Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow admins to restart other's session #1635

Merged
merged 4 commits into from
Oct 23, 2023
Merged

fix: Allow admins to restart other's session #1635

merged 4 commits into from
Oct 23, 2023

Conversation

rapsealk
Copy link
Member

This PR adds an optional parameter owner-access-key to session restart command, and updates the corresponding request handler to allow new parameter owner_access_key which can be different from requester_access_key. owner_access_key has been always the same with requester_access_key, which means any admin could not restart other user's session.

backend.ai/src/ai/backend/manager/api/session.py

Lines 1349 to 1354 in dec5284

@server_status_required(READ_ALLOWED)
@auth_required
async def restart(request: web.Request) -> web.Response:
root_ctx: RootContext = request.app["_root.context"]
session_name = request.match_info["session_name"]
requester_access_key, owner_access_key = await get_access_key_scopes(request)

backend.ai/src/ai/backend/manager/api/utils.py

Lines 57 to 65 in dec5284

async def get_access_key_scopes(
request: web.Request, params: Any = None
) -> Tuple[AccessKey, AccessKey]:
if not request["is_authorized"]:
raise GenericForbidden("Only authorized requests may have access key scopes.")
root_ctx: RootContext = request.app["_root.context"]
owner_access_key: Optional[AccessKey] = (params or {}).get("owner_access_key", None)
if owner_access_key is None or owner_access_key == request["keypair"]["access_key"]:
return request["keypair"]["access_key"], request["keypair"]["access_key"]

Before After
스크린샷 2023-10-19 오후 1 55 09 스크린샷 2023-10-19 오후 1 55 49

Checklist: (if applicable)

  • Milestone metadata specifying the target backport version
  • Mention to the original issue
  • Documentation
  • API server-client counterparts (e.g., manager API -> client SDK)
  • Test case(s) to demonstrate the difference of before/after

@rapsealk rapsealk added this to the 23.03 milestone Oct 19, 2023
@rapsealk rapsealk self-assigned this Oct 19, 2023
@github-actions github-actions bot added comp:client Related to Client component size:S 10~30 LoC labels Oct 19, 2023
@github-actions github-actions bot added the comp:manager Related to Manager component label Oct 19, 2023
@rapsealk rapsealk changed the title fix: Add an optional param owner-access-key to session restart command fix: Allow admins to restart other user's session Oct 19, 2023
@rapsealk rapsealk changed the title fix: Allow admins to restart other user's session fix: Allow admins to restart other's session Oct 19, 2023
@achimnol achimnol added this pull request to the merge queue Oct 23, 2023
Merged via the queue into main with commit a38d403 Oct 23, 2023
21 checks passed
@achimnol achimnol deleted the fix/session-restart-owner-access-key branch October 23, 2023 10:31
achimnol pushed a commit that referenced this pull request Oct 23, 2023
@rapsealk @achimnol
fix: Allow admins to restart other's session (#1635)
e07a4b6 
Backported-from: main
Backported-to: 23.09
achimnol pushed a commit that referenced this pull request Oct 23, 2023
@rapsealk @achimnol
fix: Allow admins to restart other's session (#1635)
85f24d4 
Backported-from: main
Backported-to: 23.03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achimnol achimnol achimnol approved these changes

@kyujin-cho kyujin-cho Awaiting requested review from kyujin-cho

Assignees

@rapsealk rapsealk

Labels
comp:client Related to Client component comp:manager Related to Manager component size:S 10~30 LoC
Projects
None yet
Milestone
23.03
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rapsealk @achimnol