noobaa-operator icon indicating copy to clipboard operation
noobaa-operator copied to clipboard

Published 20 hours ago verified publisher icon noobaa

Feature request: Set allowed user groups for UI via CR

Open lallinger-tech opened this issue 4 years ago • 7 comments

Currently the users, who have access to the UI, are hardcoded here:

https://github.com/noobaa/noobaa-core/blob/74b79637d8a9a1dca2baf51598860579711a5c6b/config.js#L406-L409

It would be nice if it was possible to set this to custom groups via the NooBaa CR. This could easily be done by overriding the CONFIG_JS_OAUTH_REQUIRED_GROUPS environment variable for the noobaa-core deployment. Unfortunately this is currently not possible before this issue gets resolved.

lallinger-tech avatar Aug 31 '20 10:08 lallinger-tech

even though #6154 is fixed it still does not provide the ability to override OAUTH_REQUIRED_GROUPS as https://github.com/noobaa/noobaa-core/blob/master/config.js#L620-L621

const prev_val = config['OAUTH_REQUIRED_GROUPS'];
const type = typeof prev_val; // => object

and there is no case for type == object in https://github.com/noobaa/noobaa-core/blob/master/config.js#L623-L646

@liranmauda this should be an easy change to at least make it possible to override OAUTH_REQUIRED_GROUPS via env and only in a second step make it accessible via the CR. Should i open an extra issue for this or can we keep track of it hiere?

Having at least the possibility to override the group via environment variable would be nice, because currently we have to patch our desired groups into the image

lallinger-tech avatar Nov 23 '21 08:11 lallinger-tech

Hi @lallinger-arbeit I think we should open a new Issue in core for that (So we will not miss it).

liranmauda avatar Nov 24 '21 15:11 liranmauda

Looking at it, I think that an array cannot be set as an env variable. It can be fixed by changing the OAUTH_REQUIRED_GROUPS to string divided by commas and then splitting it into an array.

liranmauda avatar Nov 24 '21 15:11 liranmauda

@lallinger-arbeit I think nothing should be done. the type of OAUTH_REQUIRED_GROUPS in https://github.com/noobaa/noobaa-core/blob/master/src/server/common_services/auth_server.js#L225 will be a string:

$ node
Welcome to Node.js v14.17.6.
Type ".help" for more information.
> const config = require('./config.js');
load_config_local: NO LOCAL CONFIG
undefined
> const { OAUTH_REQUIRED_GROUPS = [] } = config;
undefined
> typeof OAUTH_REQUIRED_GROUPS
'string'
> OAUTH_REQUIRED_GROUPS.length
37
>

So, I assume that you can provide it in the env, as a string divided by commas: for example: OAUTH_REQUIRED_GROUPS="a, b, c, d"

Please let me know if it helped/worked.

liranmauda avatar Nov 24 '21 15:11 liranmauda

So, I assume that you can provide it in the env, as a string divided by commas: for example: OAUTH_REQUIRED_GROUPS="a, b, c, d"

Please let me know if it helped/worked.

unfortunately this does not work: Unknown type or mismatch between existing object and provided type for OAUTH_REQUIRED_GROUPS, skipping ...

i'll open a new issue

lallinger-tech avatar Nov 30 '21 09:11 lallinger-tech

@jeniawhite i don't think this can be closed yet. https://github.com/noobaa/noobaa-core/issues/6823 was only the neccessary change to make this feature request possible. The use case of this feature request is that you are able to set an array of required groups in the noobaa CR and the operator then sets the environment variable on the core accordingly, so for example:

apiVersion: noobaa.io/v1alpha1
kind: NooBaa
  labels:
    app: noobaa
  name: noobaa
spec:
  authorizedGroups:
    - k8s-group1
    - k8s-group2

lallinger-tech avatar Dec 02 '21 16:12 lallinger-tech

@lallinger-arbeit Reopened

jeniawhite avatar Dec 05 '21 11:12 jeniawhite