With such stores, direct upload may not work and you might need to disable tagging. For details, see :ref:`s3-tagging` in the Installation Guide.
 
 Trusted Remote Storage with the ``remote`` Store Type
 -----------------------------------------------------

doc/sphinx-guides/source/developers/s3-direct-upload-api.rst

@@ -79,6 +79,12 @@ In the single part case, only one call to the supplied URL is required:
 
     curl -i -H 'x-amz-tagging:dv-state=temp' -X PUT -T <filename> "<supplied url>"
 
+Or, if you have disabled S3 tagging (see :ref:`s3-tagging`), you should omit the header like this:
+
+.. code-block:: bash
+
+    curl -i -X PUT -T <filename> "<supplied url>"
+
 Note that without the ``-i`` flag, you should not expect any output from the command above. With the ``-i`` flag, you should expect to see a "200 OK" response.
 
 In the multipart case, the client must send each part and collect the 'eTag' responses from the server. The calls for this are the same as the one for the single part case except that each call should send a <partSize> slice of the total file, with the last part containing the remaining bytes.

doc/sphinx-guides/source/installation/config.rst

@@ -1189,12 +1189,31 @@ Larger installations may want to increase the number of open S3 connections allo
 
 ``./asadmin create-jvm-options "-Ddataverse.files.<id>.connection-pool-size=4096"``
 
+.. _s3-tagging:
+
+S3 Tagging
+##########
+
+By default, when direct upload to an S3 store is configured, Dataverse will place a ``temp`` tag on the file being uploaded for an easier cleanup in case the file is not added to the dataset after upload (e.g., if the user cancels the operation). (See :ref:`s3-tags-and-direct-upload`.)
+If your S3 store does not support tagging and gives an error when direct upload is configured, you can disable the tagging by using the ``dataverse.files.<id>.disable-tagging`` JVM option. For example:
+
+``./asadmin create-jvm-options "-Ddataverse.files.<id>.disable-tagging=true"``
+
+Disabling the ``temp`` tag makes it harder to identify abandoned files that are not used by your Dataverse instance (i.e. one cannot search for the ``temp`` tag in a delete script). These should still be removed to avoid wasting storage space. To clean up these files and any other leftover files, regardless of whether the ``temp`` tag is applied, you can use the :ref:`cleanup-storage-api` API endpoint.
+
+Note that if you disable tagging, you should should omit the ``x-amz-tagging:dv-state=temp`` header when using the :doc:`/developers/s3-direct-upload-api`, as noted in that section.
+
+Finalizing S3 Configuration
+###########################
+
 In case you would like to configure Dataverse to use a custom S3 service instead of Amazon S3 services, please
 add the options for the custom URL and region as documented below. Please read above if your desired combination has
 been tested already and what other options have been set for a successful integration.
 
 Lastly, go ahead and restart your Payara server. With Dataverse deployed and the site online, you should be able to upload datasets and data files and see the corresponding files in your S3 bucket. Within a bucket, the folder structure emulates that found in local file storage.
 
+.. _list-of-s3-storage-options:
+
 List of S3 Storage Options
 ##########################
 
@@ -1222,6 +1241,7 @@ List of S3 Storage Options
     dataverse.files.<id>.payload-signing         ``true``/``false``  Enable payload signing. Optional                                                     ``false``
     dataverse.files.<id>.chunked-encoding        ``true``/``false``  Disable chunked encoding. Optional                                                   ``true``
     dataverse.files.<id>.connection-pool-size    <?>                 The maximum number of open connections to the S3 server                              ``256``
+    dataverse.files.<id>.disable-tagging         ``true``/``false``  Do not place the ``temp`` tag when redirecting the upload to the S3 server.          ``false``
     ===========================================  ==================  ===================================================================================  =============
 
 .. table::

src/main/java/edu/harvard/iq/dataverse/dataaccess/S3AccessIO.java

@@ -40,6 +40,7 @@
 import edu.harvard.iq.dataverse.Dataverse;
 import edu.harvard.iq.dataverse.DvObject;
 import edu.harvard.iq.dataverse.datavariable.DataVariable;
+import edu.harvard.iq.dataverse.settings.JvmSettings;
 import edu.harvard.iq.dataverse.util.FileUtil;
 import opennlp.tools.util.StringUtil;
 
@@ -991,7 +992,10 @@ private String generateTemporaryS3UploadUrl(String key, Date expiration) throws
         GeneratePresignedUrlRequest generatePresignedUrlRequest = 
                 new GeneratePresignedUrlRequest(bucketName, key).withMethod(HttpMethod.PUT).withExpiration(expiration);
         //Require user to add this header to indicate a temporary file
-        generatePresignedUrlRequest.putCustomRequestHeader(Headers.S3_TAGGING, "dv-state=temp");
+        final boolean taggingDisabled = JvmSettings.DISABLE_S3_TAGGING.lookupOptional(Boolean.class, this.driverId).orElse(false);
+        if (!taggingDisabled) {
+            generatePresignedUrlRequest.putCustomRequestHeader(Headers.S3_TAGGING, "dv-state=temp");
+        }
 
         URL presignedUrl; 
         try {
@@ -1040,7 +1044,10 @@ public JsonObjectBuilder generateTemporaryS3UploadUrls(String globalId, String s
         } else {
             JsonObjectBuilder urls = Json.createObjectBuilder();
             InitiateMultipartUploadRequest initiationRequest = new InitiateMultipartUploadRequest(bucketName, key);
-            initiationRequest.putCustomRequestHeader(Headers.S3_TAGGING, "dv-state=temp");
+            final boolean taggingDisabled = JvmSettings.DISABLE_S3_TAGGING.lookupOptional(Boolean.class, this.driverId).orElse(false);
+            if (!taggingDisabled) {
+                initiationRequest.putCustomRequestHeader(Headers.S3_TAGGING, "dv-state=temp");
+            }
             InitiateMultipartUploadResult initiationResponse = s3.initiateMultipartUpload(initiationRequest);
             String uploadId = initiationResponse.getUploadId();
             for (int i = 1; i <= (fileSize / minPartSize) + (fileSize % minPartSize > 0 ? 1 : 0); i++) {

src/main/java/edu/harvard/iq/dataverse/settings/JvmSettings.java

@@ -51,6 +51,10 @@ public enum JvmSettings {
     DOCROOT_DIRECTORY(SCOPE_FILES, "docroot"),
     GUESTBOOK_AT_REQUEST(SCOPE_FILES, "guestbook-at-request"),
     GLOBUS_CACHE_MAXAGE(SCOPE_FILES, "globus-cache-maxage"),
+
+    //STORAGE DRIVER SETTINGS
+    SCOPE_DRIVER(SCOPE_FILES),
+    DISABLE_S3_TAGGING(SCOPE_DRIVER, "disable-tagging"),
 
     // SOLR INDEX SETTINGS
     SCOPE_SOLR(PREFIX, "solr"),

src/main/webapp/resources/js/fileupload.js

@@ -192,41 +192,45 @@ var fileUpload = class fileUploadClass {
                 progBar.html('');
                 progBar.append($('<progress/>').attr('class', 'ui-progressbar ui-widget ui-widget-content ui-corner-all'));
                 if(this.urls.hasOwnProperty("url")) {
-                $.ajax({
-                        url: this.urls.url,
-                        headers: { "x-amz-tagging": "dv-state=temp" },
-                        type: 'PUT',
-                        data: this.file,
-                        context:this,
-                        cache: false,
-                        processData: false,
-                        success: function() {
-                                //ToDo - cancelling abandons the file. It is marked as temp so can be cleaned up later, but would be good to remove now (requires either sending a presigned delete URL or adding a callback to delete only a temp file
-                                if(!cancelled) {
-                                    this.reportUpload();
-                                }
-                        },
-                        error: function(jqXHR, textStatus, errorThrown) {
-                                console.log('Failure: ' + jqXHR.status);
-                                console.log('Failure: ' + errorThrown);
-                                uploadFailure(jqXHR, thisFile);
-                        },
-                        xhr: function() {
-                                var myXhr = $.ajaxSettings.xhr();
-                                if (myXhr.upload) {
-                                        myXhr.upload.addEventListener('progress', function(e) {
-                                                if (e.lengthComputable) {
-                                                        var doublelength = 2 * e.total;
-                                                        progBar.children('progress').attr({
-                                                                value: e.loaded,
-                                                                max: doublelength
-                                                        });
-                                                }
-                                        });
+                        const url = this.urls.url;
+                        const request = {
+                                url: url,
+                                type: 'PUT',
+                                data: this.file,
+                                context:this,
+                                cache: false,
+                                processData: false,
+                                success: function() {
+                                        //ToDo - cancelling abandons the file. It is marked as temp so can be cleaned up later, but would be good to remove now (requires either sending a presigned delete URL or adding a callback to delete only a temp file
+                                        if(!cancelled) {
+                                            this.reportUpload();
+                                        }
+                                },
+                                error: function(jqXHR, textStatus, errorThrown) {
+                                        console.log('Failure: ' + jqXHR.status);
+                                        console.log('Failure: ' + errorThrown);
+                                        uploadFailure(jqXHR, thisFile);
+                                },
+                                xhr: function() {
+                                        var myXhr = $.ajaxSettings.xhr();
+                                        if (myXhr.upload) {
+                                                myXhr.upload.addEventListener('progress', function(e) {
+                                                        if (e.lengthComputable) {
+                                                                var doublelength = 2 * e.total;
+                                                                progBar.children('progress').attr({
+                                                                        value: e.loaded,
+                                                                        max: doublelength
+                                                                });
+                                                        }
+                                                });
+                                        }
+                                        return myXhr;
                                 }
-                                return myXhr;
+                        };
+                        if (url.includes("x-amz-tagging")) {
+                                request.headers = { "x-amz-tagging": "dv-state=temp" };
                         }
-                });
+                        $.ajax(request);
                 } else {
                   var loaded=[];
                   this.etags=[];

src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java

@@ -2512,6 +2512,21 @@ static Response getUploadUrls(String idOrPersistentIdOfDataset, long sizeInBytes
         return requestSpecification.get("/api/datasets/" + idInPath + "/uploadurls?size=" + sizeInBytes + optionalQueryParam);
     }
 
+    /**
+     * If you set dataverse.files.localstack1.disable-tagging=true you will see
+     * an error like below.
+     *
+     * To avoid it, don't send the x-amz-tagging header.
+     */
+    /*
+    <Error>
+      <Code>AccessDenied</Code>
+      <Message>There were headers present in the request which were not signed</Message>
+      <RequestId>25ff2bb0-13c7-420e-8ae6-3d92677e4bd9</RequestId>
+      <HostId>9Gjjt1m+cjU4OPvX9O9/8RuvnG41MRb/18Oux2o5H5MY7ISNTlXN+Dz9IG62/ILVxhAGI0qyPfg=</HostId>
+      <HeadersNotSigned>x-amz-tagging</HeadersNotSigned>
+    </Error>
+     */
     static Response uploadFileDirect(String url, InputStream inputStream) {
         return given()
                 .header("x-amz-tagging", "dv-state=temp")