Skip to content

Commit

Permalink
Merge branch 'main' into gpu-quota
Browse files Browse the repository at this point in the history
  • Loading branch information
shouhanzen committed Feb 12, 2024
2 parents 811f529 + 482fe15 commit 4c00fdb
Show file tree
Hide file tree
Showing 7 changed files with 25 additions and 10 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
name: Build
on:
schedule:
- cron: '0 2 * * *'
#schedule:
# - cron: '0 2 * * *'
push:
workflow_dispatch:

env:
REGISTRY: ghcr.io
Expand Down
4 changes: 2 additions & 2 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
dacite
kubernetes==24.2.0
kubernetes>=28,<29
flask==2.3.2
jsonify
waitress
PyHamcrest
requests_mock
dataclasses-json
python-dotenv
git+https://github.com/ucsd-ets/awsed_python_client.git@Rebuild
git+https://github.com/ucsd-ets/awsed_python_client.git@2024.1.2-RC1
15 changes: 13 additions & 2 deletions src/dsmlp/app/id_validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,21 +23,32 @@ def validate_pod(self, request: Request):
Validate pods for namespaces with the 'k8s-sync' label
"""
username = request.namespace
# namespace = self.kube.get_namespace(request.namespace)
# namespace = self.kube.get_namespace(request.namespace)

# if 'k8s-sync' in namespace.labels:
# if 'k8s-sync' in namespace.labels:
user = self.awsed.describe_user(username)
if not user:
raise ValidationFailure(f"namespace: no AWSEd user found with username {username}")
allowed_uid = user.uid
allowed_courses = user.enrollments

team_response = self.awsed.list_user_teams(username)
allowed_gids = [team.gid for team in team_response.teams]
allowed_gids.append(0)
allowed_gids.append(100)

metadata = request.object.metadata
spec = request.object.spec
self.validate_course_enrollment(allowed_courses, metadata.labels)
self.validate_pod_security_context(allowed_uid, allowed_gids, spec.securityContext)
self.validate_containers(allowed_uid, allowed_gids, spec)

def validate_course_enrollment(self, allowed_courses: List[str], labels: Dict[str, str]):
if not 'dsmlp/course' in labels:
return
if not labels['dsmlp/course'] in allowed_courses:
raise ValidationFailure(f"metadata.labels: dsmlp/course must be in range {allowed_courses}")

def validate_pod_security_context(
self,
authorized_uid: int,
Expand Down
2 changes: 1 addition & 1 deletion src/dsmlp/app/validator.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from dataclasses import dataclass
import json
from typing import List, Optional
from typing import Dict, List, Optional

from dataclasses_json import dataclass_json
from dsmlp.plugin.awsed import AwsedClient, UnsuccessfulRequest
Expand Down
6 changes: 4 additions & 2 deletions src/dsmlp/ext/awsed.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ def __init__(self):

def describe_user(self, username: str) -> UserResponse:
usrResultJson = self.client.describe_user(username)
return UserResponse(uid=usrResultJson.uid)
if not usrResultJson:
return None
return UserResponse(uid=usrResultJson.uid, enrollments=usrResultJson.enrollments)

def list_user_teams(self, username: str) -> ListTeamsResponse:
usrTeams = self.client.list_teams(username)
Expand All @@ -24,4 +26,4 @@ def list_user_teams(self, username: str) -> ListTeamsResponse:
for team in usrTeams.teams:
teams.append(TeamJson(gid=team.gid))

return ListTeamsResponse(teams=teams)
return ListTeamsResponse(teams=teams)
1 change: 1 addition & 0 deletions src/dsmlp/plugin/awsed.py
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ class ListTeamsResponse:
@dataclass
class UserResponse:
uid: int
enrollments: List[str]


class AwsedClient(metaclass=ABCMeta):
Expand Down
2 changes: 1 addition & 1 deletion tests/fakes.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def describe_user(self, username: str) -> UserResponse:
try:
return self.users[username]
except KeyError:
raise UnsuccessfulRequest()
return None

def add_user(self, username, user: UserResponse):
self.users[username] = user
Expand Down

0 comments on commit 4c00fdb

Please sign in to comment.