ClearML/clearml-server
1
0
Fork 0
mirror of https://github.com/clearml/clearml-server synced 2025-06-26 23:15:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix user credentials reset on the apiserver restart

Browse Source
This commit is contained in:
clearml 2024-12-05 19:05:45 +02:00
parent cfcad6300a
commit 5a5f02cead
2 changed files with 43 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apiserver/mongo/initialize/__init__.py
View File

@ -73,7 +73,7 @@ def init_mongo_data():
}
internal_user_emails.add(email.lower())
revoke = fixed_mode and credentials.get("revoke_in_fixed_mode", False)
user_id = _ensure_auth_user(user_data, company_id, log=log, revoke=revoke)
user_id = _ensure_auth_user(user_data, company_id, log=log, revoke=revoke, internal_user=True)
if credentials.role == Role.user:
_ensure_backend_user(user_id, company_id, credentials.display_name)

61
apiserver/mongo/initialize/user.py
View File

@ -10,7 +10,12 @@ from apiserver.service_repo.auth.fixed_user import FixedUser
def _ensure_user_credentials(
user: AuthUser, key: str, secret: str, log: Logger, revoke: bool = False
user: AuthUser,
key: str,
secret: str,
log: Logger,
revoke: bool = False,
internal_user: bool = False,
) -> None:
if revoke:
log.info(f"Revoking credentials for existing user {user.id} ({user.name})")
@ -19,19 +24,34 @@ def _ensure_user_credentials(
return
if not (key and secret):
log.info(f"Resetting credentials for existing user {user.id} ({user.name})")
user.credentials = []
user.save()
if internal_user:
log.info(f"Resetting credentials for existing user {user.id} ({user.name})")
user.credentials = []
user.save()
return
new_credentials = Credentials(key=key, secret=secret)
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
user.credentials = [new_credentials]
user.save()
return
if internal_user:
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
user.credentials = [new_credentials]
user.save()
return
if user.credentials is None:
user.credentials = []
if not any((cred.key, cred.secret) == (key, secret) for cred in user.credentials):
log.info(f"Adding credentials for existing user {user.id} ({user.name})")
user.credentials.append(new_credentials)
user.save()
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False) -> str:
def _ensure_auth_user(
user_data: dict,
company_id: str,
log: Logger,
revoke: bool = False,
internal_user: bool = False,
) -> str:
user_id = user_data.get("id", f"__{user_data['name']}__")
role = user_data["role"]
email = user_data["email"]
@ -40,12 +60,15 @@ def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: boo
user: AuthUser = AuthUser.objects(id=user_id).first()
if user:
_ensure_user_credentials(user=user, key=key, secret=secret, log=log, revoke=revoke)
if (
user.role != role
or user.email != email
or user.autocreated != autocreated
):
_ensure_user_credentials(
user=user,
key=key,
secret=secret,
log=log,
revoke=revoke,
internal_user=internal_user,
)
if user.role != role or user.email != email or user.autocreated != autocreated:
user.email = email
user.role = role
user.autocreated = autocreated
@ -54,9 +77,7 @@ def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: boo
return user.id
credentials = (
[Credentials(key=key, secret=secret)]
if not revoke and key and secret
else []
[Credentials(key=key, secret=secret)] if not revoke and key and secret else []
)
log.info(f"Creating user: {user_data['name']}")
@ -108,7 +129,9 @@ def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
try:
log.info(f"Updating user name: {user.name}")
given_name, _, family_name = user.name.partition(" ")
db_user.update(name=user.name, given_name=given_name, family_name=family_name)
db_user.update(
name=user.name, given_name=given_name, family_name=family_name
)
except Exception:
pass
else: