Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth tidy #613

Merged
merged 8 commits into from
Jul 10, 2024
Merged

Auth tidy #613

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
8c60aa3
tidy: cylc/uiserver/authorise.py
oliver-sanders Jul 4, 2024
697f340
auth: remove constant decorator
oliver-sanders Jul 4, 2024
37126ae
auth: fix type hints
oliver-sanders Jul 4, 2024
2ca62e4
auth: convert config to dict on __init__
oliver-sanders Jul 4, 2024
26677df
auth: turn a dictionary into attributes
oliver-sanders Jul 4, 2024
7b6455e
auth: fill coverage holes
oliver-sanders Jul 4, 2024
b4dce64
auth: switch to existing snake case conversion function
oliver-sanders Jul 4, 2024
042f42e
auth: fill coverage hole
oliver-sanders Jul 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions cylc/uiserver/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -542,15 +542,15 @@ def set_sub_server(self):
auth=self.authobj,
)

def set_auth(self):
def set_auth(self) -> Authorization:
"""Create authorization object.
One for the lifetime of the UIServer.
"""
return Authorization(
getpass.getuser(),
self.config.CylcUIServer.user_authorization,
self.config.CylcUIServer.site_authorization,
self.log
self.config.CylcUIServer.user_authorization.to_dict(),
self.config.CylcUIServer.site_authorization.to_dict(),
Comment on lines -551 to +552
Copy link
Member

@MetRonnie MetRonnie Jul 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have just pulled and now getting an error when accessing cylc hub

[W 2024-07-12 14:51:13.403 CylcHubApp manager:363] cylc.uiserver | extension failed loading with message: AttributeError("'dict' object has no attribute 'to_dict'")
    Traceback (most recent call last):
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/manager.py", line 359, in load_extension
        extension.load_all_points(self.serverapp)
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/manager.py", line 231, in load_all_points
        return [self.load_point(point_name, serverapp) for point_name in self.extension_points]
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/manager.py", line 231, in <listcomp>
        return [self.load_point(point_name, serverapp) for point_name in self.extension_points]
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/manager.py", line 222, in load_point
        return point.load(serverapp)
               ^^^^^^^^^^^^^^^^^^^^^
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/manager.py", line 150, in load
        return loader(serverapp)
               ^^^^^^^^^^^^^^^^^
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/application.py", line 474, in _load_jupyter_server_extension
        extension.initialize()
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/application.py", line 436, in initialize
        self._prepare_handlers()
      File "~/.conda/envs/cylc8/lib/python3.11/site-packages/jupyter_server/extension/application.py", line 326, in _prepare_handlers
        self.initialize_handlers()
      File "~/github/cylc-uiserver/cylc/uiserver/app.py", line 464, in initialize_handlers
        self.authobj = self.set_auth()
                       ^^^^^^^^^^^^^^^
      File "~/github/cylc-uiserver/cylc/uiserver/app.py", line 552, in set_auth
        self.config.CylcUIServer.site_authorization.to_dict(),
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    AttributeError: 'dict' object has no attribute 'to_dict'

In our site config, c.CylcUIServer.site_authorization is a dict

Copy link
Member Author

@oliver-sanders oliver-sanders Jul 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't see a case where this would be a dict, no I know.

I have no idea why using the hub would cause the configuration object to differ, but an easy fix.

self.log,
)

def initialize_templates(self):
Expand Down
37 changes: 17 additions & 20 deletions cylc/uiserver/authorise.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import graphene
from jupyter_server.auth import Authorizer
from tornado import web
from traitlets.config.loader import LazyConfigValue

from cylc.uiserver.schema import UISMutations
from cylc.uiserver.utils import is_bearer_token_authenticated
Expand Down Expand Up @@ -116,6 +115,13 @@ class Authorization:
Authorization has access groups: `READ`, `CONTROL`, `ALL` - along with
their negations, `!READ`, `!CONTROL` and `!ALL` which indicate removal of
the permission groups.

Args:
owner: The server owner's user name.
owner_auth_conf: The server owner's authorization configuration.
site_auth_conf: The site's authorization configuration.
log: The application logger.

"""

# config literals
Expand Down Expand Up @@ -150,11 +156,17 @@ class Authorization:
ASYNC_OPS = {"query", "mutation"}
READ_AUTH_OPS = {"query", "subscription"}

def __init__(self, owner, owner_auth_conf, site_auth_conf, log) -> None:
self.owner = owner
def __init__(
self,
owner: str,
owner_auth_conf: dict,
site_auth_conf: dict,
log,
):
self.owner: str = owner
self.log = log
self.owner_auth_conf = self.set_auth_conf(owner_auth_conf)
self.site_auth_config = self.set_auth_conf(site_auth_conf)
self.owner_auth_conf: dict = owner_auth_conf
self.site_auth_config: dict = site_auth_conf
self.owner_user_info = {
"user": self.owner,
"user_groups": self._get_groups(self.owner),
Expand Down Expand Up @@ -226,21 +238,6 @@ def expand_and_process_access_groups(self, permission_set: set) -> set:

return permission_set

@staticmethod
def set_auth_conf(auth_conf: Union[LazyConfigValue, dict]) -> dict:
"""Resolve lazy config where empty

Args:
auth_conf: Authorization configuration from a jupyter_config.py

Returns:
Valid configuration dictionary

"""
if isinstance(auth_conf, LazyConfigValue):
return auth_conf.to_dict()
return auth_conf

def get_owner_site_limits_for_access_user(
self, access_user_name: str, access_user_groups: List[str]
) -> Set:
Expand Down