Open adswa opened 4 days ago
The documentation is probably in KBI0028.
To me this is about how Nextcloud exposes the shared folders through webdav:
clone
from .../public.php/webdav
URL relies on the share token (part of the share link generated by nextcloud) and password being provided as user & password credentials (see the KBI)-storage
remote still has the /remote.php/dav/files/<USERNAME>
URL recorded (see the "unauthorized" response reported by git-annex), which has no chance to succeed with the above credentialsenableremote
with the .../public.php/webdav
URL.There are two caveats regarding passwords which do not directly apply here, but could apply in general:
.git/annex/creds
(see annex.cachecreds
in git-annex manpage). The file gets written after successful enableremote
. So usually things should just work, but there is some room for play here.As a side note, I guess the user surprise is mostly due to the fact that the command suggested explicitly by DataLad ("enable with...") does not work. Also, there is no URL reconfiguration done by DataLad (like it does for RIA stores), all is left for the user. And neither happens because these are fairly unusual circumstances, in terms of setup. So apart from the fact that we can probably explain this situation (to be seen really), we can wonder whether this should be documented better or whether DataLad behavior needs to be changed.
I observe the failure already during the clone call
It seems that the share link must allow write access - when using only "Download / view" permissions, I also observed a failure on clone. For reasons we might want to explore, there is a PUT call happenning when testing WebDAV server (note: although this step clones a git repo, datalad-annex special remote uses git-annex for intermediate steps):
❱ datalad clone "webdavs://fz-juelich.sciebo.de/public.php/webdav" test_publink_webdav_clone
...
fatal: CommandError(CommandError: 'git -c diff.ignoreSubmodules=none -c core.quotepath=false annex initremote origin type=webdav encryption=none exporttree=yes url=https://fz-juelich.sciebo.de/public.php/webdav -c annex.dotfiles=true' failed with exitcode 1 under /tmp/test_publink_webdav_clone/.git/dl-repoannex/origin/repoannex [out: 'initremote origin (testing WebDAV server...)
failed'] [err: 'git-annex: WebDAV test failed: HttpExceptionRequest Request {
host = "fz-juelich.sciebo.de"
port = 443
secure = True
requestHeaders = [("Authorization","<REDACTED>"),("User-Agent","hDav-using application")]
path = "/public.php/webdav/git-annex-webdav-tmp-test"
queryString = ""
method = "PUT"
proxy = Nothing
rawBody = False
redirectCount = 10
responseTimeout = ResponseTimeoutNone
requestVersion = HTTP/1.1
proxySecureMode = ProxySecureWithConnect
}
When the public link allows writing (I used "Download / View / Upload / Edit" to be sure), I am able to complete the reproducer.
Setup as in the first code block in OP until datalad clone
followed by:
❱ datalad clone "webdavs://fz-juelich.sciebo.de/public.php/webdav" test_publink_webdav_clone 1 !
[INFO ] Remote origin uses a protocol not supported by git-annex; setting annex-ignore
[INFO ] access to 1 dataset sibling sciebo-storage not auto-enabled, enable with:
| datalad siblings -d "/tmp/test_publink_webdav_clone" enable -s sciebo-storage
install(ok): /tmp/test_publink_webdav_clone (dataset)
❱ cd /tmp/test_publink_webdav_clone
❱ git annex initremote sciebo-storage-public --sameas sciebo-storage type=webdav exporttree=yes encryption=none url=https://fz-juelich.sciebo.de/public.php/webdav
initremote sciebo-storage-public (testing WebDAV server...) ok
(recording state in git...)
❱ datalad get -s sciebo-storage-public 1103_3.tgz
get(ok): 1103_3.tgz (file) [from sciebo-storage-public...]
Note: in the above, I am defining a new remote with a public url, sameas
the original remote. This can be done by the consumer (possibly with --private
option) but probably this could also be done by the producer, leaving the consumer only to enable it.
In a recent office hour, the following way of interacting with a webdav sibling (using a public link generated in the web interface) yielded special remote errors:
The observed error looked like this:
I have tried to reproduce this, but I observe the failure already during the
clone
call rather than thesiblings enable
call. As I have missed previous office hours where this came up already, I'm unsure about the background of this problem. I also didn't find any documentation on this approach using public links. If this method is supposed to work, I think we should also add documentation about it.