Project

General

Profile

Actions

Story #15720

closed

[API] Unified user listing across all clusters in a federation

Added by Peter Amstutz about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
11/19/2019
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
3.0
Release relationship:
Auto

Description

When choosing to share a project with another user, the contents of the dialog box is populated from the user database of the local cluster. Non-local users only appear if they have previously accessed that cluster in some way (causing a user record to be created). This means when attempting to share a project with another user, that user may or may not appear in the list based on whether the user has ever accessed that cluster in the past. (It is also invalid to create a sharing involving a user uuid that doesn't appear in the users table). This is confusing.

For the case where LoginCluster is set, this can be solved by having arvados controller proxy user record listing requests to the LoginCluster. The API server also needs to allow permission links that point to users uuids that are not already cached in the users table -- possibly by automatically creating a stub record for those users.

For the general case, controller would need to query the user listings of all known remote clusters and merge them into a single response. (we could probably defer this)

Kind of related: what happens when a user merges accounts on the main cluster? All the other clusters should be synchronized and merge the old user to the new user. Should the API server merge account feature do this?

Agreed solution for the LoginCluster case:

When LoginCluster is set, Controller proxies requests to "get" or "list" user records to the LoginCluster.

Controller uses the response from the LoginCluster to create or update user records in the local database before returning the response to the client.

If the query contains 'select' only update the fields in the response (must include 'uuid').


Subtasks 1 (0 open1 closed)

Task #15809: Review 15720-fed-user-listResolvedTom Clegg11/19/2019

Actions

Related issues 2 (0 open2 closed)

Related to Arvados - Feature #15531: [SDK] Migrate federation to central LoginClusterResolvedPeter Amstutz09/23/2019

Actions
Related to Arvados - Story #15795: [API] Accept configured SystemRootToken without doing a database lookupResolvedPeter Amstutz11/23/2019

Actions
Actions

Also available in: Atom PDF