search

HDFGroup / hsds

Cloud-native, service based access to HDF data
https://www.hdfgroup.org/solutions/hdf-kita/
Apache License 2.0
128 stars 53 forks source link

HS_USERNAME assigned admin at startup #379

Closed mattjala closed 2 months ago

mattjala commented 3 months ago

The HSDS app startup process sets the 'current user' to the admin user, where current user may be pulled from UserConfig, which is in turn populated from the environment. As such, having HS_USERNAME set in the environment (as recommended by h5pyd documentation) can result in a different admin user being assigned at HSDS startup, leading to hard to diagnose test failures.

This might be something to resolve with more consistent documentation about what env vars should be used to provide certain values.

jreadey commented 3 months ago

The app.py hs_username and hs_password arguments were added to support a sort of single user mode. I.e. without any password.txt file or active directory based authentication. In the workflow script we use the password_file arg, so these aren't needed.

So maybe an easy fix would be to make a change to app.py so that if password_file is supplied, then hs_username, hs_password args are not passed to HsdsApp in the kwargs.

mattjala commented 2 months ago

Resolved in #384 by granting password file precedence; this behavior has usefulness for use of HSDS on demand from h5pyd.