[#124] Allow indexing rules to be invoked manually (main)

[korydraughn]

Still need to implement tests.

I've verified at full text indexing on data objects works. I'm pretty sure the other rules work since they were lifted directly from exec_rule_expression.

The rules can only be invoked via the main indexing plugin, not the elasticsearch plugin.

Some questions ...

• Who should be allowed to invoke the indexing rules directly?
  • My immediate thought is only rodsadmins.
  • Is there a use case for non-rodsadmin users to be able to invoke the rules?
• Should a subset or all indexing rules be exposed?
  • I can't think of a reason to not expose them yet. Giving rodsadmins the ability to invoke rules allows them to get out of bad situations, perhaps without having to go to the indexing service directly.

As implemented, the rules fire as the user who invoked them. Should any rules result in changing the identity of the RsComm to the user who owns the object(s)? Consider full text indexing being invoked on a data object which the rodsadmin doesn't have permissions on. I'll test this to find out what happens.

Thoughts?

[korydraughn]

Attempting to do full text indexing on a data object without appropriate permissions results in a CAT_NO_ACCESS_PERMISSION. So, we have some more work to do.

[korydraughn]

Attempting to do full text indexing on a data object without appropriate permissions results in a CAT_NO_ACCESS_PERMISSION. So, we have some more work to do.

To add to that, this is for the case where the rule is invoked as rods (a rodsadmin) on another user's data object via irule.

[trel]

Who should be allowed to invoke the indexing rules directly?

Yes, rodsadmins-only seems good

Should a subset or all indexing rules be exposed?

Agreed, 'all' seems good

[korydraughn]

As implemented, the rules fire as the user who invoked them. Should any rules result in changing the identity of the RsComm to the user who owns the object(s)? Consider full text indexing being invoked on a data object which the rodsadmin doesn't have permissions on. I'll test this to find out what happens.

I've added logic that allows rodsadmins to invoke full text indexing on other user's data objects without needing explicit permission.

I've confirmed the drop to the C API works as intended. This was done manually using irule.

[korydraughn]

Add a statement explaining how bytes_read can result in an integer less than zero.

[korydraughn]

This feature test macro name is just a placeholder until irods/irods#7530 is resolved.

This PR isn't blocked by that work. Once the irods/irods issue is resolved, these preprocessor macros can be updated to match the real feature test macro.

[korydraughn]

I've used this code in two plugins now. It probably needs to be provided by the irods-dev package so we avoid copying it everywhere.

[trel]

please make an issue - that seems good.

[korydraughn]

I'm starting to think maybe this should be a documentation exercise. That code makes a few assumptions about the input which isn't code for general purpose use.

Will think on it a little more.

[korydraughn]

irods::indexing::policy::object::index expands to the string, "irods_policy_indexing_object_index".

This is the rule name that must be used to do full text indexing of a single data object. It shares the same name as the rules which are fired as a result of triggering PEPs.

You can see the rest of the rule names here.

irods_capability_indexing/configuration.hpp

Lines 189 to 205 in 3f3529d

	namespace object
	{
	static const std::string index{"irods_policy_indexing_object_index"};
	static const std::string purge{"irods_policy_indexing_object_purge"};
	} // namespace object
	namespace metadata
	{
	static const std::string index{"irods_policy_indexing_metadata_index"};
	static const std::string purge{"irods_policy_indexing_metadata_purge"};
	} // namespace metadata
	namespace collection
	{
	static const std::string index{"irods_policy_indexing_collection_index"};
	static const std::string purge{"irods_policy_indexing_collection_purge"};
	} // namespace collection

Are those the rule names we want admins to use or do we want to change them for manual execution contexts?

I can see value in the names staying as they are. It makes it easy for admins to know what happens because they will start to remember the names. However, admins may not be able to distinguish who/what invoked the rule.

All of that to say, perhaps the names should be changed to something like ...

• indexing_index_data_object
• indexing_index_collection
• indexing_purge_data_object

Note: This PR doesn't support invoking indexing rules via the NREP yet. It should be doable, but that may require changing the the rule names for correct behavior.

[trel]

don't feel too strongly either way yet. consistency across our plugins is where i think i'd find the most value/good.

also noting that it's interesting our namespacing is not in the same order as the rule names...
'policy' and 'indexing'... switched places...

[korydraughn]

I agree on the consistency thing.

As for the namespacing, that's not surprising to me. If the C++ code used irods::policy, the possibility of symbol collision rises since other plugins would likely follow suit and define things in the irods::policy namespace.

I don't know that "policy" is a term that's needed in the rule names since everything iRODS does is about policy.

[trel]

i think that convention started with policy composition... and hasn't really been codified/hardened yet. TBD...