Log Authenticated User from UI-Server in Workflow Log #4522
Conversation
cylc/flow/network/client.py
Outdated
| if auth_user: | ||
| set_authenticated_user(self.header, auth_user) |
There was a problem hiding this comment.
This is updating the client's header which is shared between multiple requests (so potentially for multiple authenticated users). We can delay this a couple of lines and set it on the message rather than the shared header.
| @@ -175,6 +184,8 @@ async def async_request(self, command, args=None, timeout=None): | |||
| # there is no need to encrypt messages ourselves before sending. | |||
|
|
|||
| # send message | |||
| if auth_user: | |||
| set_authenticated_user(self.header, auth_user) | |||
| msg = {'command': command, 'args': args} | |||
| msg.update(self.header) | |||
There was a problem hiding this comment.
We can delay this a couple of lines
Here:
msg.update(self.header)
msg['meta']['auth_user'] = auth_user
cylc/flow/network/client.py
Outdated
| command, | ||
| args=None, | ||
| timeout=None, | ||
| auth_user=None |
There was a problem hiding this comment.
If it's quick, it might be a good idea to generalise this to handle arbitrary metadata in a dictionary.
We could do:
# add the shared header
msg.update(self.header)
# add the request metadata
msg['meta'].update(request_meta)This would make it easier to pass through additional information e.g. the app that issued the command or the GraphQL operation name (could be useful if the request contains multiple mutations).
|
@datamel - I'm quite keen to get this in! Are you planning to address @oliver-sanders 's comments above? (Pinging you just in case you missed them). |
Yes, on it today. Sorry for the delay. Had paused for the multi-mutation fix. |
datamel
force-pushed
the
pass-user-to-cylc-flow
branch
from
f888dc2
to
d887e49
Compare
|
Tested both branches, looks good 👍 What gets logged for direct commands (not via the UIS) looks dodgy however: vs Perhaps we could say |
Log the authenticated user executing the command
datamel
force-pushed
the
pass-user-to-cylc-flow
branch
from
4a806e0
to
91d86d6
Compare
| result = (True, 'Command queued') | ||
| return [{'id': w_id, 'response': result}] | ||
|
|
||
| async def nodes_mutator(self, *m_args): |
There was a problem hiding this comment.
Why is nodes_mutator being removed?
There was a problem hiding this comment.
This was picked up when adding the unpacking of the meta and was discussed with @oliver-sanders, who looked at codecov for verification. It is seemingly dead code and was asked to remove it. Pinged @dwsutherland on the sibling to verify it is indeed unused code.
There was a problem hiding this comment.
It was in use, until:
#3469
specifically:
https://github.com/cylc/cylc-flow/pull/3469/files#diff-97f4d62be41218e2d70a203edfca6d44d7c0046b6908cefa8e3af7c02cd31920
And the idea behind it was that mutations being multi-workflow could be given node ids from different workflows, and then these ids would be parsed and mutations sent to the appropriate workflow..
The fact that we moved away from this, means we are happy with not using this functionality... i.e. a node mutation will always be associated with only one workflow and/or the workflow parsing happens somewhere else.
|
|
||
| # Hardcoded, for new - but much of this functionality can be | ||
| # removed more swingingly. | ||
| LOG.debug( |
There was a problem hiding this comment.
@oliver-sanders, just thinking about removing this line. It does remove the comms_method which may be useful for debugging in future? Want me to put any logging information about the comms method to replace this, or are you happy with the info loss from the removal?
There was a problem hiding this comment.
We can pass the comms_method down with the metadata and log it with the command.
| grep_ok "\[client-command\] graphql ssh" \ | ||
| "$RUN_DIR/${WORKFLOW_NAME}/log/workflow/log" | ||
|
|
There was a problem hiding this comment.
This was a safety test to ensure that the comms method is logged.
Perhaps we could add a Cylc client command into the workflow e.g. cylc hold $CYLC_WORKFLOW_ID//1/elephant which should give us a [command] entry that we can check.
There was a problem hiding this comment.
Yes, are you happy if I do this in the ssh async request PR as this test is broken anyway?
|
Looking good, will have a quick test soon. |
Co-authored-by: Oliver Sanders <oliver.sanders@metoffice.gov.uk>
|
Tested, works wonderfully 🎉 |
Log the authenticated user executing the mutation command from the UI.
A test user pausing the workflow of another user, will result in a log message below in the workflow log:
The owner then resuming the workflow, will result in a log message..
These changes close #4294 and cylc/cylc-uiserver#224 by its sibling: cylc/cylc-uiserver#288
Requirements check-list
CONTRIBUTING.mdand added my name as a Code Contributor.setup.pyandconda-environment.yml.