From 089e9d815f97ec9cf3e89e46f2676e9523c232ab Mon Sep 17 00:00:00 2001 From: vsoch Date: Fri, 26 Jan 2024 22:24:34 -0700 Subject: [PATCH] prototype for adding user modes We really just need to allow setting auth (to get to the server) with the kind of request that is done once you are authenticated. Right now, the two variables are tangled. With this setting we should be able to enable auth and still ask for single user mode, to be tested! Signed-off-by: vsoch --- app/core/config.py | 7 +++++++ app/library/auth.py | 1 + app/library/flux.py | 4 ++-- clients/python/CHANGELOG.md | 2 ++ clients/python/flux_restful_client/main/client.py | 2 +- clients/python/flux_restful_client/version.py | 2 +- docs/getting_started/user-guide.md | 13 +++++++++++++ 7 files changed, 27 insertions(+), 4 deletions(-) diff --git a/app/core/config.py b/app/core/config.py index 3ae3278..3ade2fa 100644 --- a/app/core/config.py +++ b/app/core/config.py @@ -88,8 +88,15 @@ class Settings(BaseSettings): db_file: str = "sqlite:///./flux-restful.db" flux_user: str = os.environ.get("FLUX_USER") or "fluxuser" flux_token: Optional[str] = os.environ.get("FLUX_TOKEN") + flux_server_mode: Optional[str] = ( + os.environ.get("FLUX_SERVER_MODE") or "single-user" + ) secret_key: str = os.environ.get("FLUX_SECRET_KEY") or generate_secret_key() + # Validate the server mode provided. + if flux_server_mode not in ["single-user", "multi-user"]: + raise ValueError("FLUX_SERVER_MODE must be single-user or multi-user") + # Expires in 10 hours access_token_expires_minutes: int = get_int_envar( "FLUX_ACCESS_TOKEN_EXPIRES_MINUTES", 600 diff --git a/app/library/auth.py b/app/library/auth.py index 4b0c357..4fe31d4 100644 --- a/app/library/auth.py +++ b/app/library/auth.py @@ -28,6 +28,7 @@ def alert_auth(): if settings.secret_key else "🍓 Secret key: unset" ) + print("🍓 Server mode: %s" % settings.flux_server_mode) print( "🍓 Flux user: %s" % ("*" * len(settings.flux_user)) if settings.flux_user diff --git a/app/library/flux.py b/app/library/flux.py index 4f4b0c6..d00b76e 100644 --- a/app/library/flux.py +++ b/app/library/flux.py @@ -33,8 +33,8 @@ def submit_job(handle, fluxjob, user): elif user and isinstance(user, str): print(f"User submitting job {user}") - # If we don't have auth enabled, submit in single-user mode - if not settings.require_auth: + # If we don't have auth enabled or request is for single-user mode + if not settings.require_auth or settings.flux_server_mode == "single-user": print("Submit in single-user mode.") return flux.job.submit_async(handle, fluxjob) diff --git a/clients/python/CHANGELOG.md b/clients/python/CHANGELOG.md index e0e4b82..ced0165 100644 --- a/clients/python/CHANGELOG.md +++ b/clients/python/CHANGELOG.md @@ -14,6 +14,8 @@ and **Merged pull requests**. Critical items to know are: The versions coincide with releases on pip. Only major versions will be released as tags on Github. ## [0.0.x](https://github.com/flux-framework/flux-restful-api/tree/main) (0.0.x) + - Fix bug with submit and POST needing params (0.2.1) + - New release with updated client (0.2.0) - Update to use newer versions of fastapi, etc (0.1.15) - option_flags is a flat string list of values - Expose host to environment and bug fix for logs (0.1.14) diff --git a/clients/python/flux_restful_client/main/client.py b/clients/python/flux_restful_client/main/client.py index d0fdda3..0823aef 100644 --- a/clients/python/flux_restful_client/main/client.py +++ b/clients/python/flux_restful_client/main/client.py @@ -112,7 +112,7 @@ def do_request( method, url, json=data, params=params, headers=headers ) if method == "POST": - response = self.session.post(url, params=data, headers=headers) + response = self.session.post(url, data=data, headers=headers) elif method == "GET" and stream: response = self.session.stream( method, url, params=params, headers=headers diff --git a/clients/python/flux_restful_client/version.py b/clients/python/flux_restful_client/version.py index c811bf6..3055578 100644 --- a/clients/python/flux_restful_client/version.py +++ b/clients/python/flux_restful_client/version.py @@ -1,4 +1,4 @@ -__version__ = "0.2.0" +__version__ = "0.2.1" AUTHOR = "Vanessa Sochat" EMAIL = "vsoch@users.noreply.github.com" NAME = "flux-restful-client" diff --git a/docs/getting_started/user-guide.md b/docs/getting_started/user-guide.md index 3240468..cea2f35 100644 --- a/docs/getting_started/user-guide.md +++ b/docs/getting_started/user-guide.md @@ -17,6 +17,19 @@ There are two modes of interaction: - **multi-user mode**: requires authentication via the RESTful API with an encoded payload to request expiring tokens. When authentication is successful, the job is run as the same user on the system on behalf of the flux user. +To control the user mode, you can export it to the environment where you are running the server: + +```bash +# This is the default +export FLUX_SERVER_MODE=single-user + +# This will have the flux user attempt to sign the payload with sudo +export FLUX_SERVER_MODE=multi-user +``` + +Note that the majority of our use cases use single-user mode, so you can expect more bugs / work to be +done with multi-user. + ### Authentication If you choose to deploy without authentication, this is a ⚠️ proceed at your own risk ⚠️ sort of deal.