Skip to content

Commit

Permalink
feat: Update GQL user mutation to allow set uid/gid
Browse files Browse the repository at this point in the history
  • Loading branch information
@fregataa
fregataa committed Jan 24, 2025
1 parent 08c0f58 commit 46ba1b0
Show file tree
Hide file tree
Showing 4 changed files with 119 additions and 0 deletions.
1 change: 1 addition & 0 deletions changes/3352.feature.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Enable per-user UID/GID set for containers via user creation and update GraphQL APIs
60 changes: 60 additions & 0 deletions docs/manager/graphql-reference/schema.graphql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -732,6 +732,21 @@ type UserNode implements Node {
totp_activated: Boolean
totp_activated_at: DateTime
sudo_session_enabled: Boolean

"""
Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
"""
container_uid: Int

Check notice on line 739 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_uid' was added to object type 'UserNode' 

Field 'container_uid' was added to object type 'UserNode'

"""
Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
"""
container_main_gid: Int

Check notice on line 744 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_main_gid' was added to object type 'UserNode' 

Field 'container_main_gid' was added to object type 'UserNode'

"""
Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
"""
container_gids: [Int]

Check notice on line 749 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_gids' was added to object type 'UserNode' 

Field 'container_gids' was added to object type 'UserNode'
}

"""Added in 24.03.0"""
Expand Down Expand Up @@ -835,6 +850,21 @@ type User implements Item {
Added in 24.03.0. Used as the default authentication credential for password-based logins and sets the user's total resource usage limit. User's main_access_key cannot be deleted, and only super-admin can replace main_access_key.
"""
main_access_key: String

"""
Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
"""
container_uid: Int

Check notice on line 857 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_uid' was added to object type 'User' 

Field 'container_uid' was added to object type 'User'

"""
Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
"""
container_main_gid: Int

Check notice on line 862 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_main_gid' was added to object type 'User' 

Field 'container_main_gid' was added to object type 'User'

"""
Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
"""
container_gids: [Int]

Check notice on line 867 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Field 'container_gids' was added to object type 'User' 

Field 'container_gids' was added to object type 'User'
groups: [UserGroup]
}

Expand Down Expand Up @@ -2131,6 +2161,21 @@ input UserInput {
totp_activated: Boolean = false
resource_policy: String = "default"
sudo_session_enabled: Boolean = false

"""
Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
"""
container_uid: Int

Check warning on line 2168 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_uid' was added to input object type 'UserInput' 

Input field 'container_uid' was added to input object type 'UserInput'

"""
Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
"""
container_main_gid: Int

Check warning on line 2173 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_main_gid' was added to input object type 'UserInput' 

Input field 'container_main_gid' was added to input object type 'UserInput'

"""
Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
"""
container_gids: [Int]

Check warning on line 2178 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_gids' was added to input object type 'UserInput' 

Input field 'container_gids' was added to input object type 'UserInput'
}

type ModifyUser {
Expand All @@ -2155,6 +2200,21 @@ input ModifyUserInput {
resource_policy: String
sudo_session_enabled: Boolean
main_access_key: String

"""
Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.
"""
container_uid: Int

Check warning on line 2207 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_uid' was added to input object type 'ModifyUserInput' 

Input field 'container_uid' was added to input object type 'ModifyUserInput'

"""
Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.
"""
container_main_gid: Int

Check warning on line 2212 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_main_gid' was added to input object type 'ModifyUserInput' 

Input field 'container_main_gid' was added to input object type 'ModifyUserInput'

"""
Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.
"""
container_gids: [Int]

Check warning on line 2217 in docs/manager/graphql-reference/schema.graphql

View workflow job for this annotation

GitHub Actions / GraphQL Inspector

Input field 'container_gids' was added to input object type 'ModifyUserInput' 

Input field 'container_gids' was added to input object type 'ModifyUserInput'
}

"""
Expand Down
13 changes: 13 additions & 0 deletions src/ai/backend/manager/models/gql_models/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,16 @@ class Meta:
totp_activated = graphene.Boolean()
totp_activated_at = GQLDateTime()
sudo_session_enabled = graphene.Boolean()
container_uid = graphene.Int(
description="Added in 25.2.0. The user ID (UID) assigned to processes running inside the container."
)
container_main_gid = graphene.Int(
description="Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container."
)
container_gids = graphene.List(
lambda: graphene.Int,
description="Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.",
)

