Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] [ENH] - Add User table to database #975

Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

[WIP] [ENH] - Add User table to database #975

wants to merge 18 commits into from

Conversation

peytondmurray
Copy link
Contributor

@peytondmurray peytondmurray commented Nov 11, 2024
edited
Loading

Fixes #930.

Description

This pull request adds a User table to the database with the intent of replacing the NamespaceRoleMapping system for managing user permissions.

  • Formally defined a Role enum type to replace current role permissioning in conda-store. Users can have different roles for different environments: NONE (no access to environment), VIEWER (can view an environment), EDITOR (can edit an environment), and ADMIN (administrator for an environment). Integer access levels are also assigned to each of these, with higher values representing greater levels of access; this allows you to do comparisons like Role.EDITOR < Role.ADMIN.
  • User and RoleBinding tables added to database. Each User has zero or more associated entries on the RoleBinding table which define the level of permissions the User has for each environment. When a new user is created, the role bindings passed to conda-store get translated into entries in the RoleBinding table, which stores the pattern for each role binding. For example if a user is created with the following role bindings:
role_bindings = {
    'env*/foo': {'viewer'},
    'home/*': {'editor'},
}

This will produce two rows in the RoleBinding row: one with RoleBinding.role == Role.VIEWER and another with RoleBinding.role == Role.EDITOR. The first row matches any environment named foo in any namespace starting with env, and the other matches any environment in the home namespace.

  • Added documentation in the alembic readme about how to generate database migrations for conda-store, since there was none.
  • Fixed a bug in script.py.mako that would cause new autogenerated migrations to fail
  • New User entries (and associated RoleBinding entries are created when the user sends a successful POST to /login/. schema.AuthenticationToken has been updated to include a user_name key for use by conda-store. No password is stored currently.

Note this will require changes for Nebari to pass usernames for the users as part of the token to conda-store.

To do

  • Generate User and RoleBinding tables
  • Generate database migration
  • Add user_name field to schema.AuthenticationToken so that conda-store can distinguish users. Keycloak will need to do this too!
  • Upon login, check if the user is in the db; if not, add the user with the correct permissions
  • Update conda_store_server.api.list_environments

Pull request checklist

  • Did you test this change locally?
  • Did you update the documentation (if required)?
  • Did you add/update relevant tests for this change (if required)?

@netlify Netlify
Copy link

netlify bot commented Nov 11, 2024
edited
Loading

Deploy Preview for conda-store canceled.

Name Link
🔨 Latest commit ada6a64
🔍 Latest deploy log https://app.netlify.com/sites/conda-store/deploys/67338885132bb800098fb8a9

@peytondmurray peytondmurray added type: enhancement 💅🏼 area: api 🌐 area: user experience 👩🏻‍💻 Items impacting the end-user experience area: workflow-improvements Issue is affected by upcoming workflow improvements labels Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area: api 🌐 area: user experience 👩🏻‍💻 Items impacting the end-user experience area: workflow-improvements Issue is affected by upcoming workflow improvements type: enhancement 💅🏼
Projects
conda-store 🐍
Status: In Progress 🏗
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ENH] - Add User object to database
1 participant
@peytondmurray