Closed pdonorio closed 7 years ago
For an equivalent to iadmin aua
and iadmin rua
you should be able to do something like:
session.users.modify(bobby, 'addAuth', '...')
and
session.users.modify(bobby, 'rmAuth', '...')
respectively. I have not tried it so please let me know if it works.
For iadmin lua
I will have to add support for the "simple query" API. Is this something you need?
you should be able to do something like: session.users.modify(bobby, 'addAuth', '...')
Ok! Thank you, I was trying session.users.modify(bobby, 'dn', '...') but of course it didn't make sense :) The addAuth
syntax works instead.
For iadmin lua I will have to add support for the "simple query" API. Is this something you need?
I was investigating with the use of the icat queries if I can reach the same info. Maybe you can help me, I am trying:
from irods.models import User
res = obj.query(User.name, User.dn).all()
for element in res:
print(element)
This prints things like:
{<irods.column.Column 202 USER_NAME>: 'guest', <irods.column.Column 205 USER_DN>: None}
So the DN looks empty but actually it's not because I just set it with addAuth and is also confirmed with iadmin lua:
$ iadmin lua
guest /O=Grid/OU=GlobusTest/OU=simpleCA-rodserver.dockerized.io/OU=Globus Simple CA/CN=guest
It's because the user DN is stored in a separate iCAT table. Please try the patch below.
diff --git a/irods/models.py b/irods/models.py
index 768a674..4c438c7 100644
--- a/irods/models.py
+++ b/irods/models.py
@@ -29,7 +29,7 @@ class User(Model):
name = Column(String, 'USER_NAME', 202)
type = Column(String, 'USER_TYPE', 203)
zone = Column(String, 'USER_ZONE', 204)
- dn = Column(String, 'USER_DN', 205)
+ dn = Column(String, 'USER_DN', 1601)
info = Column(String, 'USER_INFO', 206)
comment = Column(String, 'USER_COMMENT', 207)
create_time = Column(DateTime, 'USER_CREATE_TIME', 208)
Trying the patch it looks like it now works with GSI authentication for that query.
Unluckily it breaks normal credentials actions like sess.users.get(user)
raising irods.exception.UserDoesNotExist. How come? I also looked at the irods codes and the number you gave is correct. Can I help in some other ways?
What is likely happening here is that the general query interface joins r_user_main
and r_user_auth
, and not all users are in r_user_auth
(only those explicitely added through iadmin aua
or equivalent).
iadmin lua
uses a simple query but that might be overkill here. Let me see if I can come up with a workaround...
Thank you for your work, and as usual let me know if we can help
No worries. I pushed a fix. Let me know how it goes. We can make further changes if needed.
This push solved the sess.users.get
, thank you.
You may close this issue for me, as I was able to do the actions I had with the icommands.
Hello,
I've seen the user management class and the tests but I could not find the equivalent of the icommand
iadmin
for options 'lua', 'aua' and 'rua'; please see here.Am I missing something or maybe these options are not yet available?
Thanks