Project

General

Profile

Actions

Feature #18858

closed

sync-users-tool for synchronizing users

Added by Peter Amstutz 11 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
SDKs
Target version:
Start date:
07/04/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

From customer discussion:

Customer wants to control which users are active in Arvados based on an external Active Directory group.

This is very similar to what the group sync tool already does. Create a new tool that called sync-users-tool.

Proposed feature

Input: a CSV file listing users by email address, first name, last name, whether they are active or not, and whether they are admin or not.

Actions:

  • If a user doesn't exist, create a user record.
  • Activate/deactivate the user
  • Set/clear admin status (error if inactive && admin)
  • For users not listed in the file, command line option to select behavior, one of
    • Deactivate unlisted users
    • Leave unlisted users alone

Subtasks 2 (0 open2 closed)

Task #19000: Review 18858-sync-users-toolResolvedStephen Smith07/04/2022

Actions
Task #19247: Review 18858-sync-users-fixesResolvedStephen Smith07/07/2022

Actions
Actions #1

Updated by Peter Amstutz 11 months ago

  • Description updated (diff)
Actions #3

Updated by Peter Amstutz 11 months ago

  • Description updated (diff)
Actions #4

Updated by Peter Amstutz 10 months ago

  • Target version set to 2022-04-27 Sprint
Actions #5

Updated by Peter Amstutz 10 months ago

  • Description updated (diff)
  • Subject changed from sync-groups-tool can also sync users to sync-users-tool for synchronizing users
Actions #6

Updated by Lucas Di Pentima 10 months ago

  • Assigned To set to Lucas Di Pentima
Actions #7

Updated by Peter Amstutz 10 months ago

  • Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
Actions #8

Updated by Peter Amstutz 10 months ago

  • Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
Actions #9

Updated by Peter Amstutz 9 months ago

  • Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Actions #10

Updated by Peter Amstutz 8 months ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #11

Updated by Lucas Di Pentima 8 months ago

  • Status changed from New to In Progress
Actions #12

Updated by Lucas Di Pentima 8 months ago

  • Target version changed from 2022-06-22 Sprint to 2022-07-06
Actions #13

Updated by Lucas Di Pentima 8 months ago

From chat with Peter: the tool should support identifying users with their usernames in addition to emails.

Actions #14

Updated by Lucas Di Pentima 7 months ago

Updates at 4c24ce559 - branch 18858-sync-users-tool
Test run: developer-run-tests: #3215

  • Adds new arvados-sync-users tool: Reads CSV file with wanted user state, creates/updates user accounts accordingly.
    • Skips system root, anonymous and current users.
    • Detects user accounts with duplicated email addresses (AFAICT, Arvados doesn't enforce uniqueness) and skips them to avoid with appropriate logging & error messages.
  • Adds tests.
  • Fixes some fixture issues discovered while writing tests: users without usernames & duplicated email addresses.
  • Adds documentation alongside the preexisting arvados-sync-groups docs.
  • Adds package building entries to the corresponding scripts.
Actions #16

Updated by Stephen Smith 7 months ago

Lgtm!

Actions #17

Updated by Lucas Di Pentima 7 months ago

  • Target version changed from 2022-07-06 to 2022-07-20
Actions #18

Updated by Lucas Di Pentima 7 months ago

Some issues were discovered while demoing this tool. Will followup with a fix branch.

Actions #19

Updated by Lucas Di Pentima 7 months ago

  • Status changed from In Progress to Resolved

Applied in changeset arvados-private:commit:arvados|2d29045a1b392251b777639634e527abfd8b06e2.

Actions #20

Updated by Lucas Di Pentima 7 months ago

  • Status changed from Resolved to In Progress
Actions #21

Updated by Lucas Di Pentima 7 months ago

Updates at 15e759482 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3218

  • Avoid exit when encountering an existing user with empty user id. Instead, store the user and include them on an error report at the end.
  • Fixes positional argument retrieval (the input file path) on both sync tools. This issue was evident when using arguments like --user-id username instead of --user-id=username.
  • Fixes bug that made --deactivate-unlisted even deactivate the listed users.
  • Adds missing tests for the case-insensitive username matching cases.
Actions #23

Updated by Lucas Di Pentima 7 months ago

Updates at 8be1877 - branch 18858-railsapi-usernames-fix
Test run: developer-run-tests: #3222

  • Sets default usernames for root & anonymous users on new clusters.
  • Adds migration to set those usernames on existing clusters, renaming potential username squatters if needed.
Actions #24

Updated by Lucas Di Pentima 7 months ago

Updates at c294528 - branch 18858-sync-users-fixes
Test run: developer-run-tests: #3223

  • Removes fixture usernames on "root" and "anonymous" users.
  • Makes sync-users to not treat those empty usernames as an error.

The other branch will probably be discarded, as setting usernames on users that exist on every cluster creates collisions on federated scenarios when a cluster caches remote accounts on its local database.

Actions #25

Updated by Stephen Smith 7 months ago

Lgtm!

Actions #26

Updated by Lucas Di Pentima 7 months ago

Wb1 integration test re-run: developer-run-tests-apps-workbench-integration: #3463

Merging, thanks!

Actions #27

Updated by Lucas Di Pentima 7 months ago

  • Status changed from In Progress to Resolved

Applied in changeset arvados-private:commit:arvados|6a5c119c5deba34d4b61af36edb5aa3a5dc1c70b.

Actions #28

Updated by Peter Amstutz about 2 months ago

  • Release set to 47
Actions

Also available in: Atom PDF