Implement auth client to manage permissions #8548
Merged
+623
−101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
github-actions
bot
added
area/tracking
|
Documentation preview for f9799f5 will be available here when this CircleCI job completes successfully. More info
|
gabrielfu
commented
May 27, 2023
Comment on lines
+127
to
+138
| def get_app_client(app_name: str, *args, **kwargs): | ||
| clients = importlib.metadata.entry_points().get("mlflow.app.client", []) | ||
| for client in clients: | ||
| if client.name == app_name: | ||
| cls = client.load() | ||
| return cls(*args, **kwargs) | ||
|
|
||
| raise MlflowException( | ||
| f"Failed to find client for '{app_name}'. Available clients: {[c.name for c in clients]}" | ||
| ) | ||
|
|
||
|
|
There was a problem hiding this comment.
from @harupy
#8286 (comment)
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
harupy
reviewed
May 30, 2023
harupy
reviewed
May 30, 2023
tests/server/auth/test_client.py
Outdated
|
|
||
| @pytest.fixture | ||
| def mock_session(): | ||
| with mock.patch("mlflow.utils.rest_utils._get_request_session") as mock_session: |
There was a problem hiding this comment.
Can we patch requests.Session.request instead?
There was a problem hiding this comment.
Instead of using mock, can we run a server in the background using subprocess and make requests against it?
There was a problem hiding this comment.
sure, I'm updated the tests!
Co-authored-by: Harutaka Kawamura <hkawamura0130@gmail.com> Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
# Conflicts: # mlflow/server/auth/__init__.py
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
|
Sorry @harupy , I realized the client and test cases are incomplete, so I pushed a few new commits here |
gabrielfu
commented
May 31, 2023
| view_func=get_user, | ||
| methods=["POST"], | ||
| methods=["GET"], |
There was a problem hiding this comment.
using GET here should be more appropriate
harupy
reviewed
May 31, 2023
|
|
||
|
|
||
| @pytest.fixture | ||
| def client(tmp_path): |
harupy
reviewed
May 31, 2023
tests/server/auth/test_client.py
Outdated
Comment on lines
53
to
56
| def assert_unauthenticated(function): | ||
| with pytest.raises(MlflowException, match=r"You are not authenticated.") as exception_context: | ||
| function() | ||
| assert exception_context.value.error_code == ErrorCode.Name(UNAUTHENTICATED) |
There was a problem hiding this comment.
Can we make this function context manager and remove lambda?
from contextlib import contextmanager
@contextmanager
def assert_unauthenticated():
with pytest.raises(MlflowException, match=r"You are not authenticated.") as exception_context:
yield
assert exception_context.value.error_code == ErrorCode.Name(UNAUTHENTICATED)didn't test this, but should work
There was a problem hiding this comment.
good idea! I'll change it!
harupy
reviewed
May 31, 2023
tests/server/auth/test_client.py
Outdated
Comment on lines
59
to
62
| def assert_unauthorized(function): | ||
| with pytest.raises(MlflowException, match=r"Permission denied.") as exception_context: | ||
| function() | ||
| assert exception_context.value.error_code == ErrorCode.Name(PERMISSION_DENIED) |
There was a problem hiding this comment.
Signed-off-by: Gabriel Fu <hfu.gabriel@gmail.com>
33 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issues/PRs
#724 #8286
What changes are proposed in this pull request?
Add a client to manage permissions
How is this patch tested?
Does this PR change the documentation?
Release Notes
Is this a user-facing change?
Add a client to create, get, update or delete users, experiment permissions and registered model permissions.
What component(s), interfaces, languages, and integrations does this PR affect?
Components
area/artifacts: Artifact stores and artifact loggingarea/build: Build and test infrastructure for MLflowarea/docs: MLflow documentation pagesarea/examples: Example codearea/model-registry: Model Registry service, APIs, and the fluent client calls for Model Registryarea/models: MLmodel format, model serialization/deserialization, flavorsarea/recipes: Recipes, Recipe APIs, Recipe configs, Recipe Templatesarea/projects: MLproject format, project running backendsarea/scoring: MLflow Model server, model deployment tools, Spark UDFsarea/server-infra: MLflow Tracking server backendarea/tracking: Tracking Service, tracking client APIs, autologgingInterface
area/uiux: Front-end, user experience, plotting, JavaScript, JavaScript dev serverarea/docker: Docker use across MLflow's components, such as MLflow Projects and MLflow Modelsarea/sqlalchemy: Use of SQLAlchemy in the Tracking Service or Model Registryarea/windows: Windows supportLanguage
language/r: R APIs and clientslanguage/java: Java APIs and clientslanguage/new: Proposals for new client languagesIntegrations
integrations/azure: Azure and Azure ML integrationsintegrations/sagemaker: SageMaker integrationsintegrations/databricks: Databricks integrationsHow should the PR be classified in the release notes? Choose one:
rn/breaking-change- The PR will be mentioned in the "Breaking Changes" sectionrn/none- No description will be included. The PR will be mentioned only by the PR number in the "Small Bugfixes and Documentation Updates" sectionrn/feature- A new user-facing feature worth mentioning in the release notesrn/bug-fix- A user-facing bug fix worth mentioning in the release notesrn/documentation- A user-facing documentation change worth mentioning in the release notes