Fix user association to jupyterhub

OpenSourceBrain · Mar 27, 2023 · 3abb256 · 3abb256
1 parent 3adcc3a
commit 3abb256
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 21 deletions.
diff --git a/applications/accounts-api/backend/accounts_api/services/user_service.py b/applications/accounts-api/backend/accounts_api/services/user_service.py
@@ -11,22 +11,13 @@ class UserNotFound(Exception): pass
 
 class UserNotAuthorized(Exception): pass
 
-def is_uuid(s):
-    import uuid
-    try:
-        uuid.UUID(s)
-        return True
-    except ValueError:
-        return False
 
 def get_user(username_or_id: str) -> User:
     client = AuthClient()
     try:
-        if is_uuid(username_or_id):
-            kc_user = client.get_user(username_or_id)
-        else:
-            kc_user = client.get_admin_client().get_users({"username": username_or_id})[0]
-            kc_user = client.get_user(kc_user['id']) # Load full data
+
+        kc_user = client.get_user(username_or_id)
+
     except KeycloakGetError as e:
         if e.response_code == 404:
             raise UserNotFound(username_or_id)

diff --git a/applications/jupyterhub/src/osb_jupyter/osb_jupyter/jupyterhub.py b/applications/jupyterhub/src/osb_jupyter/osb_jupyter/jupyterhub.py
@@ -70,31 +70,36 @@ def workspace_volume_is_legacy(workspace_id):
         if not [v for v in self.volumes if v['name'] == volume_name]:
             self.volumes.append(ws_pvc)
 
-
+        app_user = get_app_user(self.user)
 
 
         # Add labels to use for affinity
+        clean_username = "".join(c for c in app_user.username if c.isalnum())
         labels = {
             'workspace': str(workspace_id),
-            'user': "".join(c for c in self.user.name if c.isalnum())
+            'username': clean_username
         }
 
+        appname = self.image.split('/')[-1].split(':')[0]
+
         self.common_labels = labels
         self.extra_labels = labels
         self.storage_class = f'{self.config["namespace"]}-nfs-client'
+
         if not user_volume_is_legacy(self.user.id):
             # User pod affinity is by default added by cloudharness
             self.pod_affinity_required = []
 
         workspace = get_workspace(workspace_id, get_from_cookie("accessToken"))
         write_access = has_user_write_access(
-            workspace, self.user)
+            workspace, self.user, app_user=app_user)
 
         if workspace_volume_is_legacy(workspace_id):
             # Pods with write access must be on the same node
             self.pod_affinity_required.append(affinity_spec('workspace', workspace_id))
         from pprint import pprint
         pprint(self.volumes)
+        self.pod_name = f'ws-{clean_username}-{workspace_id}-{appname}'
         if not [v for v in self.volume_mounts if v['name'] == volume_name]:
             self.volume_mounts.append({
                 'name': volume_name,
@@ -105,8 +110,12 @@ def workspace_volume_is_legacy(workspace_id):
         log.error('Change pod manifest failed due to an error.', exc_info=True)
 
 
+def get_app_user(user: User):
+    auth_client = AuthClient()
+    kc_user = auth_client.get_user(user.name)
+    return kc_user
 
-def has_user_write_access(workspace, user: User):
+def has_user_write_access(workspace, user: User, app_user=None):
     print('Checking access, name:', user.name, "workspace:", workspace["id"])
 
 
@@ -116,8 +125,7 @@ def has_user_write_access(workspace, user: User):
     if workspace_owner == user.name:
         return True
     auth_client = AuthClient()
-    kc_user = auth_client.get_user(user.name)
-    return auth_client.user_has_realm_role(kc_user.id, 'administrator')
+    return auth_client.user_has_realm_role(app_user.id, 'administrator')
 
 def get_workspace(workspace_id, token, workspace_base_url=None):
     if workspace_base_url is None:

diff --git a/applications/osb-portal/src/components/workspace/WorkspaceFrame.tsx b/applications/osb-portal/src/components/workspace/WorkspaceFrame.tsx
@@ -79,15 +79,15 @@ export const WorkspaceFrame = (props: {
 
     const domain = getBaseDomain();
 
-    const userParam = user == null ? "" : `${user.username}`;
+    const userParam = user == null ? "" : `${user.id}`;
     const type = application.subdomain.slice(0, 4);
     document.cookie = `workspaceId=${workspace.id};path=/;domain=${domain}`;
     if (window.APP_DOMAIN) {
       // Dev
       setFrameUrl(`${applicationDomain}/geppetto`);
     } else {
       setFrameUrl(
-        `//${applicationDomain}/hub/spawn/${userParam}/${workspace.id}${type}`
+        `//${applicationDomain}`
       );
     }
     openResource();

diff --git a/deployment/codefresh-prod.yaml b/deployment/codefresh-prod.yaml
@@ -52,7 +52,7 @@ steps:
       kube_context: '${{CLUSTER_NAME}}'
       namespace: '${{NAMESPACE}}'
       chart_version: '${{DEPLOYMENT_TAG}}'
-      cmd_ps: --wait --timeout 600s
+      cmd_ps: --wait --timeout 600s --create-namespace
       custom_value_files:
       - ./deployment/helm/values.yaml
       custom_values: