ClearML/clearml-server
1
0
Fork 0
mirror of https://github.com/clearml/clearml-server synced 2025-03-16 02:18:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix fixed users creation/removal

Browse Source
This commit is contained in:
allegroai 2024-06-20 17:57:23 +03:00
parent 14547155cb
commit 9c210bb4fa
2 changed files with 57 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
apiserver/mongo/initialize/user.py
View File

@ -9,33 +9,60 @@ from apiserver.database.model.user import User
from apiserver.service_repo.auth.fixed_user import FixedUser from apiserver.service_repo.auth.fixed_user import FixedUser
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False): def _ensure_user_credentials(
key, secret = user_data.get("key"), user_data.get("secret") user: AuthUser, key: str, secret: str, log: Logger, revoke: bool = False
if not (key and secret): ) -> None:
credentials = None
else:
creds = Credentials(key=key, secret=secret)
user = AuthUser.objects(credentials__match=creds).first()
if user:
if revoke: if revoke:
log.info(f"Revoking credentials for existing user {user.id} ({user.name})")
user.credentials = [] user.credentials = []
user.save() user.save()
return
if not (key and secret):
return
new_credentials = Credentials(key=key, secret=secret)
log.info(f"Setting credentials for existing user {user.id} ({user.name})")
user.credentials = [new_credentials]
user.save()
return
def _ensure_auth_user(user_data: dict, company_id: str, log: Logger, revoke: bool = False) -> str:
user_id = user_data.get("id", f"__{user_data['name']}__")
role = user_data["role"]
email = user_data["email"]
autocreated = user_data.get("autocreated", False)
key, secret = user_data.get("key"), user_data.get("secret")
user: AuthUser = AuthUser.objects(id=user_id).first()
if user:
_ensure_user_credentials(user=user, key=key, secret=secret, log=log, revoke=revoke)
if (
user.role != role
or user.email != email
or user.autocreated != autocreated
):
user.email = email
user.role = role
user.autocreated = autocreated
user.save()
return user.id return user.id
credentials = [] if revoke else [creds] credentials = (
[Credentials(key=key, secret=secret)]
user_id = user_data.get("id", f"__{user_data['name']}__") if not revoke and key and secret
autocreated = user_data.get("autocreated", False) else []
)
log.info(f"Creating user: {user_data['name']}") log.info(f"Creating user: {user_data['name']}")
user = AuthUser( user = AuthUser(
id=user_id, id=user_id,
name=user_data["name"], name=user_data["name"],
company=company_id, company=company_id,
role=user_data["role"], role=role,
email=user_data["email"], email=email,
created=datetime.utcnow(), created=datetime.utcnow(),
credentials=credentials, credentials=credentials,
autocreated=autocreated, autocreated=autocreated,
@ -62,6 +89,15 @@ def _ensure_backend_user(user_id: str, company_id: str, user_name: str):
def ensure_fixed_user(user: FixedUser, log: Logger, emails: set): def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
data = attr.asdict(user)
data["id"] = user.user_id
email = f"{user.user_id}@example.com"
data["email"] = email
data["role"] = Role.guest if user.is_guest else Role.user
data["autocreated"] = True
_ensure_auth_user(user_data=data, company_id=user.company, log=log)
db_user = User.objects(company=user.company, id=user.user_id).first() db_user = User.objects(company=user.company, id=user.user_id).first()
if db_user: if db_user:
# noinspection PyBroadException # noinspection PyBroadException
@ -71,16 +107,7 @@ def ensure_fixed_user(user: FixedUser, log: Logger, emails: set):
db_user.update(name=user.name, given_name=given_name, family_name=family_name) db_user.update(name=user.name, given_name=given_name, family_name=family_name)
except Exception: except Exception:
pass pass
return else:
_ensure_backend_user(user.user_id, user.company, user.name)
data = attr.asdict(user)
data["id"] = user.user_id
email = f"{user.user_id}@example.com"
data["email"] = email
data["role"] = Role.guest if user.is_guest else Role.user
data["autocreated"] = True
_ensure_auth_user(user_data=data, company_id=user.company, log=log)
emails.add(email) emails.add(email)
return _ensure_backend_user(user.user_id, user.company, user.name)

7
apiserver/service_repo/service_repo.py
View File

@ -296,7 +296,7 @@ class ServiceRepo(object):
except APIError as ex: except APIError as ex:
# report stack trace only for gene # report stack trace only for gene
include_stack = cls._return_stack and cls._should_return_stack( include_stack = cls._should_return_stack(
ex.code, ex.subcode ex.code, ex.subcode
) )
call.set_error_result( call.set_error_result(
@ -310,8 +310,11 @@ class ServiceRepo(object):
pass pass
except Exception as ex: except Exception as ex:
log.exception(ex) log.exception(ex)
include_stack = cls._should_return_stack(
500, 0
)
call.set_error_result( call.set_error_result(
code=500, subcode=0, msg=str(ex), include_stack=cls._return_stack code=500, subcode=0, msg=str(ex), include_stack=include_stack
) )
finally: finally:
content, content_type = call.get_response() content, content_type = call.get_response()