-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto user permissions creation over its deployed process #247
Conversation
… workspace directory (relates to Ouranosinc/Magpie#517 and bird-house/twitcher#114)
…llowed permission to read them
…ter configs (within Twitcher) using directory loading strategy
@ahandan @francisPLT @huard |
E2E Test ResultsDACCS-iac Pipeline ResultsBuild URL : http://daccs-jenkins.crim.ca:80/job/DACCS-iac-birdhouse/919/Result : success BIRDHOUSE_DEPLOY_BRANCH : weaver-publish-process DACCS_CONFIGS_BRANCH : master PAVICS_E2E_WORKFLOW_TESTS_BRANCH : master PAVICS_SDI_BRANCH : master DESTROY_INFRA_ON_EXIT : true PAVICS_HOST : https://host-140-69.rdext.crim.ca PAVICS-e2e-workflow-tests Pipeline ResultsTests URL : http://daccs-jenkins.crim.ca:80/job/PAVICS-e2e-workflow-tests/job/master/764/NOTEBOOK TEST RESULTS |
E2E Test ResultsDACCS-iac Pipeline ResultsBuild URL : http://daccs-jenkins.crim.ca:80/job/DACCS-iac-birdhouse/923/Result : failure BIRDHOUSE_DEPLOY_BRANCH : weaver-publish-process DACCS_CONFIGS_BRANCH : master PAVICS_E2E_WORKFLOW_TESTS_BRANCH : master PAVICS_SDI_BRANCH : master DESTROY_INFRA_ON_EXIT : true PAVICS_HOST : https://host-140-4.rdext.crim.ca PAVICS-e2e-workflow-tests Pipeline ResultsTests URL : http://daccs-jenkins.crim.ca:80/job/PAVICS-e2e-workflow-tests/job/master/767/NOTEBOOK TEST RESULTS |
E2E Test ResultsDACCS-iac Pipeline ResultsBuild URL : http://daccs-jenkins.crim.ca:80/job/DACCS-iac-birdhouse/924/Result : failure BIRDHOUSE_DEPLOY_BRANCH : weaver-publish-process DACCS_CONFIGS_BRANCH : master PAVICS_E2E_WORKFLOW_TESTS_BRANCH : master PAVICS_SDI_BRANCH : master DESTROY_INFRA_ON_EXIT : true PAVICS_HOST : https://host-140-4.rdext.crim.ca PAVICS-e2e-workflow-tests Pipeline ResultsTests URL : http://daccs-jenkins.crim.ca:80/job/PAVICS-e2e-workflow-tests/job/master/768/NOTEBOOK TEST RESULTS |
run tests |
@tlvu |
E2E Test ResultsDACCS-iac Pipeline ResultsBuild URL : http://daccs-jenkins.crim.ca:80/job/DACCS-iac-birdhouse/942/Result : failure BIRDHOUSE_DEPLOY_BRANCH : weaver-publish-process DACCS_CONFIGS_BRANCH : master PAVICS_E2E_WORKFLOW_TESTS_BRANCH : master PAVICS_SDI_BRANCH : master DESTROY_INFRA_ON_EXIT : true PAVICS_HOST : https://host-140-4.rdext.crim.ca PAVICS-e2e-workflow-tests Pipeline ResultsTests URL : http://daccs-jenkins.crim.ca:80/job/PAVICS-e2e-workflow-tests/job/master/771/NOTEBOOK TEST RESULTS |
Oh thank you, I was a bit lost with all the PR with many similar code. That change LTGM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
E2E Test ResultsDACCS-iac Pipeline ResultsBuild URL : http://daccs-jenkins.crim.ca:80/job/DACCS-iac-birdhouse/943/Result : failure BIRDHOUSE_DEPLOY_BRANCH : weaver-publish-process DACCS_CONFIGS_BRANCH : master PAVICS_E2E_WORKFLOW_TESTS_BRANCH : master PAVICS_SDI_BRANCH : master DESTROY_INFRA_ON_EXIT : true PAVICS_HOST : https:// PAVICS-e2e-workflow-tests Pipeline ResultsTests URL :NOTEBOOK TEST RESULTS
|
When a process is deployed on Weaver, the user that deployed it (provided they had permission to do so), will automatically receive the necessary permissions to obtain access to its description and execution of jobs with it.
The process will be visible only by the deploying user (and admins) until it gets shared/published with other users/groups with the appropriate permissions applied in Magpie.
Changes
Non-breaking changes
Breaking changes
Note: only commits after e661ef2 can be used to see only the diff of this PR omitting other dependencies.
Related Issue / Discussion
Additional Information
(only for using the CLI below, not impacting the stack itself)
Results / Demonstration
Using the Weaver CLI in combination of https://github.com/Ouranosinc/requests-magpie/, following command is sent and received:
Before execution, the following is shown in Magpie. These definitions are similar to current birdhouse stack when Weaver is enabled to be registered with minimal permissions. Deploy permission (write) is added to the test user using
match
modifier (contrary torecursive
) such that they can POST (i.e.: deploy) on that specific endpoint, but cannot execute all underlying process/jobs.After the execution of the CLI command, the following is obtained. This grants access to the user for execution and un-deployment of the new process, but still cannot modify/execute other processes they do not "own".
Logs display the valid creation: