Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API access for regular user #264

Closed
giesselmann opened this issue May 14, 2024 · 3 comments · Fixed by #289
Closed

API access for regular user #264

giesselmann opened this issue May 14, 2024 · 3 comments · Fixed by #289
Assignees
@spacehamster87
Milestone
Release 1.4.0

Comments

@giesselmann
Copy link
Collaborator

Hi,
I have a few users interested in processing metric data from their jobs. I'm strongly in favor of that, but as of now, only users with the role 'api' could do this. But the api role also allows to add/delete jobs...

Could you think of a way, that 'normal' users can, just like in the web frontend, get read-only access via API to their jobs?
@moebiusband73
Copy link
Member

Yes, you are right. That would be an important feature, and also here some users asked for it.

We have to discuss how we can merge the database logic from repository/query.go with the one in repository/job.go used in the REST API. In query.go there is a Security check as part of the query builder that ensures that you can only see the jobs you are supposed to see according to your role:

cc-backend/internal/repository/query.go

Line 95 in 0b2f221

func SecurityCheck(ctx context.Context, query sq.SelectBuilder) (sq.SelectBuilder, error) {

@giesselmann
Copy link
Collaborator Author

Found sth. that almost works, the graphql endpoint. A Query like this with a JWT token of the corresponding user does the job.
Altair has a browser plugin to debug this.

{
  job(id: 3055306){
    user,
    startTime
  }
  jobMetrics(id: 3055306, metrics:"mem_used"){
    name,
    metric{
      series{
        data
      },
      timestep
    }
  }
}

Response:

{
  "data": {
    "job": {
      "user": "k12345",
      "startTime": "2024-04-30T18:05:14+02:00"
    },
    "jobMetrics": [
      {
        "name": "mem_used",
        "metric": {
          "series": [
            {
              "data": [
                7.15,
                7.17,
                56.31,
                57.1,
                57.1,
                57.1,
                56.88
              ]
            }
          ],
          "timestep": 60
        }
      }
    ]
  }
}

The only remaining issue is, that a regular user can't generate a JWT token for themselves, right? I find it only in the admin options. But that should be easy to implement.

@moebiusband73 moebiusband73 added this to the Release 1.4.0 milestone Jun 10, 2024
@spacehamster87 spacehamster87 linked a pull request Jul 9, 2024 that will close this issue
Refactor job footprint #277
Closed
@spacehamster87
Copy link
Contributor

Separate branch merged into avtive dev branch: Refactor-Job-Footprint

@spacehamster87 spacehamster87 self-assigned this Jul 9, 2024
@spacehamster87 spacehamster87 removed a link to a pull request Sep 12, 2024
Refactor job footprint #277
Closed
@spacehamster87 spacehamster87 linked a pull request Sep 24, 2024 that will close this issue
Update Q4 2024 #289
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spacehamster87 spacehamster87

Labels
None yet
Projects
None yet
Milestone
Release 1.4.0
Development

Successfully merging a pull request may close this issue.

Update Q4 2024 ClusterCockpit/cc-backend
3 participants
@moebiusband73 @giesselmann @spacehamster87