search

DataBiosphere / azul

Metadata indexer and query service used for AnVIL, HCA, LungMAP, and CGP
Apache License 2.0
7 stars 2 forks source link

404 from S3 when re-requesting manifest after it expired #6441

Open hannes-ucsc opened 3 months ago

hannes-ucsc commented 3 months ago

Make manifest request with filters {"organ":{"is":["blood"]},"fileFormat":{"is":["fastq.gz"]}}.

$ curl -X PUT 'https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files?catalog=dcp3&filters=%7B%22organ%22%3A%7B%22is%22%3A%5B%22blood%22%5D%7D%2C%22fileFormat%22%3A%7B%22is%22%3A%5B%22fastq.gz%22%5D%7D%7D&format=compact'
{"Status":301,"Location":"https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files/k8QgBeilC0JGH6uMSiCqgpCQbAjxQtYHnDNfV8BoY3-ePSYAAQ==","Retry-After":1}

Follow the redirect:

$ curl 'https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files/k8QgBeilC0JGH6uMSiCqgpCQbAjxQtYHnDNfV8BoY3-ePSYAAQ=='
{"Status":302,"Location":"https://s3.amazonaws.com/edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1/manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv?response-content-disposition=attachment%3Bfilename%3D%22hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv%22&AWSAccessKeyId=ASIARZFZ7W77Y2JDUYI5&Signature=MrVaBODlh0ThxW4JOjYlIlHrgkE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBoaCXVzLWVhc3QtMSJHMEUCIHK5Mdl%2FrY4vFBVVic34YgjtYgMUGH5R6iHyyZ9D2JuwAiEAleu4qp7L1ogASPOZqkTzgMCmONyG775lXvkID%2BtCsEoqhgMIMxAEGgwxMjI3OTY2MTk3NzUiDGy6uMy5dzBfjDHlXyrjAszKfowCvnvUPSPDEw4u%2Bu25KPPs2STsbn5rK82aNIU6Irv9ZL4xWWzRYCI1KE8hhR58Rz7ECbUfxQFK6e7G14Enu8NWxqhNq2QQF4qL3msu0jktJTd%2B3Kjz2pBz8lX3jkcbp6wMNlJq0uOexNpcM1w1Q5wVYsKuMFlubKEru55LpopvfhKcjTWee1FgzAp9HsB4mr%2B89jCSrEHvgRTZhDbPYyeRk7gR3jG0TrjIOhGakxYNkEcdCWN07MS%2BUvts5ZODbS8o1prRJaitVSBRtyIhNq1NqO17OwPGz6NT%2FQKoSKv%2BvRHUrtmVLEaus39URrxeKlW9OhkKwaj9OwiO5H0GZa2kftS0mRzZmlLySyslATJW3iq%2FNVgg7E27%2Fw7XvTXZmCMcrcTeB8WckpaEjyv0p6iwvdW%2F%2Fhze2Mbh8SUalYQN3aQ2J5n%2F4JMdTn%2Bxcbdz0K1EsqURTVwoHd1Oj%2Fw50zsw%2BMq9tgY6ngEYDAq5pgwBOBO2Or3FQ98V2SJATAzNLbQ6BS%2FmSQjI9MlgZTXzQnEJGOEc5vBwzLmKXhwYFyYStACa9VfbSA6wQNwJ4SOgl9o3wH5p7Txl%2BqQQGTguIG4jYF%2BO5DAed9IUe9eIhtA8bOgvEUG5ViqA44r28Dw59khe%2BwcgBj35c9GqQphsdAFGYmpwRuU32Nax8s3CO09bSm6hptCeFA%3D%3D&Expires=1724871595","CommandLine":{"cmd.exe":"curl.exe --location --fail --output \"hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv\" \"https://s3.amazonaws.com/edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1/manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv?response-content-disposition=attachment%3Bfilename%3D%22hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv%22&AWSAccessKeyId=ASIARZFZ7W77Y2JDUYI5&Signature=MrVaBODlh0ThxW4JOjYlIlHrgkE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBoaCXVzLWVhc3QtMSJHMEUCIHK5Mdl%2FrY4vFBVVic34YgjtYgMUGH5R6iHyyZ9D2JuwAiEAleu4qp7L1ogASPOZqkTzgMCmONyG775lXvkID%2BtCsEoqhgMIMxAEGgwxMjI3OTY2MTk3NzUiDGy6uMy5dzBfjDHlXyrjAszKfowCvnvUPSPDEw4u%2Bu25KPPs2STsbn5rK82aNIU6Irv9ZL4xWWzRYCI1KE8hhR58Rz7ECbUfxQFK6e7G14Enu8NWxqhNq2QQF4qL3msu0jktJTd%2B3Kjz2pBz8lX3jkcbp6wMNlJq0uOexNpcM1w1Q5wVYsKuMFlubKEru55LpopvfhKcjTWee1FgzAp9HsB4mr%2B89jCSrEHvgRTZhDbPYyeRk7gR3jG0TrjIOhGakxYNkEcdCWN07MS%2BUvts5ZODbS8o1prRJaitVSBRtyIhNq1NqO17OwPGz6NT%2FQKoSKv%2BvRHUrtmVLEaus39URrxeKlW9OhkKwaj9OwiO5H0GZa2kftS0mRzZmlLySyslATJW3iq%2FNVgg7E27%2Fw7XvTXZmCMcrcTeB8WckpaEjyv0p6iwvdW%2F%2Fhze2Mbh8SUalYQN3aQ2J5n%2F4JMdTn%2Bxcbdz0K1EsqURTVwoHd1Oj%2Fw50zsw%2BMq9tgY6ngEYDAq5pgwBOBO2Or3FQ98V2SJATAzNLbQ6BS%2FmSQjI9MlgZTXzQnEJGOEc5vBwzLmKXhwYFyYStACa9VfbSA6wQNwJ4SOgl9o3wH5p7Txl%2BqQQGTguIG4jYF%2BO5DAed9IUe9eIhtA8bOgvEUG5ViqA44r28Dw59khe%2BwcgBj35c9GqQphsdAFGYmpwRuU32Nax8s3CO09bSm6hptCeFA%3D%3D&Expires=1724871595\"","bash":"curl --location --fail --output hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv 'https://s3.amazonaws.com/edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1/manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv?response-content-disposition=attachment%3Bfilename%3D%22hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv%22&AWSAccessKeyId=ASIARZFZ7W77Y2JDUYI5&Signature=MrVaBODlh0ThxW4JOjYlIlHrgkE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBoaCXVzLWVhc3QtMSJHMEUCIHK5Mdl%2FrY4vFBVVic34YgjtYgMUGH5R6iHyyZ9D2JuwAiEAleu4qp7L1ogASPOZqkTzgMCmONyG775lXvkID%2BtCsEoqhgMIMxAEGgwxMjI3OTY2MTk3NzUiDGy6uMy5dzBfjDHlXyrjAszKfowCvnvUPSPDEw4u%2Bu25KPPs2STsbn5rK82aNIU6Irv9ZL4xWWzRYCI1KE8hhR58Rz7ECbUfxQFK6e7G14Enu8NWxqhNq2QQF4qL3msu0jktJTd%2B3Kjz2pBz8lX3jkcbp6wMNlJq0uOexNpcM1w1Q5wVYsKuMFlubKEru55LpopvfhKcjTWee1FgzAp9HsB4mr%2B89jCSrEHvgRTZhDbPYyeRk7gR3jG0TrjIOhGakxYNkEcdCWN07MS%2BUvts5ZODbS8o1prRJaitVSBRtyIhNq1NqO17OwPGz6NT%2FQKoSKv%2BvRHUrtmVLEaus39URrxeKlW9OhkKwaj9OwiO5H0GZa2kftS0mRzZmlLySyslATJW3iq%2FNVgg7E27%2Fw7XvTXZmCMcrcTeB8WckpaEjyv0p6iwvdW%2F%2Fhze2Mbh8SUalYQN3aQ2J5n%2F4JMdTn%2Bxcbdz0K1EsqURTVwoHd1Oj%2Fw50zsw%2BMq9tgY6ngEYDAq5pgwBOBO2Or3FQ98V2SJATAzNLbQ6BS%2FmSQjI9MlgZTXzQnEJGOEc5vBwzLmKXhwYFyYStACa9VfbSA6wQNwJ4SOgl9o3wH5p7Txl%2BqQQGTguIG4jYF%2BO5DAed9IUe9eIhtA8bOgvEUG5ViqA44r28Dw59khe%2BwcgBj35c9GqQphsdAFGYmpwRuU32Nax8s3CO09bSm6hptCeFA%3D%3D&Expires=1724871595'"}}

List the manifest object from the S3 URL above:

$ aws s3api list-objects-v2 --bucket edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1 --prefix 'manifests/e3ad4e7b'
{
    "Contents": [
        {
            "Key": "manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv",
            "LastModified": "2024-08-28T17:59:24.000Z",
            "ETag": "\"fa243a31e4641d68ddd7f1f9796226de-1\"",
            "Size": 33299293,
            "StorageClass": "STANDARD"
        }
    ],
    "RequestCharged": null
}

Delete said object:

$ aws s3api delete-object --bucket edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1 --key manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv

$ aws s3api list-objects-v2 --bucket edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1 --prefix 'manifests/e3ad4e7b'
{
    "RequestCharged": null
}

Request the same manifest. ~In this case we reordered the filter keys ({"fileFormat":{"is":["fastq.gz"]},"organ":{"is":["pancreas"]}}), but with #6417 fixed, reordering is not required to reproduce this issue, and the filter key order does not effect the outcome:~

$ curl -X PUT 'https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files?catalog=dcp3&filters=%7B%22organ%22%3A%7B%22is%22%3A%5B%22blood%22%5D%7D%2C%22fileFormat%22%3A%7B%22is%22%3A%5B%22fastq.gz%22%5D%7D%7D&format=compact'
{"Status":301,"Location":"https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files/k8QgBeilC0JGH6uMSiCqgpCQbAjxQtYHnDNfV8BoY3-ePSYAAQ==","Retry-After":1}

Follow the 301 redirect:

$ curl https://service.dev.singlecell.gi.ucsc.edu/fetch/manifest/files/k8QgBeilC0JGH6uMSiCqgpCQbAjxQtYHnDNfV8BoY3-ePSYAAQ== | jq -r .Location
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4392  100  4392    0     0   8731      0 --:--:-- --:--:-- --:--:--  8749
https://s3.amazonaws.com/edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1/manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv?response-content-disposition=attachment%3Bfilename%3D%22hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv%22&AWSAccessKeyId=ASIARZFZ7W77Y2JDUYI5&Signature=MrVaBODlh0ThxW4JOjYlIlHrgkE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBoaCXVzLWVhc3QtMSJHMEUCIHK5Mdl%2FrY4vFBVVic34YgjtYgMUGH5R6iHyyZ9D2JuwAiEAleu4qp7L1ogASPOZqkTzgMCmONyG775lXvkID%2BtCsEoqhgMIMxAEGgwxMjI3OTY2MTk3NzUiDGy6uMy5dzBfjDHlXyrjAszKfowCvnvUPSPDEw4u%2Bu25KPPs2STsbn5rK82aNIU6Irv9ZL4xWWzRYCI1KE8hhR58Rz7ECbUfxQFK6e7G14Enu8NWxqhNq2QQF4qL3msu0jktJTd%2B3Kjz2pBz8lX3jkcbp6wMNlJq0uOexNpcM1w1Q5wVYsKuMFlubKEru55LpopvfhKcjTWee1FgzAp9HsB4mr%2B89jCSrEHvgRTZhDbPYyeRk7gR3jG0TrjIOhGakxYNkEcdCWN07MS%2BUvts5ZODbS8o1prRJaitVSBRtyIhNq1NqO17OwPGz6NT%2FQKoSKv%2BvRHUrtmVLEaus39URrxeKlW9OhkKwaj9OwiO5H0GZa2kftS0mRzZmlLySyslATJW3iq%2FNVgg7E27%2Fw7XvTXZmCMcrcTeB8WckpaEjyv0p6iwvdW%2F%2Fhze2Mbh8SUalYQN3aQ2J5n%2F4JMdTn%2Bxcbdz0K1EsqURTVwoHd1Oj%2Fw50zsw%2BMq9tgY6ngEYDAq5pgwBOBO2Or3FQ98V2SJATAzNLbQ6BS%2FmSQjI9MlgZTXzQnEJGOEc5vBwzLmKXhwYFyYStACa9VfbSA6wQNwJ4SOgl9o3wH5p7Txl%2BqQQGTguIG4jYF%2BO5DAed9IUe9eIhtA8bOgvEUG5ViqA44r28Dw59khe%2BwcgBj35c9GqQphsdAFGYmpwRuU32Nax8s3CO09bSm6hptCeFA%3D%3D&Expires=1724871595

Follow the 302 redirect to the manifest object:

