[python] Fix submit and run error #10792
Conversation
because we add permission, so it failed out createQueue method. this patch fix it and do some refactor of our tenant and queue validator code
zhongjiajie
force-pushed
the
f-py-api-submit
branch
from
ccb6d01
to
77dbef4
Compare
...heduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/QueueServiceImpl.java
Outdated
Show resolved
Hide resolved
...cheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/BaseServiceImpl.java
Outdated
Show resolved
Hide resolved
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/TenantService.java
Outdated
Show resolved
Hide resolved
|
I changed the function name according to your suggestion @SbloodyS |
|
I find out I forget add tests on it, will add it right now |
...eduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/TenantServiceImpl.java
Outdated
Show resolved
Hide resolved
| tenant.setUpdateTime(now); | ||
|
|
||
| // save | ||
| tenantMapper.insert(tenant); |
There was a problem hiding this comment.
Please use the original method to insert tenant, then it can keep the unified logic, such as add permission check, see #10718 (comment)
There was a problem hiding this comment.
I think we should ignore the permission check currently for pydolphinscheudler, if we have to consider the permission, we have to create a role and connect the role for the current user who creates the workflow from pydolphinscheudler to define code.
But as we know, pydolphinscheudler is a batch operator API instead of an interactive API, which mean that it will batch create or update all related object when is submit. If users change the definition in
The most important thing is, that it should work finally, otherwise, users will think there is a bug here, IMO is another method to ignore the permission. If we instead to add RBAC to pydolphinscheudler, will make dolphinscheduler have mulitple dummy role and the relation between roles and users
There was a problem hiding this comment.
But I can indeed possible to abstract the insert part like below to a new private function:
Tenant tenant = new Tenant();
Date now = new Date();
tenant.setTenantCode(tenantCode);
tenant.setQueueId(newQueue.getId());
tenant.setDescription(desc);
tenant.setCreateTime(now);
tenant.setUpdateTime(now);
// save
tenantMapper.insert(tenant);like
private Tenant createRecordToDB(String tenantCode, int queueId) {
Tenant tenant = new Tenant();
Date now = new Date();
tenant.setTenantCode(tenantCode);
tenant.setQueueId(queueID);
tenant.setDescription(desc);
tenant.setCreateTime(now);
tenant.setUpdateTime(now);
// save
tenantMapper.insert(tenant);
return tenant;
};There was a problem hiding this comment.
But I can indeed possible to abstract the insert part like below to a new private function:
Tenant tenant = new Tenant(); Date now = new Date(); tenant.setTenantCode(tenantCode); tenant.setQueueId(newQueue.getId()); tenant.setDescription(desc); tenant.setCreateTime(now); tenant.setUpdateTime(now); // save tenantMapper.insert(tenant);like
private Tenant createRecordToDB(String tenantCode, int queueId) { Tenant tenant = new Tenant(); Date now = new Date(); tenant.setTenantCode(tenantCode); tenant.setQueueId(queueID); tenant.setDescription(desc); tenant.setCreateTime(now); tenant.setUpdateTime(now); // save tenantMapper.insert(tenant); return tenant; };
Yes, permission check is just a case, and maybe we will add other logic when create tenant or queue. If we use a new method, when someone modify the insert logic, he should modify two places, otherwise there may be problems.
There was a problem hiding this comment.
But currently, python api will create or update objects with admin permission
Add in edc1ff8 |
Codecov Report
@@ Coverage Diff @@
## dev #10792 +/- ##
============================================
+ Coverage 40.61% 40.67% +0.06%
- Complexity 4817 4826 +9
============================================
Files 902 913 +11
Lines 36221 36306 +85
Branches 3999 3989 -10
============================================
+ Hits 14711 14768 +57
- Misses 20045 20065 +20
- Partials 1465 1473 +8
Continue to review full report at Codecov.
|
|
I add new commit f4fc406 to fix this #10792 (comment) |
|
Maybe we should re-design the permission in pydolphinscheduler after we add role in our codebase |
| @@ -194,7 +194,7 @@ public enum Status { | |||
| QUERY_WORKFLOW_LINEAGE_ERROR(10161, "query workflow lineage error", "查询血缘失败"), | |||
| QUERY_AUTHORIZED_AND_USER_CREATED_PROJECT_ERROR(10162, "query authorized and user created project error error", "查询授权的和用户创建的项目错误"), | |||
| DELETE_PROCESS_DEFINITION_BY_CODE_FAIL(10163, "delete process definition by code fail, for there are {0} process instances in executing using it", "删除工作流定义失败,有[{0}]个运行中的工作流实例正在使用"), | |||
| CHECK_OS_TENANT_CODE_ERROR(10164, "Please enter the English os tenant code", "请输入英文操作系统租户"), | |||
| CHECK_OS_TENANT_CODE_ERROR(10164, "Tenant code invalid, should follow linux's users naming conventions", "非法的租户名,需要遵守 Linux 用户命名规范"), | |||
There was a problem hiding this comment.
for the reviewers, I change this message due to I think the pervious message is wrong
| // not exist | ||
| Map<String, Object> result = queueService.updateQueue(getLoginUser(), 0, "queue", queueName); | ||
| logger.info(result.toString()); |
There was a problem hiding this comment.
And I delete all the logger is our tests, because I think is redundance, correct me if I am wrong
|
I suggest python API is always created or updated in Admin role currently, and all our validate expect permission should including in |
| @ExceptionHandler(ServiceException.class) | ||
| public Result exceptionHandler(ServiceException e, HandlerMethod hm) { | ||
| logger.error("ServiceException: ", e); | ||
| return new Result(e.getCode(), e.getMessage()); | ||
| } |
There was a problem hiding this comment.
I add a new handler to handle Service Exception throw from service side, according to @caishunfeng suggetion. So we can throw exception in service side, and keep our code clear
|
Kudos, SonarCloud Quality Gate passed! |
|
Finally, the CI pass 🤣 |
|
Thanks all |
because we add permission, so it failed out createQueue method. this patch fix it and do some refactor of our tenant and queue validator code
because we add permission, so it failed out createQueue method. this patch fix it and do some refactor of our tenant and queue validator code (cherry picked from commit ae6aa53)
because we add permission, so it failed out
createQueue method. this patch fix it and
do some refactor of our tenant and queue
validator code
close: #10794