improve empty project - Githubissues

ACED-IDP / gen3_util

Collection of command line tools to interact with a Gen3 instance

MIT License

3 stars 1 forks source link

improve empty project #57

Closed bwalsh closed 2 months ago

bwalsh commented 7 months ago

As an aced data submitter, when I empty all content from the project, the .g3t/state should be cleared

Although the etl pod now has a empty project capability, several improvements could be made:

move the feature from g3t utilities projects empty to a new, top level command, perhaps g3t reset
add fhir_delete to aced_submission

matthewpeterkort commented 7 months ago

addressed in: https://github.com/ACED-IDP/gen3_util/pull/56 https://github.com/ACED-IDP/submission/pull/17 https://github.com/ACED-IDP/aced_etl_pod/pull/25

note: In order for the delete permissions to take effect you will need to create a seperate 'deleter' role in user.yaml

- description: ''
    id: deleter
    permissions:
    - action:
        method: delete
        service: '*'
      constraints: {}
      description: ''
      id: deleter

and then run a kc delete job/user-yaml followed by a make local

and then remove delete permissions from the writer role.

Then gaining delete permissions can be done with a g3t --profile local utilities access add --roles deleter type command.

bwalsh commented 6 months ago

Overall, looks great. Started a new branch fix/reset so we can have a separate PR.

Please add some comments on what is happening w/ emptied.ndjson here
Please use click.secho here
Please add an integration test that:
- creates a test project and adds data to it (see here for example), then add reset it and test that the user can:
- status the project and see expected results
- continue to add and push new data after the project has been emptied

In the etl_pod:

Please remove the requirement to have delete permissions, replace it with the check for create privileges. Confirm that the create privilege check is correct and sufficient.
Remove corresponding needs for delete policy here

matthewpeterkort commented 6 months ago

* Please remove the requirement to [have delete permissions](https://github.com/ACED-IDP/aced_etl_pod/blob/6e14d499ac03e3843e43cdedab7b3c6dbcadd911/etl-job/fhir_import_export.py#L411-L412), replace it with the check for create privileges. Confirm that the create privilege check is correct and sufficient.

* Remove corresponding needs for delete policy [here](https://github.com/ACED-IDP/gen3_util/blob/development/gen3_util/access/policies/add-project-default.yaml#L12-L14)

What is the reason for keeping write and delete policies under the same role "writer" ?