Ponos task authentication (!1933) · Merge requests · Arkindex / Backend · GitLab

Snippets Groups Projects

Merged Erwan Rouchet requested to merge ponos-auth into master 2 years ago

All threads resolved!

Closes #1451 (closed)

Any task or worker that upgrade to the API client after this is merged, and after api-client#34 (closed) is implemented and released, will break, because we have restrictions on using worker run IDs to internal users in some endpoints, and this task authentication will cause imports or workers to run as non-internal.

I tested locally by running make build CLIENT_BRANCH=ponos-auth in tasks after pushing api-client!219 (merged), and found that a random PDF import, which normally runs with my internal user, failed with this error:

apistar.exceptions.ErrorResponse: {'worker_run_id': ['Only an internal user can create an element with a worker run.']}

Which proves that the task was authenticated as the process creator (an instance admin, but not internal) and not the configured internal token.

Activity

Erwan Rouchet changed milestone to %Arkindex 1.4.1 2 years ago

changed milestone to %Arkindex 1.4.1
Erwan Rouchet requested review from @babadie 2 years ago

requested review from @babadie
Erwan Rouchet assigned to @erwanrouchet 2 years ago

assigned to @erwanrouchet
Bastien Abadie mentioned in issue #1467 (closed) 2 years ago

mentioned in issue #1467 (closed)
Bastien Abadie added 11 commits 2 years ago
added 11 commits

8ec16732 - 1 commit from branch master

f79a2977 - Remove arkindex.ponos from gitignore

4095908d - Add Task.token

a2fbcd94 - Add task authentication

f3c0b0d0 - Allow task auth on RetrieveSecret and UpdateWorkerActivity

77588f8a - Properly handle a missing process

ad7c4b0f - Add tests for RetrieveSecret

883256e6 - Properly convert bytes token to str

14aaffac - Add task token automatically in all Ponos tasks

afe9c801 - Restrict UpdateWorkerActivity to the task's process

9b86eb41 - Fix data migration

Compare with previous version
Toggle commit list
Bastien Abadie added 11 commits 2 years ago
added 11 commits

9f548db4 - 1 commit from branch master

4c365ff3 - Remove arkindex.ponos from gitignore

e6b60690 - Add Task.token

2575c219 - Add task authentication

3e821d28 - Allow task auth on RetrieveSecret and UpdateWorkerActivity

9395a9e5 - Properly handle a missing process

a599b85e - Add tests for RetrieveSecret

0ae6ddfc - Properly convert bytes token to str

c14651ad - Add task token automatically in all Ponos tasks

d3f77b9e - Restrict UpdateWorkerActivity to the task's process

879bb133 - Fix data migration

Compare with previous version
Toggle commit list
Bastien Abadie @babadie started a thread on an old version of the diff 2 years ago

Automatically resolved 2 years ago by Erwan Rouchet
Last reply by Bastien Abadie 2 years ago

Bastien Abadie @babadie started a thread on the diff 2 years ago

Resolved 2 years ago by Erwan Rouchet

Bastien Abadie @babadie · 2 years ago

Owner

This works nicely, and is relatively short. Well done

Bastien Abadie approved this merge request 2 years ago

approved this merge request

Erwan Rouchet added 2 commits 2 years ago

added 2 commits

98c2fe37 - Also add the token via CreateTask
74d3fe9a - Moar bytes

Compare with previous version

Erwan Rouchet resolved all threads 2 years ago

resolved all threads

Erwan Rouchet mentioned in merge request !1937 (merged) 2 years ago

mentioned in merge request !1937 (merged)

Bastien Abadie merged 2 years ago

merged

Please register or sign in to reply