Skip to content

add login, logout functionality for OpenShift cluster #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 7, 2022
Merged

add login, logout functionality for OpenShift cluster #39

merged 1 commit into from
Dec 7, 2022

Conversation

MichaelClifford
Copy link
Contributor

@MichaelClifford MichaelClifford commented Nov 28, 2022
edited
Loading

This PR allows users of the SDK to login and out of an OpenShift cluster as part of their "cluster.up()" call by adding an Authentication object to their cluster config.

This includes a new file auth that contains a number of Authentication classes that can be used depending on the users specific authentication needs.

@MichaelClifford
Copy link
Contributor Author

closes #31

@MichaelClifford MichaelClifford changed the title add login, logout and project switching functions for OpenShift cluster add login, logout functionality for OpenShift cluster Dec 2, 2022
@MichaelClifford
Copy link
Contributor Author

@Maxusmusti @atinsood @erikerlandson

Re-did the authentication and login set up. Take a look and let me know if this is good to go. Thanks for the initial feedback :)

@atinsood
Copy link
Collaborator

atinsood commented Dec 5, 2022

@MichaelClifford yep, this looks 💯 , 3 questions

  • is there a reason why you implemented the logout method in the base authentication and not keep it generic. the assumption is that in some cases we might not be using oc and there might be a different way of implementing auth logout
  • I think we can make the Authentication class an python abstract class rather than a concrete class https://docs.python.org/3/library/abc.html
  • I was thinking if we can make the login/logout operate within context manager https://docs.python.org/3/library/contextlib.html so rather than doing login/logout as 2 different steps, we can simply do with authentication() or something like that.

but all those are nitpicks, the first pass LGTM

@MichaelClifford
Copy link
Contributor Author

  • is there a reason why you implemented the logout method in the base authentication and not keep it generic. the assumption is that in some cases we might not be using oc and there might be a different way of implementing auth logout

This is a good question, that I thought about it a bit and I think gets to a larger question: Would we want to support cases were OpenShift is not the target platform? If so, we can make it more generic. Otherwise, no matter how you login to the cluster you can always log out the same way, so no need to re-implement.

Sure, I can make it an abstract class. But what exactly would be the benefit of doing that for our use case?

  • I was thinking if we can make the login/logout operate within context manager https://docs.python.org/3/library/contextlib.html so rather than doing login/logout as 2 different steps, we can simply do with authentication() or something like that.

Will that work in an interactive notebook environment if your work spans multiple cells? I'll look into it as an option for job submission workflows. I think that would be cool. But I don't think it would work for notebook/interactive workflows (but let me know if im wrong 😄 )

Maxusmusti
Maxusmusti requested changes Dec 5, 2022
View reviewed changes
Copy link
Collaborator

@Maxusmusti Maxusmusti left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, just needs a rebase (will bring in the format checking), and make to add docstrings/type hints to the new files/classes/functions

@atinsood
Copy link
Collaborator

atinsood commented Dec 5, 2022

This is a good question, that I thought about it a bit and I think gets to a larger question: Would we want to support cases were OpenShift is not the target platform? If so, we can make it more generic. Otherwise, no matter how you login to the cluster you can always log out the same way, so no need to re-implement.

so I was thinking of a use case when you don't have direct access to the oc client but the login/out is happening remotely. or say if the underlying client uses a different binary than oc

@atinsood
Copy link
Collaborator

atinsood commented Dec 5, 2022

Sure, I can make it an abstract class. But what exactly would be the benefit of doing that for our use case?

I think its more of a signal to external contributors going forward that they are supposed to implement their own authentication.

@atinsood
Copy link
Collaborator

atinsood commented Dec 5, 2022

Will that work in an interactive notebook environment if your work spans multiple cells? I'll look into it as an option for job submission workflows. I think that would be cool. But I don't think it would work for notebook/interactive workflows (but let me know if im wrong 😄 )

I think you should be ok. we are already doing something liek this https://github.com/project-codeflare/codeflare-sdk/pull/39/files#diff-5706a96c5346dd54a22370211260411363c4ed41d798fddf240eb8983b1366eaR99

so I am assuming it will be simialr to that

@MichaelClifford MichaelClifford force-pushed the login branch 4 times, most recently from f43ba0c to 611c5ae Compare December 6, 2022 18:55
Maxusmusti
Maxusmusti requested changes Dec 6, 2022
View reviewed changes
Copy link
Collaborator

@Maxusmusti Maxusmusti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, no architectural suggestions or anything, just a couple minor nits

@MichaelClifford MichaelClifford force-pushed the login branch 2 times, most recently from 4dcf34f to 5116117 Compare December 7, 2022 15:42
Maxusmusti
Maxusmusti approved these changes Dec 7, 2022
View reviewed changes
Copy link
Collaborator

@Maxusmusti Maxusmusti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@atinsood
Copy link
Collaborator

atinsood commented Dec 7, 2022

In my opinion, I don't think that we want to login and out on every single call. This is not how a user would naturally interact with a cluster, and I'm not sure of the benefits of doing it that way.

Also, on logout() your token can expire, which would break subsequent login in calls.

It seems reasonable to me that you would want to login at the start of a sessions (on cluster.up()) and logout at the end (on cluster.down())

yeah I think its a fair point. lets go with what we have.

@MichaelClifford
Copy link
Contributor Author

Awesome. Thanks for the feedback all. 😃

@MichaelClifford MichaelClifford merged commit d17f638 into main Dec 7, 2022
@MichaelClifford MichaelClifford mentioned this pull request Dec 12, 2022
Closed
@Maxusmusti Maxusmusti deleted the login branch January 10, 2023 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maxusmusti Maxusmusti Maxusmusti approved these changes

@atinsood atinsood Awaiting requested review from atinsood

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MichaelClifford @atinsood @Maxusmusti