Make UID optional in frame submission #618
Conversation
A non-existing UID means to run the job as the RQD user on the render host; RQD does not attempt to switch users. (This has security implications but probably not worse than the current setup which allows any UID to be specified.) This change allows Windows to submit jobs for Linux, as Cuesubmit will now never send UIDs from Windows. Changes: - Alter database to allow UID to be `NULL` (not done to Oracle as support is going to be dropped) - Alter DAO classes to understand missing UID. - Alter domain classes to allow UID to be `Optional<Integer>`. - Update CJSL DTD to allow UID to be optional. - Update .proto files to allow UID to be missing. According to Proto3 docs, this is binary-compatible. However, it is not backward-compatible at the application level. Old RQDs will see a missing UID as UID 0 and refuse to run the frame. - Update Cuesubmit to not send UIDs from Windows.
Porges
requested review from
bcipriano,
gregdenton,
jrray,
larsbijl and
smith1511
as code owners
| try: # Exception block for all exceptions | ||
|
|
||
| # Change to frame user if needed: | ||
| if runFrame.HasField("uid"): |
There was a problem hiding this comment.
We should probably also have a check here to ensure that if RQD is running as root then a uid must be provided. This would continue the current behaviour of disallowing running frames as root.
There was a problem hiding this comment.
I don't really strongly about enforcing such a requirement. Certainly switching to root by passing a UID should not be possible, but if a user wants to run RQD as root and runs jobs as root, I think that's their choice.
What happens in a Docker environment, i.e. if someone has built a container where that user appears as root to RQD?
|
I’ll need to update the migration version number assuming that #621 is merged first. Otherwise I’m happy. However, there’s no migration in here for Oracle yet. |
|
#621 is merged now, so you're good to pull those changes in and increment that version number. |
|
Migration renamed. |
There was a problem hiding this comment.
LGTM. I agree with @bcipriano that we should be good to submit this without an Oracle side. Maybe in the next release notes call out that the Oracle support is being deprecated?
|
Yeah, that sounds good. |
A non-existing UID means to run the job as the RQD user on the render host; RQD does not attempt to switch users. This has security implications but probably not worse than the current setup which allows any UID to be specified, although I know some teams are running RQD as root...
This change allows Cuesubmit on Windows to submit jobs for Linux, as it will not send UIDs from Windows.
Changes:
NULL(not done to Oracle as support is going to be dropped)Optional<Integer>.