Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce account repository #540

Closed
25 tasks done
Tracked by #244
zaychenko-sergei opened this issue Mar 6, 2024 · 1 comment · Fixed by #611
Closed
25 tasks done
Tracked by #244

Introduce account repository #540

zaychenko-sergei opened this issue Mar 6, 2024 · 1 comment · Fixed by #611
Assignees
@zaychenko-sergei
Labels
enhancement New feature or request rust Pull requests that update Rust code

Comments

@zaychenko-sergei
Copy link
Contributor

zaychenko-sergei commented Mar 6, 2024
edited
Loading

  1. AuthenticationRepository:

    • AccountID should be a DID string like DatasetID
    • Repository: associate account's ID and name, resolve ID by name or name by ID
    • Repository: control uniqueness of visible account IDs and names
    • Implementations:
      • Tests/CLI: in-memory
      • Node: store in database:
        • Postgres
        • MySQL
        • SQlite

  2. AuthenticationService: find by AccountID operation:

    • look only in authentication repository!

  3. CLI AccountService should use real AccountIDs:

    • automatic registration of known accounts at startup:
      • single-tenant: default must be registered
      • multi-tenant: all predefined must be registered
    • predefined config:
      • store ID: for demo, generate DID from name
      • register ID in Authentication repository
    • login unknown:
      • try auto-creating, if not exists, generate random DID
      • saving name -> id association in Authentication repository

  4. OAuthGithub should interact to extract real AccountID:

    • resolve by email, if exists
    • auto-creating, if not exists, generate random DID

  5. CurrentAccountSubject:

    • should hold real account ID for logged users - to use in various services, i.e. in flow triggers.

  6. (REEVALUATE) Token store (kamu login) should store AccountID instead / in addition to name

  7. GraphQL API adjustments:

    • Account.byId operation
    • Account.from_account_name
    • Account.from_dataset_alias
    • Datasets.byAccountId operation
    • Flows: InitiatorFilterInput should use AccountID

  8. Remove hard-coded dummy IDs:

    • image build scripts in kamu-cli - set fixed DIDs for users in config instead of faked 
    • Fisheries demo repo: set DIDs for users in config instead of faked
    • Flow system - remove from triggers, use real ID
    • various kinds of tests - use in-memory repo

Note - UI impact (separate tickets):
- [x] Apollo InMemoryCache: user IDs for Account or AccountRef.
- [ ] Flow filters by account id instead of account name (separate ticket)
- [ ] Search by users - kamu-data/kamu-node#64
@zaychenko-sergei zaychenko-sergei added enhancement New feature or request rust Pull requests that update Rust code labels Mar 6, 2024
This was referenced Mar 6, 2024
Closed
Closed
@sergiimk
Copy link
Member

sergiimk commented Mar 8, 2024
edited by zaychenko-sergei
Loading

  • AuthenticationRepository -> AccountRepository?
  • store in database
    • (ADDED) let's add email from the beginning?
  • CLI AccountService should use real AccountIDs
    • we should talk through this - I don't fully understand how this will work
    • I think we will hit complexity if we introduce persistent local accounts at this stage and perhaps it's better to have those only originate from .kamutokenstore when interacting with remote ODF repos

@sergiimk sergiimk changed the title Introduce repository of real Account IDs Introduce account repository Mar 14, 2024
@zaychenko-sergei zaychenko-sergei self-assigned this Apr 9, 2024
@zaychenko-sergei zaychenko-sergei mentioned this issue Apr 23, 2024
Merged
6 tasks
@zaychenko-sergei zaychenko-sergei linked a pull request Apr 23, 2024 that will close this issue
540 introduce account repository #611
Merged
6 tasks
zaychenko-sergei added a commit that referenced this issue May 4, 2024
@zaychenko-sergei
Implemented persistent accounts #540 and login-password authentication
f7b65d2 
…#566

Added in-memory account repository implementation  and stabilized tests
GitHub: extracting `id`
Moved all authentication features to `kamu-accounts` domain
Storing Github ID => AccountID correspondence in a separate table.
Unified data model for accounts in all databases.
Unified accounts repository tests
Added test for Accounts.byId GraphQL query
GraphQL: support resolving datasets by id
Auto-registering predefined accounts in repository
Correcting CLI flows (auto-registration).
Replaced AccountName on AccountID in flow system (triggers)
Smarter account configuration defaults
Minimized use of default account's properties
Review: avoid AccountIdSqlx wrapper via optional dependency in `opendatafabric`
Added `podman-clean` utility to makefile
Force installing of 'cargo-nextest'
Support actual password checking and configuring passwords in .kamuconfig
Tests for password hash and GitHub record repositories.
Persistent implementation of password hash repositories for all 3 dbs.
Review: LoginResponse should not return account
Review: clarified API for get* and find* accounts
Review: no longer need to record provider credentials into access tokens
Review: removed obsolete 'allow-login-unknown' option
Removed 'AccountTypeSqlx' wrapper as redundand
Review: restructured responsibilities between providers and authentication services - only the service can decide whether to register an account.
Remodeled GitHub account association more universally, introduced "provider_identity_key" mechanism.
Silent login command.
Tests: access tokens extensions
Review: generalized `kamu login github` to `kamu login oauth`
Tests: HTTP login and token validation
Spawn blocking tasks for password hash/verify operations
CI: disable Spark/Flink tests due to disk space issues
Minor dependency updates
Handling duplicate key violations in account repository
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zaychenko-sergei zaychenko-sergei

Labels
enhancement New feature or request rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

540 introduce account repository kamu-data/kamu-cli
2 participants
@sergiimk @zaychenko-sergei