-
Notifications
You must be signed in to change notification settings - Fork 153
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add faker for the pass through api to enable regular user testing #806
Add faker for the pass through api to enable regular user testing #806
Conversation
fab30e1
to
2783b38
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neat idea. We should probably log a dev ticket, low priority, to handle thinking on how to make the dev experience better all together. Might be able to avoid granting stupid permissions to do this.
This may also just come for free when we kill the old backend.
2783b38
to
0a2405f
Compare
@andrewballantyne Yes for sure, I'm creating a new ticket for this, thanks for the feedback (resolved in my branch since I was working offline this evening). |
Thinking more on this situation -- I wonder if we could set something up that would allow us to start the server with a cluster-admin (aka mimic a service account starting it on cluster) and then somehow making another more basic user to be the one logged in. The one in the top right, the one making all the "oauth" (not really because it does not exist locally) calls, etc, etc |
0a2405f
to
1a238f7
Compare
Yeah, I've been thinking about this too, I think it can be done. There are three main points right now:
|
To sum up, with this PR we are now having:
It would be really nice to support this in the future:
What do you think, @andrewballantyne ? |
Can you rebase this PR? So I don't need to run |
b8f007d
to
f9d9b9f
Compare
f9d9b9f
to
ba41aa2
Compare
ba41aa2
to
f9d9b9f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still testing the functionality -- few code review comments.
f9d9b9f
to
ca2fcd8
Compare
ca2fcd8
to
a865d17
Compare
This PR currently covers most of the situations which directly make API calls to k8s resources. However, it could have some problems when making API calls to the external routes (like prometheus), the |
2cb51ba
to
e071192
Compare
e071192
to
cadd375
Compare
cadd375
to
25bff47
Compare
/assign @andrewballantyne |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to do one more iteration to get this into merging state.
Only downfall I see that is not addressed in my comments is when I change the server code, it does not update my client back to a state of understanding that the impersonation was lost. This is probably fine -- we don't do a lot of server dev, and we have #964 coming.
@andrewballantyne I resolved your comments since @DaoDaoNoCode update the PR, but I just want to add that we still fall short in one scenario, but I think is no longer relevant. We still use the primary logged user as the rbac for the backend calls, so we still don't have a It's similar to the prometheus workaround, something that we can easily test now as we can deploy images built by that PR. One easy workaround would be create a user that mimics the same permissions as the dashboard serviceaccount, but I would do it outside this PR in addition of the script that Andrew has for creating users in clusters. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andrewballantyne The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view
more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view
more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view
more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view
more workbenches a11y updates fix dsp modal fix more select issues prettier remove unused import revert id update fix project modal wip Workbenches, need image more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view package-lock.json package-lock.json update DetailsSection.tsx remove aria-labelledby Table PR suggestion from Gage lint and revert Stack removal
more workbenches a11y updates fix dsp modal fix more select issues prettier remove unused import revert id update fix project modal revert stack wip Workbenches, need image more workbenches a11y updates fix dsp modal fix more select issues prettier Add faker for the pass through api to enable regular user testing (opendatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com> Storybook test integration (opendatahub-io#974) * added storybook boilerplate added a mock and decorator added tests fixed deps for storybook linter old tests dont work on jest 28, reverting linter error fix fix build errors fixed deps * trimmed mocks fixed tests * fix webpack changes * added a11y test to test-runner fix a11y errors in settings (opendatahub-io#979) varname rename bodyText to ariaLabel add aria label to select add aria-label to Select fix a11y violation in cluster storage modal and list view package-lock.json package-lock.json fix a11y in data connections and models/model servers update DetailsSection to match changes on other branch update Table file fix pagination axe error PR feedback from Andrew change aria label text on password input
…endatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com>
…endatahub-io#806) * Add faker for the pass through api to enable regular user testing * Add faker for backend openshift user * add impersonate function for developers * address comments and modify the doc * Update to get the access token by making API call * update doc * add error message * Fix lint issues * address comments --------- Co-authored-by: Juntao Wang <juntwang@redhat.com>
Closes: #949
Description
This PR adds support for impersonating pass-through API calls with a regular user token.
The main goal here is just to avoid disabling backend functionality in development which needs special admin roles (admin settings, regular jupyter notebooks, dsg project creation...) but enabling pass-through requests with a regular user token.
How Has This Been Tested?
To enable this:
DEV_IMPERSONATE_USER
andDEV_IMPERSONATE_PASSWORD
variables to your env variables file with the regular user's username and password as the values.Start impersonate
Merge criteria: