ClusterCockpit / cc-backend

Web frontend and API backend server for ClusterCockpit Monitoring Framework
https://www.clustercockpit.org
MIT License
16 stars 14 forks source link

API access for regular user #264

Open giesselmann opened 5 months ago

giesselmann commented 5 months ago

Hi, I have a few users interested in processing metric data from their jobs. I'm strongly in favor of that, but as of now, only users with the role 'api' could do this. But the api role also allows to add/delete jobs...

Could you think of a way, that 'normal' users can, just like in the web frontend, get read-only access via API to their jobs?

moebiusband73 commented 5 months ago

Yes, you are right. That would be an important feature, and also here some users asked for it.

We have to discuss how we can merge the database logic from repository/query.go with the one in repository/job.go used in the REST API. In query.go there is a Security check as part of the query builder that ensures that you can only see the jobs you are supposed to see according to your role: https://github.com/ClusterCockpit/cc-backend/blob/0b2f2214f99d14aa73757173616f92bb895240c4/internal/repository/query.go#L95

giesselmann commented 5 months ago

Found sth. that almost works, the graphql endpoint. A Query like this with a JWT token of the corresponding user does the job. Altair has a browser plugin to debug this.

{
  job(id: 3055306){
    user,
    startTime
  }
  jobMetrics(id: 3055306, metrics:"mem_used"){
    name,
    metric{
      series{
        data
      },
      timestep
    }
  }
}

Response:

{
  "data": {
    "job": {
      "user": "k12345",
      "startTime": "2024-04-30T18:05:14+02:00"
    },
    "jobMetrics": [
      {
        "name": "mem_used",
        "metric": {
          "series": [
            {
              "data": [
                7.15,
                7.17,
                56.31,
                57.1,
                57.1,
                57.1,
                56.88
              ]
            }
          ],
          "timestep": 60
        }
      }
    ]
  }
}

The only remaining issue is, that a regular user can't generate a JWT token for themselves, right? I find it only in the admin options. But that should be easy to implement.

spacehamster87 commented 4 months ago

Separate branch merged into avtive dev branch: Refactor-Job-Footprint