Feature #18858
closed
sync-users-tool for synchronizing users
Added by Peter Amstutz almost 3 years ago.
Updated about 2 years ago.
Estimated time:
(Total: 0.00 h)
Release relationship:
Auto
Description
From customer discussion:
Customer wants to control which users are active in Arvados based on an external Active Directory group.
This is very similar to what the group sync tool already does. Create a new tool that called sync-users-tool.
Proposed feature¶
Input: a CSV file listing users by email address, first name, last name, whether they are active or not, and whether they are admin or not.
Actions:
- If a user doesn't exist, create a user record.
- Activate/deactivate the user
- Set/clear admin status (error if inactive && admin)
- For users not listed in the file, command line option to select behavior, one of
- Deactivate unlisted users
- Leave unlisted users alone
- Description updated (diff)
- Description updated (diff)
- Target version set to 2022-04-27 Sprint
- Subject changed from sync-groups-tool can also sync users to sync-users-tool for synchronizing users
- Description updated (diff)
- Assigned To set to Lucas Di Pentima
- Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
- Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
- Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
- Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
- Status changed from New to In Progress
- Target version changed from 2022-06-22 Sprint to 2022-07-06
From chat with Peter: the tool should support identifying users with their usernames in addition to emails.
Updates at 4c24ce559 - branch 18858-sync-users-tool
Test run: developer-run-tests: #3215 
- Adds new
arvados-sync-users tool: Reads CSV file with wanted user state, creates/updates user accounts accordingly.
- Skips system root, anonymous and current users.
- Detects user accounts with duplicated email addresses (AFAICT, Arvados doesn't enforce uniqueness) and skips them to avoid with appropriate logging & error messages.
- Adds tests.
- Fixes some fixture issues discovered while writing tests: users without usernames & duplicated email addresses.
- Adds documentation alongside the preexisting
arvados-sync-groups docs.
- Adds package building entries to the corresponding scripts.
- Target version changed from 2022-07-06 to 2022-07-20
Some issues were discovered while demoing this tool. Will followup with a fix branch.
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|2d29045a1b392251b777639634e527abfd8b06e2.
- Status changed from Resolved to In Progress
Updates at 15e759482 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3218 
- Avoid exit when encountering an existing user with empty user id. Instead, store the user and include them on an error report at the end.
- Fixes positional argument retrieval (the input file path) on both sync tools. This issue was evident when using arguments like
--user-id username instead of --user-id=username.
- Fixes bug that made
--deactivate-unlisted even deactivate the listed users.
- Adds missing tests for the case-insensitive username matching cases.
Updates at 8be1877 - branch 18858-railsapi-usernames-fix
Test run: developer-run-tests: #3222 
- Sets default usernames for root & anonymous users on new clusters.
- Adds migration to set those usernames on existing clusters, renaming potential username squatters if needed.
Updates at c294528 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3223 
- Removes fixture usernames on "root" and "anonymous" users.
- Makes
sync-users to not treat those empty usernames as an error.
The other branch will probably be discarded, as setting usernames on users that exist on every cluster creates collisions on federated scenarios when a cluster caches remote accounts on its local database.
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|6a5c119c5deba34d4b61af36edb5aa3a5dc1c70b.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by