Feature #18858
closed
sync-users-tool for synchronizing users
Description
From customer discussion:
Customer wants to control which users are active in Arvados based on an external Active Directory group.
This is very similar to what the group sync tool already does. Create a new tool that called sync-users-tool.
Proposed feature¶
Input: a CSV file listing users by email address, first name, last name, whether they are active or not, and whether they are admin or not.
Actions:
- If a user doesn't exist, create a user record.
- Activate/deactivate the user
- Set/clear admin status (error if inactive && admin)
- For users not listed in the file, command line option to select behavior, one of
- Deactivate unlisted users
- Leave unlisted users alone
Updated by Peter Amstutz over 2 years ago
- Target version set to 2022-04-27 Sprint
Updated by Peter Amstutz over 2 years ago
- Description updated (diff)
- Subject changed from sync-groups-tool can also sync users to sync-users-tool for synchronizing users
Updated by Lucas Di Pentima over 2 years ago
- Assigned To set to Lucas Di Pentima
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Updated by Lucas Di Pentima over 2 years ago
- Status changed from New to In Progress
Updated by Lucas Di Pentima over 2 years ago
- Target version changed from 2022-06-22 Sprint to 2022-07-06
Updated by Lucas Di Pentima over 2 years ago
From chat with Peter: the tool should support identifying users with their usernames in addition to emails.
Updated by Lucas Di Pentima over 2 years ago
Updates at 4c24ce559 - branch 18858-sync-users-tool
Test run: developer-run-tests: #3215
- Adds new
arvados-sync-userstool: Reads CSV file with wanted user state, creates/updates user accounts accordingly.- Skips system root, anonymous and current users.
- Detects user accounts with duplicated email addresses (AFAICT, Arvados doesn't enforce uniqueness) and skips them to avoid with appropriate logging & error messages.
- Adds tests.
- Fixes some fixture issues discovered while writing tests: users without usernames & duplicated email addresses.
- Adds documentation alongside the preexisting
arvados-sync-groupsdocs. - Adds package building entries to the corresponding scripts.
Updated by Lucas Di Pentima over 2 years ago
WB1 integration tests re-run: developer-run-tests-apps-workbench-integration: #3451
Updated by
Updated by Lucas Di Pentima over 2 years ago
- Target version changed from 2022-07-06 to 2022-07-20
Updated by Lucas Di Pentima over 2 years ago
Some issues were discovered while demoing this tool. Will followup with a fix branch.
Updated by Lucas Di Pentima over 2 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|2d29045a1b392251b777639634e527abfd8b06e2.
Updated by Lucas Di Pentima over 2 years ago
- Status changed from Resolved to In Progress
Updated by Lucas Di Pentima over 2 years ago
Updates at 15e759482 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3218
- Avoid exit when encountering an existing user with empty user id. Instead, store the user and include them on an error report at the end.
- Fixes positional argument retrieval (the input file path) on both sync tools. This issue was evident when using arguments like
--user-id usernameinstead of--user-id=username. - Fixes bug that made
--deactivate-unlistedeven deactivate the listed users. - Adds missing tests for the case-insensitive username matching cases.
Updated by Lucas Di Pentima over 2 years ago
WB integration test re-run: developer-run-tests-apps-workbench-integration: #3458
Updated by Lucas Di Pentima over 2 years ago
Updates at 8be1877 - branch 18858-railsapi-usernames-fix
Test run: developer-run-tests: #3222
- Sets default usernames for root & anonymous users on new clusters.
- Adds migration to set those usernames on existing clusters, renaming potential username squatters if needed.
Updated by Lucas Di Pentima over 2 years ago
Updates at c294528 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3223
- Removes fixture usernames on "root" and "anonymous" users.
- Makes
sync-usersto not treat those empty usernames as an error.
The other branch will probably be discarded, as setting usernames on users that exist on every cluster creates collisions on federated scenarios when a cluster caches remote accounts on its local database.
Updated by Lucas Di Pentima over 2 years ago
Wb1 integration test re-run: developer-run-tests-apps-workbench-integration: #3463
Merging, thanks!
Updated by Lucas Di Pentima over 2 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados-private:commit:arvados|6a5c119c5deba34d4b61af36edb5aa3a5dc1c70b.