From c98f52addbf6ecb74fcede904c87749ac3768922 Mon Sep 17 00:00:00 2001 From: fcomte Date: Thu, 3 Nov 2022 14:40:44 +0000 Subject: [PATCH 1/3] first try --- docs/region-configuration.md | 1 + .../onyxia/api/user/OnyxiaUserProvider.java | 16 +++++++++------- .../fr/insee/onyxia/model/region/Region.java | 9 +++++++++ 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/docs/region-configuration.md b/docs/region-configuration.md index 11b70140..9220041f 100644 --- a/docs/region-configuration.md +++ b/docs/region-configuration.md @@ -45,6 +45,7 @@ Users can work on Onyxia as a User or as a Group to which they belong. Each user | --------------------- | ------- | ------------------------------------------------------------------ | ---- | | `type` | | Type of the platform on which services are launched. Only Kubernetes is supported, Marathon has been removed. | "KUBERNETES" | | `singleNamespace` | true | When true, all users share the same namespace on the service provider. This configuration can be used if a project work on its own Onyxia region. | | +| `userNamespace` | true | When true, all users have a namespace for his work. This configuration can be used if you don't allow user to have their own space to work and only use project space | | | `namespacePrefix` | "user-" | User have a personal namespace like namespacePrefix + userId (should only be used when not singleNamespace but not the case) | | | `groupNamespacePrefix` | "projet-" | User in a group groupId can access the namespace groupeNamespacePrefix + groupId. This prefix is also used for vault group directory. | | | `usernamePrefix` | | If set, the Kubernetes user corresponding to the Onyxia user is named usernamePrefix + userId on impersonation mode, otherwise it is identified only as userId | "user-" | diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java index 94726c26..5575db3e 100644 --- a/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java +++ b/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java @@ -54,14 +54,16 @@ private Project getUserProject(Region region, OnyxiaUser user ) { userProject.setName("Single namespace, single project"); } else { - userProject.setId(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); - userProject.setGroup(null); - userProject.setVaultTopDir(user.getUser().getIdep()); - if(region.getData()!=null && region.getData().getS3()!=null){ - userProject.setBucket(region.getData().getS3().getBucketPrefix()+user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); + if (region.getServices().isUserNamespace()) { + userProject.setId(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); + userProject.setGroup(null); + userProject.setVaultTopDir(user.getUser().getIdep()); + if(region.getData()!=null && region.getData().getS3()!=null){ + userProject.setBucket(region.getData().getS3().getBucketPrefix()+user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); + } + userProject.setNamespace(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); + userProject.setName(user.getUser().getIdep()+" personal project"); } - userProject.setNamespace(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); - userProject.setName(user.getUser().getIdep()+" personal project"); } return userProject; } diff --git a/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java b/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java index 3803c4c5..a180c2fd 100644 --- a/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java +++ b/onyxia-model/src/main/java/fr/insee/onyxia/model/region/Region.java @@ -158,6 +158,7 @@ public static enum AuthenticationMode { private Service.ServiceType type; private boolean singleNamespace = true; + private boolean userNamespace = true; private String namespacePrefix = "user-"; private String groupNamespacePrefix = "projet-"; private String usernamePrefix; @@ -315,6 +316,14 @@ public void setSingleNamespace(boolean singleNamespace) { this.singleNamespace = singleNamespace; } + public boolean isUserNamespace() { + return userNamespace; + } + + public void setUserNamespace(boolean userNamespace) { + this.userNamespace = userNamespace; + } + public Service.ServiceType getType() { return type; } From ed9f72a715b76828faa6569a59fc0a903d788135 Mon Sep 17 00:00:00 2001 From: Olivier Levitt Date: Thu, 3 Nov 2022 16:50:18 +0100 Subject: [PATCH 2/3] Fix logi --- .../onyxia/api/user/OnyxiaUserProvider.java | 39 +++++++++---------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java b/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java index 5575db3e..ecdc12b2 100644 --- a/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java +++ b/onyxia-api/src/main/java/fr/insee/onyxia/api/user/OnyxiaUserProvider.java @@ -22,18 +22,20 @@ public OnyxiaUser getUser(Region region) { OnyxiaUser user = new OnyxiaUser(userProvider.getUser(region)); Project userProject = getUserProject(region, user); - user.getProjects().add(userProject); + if (region.getServices().isSingleNamespace() || region.getServices().isUserNamespace()) { + user.getProjects().add(userProject); + } if (!region.getServices().isSingleNamespace()) { userProvider.getUser(region).getGroups().stream().forEach(group -> { Project project = new Project(); - project.setId(region.getServices().getGroupNamespacePrefix()+group); + project.setId(region.getServices().getGroupNamespacePrefix() + group); project.setGroup(group); - project.setVaultTopDir(region.getServices().getGroupNamespacePrefix()+group); - if(region.getData()!=null && region.getData().getS3()!=null){ - project.setBucket(region.getData().getS3().getGroupBucketPrefix()+group); + project.setVaultTopDir(region.getServices().getGroupNamespacePrefix() + group); + if (region.getData() != null && region.getData().getS3() != null) { + project.setBucket(region.getData().getS3().getGroupBucketPrefix() + group); } - project.setNamespace(region.getServices().getGroupNamespacePrefix()+group); + project.setNamespace(region.getServices().getGroupNamespacePrefix() + group); user.getProjects().add(project); }); } @@ -41,29 +43,26 @@ public OnyxiaUser getUser(Region region) { return user; } - private Project getUserProject(Region region, OnyxiaUser user ) { + private Project getUserProject(Region region, OnyxiaUser user) { Project userProject = new Project(); if (region.getServices().isSingleNamespace()) { userProject.setId("single-project"); userProject.setGroup(null); userProject.setVaultTopDir(user.getUser().getIdep()); - if(region.getData()!=null && region.getData().getS3()!=null){ - userProject.setBucket(region.getData().getS3().getBucketPrefix()+user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); + if (region.getData() != null && region.getData().getS3() != null) { + userProject.setBucket(region.getData().getS3().getBucketPrefix() + user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); } userProject.setNamespace(kubernetesService.getCurrentNamespace(region)); userProject.setName("Single namespace, single project"); - } - else { - if (region.getServices().isUserNamespace()) { - userProject.setId(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); - userProject.setGroup(null); - userProject.setVaultTopDir(user.getUser().getIdep()); - if(region.getData()!=null && region.getData().getS3()!=null){ - userProject.setBucket(region.getData().getS3().getBucketPrefix()+user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); - } - userProject.setNamespace(region.getServices().getNamespacePrefix()+user.getUser().getIdep()); - userProject.setName(user.getUser().getIdep()+" personal project"); + } else { + userProject.setId(region.getServices().getNamespacePrefix() + user.getUser().getIdep()); + userProject.setGroup(null); + userProject.setVaultTopDir(user.getUser().getIdep()); + if (region.getData() != null && region.getData().getS3() != null) { + userProject.setBucket(region.getData().getS3().getBucketPrefix() + user.getUser().getAttributes().get(region.getData().getS3().getBucketClaim())); } + userProject.setNamespace(region.getServices().getNamespacePrefix() + user.getUser().getIdep()); + userProject.setName(user.getUser().getIdep() + " personal project"); } return userProject; } From c5ff1b26fbcb87427b3256bd3a0f5a6c7bb2a18d Mon Sep 17 00:00:00 2001 From: fcomte Date: Fri, 4 Nov 2022 10:58:08 +0000 Subject: [PATCH 3/3] add documentation --- .../java/fr/insee/onyxia/model/project/Project.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java b/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java index 5a237931..d61386eb 100644 --- a/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java +++ b/onyxia-model/src/main/java/fr/insee/onyxia/model/project/Project.java @@ -1,12 +1,21 @@ package fr.insee.onyxia.model.project; -public class Project { +import io.swagger.v3.oas.annotations.media.Schema; + +@Schema(description = "") +public class Project { + @Schema(description = "") private String id; + @Schema(description = "If not null, this project belong to this group name.") private String group; + @Schema(description = "If not null, this project have this bucket") private String bucket; + @Schema(description = "If not null, this project have this deployment environment.") private String namespace; + @Schema(description = "This project have this name") private String name; + @Schema(description = "This project have this vault top dir") private String vaultTopDir; public String getId() {