@classmethod
def from_row(cls, ctx: GraphQueryContext, row: UserRow) -> Self:
Expand All @@ -74,6 +84,9 @@ def from_row(cls, ctx: GraphQueryContext, row: UserRow) -> Self:
totp_activated=row.totp_activated,
totp_activated_at=row.totp_activated_at,
sudo_session_enabled=row.sudo_session_enabled,
container_uid=row.container_uid,
container_main_gid=row.container_main_gid,
container_gids=row.container_gids,
)

@classmethod
Expand Down
45 changes: 45 additions & 0 deletions src/ai/backend/manager/models/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,16 @@ class Meta:
" be deleted, and only super-admin can replace main_access_key."
)
)
container_uid = graphene.Int(
description="Added in 25.2.0. The user ID (UID) assigned to processes running inside the container."
)
container_main_gid = graphene.Int(
description="Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container."
)
container_gids = graphene.List(
lambda: graphene.Int,
description="Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.",
)

groups = graphene.List(lambda: UserGroup)

Expand Down Expand Up @@ -295,6 +305,9 @@ def from_row(
totp_activated_at=row["totp_activated_at"],
sudo_session_enabled=row["sudo_session_enabled"],
main_access_key=row["main_access_key"],
container_uid=row["container_uid"],
container_main_gid=row["container_main_gid"],
container_gids=row["container_gids"],
)

@classmethod
Expand Down Expand Up @@ -557,6 +570,19 @@ class UserInput(graphene.InputObjectType):
totp_activated = graphene.Boolean(required=False, default_value=False)
resource_policy = graphene.String(required=False, default_value="default")
sudo_session_enabled = graphene.Boolean(required=False, default_value=False)
container_uid = graphene.Int(
required=False,
description="Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.",
)
container_main_gid = graphene.Int(
required=False,
description="Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.",
)
container_gids = graphene.List(
lambda: graphene.Int,
required=False,
description="Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.",
)
# When creating, you MUST set all fields.
# When modifying, set the field to "None" to skip setting the value.

Expand All @@ -577,6 +603,19 @@ class ModifyUserInput(graphene.InputObjectType):
resource_policy = graphene.String(required=False)
sudo_session_enabled = graphene.Boolean(required=False, default=False)
main_access_key = graphene.String(required=False)
container_uid = graphene.Int(
required=False,
description="Added in 25.2.0. The user ID (UID) assigned to processes running inside the container.",
)
container_main_gid = graphene.Int(
required=False,
description="Added in 25.2.0. The primary group ID (GID) assigned to processes running inside the container.",
)
container_gids = graphene.List(
lambda: graphene.Int,
required=False,
description="Added in 25.2.0. Supplementary group IDs assigned to processes running inside the container.",
)


class PurgeUserInput(graphene.InputObjectType):
Expand Down Expand Up @@ -626,6 +665,9 @@ async def mutate(
"resource_policy": props.resource_policy,
"sudo_session_enabled": props.sudo_session_enabled,
}
set_if_set(props, user_data, "container_uid")
set_if_set(props, user_data, "container_main_gid")
set_if_set(props, user_data, "container_gids")
user_insert_query = sa.insert(users).values(user_data)

async def _post_func(conn: SAConnection, result: Result) -> Row:
Expand Down Expand Up @@ -737,6 +779,9 @@ async def mutate(
set_if_set(props, data, "sudo_session_enabled")
set_if_set(props, data, "main_access_key")
set_if_set(props, data, "is_active")
set_if_set(props, data, "container_uid")
set_if_set(props, data, "container_main_gid")
set_if_set(props, data, "container_gids")
if data.get("password") is None:
data.pop("password", None)
if not data and not props.group_ids:
Expand Down

0 comments on commit 46ba1b0

Please sign in to comment.