$ curl 'https://s3.amazonaws.com/edu-ucsc-gi-platform-hca-dev-storage-dev.us-east-1/manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv?response-content-disposition=attachment%3Bfilename%3D%22hca-manifest-e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv%22&AWSAccessKeyId=ASIARZFZ7W77Y2JDUYI5&Signature=MrVaBODlh0ThxW4JOjYlIlHrgkE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBoaCXVzLWVhc3QtMSJHMEUCIHK5Mdl%2FrY4vFBVVic34YgjtYgMUGH5R6iHyyZ9D2JuwAiEAleu4qp7L1ogASPOZqkTzgMCmONyG775lXvkID%2BtCsEoqhgMIMxAEGgwxMjI3OTY2MTk3NzUiDGy6uMy5dzBfjDHlXyrjAszKfowCvnvUPSPDEw4u%2Bu25KPPs2STsbn5rK82aNIU6Irv9ZL4xWWzRYCI1KE8hhR58Rz7ECbUfxQFK6e7G14Enu8NWxqhNq2QQF4qL3msu0jktJTd%2B3Kjz2pBz8lX3jkcbp6wMNlJq0uOexNpcM1w1Q5wVYsKuMFlubKEru55LpopvfhKcjTWee1FgzAp9HsB4mr%2B89jCSrEHvgRTZhDbPYyeRk7gR3jG0TrjIOhGakxYNkEcdCWN07MS%2BUvts5ZODbS8o1prRJaitVSBRtyIhNq1NqO17OwPGz6NT%2FQKoSKv%2BvRHUrtmVLEaus39URrxeKlW9OhkKwaj9OwiO5H0GZa2kftS0mRzZmlLySyslATJW3iq%2FNVgg7E27%2Fw7XvTXZmCMcrcTeB8WckpaEjyv0p6iwvdW%2F%2Fhze2Mbh8SUalYQN3aQ2J5n%2F4JMdTn%2Bxcbdz0K1EsqURTVwoHd1Oj%2Fw50zsw%2BMq9tgY6ngEYDAq5pgwBOBO2Or3FQ98V2SJATAzNLbQ6BS%2FmSQjI9MlgZTXzQnEJGOEc5vBwzLmKXhwYFyYStACa9VfbSA6wQNwJ4SOgl9o3wH5p7Txl%2BqQQGTguIG4jYF%2BO5DAed9IUe9eIhtA8bOgvEUG5ViqA44r28Dw59khe%2BwcgBj35c9GqQphsdAFGYmpwRuU32Nax8s3CO09bSm6hptCeFA%3D%3D&Expires=1724871595'
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>manifests/e3ad4e7b-20fe-5c4a-b084-c06f57809d6f.6471d936-5eac-53e8-8306-b295d0c977e2.tsv</Key><RequestId>E86KQN2PCBB382X1</RequestId><HostId>seoSR85pxpYC3LA6uljLskTQqRSMnx4A4GCpMFE+UJDYVGU9Q6KlX1CDPyIal6J+aiPPauP+Tfc=</HostId></Error>

S3 returns a 404.

The expected behavior is to kick off a new manifest generation that recreates the manifest object in S3. Note that in the reproduction, after deleting the manifest object, the token returned in the 301 redirect is the same as that from before the deletion, indicating that Azul is reusing the AWS Step Function execution from the first request. This should be a new execution.

The difficulty is that while the step function is running and the object does not yet exist, we do want to reuse that execution, to avoid multiple redundant executions, to save cost and avoid DOS attacks. We need to somehow distinguish that case from the one where the Step Function execution has finished but the manifest object does not exist anymore, because it expired or was explicitly deleted.

The fact that we pretty much redeploy Azul at least once a week prevents this from being a bigger issue. The manifest expiration is also one week, so by the time a manifest object expires, the deployed commit will have changed, which will have invalidated all manifest cache keys and therefore all Step Function executions and new executions will be kicked off even when manifest requests are repeated.

dsotirho-ucsc commented 3 months ago

Assignee to consider next steps.

hannes-ucsc commented 3 months ago

I provided a reproduction. Fixing #6417 did not make this worse. Supposedly a 404 from S3 is better than a 500 from Azul.

Also, there is a mitigating factor. See last paragraph of the description.

dsotirho-ucsc commented 3 months ago

Assignee to port reproduction to the dev deployment once fix for #6417 lands there

dsotirho-ucsc commented 2 months ago

Assignee to port reproduction to the dev deployment once fix for https://github.com/DataBiosphere/azul/issues/6417 lands there

done.